"1580 does not need" is very softly said. It should never ever be enabled.
You can administer your TSM server from internal network and definitely I
cannot see any need to administer it from DMZ. And HTTP port gives you only
administration access.
And I would highly appreciate any option or setting in next releases which
would allow me somehow administration of the TSM server to be available
only to limited number of hosts. Current state is that ANY client which
performs backup on the server can attempt to break TSM administrator's
password. And it was discussed earlier that break of node password is
nearly equal to root password breach for the node. Being TSM administrator
such intruder can change passwords of all nodes which now has to be close
to root access on ALL nodes, i.e. big part of or whole enterprise.
I may seem too paranoic but this is my job - to protect the systems is part
of my activities.

Zlatko Krastev
IT Consultant





"Joshua S. Bassi" <jbassi AT IHWY DOT COM> on 02.11.2001 22:22:21
Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
To:     ADSM-L AT VM.MARIST DOT EDU
cc:

Subject:        Re: DMZ and ports to be opened?

1580 does not need to be enabled because that is the TSM server web
interface.

1581 only needs to be enabled if you plan on accessing the TSM client
web interface on the client in the DMZ from within your corporate
network.


--
Joshua S. Bassi
Joshua S. Bassi
Independent IT Consultant
IBM Certified - AIX/HACMP, SAN, Shark
Tivoli Certified Consultant- ADSM/TSM
Cell (408)&(831) 332-4006
jbassi AT ihwy DOT com