IBM Support

Enhanced Customer Data Repository (ECuRep) - Send data (FTP)

General Page

Upload data by using FTP protocol.

FTP is the protocol of choice to send data over the Internet. A wide range of command line and GUI clients are available. Most operating systems install an FTP client by default.

Note regarding file names: name the files by using your Case number so it attaches to the Case.  Example: TS000599999.mustgather.zip

All secure FTP servers enforce authentication. An IBM Support File Transfer ID is required to use these servers.

FTPS instructions (FTP over TLS)

FTP is the protocol of choice to send data over the Internet. A wide range of command line and GUI clients are available. Most operating systems install an FTP client by default. ECuRep does support FTPS (explicit) to meet legal requirements. Transfers should always use "binary" mode to make sure that file integrity is kept and "passive" mode (port range 65024 - 65535) to avoid connection issues. 

In order to use TLS encryption, your FTP client must support TLS encryption and your firewall must be transparent for secure FTP. The data port range 65024 - 65535 needs to be opened at your firewall.

Note regarding file names: name the files by using your Case number so it attaches to the Case.  Example: TS000599999.mustgather.zip

Addresses

Note: Use the server closest to your physical location.

Americas
testcase.boulder.ibm.com
(170.225.126.22)
Asia Pacific
ftps.ap.ecurep.ibm.com
(169.56.38.162)
 
Europe
ftps.ecurep.ibm.com
(192.109.81.10)

Notice, that testcase.boulder.ibm.com leverages RFC4217 DRAFT level, ftps.ecurep.ibm.com and ftps.ap.ecurep.ibm.com leverages full RFC4217 level, which differs in sub commands AUTH and CCC) For z/OS FTPS implementation, refer to information in our Help - FTP section.

Information about the encryption use can be found in the "Encryption" tab.

If the upload to one of the servers is failing, try uploading to another server. 

Call Home processes are using esupport.ibm.com as upload target. This cluster is used as proxy to limit the number of firewall changes required. 

Active versus passive transfer mode

The FTP protocol supports two transfer modes: active and passive. The ECuRep plain FTP server is supporting active and passive FTP(S). All other servers are supporting passive FTPS only. The active mode is the default for many FTP clients but we strongly recommend applying the passive mode. If you encounter problems after logging on to the ECuRep's FTP server by using the default active mode, try to switch to the passive mode. Passive mode might be needed because most corporate firewall policies allow the use of the passive mode only. If your client does not support the passive mode, use another client. If you are in doubt, try a ls command right after login. If nothing is returned and a timeout occurs, application of passive FTP is required. All FTP(S) upload servers are using the TCP port range 65024 - 65535 for data connections.

ASCII versus binary transfer mode

One of the least-understood aspects of FTP transfers is the difference between ASCII and binary mode data transfers. ASCII stands for American Standard Code for Information Interchange, and is a type of character encoding based on the English language used on devices that handle information stored in text. It includes 33 non-printed control characters and 94 printed characters such as letters and punctuation.

When files are transferred in ASCII mode, the transferred data is considered to contain only ASCII formatted text. The party that is receiving the transferred data is responsible for translating the format of the received text to one that is compatible with their operating system. The most common example of how the translation is applied pertains to the way Windows and UNIX handle newlines. On a Windows computer, pressing the "enter" key inserts two characters in an ASCII text document - a carriage return (which places the cursor at the beginning of the line) and a line feed (which places the cursor on the line under the current one). On UNIX systems, only a line feed is used. ASCII text formatted for use on UNIX systems does not display properly when viewed on a Windows system and vice versa.

Binary mode refers to transferring files as a binary stream of data. Where ASCII mode might use special control characters to format data, binary mode transmits the raw bytes of the file being transferred. In binary mode, the file is transferred in its exact original form.
On our FTP server transfers must be done in binary mode.

Upload (toibm) directories

On each server, there are different upload directories organized in two levels. To upload data you need to change to "toibm", choose the sub directory matching your product best like "websphere" and change to that directory. Data uploads are only possible in these directories. Uploads to the first level "toibm" are not possible. The upload directories have 'write only' permissions, which means that they cannot be listed. Some graphical clients do not allow changing to these directories but you can still drag & drop data to the directory. 

Examples

SFTP instructions (secure)

Secure FTP over SSH is based on the Secure Shell protocol. In contrast to standard FTP, only one port is used for session handling and data transfer. Therefore, the implementation is firewall-friendly.

