What is being asked for to do is to limit TSM client to a limited set of
defined ports. They want to be able to run a utility to list ports used
and by whom, save it, then run it later and compare them. So the goal is
to limit the client to defined ports.
To do this we need:
- use: managedservices web schedule
specifying: WEBPORTS 1501 1581
1501 = port for cad daemon
tsm server contacting the client????
1581 = "web client agent service" - is this just listening for gui
access?
this replaces httpport, and is no longer used with
managedservices/webports
If I do the above, then is my client ONLY using ports:
1501 - tsm server contacting the client, including the scheduler cad
spawns
1581 - web client
Is that even close to being right?
Rick
From: Erwann Simon <erwann.simon AT FREE DOT FR>
To: ADSM-L AT VM.MARIST DOT EDU
Date: 06/17/2013 04:17 PM
Subject: Re: tcp port usage of client
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
Hi all,
1) Interactive
If you're using the client in an interactive way (dsmc), it simply
connects to the server TCPPORT (1500).
2) Schedmode Polling
It's the same if using the SCHEDMODE POLLING option.
No matter if the TSM Scheduler runs by his own or is launched by the CAD?
3) Schedmode Prompted
If using the SCHEDMODE PROMPTED option, behavior depends on the way the
TSM Scheduler is running.
If TSM Scheduler is running by himself (dsmc sched), then the dsmc sched
is listenning to the TCPCLIENTPORT (1501 by default, or another backup one
17xx if 1501 is already binded by another process. ANS1018E if TSM is
using this port).
If TSM Scheduler is managed by the CAD, it it listenning to a random port,
unless you specify it by using the WEBPORTS option.
--
Best regards / Cordialement / مع تحياتي
Erwann SIMON
----- Mail original -----
De: "Wanda Prather" <Wanda.Prather AT ICFI DOT COM>
À: ADSM-L AT VM.MARIST DOT EDU
Envoyé: Lundi 17 Juin 2013 20:31:07
Objet: Re: [ADSM-L] tcp port usage of client
Plus,
I believe a client in polling mode uses 1500,
a client in prompted mode uses both 1500 and 1501, unless 1501 isn't
available then it will pick something else.
Is that wrong?
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Lee, Gary
Sent: Monday, June 17, 2013 2:27 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] tcp port usage of client
Your analysis looks correct to me.
Ports for the CAD are specified with the webport option.
Only valid if managedservices is used with the schedule option.
Managedservices schedule
I believe the httpport option is only used if you have
Managedservices web
Or managedservices web schedule
The random ports for dsmcad I believe are when webport is not specified.
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Richard Rhodes
Sent: Monday, June 17, 2013 2:19 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] tcp port usage of client
Hi Everyone,
I am SO confused . . .
The security folks are checking/verifying what tcp ports are used on some
servers. We got the question of just what ports TSM clients are using on
these servers. The clients are all behind a firewall, but the question is
not about firewall port. Rather it's just what ports these TSM clients
are using.
Client backups run just fine thru the firewall.
Clients are all AIX.
The TSM server the clients backup to runs on tcpport 1500 (default).
The dsm.opt is empty.
Here is the dsm.sys file on one of the AIX clients.
SErvername tsmX
COMMmethod TCPIP
TCPPort 1500
TCPServeraddress tsmX
nodename clientY
passwordaccess generate
inclexcl /usr/tivoli/tsm/client/ba/bin/inclexcl
schedlogname /usr/tivoli/tsm/client/ba/bin/dsmsched.log
webports 2123 2124
httpport 1581 1582
schedlogret 5
errorlogname /usr/tivoli/tsm/client/ba/bin/dsmerror.log
errorlogret 5
txnbytelimit 25600
tcpwindowsize 64
schedmode prompted
tcpbuf 64
resourceutilization 3
This seems messed up:
- has two entries on httpport which is invalid, not sure what result of
this is.
- webports is specified, but is not using managedservcies. I thought
this options only applied if using managedservices with the
scheduler running under cad.
- Since scheduler is running directly (not under cad), there is no
tcpclientport parm, so this is defaulting to 1501 (I think).
This is the port the tsm server uses to prompt the client.
- How does a webports and httport (that is bad) interact?
WIth all that, what tcp ports would a client like this be using?
I come up with this:
1501 (dsmsched listening for prompt from TSM server)
1581 (http connection for web gui via dsmcad)
2123/2124 ? - no, parm is ignored
1582 ? - no, invalid 2nd port on httpport
random ? - I read several things about the client using a random port
Now, the security folks found dsmcad running on a wide range of ports on
different servers: 9385, 37872, 29423, some others.
Any thoughts are appreciated, especially how to set specific ports for the
tsm client to use.
Thanks
Rick
-----------------------------------------
The information contained in this message is intended only for the
personal and confidential use of the recipient(s) named above. If the
reader of this message is not the intended recipient or an agent
responsible for delivering it to the intended recipient, you are hereby
notified that you have received this document in error and that any
review, dissemination, distribution, or copying of this message is
strictly prohibited. If you have received this communication in error,
please notify us immediately, and delete the original message.
|