ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Securing TSM Client

2010-05-11 20:10:46
Subject: Re: [ADSM-L] Securing TSM Client
From: Leandro Mazur <leandromazur AT GMAIL DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 11 May 2010 21:09:38 -0300 
Thanks for the answers !

About the sugestions:

- I can't lock the nodes during the day, because several backups run every
2, 4 and 6 hours;
- Lock the admin is a good sugetsion, although not possible...
- The admins have the administrator/root password, so they can do
anything...
- Is not the occasional backups that worries me...instead of using the tsm
client schedule, we just find out that they are using crontab/task scheduler
to do backups (a lot of them !). Our ticket response time is 1 hour at
most....For 99% of the cases we have, it is more than acceptable;
- We are having a considerable growth of our data, which causes the impact
that I mentioned, but it is managable as long we don't have surprises like
that....

It seems that the only thing I can do is convince the admins to not
do...anyway, thanks for the help !

On Tue, May 11, 2010 at 7:22 PM, Remco Post <r.post AT plcs DOT nl> wrote:

> On 11 mei 2010, at 22:08, Leandro Mazur wrote:
>
> > Hello everyone !
> >
> > I don't know if somebody has this kind of problem, but I have the
> following
> > situation in the company I work for:
> >
> > - We have a TSM team to install, configure and maintain the whole backup
> > process, server and client;
> > - We have sysadmins that take care of the operational system and the
> > applications;
> > - When there's a need for any action to do with backup, they should open
> a
> > ticket for the TSM team;
> >
> > The problem that we have is that the sysadmins are doing backups/archives
> > and restores/retrieves without our knowledge, with great impact on our
> > database (among other things...).
>
> if a system administrator running an occasional backup has _great_ impact
> on your database, you need to reconsider your TSM infrastructure. I'm
> assuming here that your system administrators have better things to do with
> their time than running backups all day, so when they do, there is an actual
> need for it.
>
> > We would like to block the access on the
> > client, but we were not successful. If we use "password generate" on
> > dsm.sys, the password is prompted only at first access. If we use
> "password
> > prompt", the scheduler doesn't work (ANS2050E)...
> > Any sugestions from the experts ? Maybe it could be a improvement to IBM
> > implement on the future...
>
> have you considered cattle prods? Except for Lindsay's suggestion of
> locking everything down during the day (disable sessions at 7:00, enable
> sessions at 18:00) there is no way. You may want to think about your
> procedures, since they probably do this because raising a ticket takes to
> long, and they need to get on with their work.
>
> > __________________________________
> > Leandro Mazur
>
> --
> Met vriendelijke groeten/Kind Regards,
>
> Remco Post
> r.post AT plcs DOT nl
> +31 6 248 21 622
>



--
__________________________________
Leandro Mazur
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Securing TSM Client, Remco Post
Next by Date:  [ADSM-L] TSM 6.2 Slowness, Andrew Carlson
Previous by Thread:  Re: [ADSM-L] Securing TSM Client, Remco Post
Next by Thread:  Re: [ADSM-L] Securing TSM Client, Richard Sims
Indexes:  [Date] [Thread] [Top] [All Lists]