ADSM-L

TSM and Firewalls in 5.2? (was: Ports used by TSM?)

2003-09-10 12:48:18
Subject: TSM and Firewalls in 5.2? (was: Ports used by TSM?)
From: "Prather, Wanda" <Wanda.Prather AT JHUAPL DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 10 Sep 2003 12:47:51 -0400
In most cases firewalls don't block traffic where the server initiates the
session to a client that's outside the firewall.

I think the 5.2 TSM server has added facilities to let it initiate the
session, which (I think) means you don't have to code exceptions in your
firewall.

I am hoping to use that to eliminate our firewall exceptions; has anybody
tried this and got it to work?
Is it a good thing?



-----Original Message-----
From: Karel Bos [mailto:Karel.Bos AT NUON DOT COM]
Sent: Wednesday, September 10, 2003 12:16 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: Ports used by TSM?


Hi,

TSM uses randoms port to back-up jobs. You can however use the WEBPORT
parameter in the client option file to assign fixed ports to be used for
back-ups.

Tivoli Storage Manager firewall support
| | | |
|In most cases, the Tivoli Storage Manager server and clients can work
|across a firewall. Because every firewall is different, the firewall
|administrator may need to consult the instructions for the firewall
software |or hardware in use.

|There are two methods for enabling client and server operations through a
|firewall: |

|Method 1:
|To allow clients to communicate with a server across a firewall, the
|following ports must be opened in the firewall by the firewall
|administrator: |
|TCP/IP port
|To enable the backup-archive client, command line admin client, and the
|scheduler to run outside a firewall, the port specified by the server
option |tcpport (default 1500) must be opened by the firewall
|administrator. This port is set on the client and the server using the
|tcpport option. The setting must be the same on the client |and server. The
default TCP/IP port is 1500. See Tcpport for more information.
|Note:
The client may not use the port specified by the tcpadminport |option (on
the server) for client session. That port may be used for |administrative
sessions only (including node-admin client sessions). |
|HTTP port
|To allow the Web client to communicate with remote workstations across a
|firewall, the HTTP port for the remote workstation must be opened. Use |the
httpport option in the remote workstation's client option |file to specify
this port. The default HTTP port is 1581.
|To use the administrative Web interface for a server across a firewall, the
|HTTP port for the server must be opened. Use the httpport |option in the
server options file to specify this port. The default |HTTP port is 1580.


|TCP/IP ports for the remote workstation
|The two TCP/IP ports for the remote workstation client must be |opened. Use
the webports option in the remote |workstation's option file to specify
these ports. If you do not |specify the values for the webports option, the
default zero (0) |causes TCP/IP to randomly assign two free port numbers.
See Webports for more information about the webports |option.

|TCP/IP port for administrative sessions
|Specifies a separate TCP/IP port number on which the server is waiting for
|requests for administrative client sessions, allowing secure administrative
|sessions within a private network. See Tcpadminport for more information. |

Hope this will help you!

Regard,

Karel

-----Oorspronkelijk bericht-----
Van: Ewald Jenisch [mailto:a AT JENISCH DOT AT]
Verzonden: woensdag 10 september 2003 17:27
Aan: ADSM-L AT VM.MARIST DOT EDU
Onderwerp: Ports used by TSM?


Hi,

Sorry if this is a dumb question but where can I find information
about which destination ports (TCP and/or UDP) TSM uses for various
purposes (e.g. server-initiated backup, client-initated backup).

>From various logs I found that it's in the range from TCP 1500
upwards, but I wonder which port is used for which purpose in order to
set up a firewall.

Thanks much in advance,
-ewald

<Prev in Thread] Current Thread [Next in Thread>
  • TSM and Firewalls in 5.2? (was: Ports used by TSM?), Prather, Wanda <=