Universal Connection: The Faster ECS

Typography

Smaller Small Medium Big Bigger
Default Helvetica Segoe Georgia Times
Reading Mode

Many customers today still use the Electronic Customer Support (ECS) command Send PTF Order (SNDPTFORD) to download PTFs over modem lines; it's reliable, and they know it works. What some customers don't know is that there is a solution to quicken PTF downloads. This solution is called the Universal Connection.

The Universal Connection is a virtual private network (VPN) solution that allows a customer to configure a VPN tunnel to different IBM service machines. Once the Universal Connection is configured, a customer can do the following:

Use the ECS commands Send PTF Order (SNDPTFORD), Send Service Request (SNDSRVRQS), Query Problem Status (QRYPRBSTS), and Order Supported PTFs (ORDSPTPTF). It is important to note that you can now download over 99 MB of PTFs through this connection.

Transfer Service Agent data to IBM service machines. IBM can then determine what system parameters, error conditions, and system and software configurations are on the customer's system. This helps IBM provide quality service to its customers, updating them on possible HIPER PTFs and upgrades.

Transfer PM/400 data to IBM service machines. IBM can then analyze this information and advise the customer as to when they might need an upgrade. IBM can also create graphical information about a customer's iSeries system performance and compare it to other customer systems.

Use remote support to allow a Customer Support Engineer in Rochester to connect to a customer's system for problem determination. This enhancement was released in V5R1. Simply load and apply PTFs SI02764, SI04969, and SI03364. This will allow the Rochester Support Center to gain access to Telnet sessions of the customer's system and also allow them to use GUI applications such as Operations Navigator, HTTP Administration Server, Lotus Notes Client, and WebSphere Console.

For customers, the advantage of having the Universal Connection configured for the iSeries is that it does things faster than a modem connection does. The key to all of this is the configuration of the Universal Connection. A customer's iSeries system must have a globally routed IP address to the Internet, meaning the system must look like it is located on the Internet either by giving it an Internet IP address or by configuring firewall filter rules--or even possibly by using different types of routing.

To configure the Universal Connection, a customer must know what is between the iSeries and the Internet because VPN packets need to be able to flow from the iSeries to the Internet. Many customers have firewalls between their iSeries systems and the Internet that block packets from being passed. When this occurs, filter rules need to be configured to allow the VPN tunnel to be established. Here are some examples:

For customers who use their iSeries as a Web server, the iSeries is most likely on the Internet. This means that there is no device between the iSeries and the Internet. The customer has to configure only the iSeries, not any other external devices such as a firewall.

Most customers have their iSeries system within a Demilitarized Zone (DMZ) with a firewall between the iSeries and the Internet. Later, I'll explain what filter rules need to be configured to allow a VPN connection to go through the customer's firewall.

An iSeries might sit within the local intranet, outside of the DMZ. Figure 1 below shows what this might look like. The local intranet is usually connected to the DMZ by a router, and the DMZ has a router of its own, which is connected to the Internet. Additional configuration must be done to the Cisco router to allow the VPN connection to be established from the iSeries to the Cisco router.

The types of configuration for the Universal Connection are explained in detail in Chapter 5 of the IBM Redbook iSeries Universal Connection for Electronic Support and Service (SG24-6224). This chapter explains the many different Universal Connection configuration scenarios, depending on where an iSeries sits within the network.

Figure 1: An iSeries within the local intranet, outside of the DMZ

Once the customer knows where the iSeries sits within the network and once the system has a globally routed IP address to the Internet, configuring the Universal Connection is a matter of a few clicks. Keep in mind that the VPN connection can be set up only if the customer has an 0S/400 release of V5R1 or later as well as Client Access Express for Windows V5R1 with the latest service pack installed on their PC.

It is important to note that the Universal Connection doesn't currently support firewalls that perform Network Address Translation (NAT). If you have a NAT-performing firewall between your iSeries and the Internet, you will not be able to configure the Universal Connection. However, in V5R2, Universal Connection will support NAT firewalls and other NAT devices.

Configuring a System That Has a Globally Routed IP Address

Let me take you through an example of the steps to configure the Universal Connection for a system that has an interface with a globally routed IP address. This iSeries sits right in front of a firewall that does not perform NAT but does block all ports except for 80.