In general, the directory structure of the SFTP server is the same as on the standard FTP server except that only the toibm directory is available.

Authentication using IBM Support File Transfer ID is required.

Note regarding file names: name the files by using your Case number so it attaches to the Case.  Example: TS000599999.mustgather.zip

Address

Note: Use the server closest to your physical location.

Americas
testcase.boulder.ibm.com
(170.225.126.22) 
Asia
sftp.ap.ecurep.ibm.com
(169.56.38.162)
Europe
sftp.ecurep.ibm.com
(192.109.81.25)
Information about the encryption use can be found in the "Encryption" tab.

If you have problems configuring secure FTP on your system, contact your local support or the provider of your FTP client. Secure Copy is not supported.

 

Related links

FTP example

The following is an example of performing an anonymous FTP upload of a file to IBM Enhanced Customer Data Repository by using a line mode FTP client. You can use any FTP client.

Command and Response Description
C:\> ftp ftp.ecurep.ibm.com The customer enters the FTP command to invoke the FTP client and begin an FTP session with Testcase Data Exchange.
Connected to ftp.ecurep.ibm.com. 220-FTPD1 IBM FTP CS V1R5 at MCEFTP, 17:14:35 on 2005-06-22.
220-Welcome to the IBM Centralized Customer Data Repository (ECuRep)
The customer receives verification that the session was established and that the Testcase Data Exchange FTP server is ready
User (ftp.ecurep.ibm.com:(none)): anonymous The customer is prompted for their user name. They can enter the keyword anonymous indicating that this is an anonymous FTP session.
331 Send email address as password please. The FTP server responds that anonymous access is permitted and prompts the customer to enter any text as a password.
Password: test@anyone The customer can enter any text as a password. In this case, the customer entered the password test@anyone.
230-Here you can deliver/get support material to/from IBM.
230-Directories for:
230- deliver  use command 'cd toibm'
230- get      use command 'cd fromibm'.
The FTP server responds that the login was successful.
ftp> cd toibm/windows The customer should then change to the directory where they upload the file by using the cd FTP subcommand. You need to inform the customer of the directory to use here.
250 HFS directory /toibm/windows is the current working directory. The FTP server responds that the change (working) directory command was successful.
ftp> binary
200 Type set to I.
ftp> put your_data_at_the_workstation 12345.123.724.DUMP.ZIP
The customer can then upload the file by using the put FTP subcommand. In this case, the customer is uploading a file called your_data_at_the_workstation. Depending on your requirements, you might want them to upload the file in binary format by first specifying the binary subcommand.
200 PORT command successful.
150 Opening binary mode connection for your_data_at_the_workstation
226 Transfer complete.
The FTP server responds that the connection started and also responds when the upload is complete. Upload times vary depending on network connection speed and file size.
ftp> quit The customer then terminates the FTP session by using the quit subcommand.

FTPS example (AIX command prompt)

$ ftp -s ftps.ecurep.ibm.com
Connected to ftps.ecurep.ibm.com.
220-Welcome to the IBM Enhanced Customer Data Repository (ECuRep)
220-
220-Before using this service refer to the terms of use for exchanging diagnostic
220-Data with IBM (see https://www.ibm.com/support/pages/node/739407)!
220-
220-For Documentation and FAQ, see the ECuRep home page
220-https://www.ibm.com/support/pages/node/739631
220-
220-   LOGIN
220-     user     : [transfer id]
220-     password: [password_of_transferid]
220-
220-Please report questions to: [email protected]
220-Connection closed after 15 minutes idle
220 FTPS server ftps.ecurep.ibm.com ready
234 AUTH TLS successful
TLS Auth Entered.
TLS handshake succeeded, though Server signed it's own cert!
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:a1:10:d8:f6:0d:30:6e:6c:ad:10:7b:66:ae:61:93
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1
        Validity
            Not Before: Jan 25 00:00:00 2018 GMT
            Not After : Jan 25 12:00:00 2020 GMT
        Subject: businessCategory=Private Organization/jurisdictionC=DE/jurisdictionST=Baden-W\xC3\xBCrttemberg/jurisdictionL=Stuttgart/serialNumber=HRB 14562, C=DE, ST=Baden-W\xC3\xBCrttemberg, L=Ehningen, O=IBM Deutschland GmbH, CN=ftps.ecurep.ibm.com
TLSv1/SSLv3 ( ECDHE-RSA-AES256-GCM-SHA384 ), 256 bits
Name (ftps.ecurep.ibm.com:(none): E-ABCD12345f
331 Password required for E-ABCD12345f
Password:
230-Here you can deliver/get support material to/from IBM.
230-Directories for:
230- deliver  use command 'cd toibm'
230- get      use command 'cd fromibm'
230-Please use command 'bin' prior transfer. See special instructions
230-displayed when changing to the sub directory.
230-Working directory is "/".
230-You are logged in as E-ABCD12345f
230 User E-ABCD12345f logged in
ftp> passiv
Passive mode on.
ftp> cd toibm
250-Read toibm/0-README.txt for information.
250 CWD command successful
ftp> cd aix
250 CWD command successful
ftp> bin
200 Representation type is Image
ftp> put boot.ini TS000599999.test.nixx

