Re: Web Backup-Archive Client

For what it's worth, the "Using the clients manual" says
TCPCLIENTPORT:
...If the specified port is busy, the server attempts to use any other
available port.


That may explain the behavior.  So what esle is using the port you said
to, in tcpclientport?  Another TSM client? an API client?


John Monahan wrote:
>
> Are you saying that the source and destination ports change randomly or
> just the source ports?  You might have to configure your firewall to allow
> the one destination port of 1581 and open up a range of source ports, if
> that's possible.  I can do it with my firewall, although there are a range
> of other security issues involved, depending on your policies.
>
> The other way I can see around this problem is if the web client could be
> configured to use a proxy of some sort.  Place the proxy on the other side
> of the firewall and then the web client only communicates on one port to
> the proxy (through the firewall) while the proxy opens up the other random
> ports as needed.  Although I doubt this is possible without modifying the
> web client code.
>
> All my clients/servers are in the protected network so I haven't dealt
> specifically with this issue, just throwing out some ideas.
>
> John Monahan
> Network Administrator
> Liberty Diversified Industries
> (763) 536-6677
>
>                     "Smith, Bob"
>                     <bob.smith@ED        To:     ADSM-L AT VM.MARIST DOT EDU
>                     S.COM>               cc:
>                     Sent by:             Subject:     Web Backup-Archive 
> Client
>                     "ADSM: Dist
>                     Stor Manager"
>                     <ADSM-L AT VM DOT MA
>                     RIST.EDU>
>
>                     04/13/2000
>                     05:30 AM
>                     Please
>                     respond to
>                     "ADSM: Dist
>                     Stor Manager"
>
> We are experiencing problems trying to get this to work in a situation
> where
> there is a firewall. We have several "TSMplexes" and we use the web
> administrator function to access these. The documentation says to use port
> 1580 and this works fine, so long as the port is opened on the firewall.
> For
> the web client the port number is 1581. We have specified HTTPPORT directly
> in DSM.SYS for the clients. When we try to use the client, we get the
> initial screen but then, after selecting backup/restore, we get message
> ANS2600S (java timout). There is no problem if there is no firewall. There
> is no firewall between the TSM server and TSM clients, so the backup path
> is
> not involved. The firewall is there to protect the system from the outside
> world.
>
> A trace shows that the web client uses port 1581 initially, but thereafter
> random ports. The web admin session sticks throughout to port 1580. This is
> why the web backup client has a problem with the firewall. There is nothing
> in the TSM docs that I can find that says that it uses ports other than
> 1581. We have tried to report the problem to Tivoli, but the response is
> that "this is the way it is desgined".
>
> Our view is that this is a defect. Does anyone else have this problem or
> know of a workaround? Our enviromnents are 1) RS/6000 AIX Server + HP Unix
> 11.0 clients, and 2) Sun Solaris 2.7 Server and clients.
>
> Bob Smith
> EDS UK
>
> email: bob.smith AT eds DOT com

--
Mr. Lindsay Morris
Mr. Lindsay Morris
Certified: AIX,ADSM, TSM, HACMP,SP
Gresham Enterprise Storage
lmorris AT openmic DOT com
606-253-8000