News
Abstract
IBM Fix Central has implemented a secure FTP function to download PTF images from the Fix Central FTP site. This new function allows customers to use the FTP server in a secure fashion. The unsecure FTP method of downloading PTF images is no longer available.
Content
The Fix Central team and the IBM i iGSC have updated one the ways that PTF orders are obtained from the Fix Central FTP site. This site is now using a secure FTP option for IBM i customers to download PTF images. This method is only used when the Download virtual images using FTP option is selected as the download option after ordering PTFs:
After you have selected this option, you will receive emails with the order number, the FTP command, the user ID and the password, which you must use in order to download the order from the FTP site. The previous FTP method of using “ANONYMOUS” as your user ID to sign onto the FTP server has been eliminated and is no longer available. The new function requires you to sign in using a special user ID and password which will be provided in the emails, in order to download PTFs that were ordered in the above fashion. In addition to using this user ID and password, you will be required to have set up secure FTP on your IBM i system.
Important information:
When you use this method of sending your IBM i PTFs to the FTP server as your delivery method, you will receive the 3 emails. The first email will still essentially be the one that says that your order has been received. The second and third emails will contain the information that will be needed such as your user ID, Password and information for you to use to download these PTFs from the server.
You will need to set up your IBM i system as the client to which Secure FTP (SFTP) or FTP/SSL (FTPS) will be used to download PTFs. To setup FTPS, you will need to understand and use Digital Certificate Manager (DCM), creating a Digital Certificate Store which holds your certificates and setting up the IBM i as the secure client to which the PTFs will be downloaded. Below are links to documents which may be of help in answering questions you might have.
The following tools are for setting up FTPS:
The following document includes steps to download the required Fix Central Server certificates and then to configure the IBM i FTP client to use SSL: SSL/TLS FTP Client Configuration for Fix Central Secured FTP Downloads (FTPS) https://www.ibm.com/support/pages/node/6475697
The following document includes steps and answers to questions on the use of DCM: Digital Certificate Manager (DCM) - Frequently Asked Questions and Common Tasks
The following tools are for setting up SFTP:
NOTE: These tools are as-is tools and are not supported by the IBM i iGSC. If you are downloading the PTFs to a PC and a Proxy Server is in place, the IBM i support teams do not support this. You need to contact your Firewall or Security teams for the answers to your questions.
This link takes you to a document with steps for setting up SFTP using the PuTTY tool: Instructions for setting up SFTP for use in downloading PTFs from Fix Central to the IBM i.
- IBM bulk FTPS method for Fix Central is referenced by 2 hostnames: delivery01-bld.dhe.ibm.com and delivery01-mul.dhe.ibm.com. When using FTPS, the initial communication is over port 21 using SSL/TLS encryption. Then the data command like "dir" or for each "get" operation on a per file basis an outgoing "TCP" communication using a port between 65024 thru 65535 is opened.
- When using the SFTP method, the communication requires port 22 to the 2 hostnames: delivery01-bld.dhe.ibm.com and delivery01-mul.dhe.ibm.com .
- If a firewall is being used: the above listed ports must be opened for the two hostnames: delivery01-bld.dhe.ibm.com and delivery01-mul.dhe.ibm.com. It is recommended to use the hostnames but if actual IP addresses must be used then the ports need to be opened for the following IP addresses:
170.225.126.67 used to access delivery01-bld.dhe.ibm.com
129.35.224.102 (170.225.119.157 after 10/20/23) used to access delivery01-mul.dhe.ibm.com
129.35.224.101 (170.225.119.156 after 10/20/23) used to access delivery01-bld.dhe.ibm.com in case of failover from BLD to MUL
170.225.126.68 used to access delivery01-mul.dhe.ibm.com in case of failover from MUL to BLD - Note: IP address changes occurring on 10/20/23 are documented here: 'Preparing customer firewalls and proxies for the upcoming infrastructure changes on IBM Electronic Fix Distribution / IBM Fix Central system', https://www.ibm.com/support/pages/node/7030591
- Additional questions may be answered in the documentation under the section titled: What does my firewall team need to know?
Note: The following example uses FileZilla as the FTP client. This is a freeware product not supported by IBM. Use an FTP client of your choice. If you are downloading the PTFs to a PC and a Proxy Server is in place, the IBM i support teams do not support this. You need to contact your Firewall or Security teams for the answers to your questions.
INFORMATION YOU WILL NEED TO RETRIEVE YOUR ORDER
FTP Server --> delivery01-bld.dhe.ibm.com
Transfer type --> ascii/binary
Directory on server --> 12304423/C
Files to get --> ftpSI76515.txt
--> ilstSI76515.txt
--> sha256.txt
--> SI76515_1.bin
So now on the FileZilla screen: enter the FTP server in the space for the Host, the username provided in the second email, password provided in the third email and specify port 22 (21 and 990 may also work). Then click quick connect and you should end up with the following screen:
Related Information
Was this topic helpful?
Document Information
Modified date:
04 October 2023
UID
ibm11077897