NAT the TSM server address so that it appears to be in the DMZ.
That way if you need to change the layout of the LAN outside of the DMZ,
you don't have as many firewall rules to change.
Has anyone seen a document that describes exactly what ports the TSM client
needs to use for a backup session? Using tcpdump to figure out what we need
open seems kind of backwards.
Thanks, [RC]
Robert Clark
The Regence Group
Storage Administrator
503-220-4743
"Makkar, Jas"
<JMakkar@ADT. To: [EMAIL PROTECTED]
COM> cc:
Sent by: Subject: Backing up clients from DMZ on
TSM server inside the
"ADSM: Dist firewall
Stor Manager"
<[EMAIL PROTECTED]
RIST.EDU>
04/23/2002
10:59 AM
Please
respond to
"ADSM: Dist
Stor Manager"
We are trying to develop an approach to backup the
clients who are in the DMZ via TSM server sitting
inside the firewall. Please comment on the following
strategy:
To backup the Clients in DMZ from TSM Lib located
within the Intranet, install the TSM client on the
Client in DMZ and open a port in the firewall.
Additionally, use data encryption. To do this, you
would use the include.exclude and exclude.encrypt
options in your options file. . The encryption key for
these can either be stored locally on your machine or
prompted for each time a backup or restore is
attempted. This is set with encryptkey option in your
options file.
TSM clients in DMZ should not be allowed do any
administrative function. You can only prevent the
client from deleting backups and archives. This can be
performed by running (on the TSM server): update node
<nodename> archdelete=no backdelete=no .
Note: You could also change password=prompt in the
client options file to require a password before a
client could perform any actions. Not recommended
though. Additionally, since the TSM server address
is required in client options file, you can't hide
information about the TSM server, in case of security
breach.
ANY BETTER IDEA is appreciated. Additionally, any red
flags in the strategy.
Thanks in Advance.
Jas
[EMAIL PROTECTED]
===========================================================================
IMPORTANT NOTICE: This communication, including any attachment, contains
information that may be confidential or privileged, and is intended solely
for the entity or individual to whom it is addressed. If you are not the
intended recipient, you should delete this message and are hereby notified
that any disclosure, copying, or distribution of this message is strictly
prohibited. Nothing in this email, including any attachment, is intended
to be a legally binding signature.
