Deciding which connectivity method to use for the call-home server

Learn more about the connectivity options you have when you use the call-home server.

You can configure the HMC to send hardware service-related information to IBM by using a LAN-based Internet connection, or a dial-up connection over a modem.

Note: Internet virtual private network (VPN) and dial-up connection types are available only on HMC version 8.2.0 or earlier.
You have two communication choices when you configure the LAN-based Internet connection. The first choice is to use standard Secure Sockets Layer (SSL). The SSL communication can be enabled to connect to the Internet through your proxy server. SSL connectivity is more likely to be compliant with corporate security guidelines. Your second option is to use a VPN connection.
Note: If your open network interface connection uses only Internet Protocol Version 6 (IPv6), you cannot use Internet VPN to connect to support. For more information about the protocols that are used, see Choosing an Internet Protocol.
The advantages to using an Internet connection can include:
  • Faster transmission speed
  • Reduced customer expense (for example, the cost of a dedicated analog telephone line)
  • Greater reliability
The following security characteristics are in effect, regardless of the connectivity method chosen:
  • Remote Support Facility requests are always initiated from the HMC to IBM®. An inbound connection is never initiated from the IBM Service Support System.
  • All data that is transferred between the HMC and the IBM Service Support System are encrypted by using a high-grade encryption. Depending upon the connectivity method that is chosen, it is encrypted by using either SSL or IPSec Encapsulating Security Payload (ESP).
  • When you initialize the encrypted connection, the HMC authenticates the target destination as that of the IBM Service Support System.

Data sent to the IBM Service Support System consists solely of information about hardware problems and configuration. No application or customer data is transmitted to IBM.

Using an indirect Internet connection with a proxy server

If your installation requires the HMC to be on a private network, you might be able to connect indirectly to the Internet by using an SSL proxy, which can forward requests to the Internet. One of the other potential advantages of using an SSL proxy is that the proxy can support logging and audit facilities.

To forward SSL sockets, the proxy server must support the basic proxy header functions (as described in RFC 2616) and the CONNECT method. Optionally, basic proxy authentication (RFC 2617) can be configured so that the HMC authenticates before attempting to forward sockets through the proxy server.

indirect Internet connection with a proxy server

For the HMC to communicate successfully, the client's proxy server must allow connections to port 443. You can configure your proxy server to limit the specific IP addresses to which the HMC can connect. See Internet SSL address lists for a list of IP addresses.

Using a direct Internet SSL connection

If your HMC can be connected to the Internet, and the external firewall can be set up to allow established TCP packets to flow outbound to the destinations described in Internet SSL address lists, you can use a direct Internet connection.

direct Internet SSL connection

Parent topic: HMC network connections


Last updated: Mon, April 13, 2020