Open up Operations Navigator. Remember that you must have IBM Client Access Express for Windows V5R1 with the latest service pack. If you do not, you will not see the options shown below.
Within Operations Navigator, click on the system for which you want to configure the Universal Connection. Then, enter the correct user name and password for that system.
Click on Network and then Remote Access Services.
Right-click on Originator Connection Profiles, as shown in Figure 2. You should then see the Universal Connection Wizard. Choose this option.

Figure 2: The Universal Connection Wizard

Once you click on the Universal Connection Wizard, you will see the Welcome screen shown in Figure 3. The Wizard will begin here and take you through the configuration. Click Next on this screen.

Figure 3: The Universal Connection Wizard Welcome screen

The following screens will ask for service information and address information. The address information screen will extract information from the system's contact information, which many times is already filled out. After you verify that everything is filled out correctly for both screens, you will be shown the Location screen. In the Location screen, fill out the location information and hit Next, which will bring you to the Application screen.
The options on the Application screen allow you to configure the connection for either Electronic Customer Support (ECS) or IBM Electronic Service Agent for AS/400. If you are looking to either use the ECS commands I discussed above or use remote support over VPN, choose the ECS option. If you are looking to transfer Service Agent information to IBM, choose the IBM Electronic Service Agent for AS/400 option.

Figure 4: Configure the connection for the application of your choice

The next screen is the Connection Type screen (Figure 5). This is the most important screen in this configuration. The only two options you are concerned about here are the direct connection to the Internet option and the multi-hop connection to the Internet option. The other two options deal with dial-up VPN connections, which is not in the scope of this article. In order to choose one of these options, you need to know where your iSeries system sits within your network. In this example, the iSeries system has an interface that reflects a globally routed IP address, so choose direct connection to the Internet.

Figure 5: The Connection Type screen

Since you know that the customer has an interface that is configured with a globally routed Internet IP address, you'll highlight that in the Interface screen, as shown in Figure 6.

Figure 6: The Interface screen

The last screen is the Summary (Figure 7). Verify what you chose and click the Finish button. The Universal Connection Wizard will then ask you if you want to test your connection. Hit the Test connection button to verify that your connection is configured correctly.

Figure 7: The Summary screen

In this example, you configured the Universal Connection for ECS, so you will now be able to enter ECS commands such as SNDPTFORD, which allows you to download over 99 MB of PTFs over the Universal Connection. Since you now have Universal Connection configured, ECS commands will always go over the VPN connection instead of over modem lines. If the connection is not configured successfully, the ECS commands will still run over the modem lines.

Firewall Filter Rules

If you have a firewall between your iSeries and the Internet, you are not done yet. Certain filter rules must be configured on the firewall to allow the iSeries system to be configured.

After running the Universal Connection Wizard, you need to get the IP address that you are going to connect to within IBM. The reason you need this IP address is so that you can configure certain filter rules on your firewall. If you don't configure these filter rules, your iSeries will not be able to create the VPN connection through the firewall out to the Internet. Once you get the IP address, you will be able to configure very particular filter rules to IBM. To find this IP address, do the following:

Within Operations Navigator, expand Network.
Expand IP Policies.
Expand Virtual Private Networking. (Note: If you don't see Virtual Private Networking when you expand IP Policies, it most likely means that you don't have 5722AC2 or 5722AC3 [Crypto Access Provider] installed on your iSeries system.)
Expand IP Security Policies.
Click on Internet Key Exchange Policies.
Look for the IKE definition name that consists of four dot-separated numbers. The numbers refer to an IP address that we will designate as A.

IP Filter Rule That Needs to Be on Your Router Firewall	Filter Values
UDP Inbound traffic filter rule	Allow port 500 for source IP address A
UDP Outbound traffic filter rule	Allow port 500 for destination IP address A
ESP Inbound traffic filter rule	Allow ESP protocol (X'32') for source IP address A
ESP Outbound traffic filter rule	Allow ESP protocol (X'32') for destination IP address A

Going back to the Connection Type screen (Figure 5), let's look at the options for configuring a multi-hop connection. If your iSeries system is located on the local LAN and the correct configuration has been made on the Cisco routers, you will choose the option to configure a multi-hop connection to the Internet. In the following screen, you will enter the IP address of the router that will forward the packets from the local LAN either to the Internet or to an existing router. Once this IP address is entered, view the summary and test the connection to make sure it is running correctly. Again, the Redbook I mentioned above offers detailed descriptions.

