Configuring data-retrieval connections to the local system and managed secondary systems

 

Any time iSeries™ Navigator tasks on the Web retrieves data from i5/OS®, either on the local System i™ model or any managed secondary systems, the IBM® Toolbox for Java™ is used to create a socket connection for data retrieval.

iSeries Navigator tasks on the Web works with the IBM Toolbox for Java to establish connections for communicating between i5/OS and the iSeries Navigator tasks on the Web interface. These connections are used to access data on the local System i model, as well as any managed secondary systems. If the local system running the iSeries Navigator tasks on the Web interface is not behind a firewall, or if any managed secondary systems you want to access are not behind a firewall, you should configure and use SSL for your IBM Toolbox for Java connections to establish a secure socket connection. Also, ensure that iSeries Navigator Tasks on the Web is configured with the desired behavior for creating and using SSL or non-secure IBM Toolbox for Java connections.

 

Configure how iSeries Navigator tasks on the Web uses SSL connections with the IBM Toolbox for Java

iSeries Navigator tasks on the Web gives you the ability to require SSL connections for communicating between the iSeries Navigator tasks on the Web interface and i5/OS, to attempt to use SSL if possible, to not use SSL, and to warn users if SSL is not used. The configuration of your network will determine which setting is right for you. These connections are only used to send data between the iSeries Navigator tasks on the Web application and i5/OS on the local and any managed secondary systems. If your local System i model and any managed secondary System i models are behind a firewall, you may choose to not use SSL connections. If you are in a mixed environment with some managed secondary systems behind a firewall and some not, you may want to attempt SSL connections if possible.

If you want iSeries Navigator tasks on the Web to do something other than always attempt to make SSL connections and warn users if SSL connections are not used, you need to modify the iSeries Navigator task configuration. From http://hostA:2001/webnav/WnServlet?task=home, the iSeries Navigator tasks on the Web home page, click the iSeries Navigator Tasks Configuration page link and select the desired SSL settings.

You can also directly go to http://hostA:2001/webnav/WnServlet?task=config to modify the iSeries Navigator task configuration.

Use the following values to change how SSL is used:

Warning:

This is the default setting. When SSL usage for backend system connection is set to Warning, iSeries Navigator tasks on the Web uses the Java Toolbox to establish a secure socket connection. If a secure connection is established, no warning message displays. If a secure connection cannot be made, a warning message will appear for several seconds, but it will still allow the user to connect. This setting will display one warning per session per managed system that a user connects to. A user must log out and log back in to see the warning message again.

Required:

When SSL usage for backend system connection is set to Required, iSeries Navigator tasks on the Web uses the Java Toolbox to establish a secure socket connection. If a secure connection is established, no warning message displays. If a secure connection cannot be made, an error message will appear and the connection will be denied. The user will not be allowed to continue with the requested task.

Attempt:

When SSL usage for backend system connection is set to Attempt, no warning message will be displayed, but iSeries Navigator tasks on the Web will still attempt to establish a secure socket connection using the IBM Toolbox for Java. If a secure connection cannot be established, a non-secure connection will be made.

Not used:

When SSL usage for backend system connection is set to Not used, a secure connection is not used and iSeries Navigator tasks on the Web will not attempt to establish a secure socket connection using the IBM Toolbox for Java. A non-secure connection will be made.

If you make changes to the configuration page, you need to end and restart the integrated Web application server in order for your changes to take effect.

The integrated Web application server is controlled by the HTTP Administration Server. You can stop and then restart the HTTP Administration Server by performing the following steps from iSeries Navigator:

  1. In iSeries Navigator, expand My Connections and expand your system.

  2. Expand Network > Servers > TCP/IP and right-click HTTP Administration.

  3. Click Stop.

  4. Wait for the status of the HTTP Administration Server in the TCP/IP Servers list to change to Stopped. You may need to click Refresh one or more times to show the changed status.

  5. In iSeries Navigator, right-click HTTP Administration.

  6. Click Start to restart the HTTP Administration Server.

  7. Open the Web browser, and confirm that the Administration instance is running by visiting http://hostA:2001, where hostA is the name of your system.

You can also use the CL command ENDTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN) to stop the HTTP Administration Server and the CL command STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN) to restart it.

 

Parent topic:

Configuring security for iSeries Navigator tasks on the Web
Related tasks
Configure the JavaToolbox to establish a secure socket connection