TSA Connectivity

TSA supports only outbound initiated internet connectivity to IBM. VPN, modem, and inbound connectivity are not supported.

Outbound connectivity without proxy server

The following diagram shows the default setup, where TSA connects to IBM without a proxy server.
Figure 1. Outbound connectivity without proxy server
Outbound connectivity without proxy server

In this setup, TSA connects through your internet connection by the default route.

For TSA to communicate successfully, your external firewall must allow outbound packets to flow freely on port 443. All transactions use the HTTPS protocol.

The use of Source Network Address Translation (SNAT) and masquerading rules to hide the TSA's source IP address are both acceptable. Ensure that your firewall allows connections to the IBM IP address and port in the table in Configuration requirements.

Outbound connectivity with your proxy server

The following diagram shows TSA connecting to IBM through a proxy server that is supplied by you. It is not the default setup, and you need to configure TSA to use your proxy.

Figure 2. Outbound connectivity with proxy server
Outbound connectivity without proxy server

To forward packets, the proxy server must support the basic proxy header functions (as described in RFC #2616) and the CONNECT method. Alternatively, you can also configure the basic proxy authentication (RFC #2617) so that TSA gets authenticated before it forwards the packets through your proxy server.

To configure TSA to use a proxy server, see Setting up IBM Connectivity.
Note: SSL inspection is not supported, if you are using it on the proxy, disable it for these flows.
For Blue Coat proxies, disable "protocol detection" to IBM servers. Add these configuration rules:
  • url.domain=esupport.ibm.com detect_protocol (none)
  • url.address=192.148.6.11 detect_protocol (none)
Note: It is recommended to use the DNS name esupport.ibm.com, rather than the IP address, in case this IP address changes in the future.