Better, Faster

The Universal Connection has a lot to offer. It enhances customers' productivity by allowing them to quickly do such tasks as downloading PTFs, reporting problems, and sending Service Agent data and PM/400 data to IBM service machines. It also improves remote support by allowing Customer Support Engineers in Rochester to connect to customers' systems.

IBM is currently working on more productivity-enhancing changes to the Universal Connection and is also creating new software solutions that will also use the Universal Connection. Hopefully, many of you will configure the Universal Connection and take advantage of this VPN solution IBM has to offer.

Benjamin Garbers is a Software Engineer within the Rochester Support Center. He is currently spending time developing Internet applications for IBM's iSeries Technical Web site located at http://www.ibm.com/eserver/iseries/support.

Also Read

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Book Reviews

Book Review: Extract, Transform, and Load with SSIS

Do your business apps access different data sources? This book shows you how to make that task easier
Book Review: 21st Century RPG: /Free, ILE, and MVC

David Shirey’s first book is an educational and entertaining read for “modern” and “old” RPG programmers alike
Book Review: Developing Business Applications for the Web--With HTML, CSS, JSP, PHP, ASP.NET, and JavaScript

If you are ready to get into Web application development, take this book along as your guide
Book Review: DB2 10.5 Fundamentals for LUW: Certification Study Guide (Exam 615)

DBAs who use the book will find it very helpful first in their test study and later as a reference book.
Book Review: DB2 11 for z/OS Database Administration—Certification Study Guide

This is a well-written DB2 11 book that could easily stand on its own as a reference manual, not just a certification guide.
Book Review: Free-Format RPG IV, Third Edition

Jim Martin comes through for us again.
Book Review: IBM i Security Administration and Compliance, Second Edition
Book Review: Programming in ILE RPG, Fifth Edition

This book really hits the mark and is a must-read for all RPG developers.
Book Review: DB2 10.1/10.5 for Linux, UNIX, and Windows Database Administration: Certification Guide
Book Review: Subfiles in Free-Format RPG

Whether you're a newbie or a seasoned pro, this book has something for you.
Book Review: Evolve Your RPG Coding: Move from OPM to ILE ... and Beyond

This book provides an amazingly comprehensive introduction to the concepts while at the same time delivering enough technical detail to make you productive very quickly.
Book Review: Database Design and SQL for DB2
Book Review: The Chief Data Officer Handbook for Data Governance

When implemented appropriately, data governance is a powerful framework.
Book Review: DB2 10 for z/OS: The Smarter, Faster Way to Upgrade

Trying to figure out whether to upgrade? Read on.
Book Review: 5 Keys to Business Analytics Program Success
Book Review: DB2 11: The Ultimate Database for Cloud, Analytics, and Mobile
Book Review: Flexible Input, Dazzling Output with IBM i

Today, it's all about input and output. Getting data into the IBM i from non-traditional sources and then displaying it back out again in varied formats. But where can you go to learn all that you need to know about this critical skill?
Book Review: Advanced Guide to PHP on IBM i

Enterprise-level PHP skills and techniques have been adapted for IBM i developers in Kevin Schroeder's new book.
Book Review: Java for RPG Programmers

If you've been putting off learning Java, you have no excuse anymore!
Book Review: DB2 10.1 Fundamentals: Certification Study Guide

Too valuable to be classified as merely excellent certification material, this book should also rightly take its place on DB2 DBA bookshelves as a solid day-to-day DB2 reference.
Book Review: DB2 10 for Z/OS Database Administration: Certification Study Guide

Whether you're trying to get certified or you just need a great reference book, this is the book for you.
Book Review: Developing Web 2.0 Applications with EGL for IBM i

It's everything you need to know, from the bottom up.
Book Review: Advanced Integrated RPG

Isn't it about time somebody told us how to integrate RPG and Java?
Book Review: Managing Without Walls

If you manage remote or satellite teams, this book is a must-read!
Book Review: Managing Without Walls

If you manage remote or satellite teams, this book is a must-read!
Book Review: The Remote System Explorer

This book speaks directly to the thousands of IBM i programmers who develop in RPG, COBOL, CL, and DDS every day.
Book Review: IBM System i APIs at Work, Second Edition

