Under Construction
HMC without direct Internet Connection (with SSL proxy)
If an HMC does not have a direct Internet connection, which is probably the case in the majority of cases, call home can be implemented via an SSL proxy. An SSL proxy and the associated port number of the proxy must then be specified. If the proxy requires user authentication, the user to be used and the associated password must also be specified. Overall, there are the following attributes for the proxy configuration:
is_hmc_callhome_server
0 - disable this HMC as a call-home server
1 - enable this HMC as a call-home server
use_internet_conn
0 - do not use an existing Internet connection
1 - use an existing Internet connection
use_ssl_proxy
0 - use direct Internet connection
1 - use an SSL proxy
use_authentication
0 - no authentication with SSL proxy
1 - authenticate with SSL proxy
host - host name or IP address of SSL proxy
port - port number of SSL proxy
user - user name to use for authentication with SSL proxy
password - password to use for authentication with SSL proxy
protocol - internet protocol used by SSL proxy
ipv4 - IP
ipv6 - IPv6
ipv4,ipv6 - try IPv6 then IP
The configuration can be done again with the command “hmc chcallhome”. We first show an example without user authentication (use_authentication=0):
$ hmc chcallhome hmc02 is_hmc_callhome_server=1 \
use_internet_conn=1 use_ssl_proxy=1 use_authentication=0 \
host=192.168.199.10 port=3128 protocol=ipv4
Shared connection to hmc02 closed.
$
As with a direct Internet connection, the functionality can be tested directly with the “hmc testcallhome” command:
$ hmc testcallhome hmc02
Test beginning
Edge_Gateway_1:129.42.56.189:443(esupport.ibm.com)::Connected
Edge_Gateway_2:129.42.54.189:443(esupport.ibm.com)::Connected
Edge_Gateway_3:129.42.60.189:443(esupport.ibm.com)::Connected
Testing Completed
Shared connection to hmc02 closed.
$
The standard output of “hmc lscallhome” does not show detailed information about the SSL proxy configuration:
$ hmc lscallhome
CALLHOME INTERNET SSL
HMC STATE SERVER CONN PROXY PROTOCOL SERVER_NAMES
hmc01 Enabled 1 1 0 ipv4 hmc01
hmc02 Disabled 1 1 1 ipv4 hmc02
$
However, using the “-P” (proxy configuration) option, the details of the SSL proxy configuration can be displayed:
$ hmc lscallhome -P
CALLHOME SSL
HMC SERVER PROXY PROTOCOL AUTH HOST PORT USER
hmc01 1 0 ipv4 0 null null null
hmc02 1 1 ipv4 0 192.168.199.10 3128 null
$
If the SSL proxy requires authentication (use_authentication=1), then the user and password must also be specified. The user and/or password can be specified directly on the command line:
$ hmc chcallhome hmc02 is_hmc_callhome_server=1 \
use_internet_conn=1 use_ssl_proxy=1 use_authentication=1 \
host=192.168.199.11 port=3128 protocol=ipv4 \
user=proxyuser password=s3cr3t
Shared connection to hmc02 closed.
$
Alternatively, it is also possible to enter these interactively:
$ hmc chcallhome hmc02 is_hmc_callhome_server=1 \
use_internet_conn=1 use_ssl_proxy=1 use_authentication=1 \
host=192.168.199.11 port=3128 protocol=ipv4
Please enter SSLProxy Authentication UserName:
proxyuser
Please enter proxyuser's SSLProxy Authentication Password:
s3cr3t
Shared connection to hmc02 closed.
$
As before, the availability of the IBM support servers can be tested immediately:
$ hmc testcallhome hmc02
Test beginning
Edge_Gateway_1:129.42.56.189:443(esupport.ibm.com)::Connected
Edge_Gateway_2:129.42.54.189:443(esupport.ibm.com)::Connected
Edge_Gateway_3:129.42.60.189:443(esupport.ibm.com)::Connected
Testing Completed
Shared connection to hmc02 closed.
$
The SSL proxy configuration can be displayed at any time using “hmc lscallhome –P”:
$ hmc lscallhome -P
CALLHOME SSL
HMC SERVER PROXY PROTOCOL AUTH HOST PORT USER
hmc01 1 0 ipv4 0 null null null
hmc02 1 1 ipv4 1 192.168.199.11 3128 proxyuser
$
Note: The password is generally not displayed and cannot be queried.