Arnaud,
I would guess that we will have to put HL_Address (IP) and LL_Address
(port) in node's definition manually.
The ITSM v5.2 and its manuals are not available at the moment so we can
try to predict without being sure. Keep in mind you will have to wait till
27.06 for this solution. Also it would require to have at least v5.2
server.
Zlatko Krastev
IT Consultant
PAC Brion Arnaud <Arnaud.Brion AT PANALPINA DOT COM>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
19.05.2003 15:59
Please respond to "ADSM: Dist Stor Manager"
To: ADSM-L AT VM.MARIST DOT EDU
cc:
Subject: Backup thru firewall : server initiated session ?
Hi list,
I'm facing a little problem in that I have to backup some nodes wich are
in a DMZ, and that our security officier that untill now allowed us to
open a port dedicated to client-to-TSM server communication, now refuses
what he considers as a "security hole".
I searched the archives to find a way solving this problem , and found
that mail : http://msgs.adsm.org/cgi-bin/get/adsm0304/292.html, where Joseph
Zlatko tells :
> Improved firewall security without client-initiated sessions As in any
other software after tons of functionality the time come to security
improvement. Unfortunately only DMZ vulnerability is mitigated but how to
deal with non-servers and especially mobile users is still open.
I tried to find some documents about that non-client initiated session
feature, without success. Could anybody point me to a link or give me some
further information about it, as it could be a solution for me : a
firewall port could possibly be opened, but only if communication is
initiated from server...
Thanks in advance !
Arnaud
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
| Arnaud Brion, Panalpina Management Ltd., IT Group |
| Viaduktstrasse 42, P.O. Box, 4002 Basel - Switzerland |
| Phone: +41 61 226 19 78 / Fax: +41 61 226 17 01 |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|