API expert Bruce Vining delivers the only comprehensive guide to APIs.
Book Review: Functions in Free-Format RPG IV

This one short volume manages to essentially be both a general introduction and a detailed reference.
Book Review: DB2 11: The Database for Big Data and Analytics
Book Review: IBM Mainframe Security: Beyond the Basics

Beginners will have a strong foundation after reading this book. Experienced professionals will reference it frequently.
Book Review: IBM InfoSphere: A Platform for Big Data Governance and Process Data Governance

Find out how IBM is addressing the challenges of big data.
Book Review: Fundamentals of Technology Project Management

Projects can be overwhelming, but taken in small, deliberate steps, all projects are achievable.
Book Review: Customer Experience Analytics

Use CEA as a strategic weapon to stay ahead of your competitors.
Book Review: Big Data Analytics: Disruptive Technologies for Changing the Game

The disciplines of data analytics are evolving to meet the new challenges of big data.
Book Review: IBM i Security: Administration and Compliance

If you have any interest in IBM i security, whether as an administrator, a programmer, or an auditor, then this book is the perfect resource.
Book Review: DB2 9.7 for Linux, UNIX, and Windows Database Administration (Exam 541)

This book, written by the creator of the certification exam, reveals exactly what you'll need to know to prep for the test.
Book Review: Selling Information Governance to the Business

Who governs the information that runs your company?
Book Review: You Want to Do WHAT with PHP?

If you're serious about programming in PHP, get a book that treats you that way.
Book Review: The IBM i Programmer's Guide to PHP

Both a primer and a reference, this book is a must-have for anyone who wants to program in PHP.
Book Review: JavaScript for the Business Developer

There's no faster, easier way to become proficient in JavaScript.
Book Review: SOA for the Business Developer

If you want to know how SOA works in the real world, this is your book.
Book Review: DB2 9 Fundamentals

Whether you want to obtain an IBM certified DB2 professional certification or simply become well-rounded in the fundamental concepts of DB2 and general database theory, this is your book.
Book Review: The Modern RPG IV Language, Fourth Edition

This book isn't a training manual; it's a reference book.

Resource Center

Node.js on IBM i Webinar Series Pt. 2: Setting Up Your Development Tools

Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:
Profound Logic Solution Guide

More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.
Power10 Power Hour

IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:
Comply in 5! Well, actually UNDER 5 minutes!!

TRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now! Request Now.
Combating Ransomware: Building a Strategy to Prevent and Detect Attacks

Forms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.
Top IBM I Security Vulnerabilities and How to Address Them

IT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.
What Most IBM i Shops Get Wrong About the IFS

Can you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:
Backup and Recovery on IBM i: Your Strategy for the Unexpected

Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
Manage IBM i Messages by Exception with Robot

Managing messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:
Easiest Way to Save Money? Stop Printing IBM i Reports

The thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:
Hassle-Free IBM i Operations around the Clock

For over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:
Why Migrate When You Can Modernize?

Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
The Power of Coding in a Low-Code Solution

When it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:
Low Code: A Digital Transformation of Supply Chain and Logistics

Supply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:
Resource Center

The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit
Node Webinar Series Pt. 1: The World of Node.js on IBM i

Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.
IBM i Transformation Risks Every Business Leader Should Know

Join us for this hour-long webcast that will explore:
What to Do When Your AS/400 Talent Retires

IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:

Analytics & Cognitive Categories

Latest Analytics & Cognitive News

Career Catgories

Latest Career News

Cloud Categories

Latest Cloud News

IT Infrastructure Categories

Latest IT Infrastructure News

News Categories

Latest News

Programming Categories

Latest Programming News

Security Categories

Latest Security News

Typography

Share This

Configuring a System That Has a Globally Routed IP Address

Firewall Filter Rules

Better, Faster

Also Read

LATEST COMMENTS

MC Press Online

Support MC Press Online

Book Reviews

Book Review: Extract, Transform, and Load with SSIS

Book Review: 21st Century RPG: /Free, ILE, and MVC

Book Review: Developing Business Applications for the Web--With HTML, CSS, JSP, PHP, ASP.NET, and JavaScript

Book Review: DB2 10.5 Fundamentals for LUW: Certification Study Guide (Exam 615)

Book Review: DB2 11 for z/OS Database Administration—Certification Study Guide

Book Review: Free-Format RPG IV, Third Edition