ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: binding TSM server to specific ip-addresses

2005-05-03 10:03:29
Subject: Re: binding TSM server to specific ip-addresses
From: Remco Post <r.post AT SARA DOT NL>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 3 May 2005 16:03:10 +0200 
Hi all,

Richard Sims wrote:

Remco -

Perhaps you could elaborate on how this would be useful? Having the
server ignore requests which come into the system via a certain path
doesn't seem productive.


It is, actually, from a security perspective. This way, one could
dedicate an instance to a subnet and be very sure it is impossible to
reach from other subnets.

One other use would be to have each instance listen on port 1500 of a
dedicated IP address (rather than a dedicated port on a shared IP
address), though I currently don't envision using TSM that way.



Anyway, what you envision seems better effected via a firewall
implemented at the environmental level (in the OS, or a router)
rather than in an application (TSM).



Host based firewalls could accomplish the same but:

1- add additional load to the host, unneeded since this could very
easily be programmed in the server
2- add additional cost in system administration
3- on AIX the is neither a built-in firewall, nor do any of the freeware
firewalls support AIX.
4- this is very easily implemented in the systemcalls required to set up
a TCP server anyway.

The network firewall is ineffective against hosts on the same subnet.
Not that I distrust these, but auditors might...

The reason I'd like to see this implemented in TSM is that the
application seems to be the proper place to configure the application. A
great many applications (webserver, ftp servers, dns servers etc.) all
provide this feature.


Richard Sims

On Apr 27, 2005, at 5:17 AM, Remco Post wrote:


Hi All,

We are running TSM v. 5.2.3 on AIX 5.2. Currently all of our TSM
server instances listen on all IP addresses configured in the OS. I
was wondering if anyone has found a way to make the TSM server not
listen for connections on one or more ip-addresses. I'm sure this
would be very usefull in my environment.



--
Met vriendelijke groeten,

Remco Post

SARA - Reken- en Netwerkdiensten                      http://www.sara.nl
High Performance Computing  Tel. +31 20 592 3000    Fax. +31 20 668 3167

"I really didn't foresee the Internet. But then, neither did the
computer industry. Not that that tells us very much of course - the
computer industry didn't even foresee that the century was going to
end." -- Douglas Adams
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: select statement possible?, Mueller, Ken
Next by Date:  Re: binding TSM server to specific ip-addresses, Remco Post
Previous by Thread:  select statement possible?, Joni Moyer
Next by Thread:  Re: binding TSM server to specific ip-addresses, Remco Post
Indexes:  [Date] [Thread] [Top] [All Lists]