Hi all, I just thought I found _the_ solution in preventing admin access to our tsm server from just any system that can connect to port 1500 by setting tcpadminport on our server to something different from tcpport.
Well, great now we have 2!!! ports that allow admin connections (tcpport and tcpadminport) and one (tcpport) that allows backup/restore style client conenctions. Did I miss something, or did the TSM server development team have something different in mind when they thought up this option? I'd like to have one port for client connections (tcpport) and one for admin connections (tcpadminport) so I can actually limit access to our admin-interface based on ip-address.... Reading the manual entry for tcpport: "Using different port numbers for the options TCPPORT and TCPADMINPORT enables you to create one set of firewall rules for client sessions and another set for other session types (administrative sessions, server-to-server sessions, SNMP subagent sessions, storage agent sessions, library client sessions, managed server sessions, and event server sessions)." TSM development did have exactly what I want in mind, but when I read "By using the SESSIONINITIATION parameter of REGISTER and UPDATE NODE, you can close the port specified by TCPPORT at the firewall, and specify nodes whose scheduled sessions will be started from the server." I get confused and start to think that either I missed something or somebody else did ;-) -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000 Fax. +31 20 668 3167 "I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end." -- Douglas Adams
