ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Webclient through firewall

2003-11-08 16:02:35
Subject: Re: Webclient through firewall
From: Zlatko Krastev <acit AT ATTGLOBAL DOT NET>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Sat, 8 Nov 2003 23:01:55 +0200 
Many times discussed on this list:
The web-client needs connection from intranet to DMZ on port 1581 (usually
firewalls allow that direction).
The actual data transfer goes in opposite direction - from the node in DMZ
to TSM server on port 1500. This got improved in TSM v5.2 client - now the
server can also initiate the session with the client, so it can be again
from intranet to DMZ.

So what you are trying to achieve can be done either by opening port 1500
on the firewall from DMZ to intranet (your security officer might not
allow it), or install properly configured v5.2 client(s) for DMZ systems.

Zlatko Krastev
IT Consultant






Geert De Pecker <gedp AT SOFICO DOT BE>
Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
06.10.2003 16:39
Please respond to "ADSM: Dist Stor Manager"


        To:     ADSM-L AT VM.MARIST DOT EDU
        cc:
        Subject:        Webclient through firewall


Hi,

I have a couple of tsm clients in my DMZ. The backups through
the firewall are no problem at all (port 1500).

When I want to use the http://xxx.xxx.xxx:1581, no problem to
get the applet started. However, as soon as I try to start a
backup or restore from the applet, I get a java error "Connection
timed out". With the firewall open on all ports: no problem.

I found the "webports" setting and have put that in the dsm.sys
file (I am running redhat 8) on the client machine:

passwordaccess          generate
compression             yes
Editor                  yes
schedlogretention       3 D
txnbytelimit            24576
httpport                1581
webports                1584 1585

I opended these ports on the firewall (from internal to dmz: open
ports: 1581, 1584, 1585) and still no luck.

When I shutdown and restart dsmcad and retry the connection,
I can start a backup or restore version once. If I try another
backup or restore, it fails with the timeout error.

Looking at the firewall sniffer, it seems tsm starts with the
ports set by webports, but also uses other ports (like 1841).

As I understand from the doc, the webports variable should
be the only thing and this behaviour seems like a bug. Does
anybody know how this can be solved?

Thanks,

Geert

--------------------------------------------------------
Geert De Pecker - SOFICO NV
Fraterstraat 228-242, B9820 Merelbeke, Belgium
Mail: gedp AT sofico DOT be, Tel: +3292108040, Fax: +3292108041
--------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: Webclient through firewall, Zlatko Krastev <=
Previous by Date:  Re: space reclamation on a server storage pool?, Zlatko Krastev
Next by Date:  Re: space reclamation on a server storage pool?, Neil Schofield
Previous by Thread:  Re: space reclamation on a server storage pool?, Zlatko Krastev
Next by Thread:  Re: L700e library with LTO2. Definition problems on AIX, Zlatko Krastev
Indexes:  [Date] [Thread] [Top] [All Lists]