ADSM-L

Re: [ADSM-L] Securing TSM Client

2010-05-11 18:23:13
Subject: Re: [ADSM-L] Securing TSM Client
From: Remco Post <r.post AT PLCS DOT NL>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 12 May 2010 00:22:10 +0200
On 11 mei 2010, at 22:08, Leandro Mazur wrote:

> Hello everyone !
> 
> I don't know if somebody has this kind of problem, but I have the following
> situation in the company I work for:
> 
> - We have a TSM team to install, configure and maintain the whole backup
> process, server and client;
> - We have sysadmins that take care of the operational system and the
> applications;
> - When there's a need for any action to do with backup, they should open a
> ticket for the TSM team;
> 
> The problem that we have is that the sysadmins are doing backups/archives
> and restores/retrieves without our knowledge, with great impact on our
> database (among other things...).

if a system administrator running an occasional backup has _great_ impact on 
your database, you need to reconsider your TSM infrastructure. I'm assuming 
here that your system administrators have better things to do with their time 
than running backups all day, so when they do, there is an actual need for it.

> We would like to block the access on the
> client, but we were not successful. If we use "password generate" on
> dsm.sys, the password is prompted only at first access. If we use "password
> prompt", the scheduler doesn't work (ANS2050E)...
> Any sugestions from the experts ? Maybe it could be a improvement to IBM
> implement on the future...

have you considered cattle prods? Except for Lindsay's suggestion of locking 
everything down during the day (disable sessions at 7:00, enable sessions at 
18:00) there is no way. You may want to think about your procedures, since they 
probably do this because raising a ticket takes to long, and they need to get 
on with their work. 

> __________________________________
> Leandro Mazur

-- 
Met vriendelijke groeten/Kind Regards,

Remco Post
r.post AT plcs DOT nl
+31 6 248 21 622

<Prev in Thread] Current Thread [Next in Thread>