ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Web Backup-Archive Client

2000-04-13 12:39:46
Subject: Re: Web Backup-Archive Client
From: John Monahan <JohnMonahan AT LIBERTYDIVERSIFIED DOT COM>
Date: Thu, 13 Apr 2000 11:39:46 -0500 
Are you saying that the source and destination ports change randomly or
just the source ports?  You might have to configure your firewall to allow
the one destination port of 1581 and open up a range of source ports, if
that's possible.  I can do it with my firewall, although there are a range
of other security issues involved, depending on your policies.

The other way I can see around this problem is if the web client could be
configured to use a proxy of some sort.  Place the proxy on the other side
of the firewall and then the web client only communicates on one port to
the proxy (through the firewall) while the proxy opens up the other random
ports as needed.  Although I doubt this is possible without modifying the
web client code.

All my clients/servers are in the protected network so I haven't dealt
specifically with this issue, just throwing out some ideas.


John Monahan
Network Administrator
Liberty Diversified Industries
(763) 536-6677





                    "Smith, Bob"
                    <bob.smith@ED        To:     ADSM-L AT VM.MARIST DOT EDU
                    S.COM>               cc:
                    Sent by:             Subject:     Web Backup-Archive Client
                    "ADSM: Dist
                    Stor Manager"
                    <ADSM-L AT VM DOT MA
                    RIST.EDU>


                    04/13/2000
                    05:30 AM
                    Please
                    respond to
                    "ADSM: Dist
                    Stor Manager"





We are experiencing problems trying to get this to work in a situation
where
there is a firewall. We have several "TSMplexes" and we use the web
administrator function to access these. The documentation says to use port
1580 and this works fine, so long as the port is opened on the firewall.
For
the web client the port number is 1581. We have specified HTTPPORT directly
in DSM.SYS for the clients. When we try to use the client, we get the
initial screen but then, after selecting backup/restore, we get message
ANS2600S (java timout). There is no problem if there is no firewall. There
is no firewall between the TSM server and TSM clients, so the backup path
is
not involved. The firewall is there to protect the system from the outside
world.

A trace shows that the web client uses port 1581 initially, but thereafter
random ports. The web admin session sticks throughout to port 1580. This is
why the web backup client has a problem with the firewall. There is nothing
in the TSM docs that I can find that says that it uses ports other than
1581. We have tried to report the problem to Tivoli, but the response is
that "this is the way it is desgined".

Our view is that this is a defect. Does anyone else have this problem or
know of a workaround? Our enviromnents are 1) RS/6000 AIX Server + HP Unix
11.0 clients, and 2) Sun Solaris 2.7 Server and clients.

Bob Smith
EDS UK

email: bob.smith AT eds DOT com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Problem with dsmrecalld (HSM), Henk ten Have
Next by Date:  Re: nt box rebooting during backup, John Stephens
Previous by Thread:  Re: Web Backup-Archive Client, Lindsay Morris
Next by Thread:  Errors DLT Tapes, Antonio Di Feo
Indexes:  [Date] [Thread] [Top] [All Lists]