227 Entering Passive Mode (192,109,81,10,255,223).
150 Opening BINARY mode data connection for boot.ini
TLSv1/SSLv3 ( ECDHE-RSA-AES256-GCM-SHA384 ), 256 bits
netout: write returned 0?
226 Transfer complete
ftp> bye

221 Goodbye.
$

FTPS and firewalls

When Secure FTP (FTPS) is used, it is possible that you get problems with your firewall. This is due to the nature of the protocol and the different types of firewalls.

FTP uses two connections between the FTP client and FTP server. The control connection is used to exchange FTP commands and control information, and the data connection is used to transmit the files and for output of commands.

The control connection is established when an FTP client connects an FTP server. If data has to be transferred, the data connection is set up dynamically. There are no fixed TCP ports, which are used for this connection. The FTP server tells the client the TCP port to be used within the control connection. The port changes for every data transmission. Modern firewalls read the port information exchanged within the control connection and dynamically create rules to allow the data transfer.

While FTPS is in use, the control and data connection is encrypted. A firewall can no longer read the content of the control connection and dynamic rule creation for the data connections is no longer possible.

There are also some firewalls, which run more or less intensive checks on the traffic within the control connections. They drop the connection if they detect traffic, which is not mentioned in the FTP protocol definition. Those checks must fail with encrypted connections.

In case of problems read our help page.

FTPS example

EZA1736I FTP -a tls -n -v -p TCPIP (EXIT
EZY2640I Using dd:SYSFTPD=TCPIP.IVN.TCPPARMS(FTPCDATS) for local site configuration parameters.
EZYFT26I Using 7-bit conversion derived from 'ISO8859-1' and 'IBM-1047' for the control connection.
EZYFT32I Using the same translate tables for the control and data connections.
EZA1450I IBM FTP CS V1R4
EZA2807I Executing under single stack configuration. Specified TCPIP name TCPIP ignored.
EZA1772I FTP: EXIT has been set.
EZA1456I Connect to ?
EZA1736I 192.109.81.7
EZYFT18I Using catalog '/usr/lib/nls/msg/C/ftpdmsg.cat' for FTP messages.
EZA1554I Connecting to: 192.109.81.7 port: 21.
220-FTPD1 IBM FTP CS V1R2 at MCEFTP, 15:27:37 on 2004-03-17.
220-Welcome to the IBM Centralized Customer Data Repository (ECuRep)
220-INTERNET ADDRESS 192.109.81.7 ()
220-Before using this service refer to the terms of use for
220-Exhanging Diagnostic Data with IBM
220-(see https://www.ibm.com/support/pages/node/739283 )!
220-For FAQ/Documentation please see ECuRep - Homepage
220- https://www.ibm.com/support/pages/node/739283
220- LOGIN user: anonymous pw: your_email_address
220-Report questions to: [email protected]
220 Connection will close if idle for more than 15 minutes.
EZA1701I >>> AUTH TLS
234 Security environment established - ready for negotiation
EZA2895I Authentication negotiation succeeded
EZA1701I >>> PBSZ 0
200 Protection buffer size accepted
EZA1701I >>> PROT P
200 Data connection protection set to private
EZA2906I Data connection protection is private

EZA1460I Command:
EZA1701I >>> USER anonymous
331 Send email address as password please.
EZA1789I PASSWORD:
EZA1701I >>> PASS
230-Here you can deliver/get support material to/from IBM.
230-Directories for:
230-deliver use command 'cd toibm'
230-get use command 'cd fromibm'
230-for CADCAM/CATIA/VPM/ENOVIA/SMARTEAM use command 'cd cadcam'
230-Please use command 'bin' prior transfer. See special instructions
230-displayed when changing to the sub directory.
230 'ANONYMOUS' logged on. Working directory is /.

