Tivoli Header
Quick Start
The Tivoli Storage Manager server and clients can work across a firewall in
most cases. You must configure the firewall to open up the ports that
the server and clients need. Because firewalls differ in how you open
the ports, you must follow the instructions that accompanied the firewall
software or hardware that you are using. If you need help with opening
ports, contact the supplier of your firewall.
The following operations require that you open ports on the firewall:
- To allow clients to communicate with a server across a firewall, you must
open the port that is the TCP/IP port for the server (the TCPPORT option in
the server options file). The default TCP/IP port is 1500.
- To use the administrative Web interface for a server across a firewall,
you must open the port that is the HTTP port for the server (the HTTPPORT
option in the server options file). The default HTTP port is
1580.
We strongly recommend that you use the Tivoli Storage Manager Secure Web
Administrator Proxy for Web administration of the Tivoli Storage Manager
server in an enterprise environment. Install the proxy on a web server
that sits on the firewall, so that the web server can access resources on both
sides of the firewall (this is sometimes called the "demilitarized
zone"). Once you set up the proxy, you can use it to administer any TSM
server at Version 3.7 or higher. For more information on how to
install and use the proxy, see the appendix about the Web proxy in Quick
Start. You can also increase security in this environment by
enabling HTTPS services (also called secure socket layer, or SSL) on the web
server where you install the proxy. Check the information for your web
server for how to set this up.
- To use the Web backup-archive client to connect to a client across a
firewall, you must use the client at Version 4.1.2 or
later. You must open three ports on the firewall. The ports
are:
- The HTTP port for the client (the HTTPPORT option in the client options
file). The default client HTTP port is 1581.
- The two ports specified with the WEBPORTS option in the client options
file. By default, Web ports are assigned randomly, which does not work
across a firewall. You must specify this option with non-zero values
for the two ports, then open these ports on the firewall.
Currently the following operations are known to have problems when a
firewall is in place:
- The backup-archive Web client at a version earlier than Version
4.1.2 does not work when the client system or server that it
connects to is across a firewall.
- The client scheduler operating in prompted mode does not work when the
server is across a firewall. The client scheduler does work when
operating in polling mode.
- The server cannot log events to a Tivoli Enterprise(TM) Console (T/EC)
server across a firewall.
[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]