Setting up IBM i to connect to service and support

Learn about all the steps you need to perform for setting up connectivity to service and support from systems that have IBM® i installed.

1. Decide on your connectivity method.
   Use one of the following methods (listed in the recommended order):

   • A direct Internet connection from each logical partition or server
   • A shared direct Internet connection through another IBM i logical partition or server that is using an L2TP multi-hop connection

   Note: For IBM i, each of the specified connectivity options allows you to additionally configure connectivity through an HTTP proxy. You also can configure a primary and backup method.
2. Check the following prerequisites.
   1. For direct Internet connections, contact the network administrator to verify that the following ports are open for communication:
      For HTTP and HTTPS connections, TCP ports 80 and 443 with IBM service destination IP addresses. For more details about IBM service destination IP address and port requirements, see IP packet filter firewall.

      Note: Additionally, after you successfully perform step 12, a file is created that lists the IBM service destination IP addresses and ports.
   2. For direct Internet connections, contact the network administrator to verify that the necessary ports are open for communication.
   3. Ensure that TCP/IP is set up and configured correctly. If not, contact the network administrator and consult your operating system documentation.
3. Ensure that your physical networking is set up correctly.
   Verify the physical connection from your site to service and support. This connection enables you to report hardware problems and other server information to service and support. It also enables you to install updates.
4. Obtain or verify an IBM ID.
   You need an IBM ID to register your server with the IBM Electronic Service Agent application on the management console and with the Electronic Service Agent application on your operating system or operating systems. You also need this ID to view information that has been reported to IBM through the Electronic Service Agent application.
   1. Go to the My IBM Profile website.
   2. Verify that you are registered.
      • If you are registered, Welcome back is displayed on the website. Or, you can select Sign in and see if your email address is recognized.
      • If you are not registered, select Register and fill out the registration form. Create an IBM ID for each of the people you want to have access to the information that Electronic Service Agent reports to IBM. You must associate these accounts with a server, usually your central server. (You can add other servers later.) The people for whom you create IDs must have system administrator authority on all registered servers.
   3. Record your IBM ID (the email address that you registered).
5. Install the operating systems on your server.
   Refer to your operating system installation instructions.
6. Configure your TCP/IP network.
   For instructions, see operating system documentation.
7. Activate TCP/IP on your server or logical partitions.
   TCP/IP starts automatically when the IBM i operating system is started and when the network adapter is recognized and can communicate with the network. If this does not occur, type STRTCP at an IBM i command line to start TCP/IP.

   This command initializes and activates TCP/IP processing, starts the TCP/IP interfaces, and starts the server jobs. Only TCP/IP interfaces and servers with the Autostart Servers (AUTOSTART) command set to *YES are started with the STRTCP command.

8. Configure Electronic Service Agent for IBM i.
   1. Ensure that the following software is installed, using the Display Software Resources (DSPSFWRSC) command to confirm.
      Note: Electronic Service Agent and the following software is included with the IBM i operating system.

      For IBM i 7.1, or later:

      • 5733SC1: *BASE (IBM Portable Utilities for i)
      • 5733SC1: Option 1 (OpenSSH, OpenSSL, and zlib)
      • 5770JV1: Option 16 (Java™ SE 8 32-bit)
      • 5770SS1: Option 3 (Extended Base Directory Support)
      • 5770SS1: Option 34 (Digital Certificate Manager)
      • 5770SS1: Option 33 (Portable Application Solutions Environment)
      • 5770UME: *BASE (IBM Universal Manageability Enablement for i)
   2. At the command line, type GO SERVICE.
      One of the following situations occurs:

      • If connectivity was set up previously, type 18 to get to the configuration menu where you can create, change, delete, or verify that connectivity works. If you want to change the settings, continue with step 8.d.
      • If connectivity has never been set up on this logical partition or server, the system will try to ping one of the IBM gateways. If this is successful, the interface will prompt for configuring a direct Internet connection. If this is successful, the default settings for a direct Internet connection are shown. If you want to verify or change these default settings, continue with step 8.d.
        Note: In some environments, the pinging of the IBM gateway does not work because the firewall might be blocking the packets. However, you should still verify with the network administrator that the criteria is met to set up a direct Internet connection. For details, see step 2.
   3. Set the Retain Server Security (QRETSVRSEC) system value to 1. This allows the IBM i platform to store and exchange information that is necessary to set up the communications.
   4. Choose from the following options:
      • To set up a direct Internet connection from each IBM i server, see step 9.
      • To set up a shared direct Internet connection, see step 10.
9. Set up a direct Internet connection from each IBM i system
   To set up a direct Internet connection from each IBM i server or logical partition, perform the following steps:
   1. Specify the following information from each logical partition using the Create Service Configuration (CRTSRVCFG) command:
      • Role: *PRIMARY
      • Connection type: *DIRECT
      • Connectivity for others: Connection Point: *NO
      • Proxy server: If you want to configure additional connectivity through an HTTP proxy server, enter the following information:
        • IP address or host name: Enter the host name or IP address of the HTTP proxy server.
        • Port number: Enter the port number of the HTTP proxy server.
        • Relative priority: Enter whether the HTTP proxy server connection should be attempted before or after the direct Internet connection.
          Note: The default value is *TRYAFTER, but you can also enter *TRYBEFORE.
        • Authentication: Enter an user ID and password to use when authenticating to the HTTP proxy server (optional).

