Exactly! Tivoli is not going to give you very good information about Active Directory. I can tell you that in all honesty as a person who's been bit by the tivoli virus ;)
In a past life as a consultant, I saw many Tivoli implementations gone bad and a lot of finger pointing; all for minimum data return. Not the type of thing I'd like to build a computing infrastructure on myself. Do yourself a favor and reduce the Tivoli presence and go with MOM. If Tivoli is your EM of choice, the integrate it with MOM. You won't be sorry about the choice. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Tuesday, June 01, 2004 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD? Tivoli is not secure. If you care about security do not put it (even agents) on your domain controllers. Period. Whomever manages Tivoli, will own your forest the moment you add it to a DC. This goes for any application that runs as localsystem on the DC and is "controlled" by someone else other than the enterprise admins. Tivoli has the ability to copy down anything it wants and then run it on the machine. My recommendation would be to fire up MOM or some other management system that has the capability to "feed" info back into the Tivoli framework. This management system would be entirely owned and run by the enterprise admins. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, June 01, 2004 8:47 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD? Looking for some guidance / help... Our Enterprise Systems Management Group is in the process or rolling out Tivoli to all locations. It doesn't seem logical or best practice, to me, to put such an application on a Windows 2003 DC. When testing TMF 4.1 components on a test Windows 2003 DC, I had extreme difficulty getting it to work. I inquired about this recently and was told that the problem was most likely security and that the security for the entire domain would have to be greatly relaxed to support a Tivoli Gateway installation on a Windows 2003 domain controller, not to mention the gaping security hole opened by this installation. I was also informed that installing Tivoli Gateway or other managed node components on a Windows 2003 domain controller was not best practice and correspondingly should be avoided if possible. Has anyone else attempted or run into this scenario? TIA Eric Jones, Senior SE Intel Server Group (W) 336.424.3084 (M) 336.457.2591 www.vfc.com List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
