Hi all,

I just thought I found _the_ solution in preventing admin access to our
tsm server from just any system that can connect to port 1500 by setting
tcpadminport on our server to something different from tcpport.

Well, great now we have 2!!! ports that allow admin connections (tcpport
and tcpadminport) and one (tcpport) that allows backup/restore style
client conenctions.

Did I miss something, or did the TSM server development team have
something different in mind when they thought up this option? I'd like
to have one port for client connections (tcpport) and one for admin
connections (tcpadminport) so I can actually limit access to our
admin-interface based on ip-address....

Reading the manual entry for tcpport: "Using different port numbers for
the options TCPPORT and TCPADMINPORT enables you to create one set of
firewall rules for client sessions and another set for other session
types (administrative sessions, server-to-server sessions, SNMP subagent
sessions, storage agent sessions, library client sessions, managed
server sessions, and event server sessions)." TSM development did have
exactly what I want in mind, but when I read "By using the
SESSIONINITIATION parameter of REGISTER and UPDATE NODE, you can close
the port specified by TCPPORT at the firewall, and specify nodes whose
scheduled sessions will be started from the server." I get confused and
start to think that either I missed something or somebody else did ;-)



--
Met vriendelijke groeten,

Remco Post

SARA - Reken- en Netwerkdiensten                      http://www.sara.nl
High Performance Computing  Tel. +31 20 592 3000    Fax. +31 20 668 3167

"I really didn't foresee the Internet. But then, neither did the
computer industry. Not that that tells us very much of course - the
computer industry didn't even foresee that the century was going to
end." -- Douglas Adams