      Note: For additional details about using Electronic Service Agent, perform the following steps:

      1. Go to the IBM i Documentation website and select the version of the IBM i operating system that you have on your system.
      2. Expand Service and support > Electronic Service Agent in the table of contents.
   2. Continue with step 11.
10. Set up a shared direct Internet connection

    To set up a shared direct Internet connection, review the example and then perform the following steps:

    In this example, you configure the following options:

    • A direct Internet connection from the IBM i server that has connectivity to the Internet.
    • Then you enable the other IBM i server to connect to the server that has connectivity to the Internet.

    
    1. Specify the following information from the IBM i server or logical partition that has Internet connectivity in the CRTSRVCFG prompts:
       • Role: *PRIMARY
       • Connection type: *DIRECT
       • Connectivity for others:
         • Connection point: *YES. This configures VPN connection profiles and a service and support HTTP proxy server on this system, and allows other logical partitions or systems to use them when connecting to service and support.
           Note: Service configurations must be created on the remote systems or logical partitions that will be using this connection point.
         • Interfaces: *ALL. This enables all available interfaces to be used for accepting a connection to service and support. Otherwise, you can enter a list of the interfaces through which you will accept connections to service and support.
           Note: The service and support proxy starts automatically after the CRTSRVCFG command completes, and it also starts automatically when the system performs an initial program load (IPL). The service and support proxy can also be started or ended manually by using the STRTCPSVR *SRVSPTPRX and ENDTCPSVR *SRVSPTPRX commands.
         • L2TP profile name: Use the *GEN default value to generate the L2TP profile names automatically.
         • Port number: Enter the port number on which the service and support proxy will listen for inbound connections. Port 5026 is the default.
         • Authentication: Enter an user ID and password that the service and support proxy will use to authenticate inbound connections (optional).
    2. Specify the following information from each of the other IBM i servers or logical partitions in the CRTSRVCFG prompts:
       • Connection type: *MULTIHOP
       • Remote system: Enter the host name or IP address of the logical partition that has the Internet connectivity.
         Note: A multi-hop VPN connection from an IBM i system or logical partition using the IP address of the HMC is not supported. The only connectivity option for an IBM i logical partition to the HMC is to use a remote Point-to-Point (PTP) configuration.
       • Proxy server: Enter the information about the service and support proxy (or your own HTTP proxy) with the following information:
         • IP address or host name: Enter the host name or IP address of the logical partition that has Internet connectivity (or if you have your own HTTP proxy, you can specify that instead).
         • Port number: Enter the port number of the service and support proxy or your own HTTP proxy. The default of *IBMSVR is 5026 (the default for the service and support proxy).
         • Relative priority: Enter whether the HTTP proxy server connection should be attempted before or after the multi-hop VPN connection.
         • Authentication: Enter an user ID and password to use when authenticating to the HTTP proxy server (optional).
       • Connectivity for others: Connection point: *NO
    3. Verify that interpartition communication is set up. Ping the host or IP address of the logical partition that has Internet connectivity from the logical partition that needs to use the Internet connection.
       Note: For details about using Electronic Service Agent, from the IBM i Documentation website, expand Service and support > Electronic Service Agent.
    4. Continue with step 11.
11. Authorize users to access service information.
    To enable the users to access service information, register the IBM ID with the Electronic Service Agent for IBM i by following these steps:
    1. At the IBM i command line, type GO SERVICE.
    2. From the Electronic Service Agent menu, select Authorize users to access service information and press Enter.
    3. Type your IBM ID (Internet address that you registered with the My IBM Profile) website in the Authorize users field and press Enter.
12. Test the connection to service and support.
    1. To test the Electronic Service Agent connection, enter the following command at the command line:

       GO SERVICE

    2. From the Electronic Service Agent menu, select option 17 (Verify Service Configuration), and press Enter.
       A message is displayed that indicates whether the test connection was successful.
    3. To test the electronic customer support connection profile, enter the following command:

       SNDSRVRQS *TEST

       A message is displayed that indicates whether the test connection is successful. In addition, if you have the following fixes applied, the file /QIBM/UserData/OS400/UniversalConnection/serviceProviderIBMLocationDefinition.txt is created, which contains a list of the IBM service destination IP addresses and ports.
13. View the server information that was reported to IBM.
    You can use the Internet to view details of the system that you enabled, and see the data collected by Electronic Service Agent. To use the advanced features and receive the full benefits of Electronic Service Agent, you must enter an IBM registration ID (IBM ID). The first IBM ID entered will have administrator authority and is able to authorize additional users on the website. The second IBM ID is available as a backup for the Administrator.
    1. Go to the IBM Electronic Services website.
    2. Click Sign in (in the upper-right corner).
    3. Type the IBM ID and password.
    4. Choose the following options from the navigation bar:
       • To view your server information, click My systems.
       • To search technical support by using your server information to improve the search results, click Premium Search.
         Note: In some cases, the Premium Search feature is available only while your server is under warranty or afterward through a service contract.
       • To view information related to your servers and interests, click My messages.
    5. Enter the requested information.
14. Configure the management console to contact service and support

    If a management console is available, configure the management console to contact service and support. See Configuring the HMC so that it can contact service and support.