Stat command example

If you cannot see the AUTH TLS command, you can check the status of the session with a remote stat command. The highlighted lines indicate a secure session.

EZA1736I stat
EZA1701I >>> STAT
211-Server FTP talking to host 195.212.29.163, port 21061
211-User: Anonymous Working directory: /
211-The control connection has transferred 707 bytes
211-There is no current data connection.
211-The next data connection will be actively opened
211-to host 195.212.29.163, port 21061,
211-using Mode Stream, Structure File, type Image, byte-size 8
211-Automatic recall of migrated data sets.
211-Automatic mount of direct access volumes.
211-Auto tape mount is allowed.
211-Inactivity timer is set to 900
211-VCOUNT is 59
211-ASA control characters in ASA files opened for text processing
211-will be transferred as ASA control characters.
211-Trailing blanks are not removed from a fixed format
211-data set when it is retrieved.
211-Data set mode. (Do not treat each qualifier as a directory.)
211-ISPFSTATS is set to FALSE
211-Primary allocation 450 tracks. Secondary allocation 45 tracks.
211-Partitioned data sets will be created with 50 directory blocks.
211-FileType SEQ (Sequential - default).
211-Number of access method buffers is 5
211-RDWs from variable format data sets are discarded.
211-Records on input tape are unspecified format
211-SITE DB2 subsystem name is DB2
211-Data not wrapped into next record.
211-Tape write is not allowed to use BSAM I/O
211-Truncated records will not be treated as an error
211-JESLRECL is 80
211-JESRECFM is Fixed
211-JESINTERFACELEVEL is 2
211-Xlate name is STANDARD
211-SMS is active.
211-Data sets will be allocated using unit SYSDA
211-New data sets will be catalogued if a store operation ends abnormally
211-Single quotes will override the current working directory.
211-UMASK value is 777
211-Process id is 50333504
211-Checkpoint interval is 0
211-Authentication type: TLS
211-Control protection level: Private
211-Data protection level: Private

211-Record format VB, Lrecl: 256, Blocksize: 27968
211 *** end of status ***
EZA1460I Command:

SFTP example

The following is an example of performing an anonymous SFTP upload of a file to IBM Enhanced Customer Data Repository by using a line mode SFTP client. You can use any SFTP client.

Command/Response Description
$ sftp [email protected] The customer enters the SFTP command to invoke the SFTP client log in to the SFTP server by using the user ID E-ABcd12345E .
The authenticity of host 'sftp.ecurep.ibm.com (192.109.81.25)' can't be established.
RSA key fingerprint is SHA256:YnqKGIUJ2WyjU0VG4si78wN5ah61bZlRnoHPWCHzavw.
Are you sure you want to continue connecting (yes/no)?
The connection is established. The SFTP clients ask for verification of the SFTP server key fingerprint. The fingerprint can be found on the ECuRep web page. If the fingerprint is verified, it needs to be accepted by entering yes. Entering no end the connection.
Depending on the SFTP client, this step is only required once. Most clients store the accepted fingerprint or they ask if the fingerprint can be remembered.
Welcome to the IBM Centralized Customer Data Repository (ECuRep).
Before using this service refer to the terms of use for exchanging diagnostic
data with IBM (see https://www.ibm.com/support/pages/node/739407)!
For Documentation and FAQ, see the ECuRep homepage
https://www.ibm.com/support/pages/node/739631
   LOGIN
     user     : [transferid]
     password: [password_of_transferid]
    - or -
     user     : [anonymous]
     password: [your_email_address]
Report questions to: [email protected]
Connection closed after 15 minutes idle
The connection is established. A welcome message is posted. Not all SFTP clients display this message.
[email protected]'s password: The password for the IBM Support File Transfer ID E-ABcd12345E needs to be entered.
sftp> cd toibm/aix The customer can then change to the directory where they upload the file by using the cd FTP subcommand. You need to inform the customer of the directory to use here.
sftp> put your_data_at_the_workstation 12345.123.724.DUMP.ZIP The customer might then upload the file by using the put FTP subcommand. In this case, the customer is uploading a file called your_data_at_the_workstation.
your_data_at_the_workstation 100% 591KB 197.1KBps 00:03 Most client shows information about the transfer progress.
ftp>quit The customer then terminates the FTP session by using the quit subcommand.

[{"Business Unit":{"code":"BU051","label":"N\/A"},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB33","label":"N\/A"}}]

Document Information

Modified date:
28 June 2023

UID

ibm10739631