I completely agree. I just wanted to ensure that I wasn't amiss with
disagreeing with putting Tivoli Managed Node components on a W2k3 DC.
We're aiming for MOM and its corresponding integration. I've looked at the
AD Option provided by Tivoli and am not excited at all. I'm having to
write a comparative proposal to use MOM instead of Tivoli to monitor the
W2k3 DCs in our environment. If that proposal gets accepted, I'm hoping to
expand to the entire Windows Server Platform next year.
Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com
"Mulnick, Al"
<[EMAIL PROTECTED]
T.com> To
Sent by: "'[EMAIL PROTECTED]'"
[EMAIL PROTECTED] <[EMAIL PROTECTED]>
ail.activedir.org cc
Subject
06/01/2004 10:32 RE: [ActiveDir] Tivoli Gateway on
AM Windows 2003 DC - BAD?
Please respond to
[EMAIL PROTECTED]
tivedir.org
Exactly! Tivoli is not going to give you very good information about
Active
Directory. I can tell you that in all honesty as a person who's been bit
by
the tivoli virus ;)
In a past life as a consultant, I saw many Tivoli implementations gone bad
and a lot of finger pointing; all for minimum data return. Not the type of
thing I'd like to build a computing infrastructure on myself. Do yourself
a
favor and reduce the Tivoli presence and go with MOM. If Tivoli is your EM
of choice, the integrate it with MOM. You won't be sorry about the choice.
Al
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Tuesday, June 01, 2004 10:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD?
Tivoli is not secure. If you care about security do not put it (even
agents)
on your domain controllers. Period.
Whomever manages Tivoli, will own your forest the moment you add it to a
DC.
This goes for any application that runs as localsystem on the DC and is
"controlled" by someone else other than the enterprise admins. Tivoli has
the ability to copy down anything it wants and then run it on the machine.
My recommendation would be to fire up MOM or some other management system
that has the capability to "feed" info back into the Tivoli framework. This
management system would be entirely owned and run by the enterprise admins.
joe
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, June 01, 2004 8:47 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Tivoli Gateway on Windows 2003 DC - BAD?
Looking for some guidance / help...
Our Enterprise Systems Management Group is in the process or rolling out
Tivoli to all locations. It doesn't seem logical or best practice, to me,
to put such an application on a Windows 2003 DC. When testing TMF 4.1
components on a test Windows 2003 DC, I had extreme difficulty getting it
to
work. I inquired about this recently and was told that the problem was
most
likely security and that the security for the entire domain would have to
be
greatly relaxed to support a Tivoli Gateway installation on a Windows
2003 domain controller, not to mention the gaping security hole opened by
this installation. I was also informed that installing Tivoli Gateway or
other managed node components on a Windows 2003 domain controller was not
best practice and correspondingly should be avoided if possible.
Has anyone else attempted or run into this scenario?
TIA
Eric Jones, Senior SE
Intel Server Group
(W) 336.424.3084
(M) 336.457.2591
www.vfc.com
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
