Re: [ADSM-L] tcp port usage of client

What is being asked for to do is to limit TSM client to a limited set of 
defined ports.  They want to be able to run a utility to list ports used 
and by whom, save it, then run it later and compare them.  So the goal is 
to limit the client to defined ports.

To do this we need:

- use:    managedservices web schedule
  specifying: WEBPORTS  1501 1581
    1501 = port for cad daemon
           tsm server contacting the client????
    1581 = "web client agent service" - is this just listening for gui 
access?
           this replaces httpport, and is no longer used with 
managedservices/webports

If I do the above, then is my client ONLY using ports:
   1501 - tsm server contacting the client, including the scheduler cad 
spawns
   1581 - web client
 
Is that even close to being right?

Rick






From:   Erwann Simon <erwann.simon AT FREE DOT FR>
To:     ADSM-L AT VM.MARIST DOT EDU
Date:   06/17/2013 04:17 PM
Subject:        Re: tcp port usage of client
Sent by:        "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>



Hi all,

1) Interactive
If you're using the client in an interactive way (dsmc), it simply 
connects to the server TCPPORT (1500).

2) Schedmode Polling
It's the same if using the SCHEDMODE POLLING option. 
No matter if the TSM Scheduler runs by his own or is launched by the CAD?

3) Schedmode Prompted
If using the SCHEDMODE PROMPTED option, behavior depends on the way the 
TSM Scheduler is running.

If TSM Scheduler is running by himself (dsmc sched), then the dsmc sched 
is listenning to the TCPCLIENTPORT (1501 by default, or another backup one 
17xx if 1501 is already binded by another process. ANS1018E if TSM is 
using this port).

If TSM Scheduler is managed by the CAD, it it listenning to a random port, 
unless you specify it by using the WEBPORTS option.


-- 
Best regards / Cordialement / مع تحياتي
Erwann SIMON

----- Mail original -----
De: "Wanda Prather" <Wanda.Prather AT ICFI DOT COM>
À: ADSM-L AT VM.MARIST DOT EDU
Envoyé: Lundi 17 Juin 2013 20:31:07
Objet: Re: [ADSM-L] tcp port usage of client

Plus,
I believe a client in polling mode uses 1500,
a client in prompted mode uses both 1500 and 1501, unless 1501 isn't 
available then it will pick something else.

Is that wrong?

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Lee, Gary
Sent: Monday, June 17, 2013 2:27 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] tcp port usage of client

Your analysis looks correct to me.

Ports for the CAD are specified with the webport option.
Only valid if managedservices is used with the schedule option.

Managedservices schedule

I believe the httpport option is only used if you have

Managedservices web 

Or managedservices web schedule


The random ports for dsmcad I believe are when webport is not specified.



-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Richard Rhodes
Sent: Monday, June 17, 2013 2:19 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] tcp port usage of client

Hi Everyone,

I am SO confused . . .

The security folks are checking/verifying what tcp ports are used on some 
servers.  We got the question of just what ports TSM clients are using on 
these servers.  The clients are all behind a firewall, but the question is 
not about firewall port.  Rather it's just what ports these TSM clients 
are using.

Client backups run just fine thru the firewall.
Clients are all AIX.
The TSM server the clients backup to runs on tcpport 1500 (default).
The dsm.opt is empty.

Here is the dsm.sys file on one of the AIX clients.
 SErvername  tsmX
   COMMmethod          TCPIP
    TCPPort            1500
    TCPServeraddress   tsmX
    nodename           clientY
    passwordaccess     generate
    inclexcl           /usr/tivoli/tsm/client/ba/bin/inclexcl
    schedlogname       /usr/tivoli/tsm/client/ba/bin/dsmsched.log
    webports 2123 2124
    httpport 1581 1582
    schedlogret        5
    errorlogname       /usr/tivoli/tsm/client/ba/bin/dsmerror.log
    errorlogret        5
    txnbytelimit       25600
    tcpwindowsize      64
    schedmode          prompted
    tcpbuf             64
    resourceutilization 3

This seems messed up:
  - has two entries on httpport which is invalid, not sure what result of 
this is.
  - webports is specified, but is not using managedservcies.  I thought
      this options only applied if using managedservices with the
      scheduler running under cad.
  - Since scheduler is running directly (not under cad), there is no
      tcpclientport parm, so this is defaulting to 1501 (I think).
      This is the port the tsm server uses to prompt the client.
  - How does a webports and httport (that is bad) interact?

WIth all that, what tcp ports would a client like this be using?

I come up with this:
  1501 (dsmsched listening for prompt from TSM server)
  1581 (http connection for web gui via dsmcad)
  2123/2124 ? - no, parm is ignored
  1582 ? - no, invalid 2nd port on httpport
  random ? - I read several things about the client using a random port

Now, the security folks found dsmcad running on a wide range of ports on 
different servers:  9385, 37872, 29423, some others.

Any thoughts are appreciated, especially how to set specific ports for the 
tsm client to use.


Thanks

Rick







-----------------------------------------
The information contained in this message is intended only for the 
personal and confidential use of the recipient(s) named above. If the 
reader of this message is not the intended recipient or an agent 
responsible for delivering it to the intended recipient, you are hereby 
notified that you have received this document in error and that any 
review, dissemination, distribution, or copying of this message is 
strictly prohibited. If you have received this communication in error, 
please notify us immediately, and delete the original message.