ADSM-L

[ADSM-L] Firewall problem

2012-02-06 06:52:30
Subject: [ADSM-L] Firewall problem
From: Richard Rhodes <rrhodes AT FIRSTENERGYCORP DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 6 Feb 2012 06:46:32 -0500
Hi Everyone,

We have six TSM v5.5.5 instances (on AIX)  named TSM1 to TSM6.   All six
instances  handle backups for nodes that are  behind firewalls, although
only five work.  The six instances are on separate servers, so each has
it's own  IP address and firewall rules.  The firewall rules are all
identical so we can put any node on any TSM server.

We cannot get firewall backups to work to our TSM5 instance.  Since it was
brought up a couple years ago we have fought to get firewall backups to
work but have failed.  Nodes out behind a firewall are able to contact the
TSM server, a sessions is established, then it is immediately
disconnected.  This repeats over and over as the node retries.  You can
sometimes see 50 or more sessions - all hung - for a firewalled node.
We've done everything we can think of:  check/double/triple checked FW
rules, talked with IBM support, run traces for them, check AIX setup,
checked TSM5 setup, compared anything related to TSM5 to the other working
instances.  If we move the node to one of our other TSM instances it
worked just fine!! In all, we firgured this HAD to be a firewall setup
problem of some kind.

This past weekend we move TSM5 (and TSM6 also) to new servers/lpars.  The
new servers had to have new IP addresses and run a newer AIX v6.  We've
done this upgrade for the other TSM servers already.  With new IP
addresses we had to create new FW rules.  We figured that with a whole new
setup FW backups would have to work - we're kicking it real hard!!!! NOPE
- it didn't help!   The only thing that didn't change in this server swing
was the actual TSM instance.  It seems our FW backup problem on this one
instance HAS to be in TSM itself.

Question:  Is there any setting in TSM that could explain failing backups
for firewalled servers?

Thanks

Rick






-----------------------------------------
The information contained in this message is intended only for the
personal and confidential use of the recipient(s) named above. If
the reader of this message is not the intended recipient or an
agent responsible for delivering it to the intended recipient, you
are hereby notified that you have received this document in error
and that any review, dissemination, distribution, or copying of
this message is strictly prohibited. If you have received this
communication in error, please notify us immediately, and delete
the original message.

<Prev in Thread] Current Thread [Next in Thread>