ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Admin accounts with mutiple TSM servers

2014-07-01 06:08:02
Subject: Re: [ADSM-L] Admin accounts with mutiple TSM servers
From: Karel Bos <tsm.wad AT GMAIL DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 1 Jul 2014 12:06:11 +0200 
Agreed, confige a tsm server instance with sole purpose of being config
manager and make all the backup servers config clients. We use it for years
to sync global admins, standard policies and script between all backup
servers.

In our case we added this role to one of the tsm library manager servers.
They dont have clients installed and without it environment is pretty much
down anyways.

1 of the biggest issues is password expiration. Admin with expired password
can still log on to config clients. This issue should  be solved in version
7.
Also reuse of passwords breaks sync of admin. I dont know if that is solved
in version 7 but if not expired password is still set so that admin cant
log on untill using a new password.
Op 30 jun. 2014 19:43 schreef "Nixon, Charles D. (David)" <
cdnixon AT carilionclinic DOT org>:

> Please forgive the perhaps dumb question.  How does everyone manage
> accounts across multiple TSM servers?
>
> We are looking to upgrade from 6.4.x to 7.1 and setting up OC.  We will
> have a new TSM instance for OC, along with he existing two production
> instances and our single instance in our DR site.  We would like the admin
> accounts to be the same on each server for our system admins (15 accounts)
> since I assume this is needed for OC to work properly.  Right now,
> passwords require chaining so keeping everything in sync needs some
> automation.  Ideally, something more elegant than sending the 'update
> admin' to all servers at once using server to server communications.
>
> Best I can tell, I can either setup the OC instance to be a Configuration
> Manager (and cause us to have to recreate most everything) or tie TSM to
> LDAP.  The problem that I see with LDAP is that each instance would
> essentially want it's own container to manage it's users since it doesn't
> seem to want to use existing LDAP users.  This pretty much defeats the
> point of connecting to LDAP, at least for us.
>
> Am I missing something?  What are others using to manage the accounts
> across multiple instances?
>
> Thanks in advance...
> ---------------------------------------------------
> David Nixon
> System Programmer II, Enterprise Storage Team
> Carilion Clinic | 451 Kimball Avenue | Roanoke, VA 24016
> 540-224-3903 (Work)
>
> ________________________________
>
> Notice: The information and attachment(s) contained in this communication
> are intended for the addressee only, and may be confidential and/or legally
> privileged. If you have received this communication in error, please
> contact the sender immediately, and delete this communication from any
> computer or network system. Any interception, review, printing, copying,
> re-transmission, dissemination, or other use of, or taking of any action
> upon this information by persons or entities other than the intended
> recipient is strictly prohibited by law and may subject them to criminal or
> civil liability. Carilion Clinic shall not be liable for the improper
> and/or incomplete transmission of the information contained in this
> communication or for any delay in its receipt.
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: [ADSM-L] Admin accounts with mutiple TSM servers, Karel Bos <=
Previous by Date:  Re: [ADSM-L] Drives stays "IN USE" after Library downtime, Sven Seefeld
Next by Date:  [ADSM-L] NDMP restores, Nick Marouf
Previous by Thread:  Re: [ADSM-L] Drives stays "IN USE" after Library downtime, Sven Seefeld
Next by Thread:  [ADSM-L] NDMP restores, Nick Marouf
Indexes:  [Date] [Thread] [Top] [All Lists]