Secure Sockets Layer (SSL) through the Internet
This connection makes use of an SSL TCP/IP socket that flows over the HMC's
default gateway to the Internet. In order for the HMC to successfully use the
Internet, the following items must be properly configured:
- The HMC must have a Local Area Network (LAN) adapter that is connected to a network with Internet access.
- The LAN adapter must be configured with a default gateway that provides access to the Internet.
- If a firewall is in place between the HMC and the Internet, it must allow outgoing TCP/IP connections
on port 443 from the HMC to each of the following IP addresses:
- 129.42.160.48 and 207.25.252.200 (IBM Electronic Service Agent)
- 129.42.160.49 and 207.25.252.204 (allow Hardware Management Console access to IBM Service for North or South America)
- 129.42.160.50 and 207.25.252.205 (allow Hardware Management Console access to IBM Service for all other regions)
Note: You only need to specify the IP addresses necessary to setup access to IBM Electronic Service Agent and
those appropriate for your region.
You may be able to connect indirectly to the Internet using an SSL proxy, which
can forward requests to the Internet. One of the other potential advantages of
using an SSL proxy is that the proxy may support logging and audit facilities.
To forward SSL sockets, the proxy server must support the basic proxy header
functions (as described in RFC 2616) and the CONNECT method. Optionally, basic
proxy authentication (RFC 2617) may be configured so that the HMC authenticates
before attempting to forward sockets through the proxy server.