"1580 does not need" is very softly said. It should never ever be enabled. You can administer your TSM server from internal network and definitely I cannot see any need to administer it from DMZ. And HTTP port gives you only administration access. And I would highly appreciate any option or setting in next releases which would allow me somehow administration of the TSM server to be available only to limited number of hosts. Current state is that ANY client which performs backup on the server can attempt to break TSM administrator's password. And it was discussed earlier that break of node password is nearly equal to root password breach for the node. Being TSM administrator such intruder can change passwords of all nodes which now has to be close to root access on ALL nodes, i.e. big part of or whole enterprise. I may seem too paranoic but this is my job - to protect the systems is part of my activities.
Zlatko Krastev IT Consultant "Joshua S. Bassi" <[EMAIL PROTECTED]> on 02.11.2001 22:22:21 Please respond to "ADSM: Dist Stor Manager" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] cc: Subject: Re: DMZ and ports to be opened? 1580 does not need to be enabled because that is the TSM server web interface. 1581 only needs to be enabled if you plan on accessing the TSM client web interface on the client in the DMZ from within your corporate network. -- Joshua S. Bassi Independent IT Consultant IBM Certified - AIX/HACMP, SAN, Shark Tivoli Certified Consultant- ADSM/TSM Cell (408)&(831) 332-4006 [EMAIL PROTECTED] -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED]] On Behalf Of Selva, Perpetua Sent: Friday, November 02, 2001 12:00 PM To: [EMAIL PROTECTED] Subject: Re: DMZ and ports to be opened? What about 1580 and 1581, should they be enabled as well? > -----Original Message----- > From: Ilja G. Coolen [SMTP:[EMAIL PROTECTED]] > Sent: Friday, November 02, 2001 2:18 AM > To: [EMAIL PROTECTED] > Subject: Re: DMZ and ports to be opened? > > Hello there Selva, > > By default TSM user port 1500 for TCP/IP traffic. So by enabling port 1500 > in the firewall bidirectional for the TSM server and the client node, the > TSM client and server should be able to communicate. It would be advisable > to use NAT though. > > BE AWARE. TSM port 1500 is default and probabely known by potential > hackers. > It could be smart to change the default port. > > > -----Oorspronkelijk bericht----- > Van: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED]]Namens Selva, > Perpetua > Verzonden: donderdag 1 november 2001 16:36 > Aan: [EMAIL PROTECTED] > Onderwerp: DMZ and ports to be opened? > Urgentie: Hoog > > > Hi > > Does anyone know how to make this work successfully? > > We have opened up a firewall port on the global network, is there anything > on the TSM ports > that needs to be opened for backup to be successful? > > Please let us know > Thanks > > > -----Original Message----- > > From: Kyle Kinzer [SMTP:[EMAIL PROTECTED]] > > Sent: Thursday, November 01, 2001 10:31 AM > > To: [EMAIL PROTECTED] > > Subject: Session is lost . . . > > > > I had researched the below errors for TSM client on a Novell system a > > while > > ago. If I recall, I couldn't find anything specific on the list server, > > other than it's a TCPIP problem. In my case is was a simple TCPIP > problem. > > The NIC card was set to 10mbps/half duplex and the port on the switch > was > > set to 10mpbs/full duplex. Once we changed the port to 10mbps/half, the > > errors went away and backup performed normally. > > > > Just thought I'd pass it on. > > > > kyle > > > > > > 10/31/2001 12:27:09 TcpRead(): recv(): errno = 54 > > 10/31/2001 12:27:09 sessRecvVerb: Error -50 from call to 'readRtn'. > > 10/31/2001 12:27:09 ANS1809E Session is lost; initializing session > reopen > > procedure. > > 10/31/2001 12:27:09 ANS1809E Session is lost; initializing session > reopen > > procedure. > > 10/31/2001 12:27:25 ANS1810E TSM session has been reestablished.
