Hey Mark,
Thanx a lot for responding to my message.
One thing is still very unclear to me.
What happends when you set the TCPCLIENTPORT option in the options file?
You said that the server-to-client is set through a port above 1024
randomly. Then I don't see the perpose of this option.
Kind regards,
Jerry Caupain
Mark.Stapleton AT manpower DOT com wrote:
>
> Mr. Caupain had commented that he had found the APAR that stated that ADSM
> does
> not support backups through a firewall.
>
> While this is true, it is *not* due to the use of RPC calls.
>
> When an ADSM node and an ADSM server establish communication for a
> backup
> or restore session, the client-to-server communication port is always
> 1500
> (unless otherwise set in the option files). The server-to-client
> communication is set through a port above 1024 randomly chosen by the
> server; this is so that the server can talk to multiple nodes
> concurrently
> and easily.
>
> Unfortunately, the random setting is truly that; it cannot be changed to
> use a desired port. If your firewall has the chosen port closed, there
> is
> no comm and (therefore) no backup. If your firewall has all the possible
> ports wide open...well, that defeats the purpose of a firewall. If your
> firewall handles communication negotiation of the chosen port, your
> connection will not work or your throughput will be *extremely* slow.
> (That is our problem with the web servers we keep in a DMZ.)
>
> The number of workarounds is limited.
> 1) You can create a second network for backups that bypasses the
> firewall...but that again defeats the purpose of a firewall. (Unless, of
> course, you choose to use a comm protocol other than TCP/IP for that
> second connection.)
> 2) You can put your ADSM server on the outside of the firewall, but that
> solution opens itself up to a number of other problems.
> 3) You can make access to the firewalled nodes available via username
> and
> password.
>
> --
> Please respond to stapleto AT berbee DOT com
> Mark Stapleton (stapleto AT berbee DOT com)
|
