Connectivity security for Service Advisor

This section describes data that is exchanged between the advanced management module and the IBM Service Center and the method for this exchange. This is limited to the configuration and use of Call Home (Service Advisor) on the advanced management module for automatic error reporting.

The advanced management module can be configured to send service information data back to IBM. By default the call home function is disabled. Service Advisor requires a set of parameters and contact information to enable the call home function.

Service Advisor only connects to IBM when it is enabled for reporting problems and a problem is encountered. The data is transmitted in a service data capture file that includes inventory and status information. To save and view a service data capture file, see AMM Service Data.

The service data capture file is a .tgz (GZipped Tar Archive) file which you can unbundle using common utilities. The categories of data collected remains the same, while the following details of the data can vary:
  • Firmware versions can change.
  • Installed components can change.
  • Once the logs reach capacity, older information is overwritten by more recent events.
  • Exact format and content of the reportable data captured can change.
Note: None of the information or debug data sent to IBM contains client data from the blade servers or I/O modules.

When Service Advisor is enabled, the advanced management module uses a client-provided internet connection to connect to IBM Support. All the communications are handled through TCP sockets, which always originate from the advanced management module, and use SSL to encrypt the data that is being sent back and forth. The advanced management module can be enabled to connect to the Internet through a client-configured proxy server.

The following diagram shows the advanced management module connecting to IBM without a proxy server.

Graphic illustrating network connection of advanced management module to internet without a proxy server.

In this setup, the advanced management module connects through the client-provided Internet connection by the default route. For the advanced management module to communicate successfully, your external firewall must allow established TCP packets to flow freely on port 443 (HTTPS).

The following diagram shows the advanced management module connecting to IBM using a client-provided proxy server.

Graphic illustrating network connection of advanced management module to internet with a proxy server.

To forward SSL sockets, the proxy server must support the basic proxy header functions (as described in RFC 2616, Hypertext Transfer Protocol 1.1; see http://www.ietf.org/rfc/rfc2616.txt) and the connect method. Basic proxy authentication (RFC 2617, HTTP Authentication: Basic and Digest Access Authentication; see http://www.ietf.org/rfc/rfc2617.txt) can be configured so that the advanced management module authenticates before attempting to forward sockets through the proxy server.

For the advanced management module to communicate successfully, the client's proxy server must allow connections to port 443 and port 80. The proxy server can also limit the specific IP addresses to which the advanced management module can connect.

When the advanced management module with Service Advisor enabled detects a problem for itself or one of the BladeCenter components, a problem report will be called home to IBM. All the information in that report will be temporarily stored. Once the transmission is complete, the advanced management module will no longer provide status information for the opened call. IBM Support will contact you to perform additional problem determination and find a solution. Support Engineers that are actively working on a problem can offload the data for debugging purposes and then delete it when finished.

Ensure that you have addressed the issue of firewall access if you plan to use the Service Advisor feature.

If you plan to enable Service Advisor, you must ensure that your firewall is configured to allow outbound traffic on ports 80 and 443. See Table 1 for a list of the URLs, IP addresses, and ports, that Service Advisor uses to transmit AMM service data to IBM.

Table 1. URLs and ports used by Service Advisor
Host name IP address Port Description
eccgw01.boulder.ibm.com 207.25.252.197 443 Electronic Customer Care (ECC) transaction gateway
eccgw02.rochester.ibm.com 129.42.160.51 443 ECC transaction gateway
www.ecurep.ibm.com 192.109.81.20 443 File upload for status reporting and problem reporting
www6.software.ibm.com 170.225.15.41 443 File upload for status reporting and problem reporting. Proxy to testcase.boulder.ibm.com
www-945.ibm.com 129.42.26.224 443 Problem reporting server v4
129.42.34.224 443 Problem reporting server v4
129.42.42.224 443 Problem reporting server v4
www.ibm.com 129.42.56.216 80, 443 Service provider file (CCF) download
129.42.58.216 80, 443 Service provider file (CCF) download
129.42.60.216 80, 443 Service provider file (CCF) download
www-03.ibm.com 204.146.30.17 80, 443 Service provider file (CCF) download