tcp port usage of client
Hi Everyone, I am SO confused . . . The security folks are checking/verifying what tcp ports are used on some servers. We got the question of just what ports TSM clients are using on these servers. The clients are all behind a firewall, but the question is not about firewall port. Rather it's just what ports these TSM clients are using. Client backups run just fine thru the firewall. Clients are all AIX. The TSM server the clients backup to runs on tcpport 1500 (default). The dsm.opt is empty. Here is the dsm.sys file on one of the AIX clients. SErvername tsmX COMMmethod TCPIP TCPPort1500 TCPServeraddress tsmX nodename clientY passwordaccess generate inclexcl /usr/tivoli/tsm/client/ba/bin/inclexcl schedlogname /usr/tivoli/tsm/client/ba/bin/dsmsched.log webports 2123 2124 httpport 1581 1582 schedlogret5 errorlogname /usr/tivoli/tsm/client/ba/bin/dsmerror.log errorlogret5 txnbytelimit 25600 tcpwindowsize 64 schedmode prompted tcpbuf 64 resourceutilization 3 This seems messed up: - has two entries on httpport which is invalid, not sure what result of this is. - webports is specified, but is not using managedservcies. I thought this options only applied if using managedservices with the scheduler running under cad. - Since scheduler is running directly (not under cad), there is no tcpclientport parm, so this is defaulting to 1501 (I think). This is the port the tsm server uses to prompt the client. - How does a webports and httport (that is bad) interact? WIth all that, what tcp ports would a client like this be using? I come up with this: 1501 (dsmsched listening for prompt from TSM server) 1581 (http connection for web gui via dsmcad) 2123/2124 ? - no, parm is ignored 1582 ? - no, invalid 2nd port on httpport random ? - I read several things about the client using a random port Now, the security folks found dsmcad running on a wide range of ports on different servers: 9385, 37872, 29423, some others. Any thoughts are appreciated, especially how to set specific ports for the tsm client to use. Thanks Rick - The information contained in this message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately, and delete the original message.
Re: tcp port usage of client
Your analysis looks correct to me. Ports for the CAD are specified with the webport option. Only valid if managedservices is used with the schedule option. Managedservices schedule I believe the httpport option is only used if you have Managedservices web Or managedservices web schedule The random ports for dsmcad I believe are when webport is not specified. -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Richard Rhodes Sent: Monday, June 17, 2013 2:19 PM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] tcp port usage of client Hi Everyone, I am SO confused . . . The security folks are checking/verifying what tcp ports are used on some servers. We got the question of just what ports TSM clients are using on these servers. The clients are all behind a firewall, but the question is not about firewall port. Rather it's just what ports these TSM clients are using. Client backups run just fine thru the firewall. Clients are all AIX. The TSM server the clients backup to runs on tcpport 1500 (default). The dsm.opt is empty. Here is the dsm.sys file on one of the AIX clients. SErvername tsmX COMMmethod TCPIP TCPPort1500 TCPServeraddress tsmX nodename clientY passwordaccess generate inclexcl /usr/tivoli/tsm/client/ba/bin/inclexcl schedlogname /usr/tivoli/tsm/client/ba/bin/dsmsched.log webports 2123 2124 httpport 1581 1582 schedlogret5 errorlogname /usr/tivoli/tsm/client/ba/bin/dsmerror.log errorlogret5 txnbytelimit 25600 tcpwindowsize 64 schedmode prompted tcpbuf 64 resourceutilization 3 This seems messed up: - has two entries on httpport which is invalid, not sure what result of this is. - webports is specified, but is not using managedservcies. I thought this options only applied if using managedservices with the scheduler running under cad. - Since scheduler is running directly (not under cad), there is no tcpclientport parm, so this is defaulting to 1501 (I think). This is the port the tsm server uses to prompt the client. - How does a webports and httport (that is bad) interact? WIth all that, what tcp ports would a client like this be using? I come up with this: 1501 (dsmsched listening for prompt from TSM server) 1581 (http connection for web gui via dsmcad) 2123/2124 ? - no, parm is ignored 1582 ? - no, invalid 2nd port on httpport random ? - I read several things about the client using a random port Now, the security folks found dsmcad running on a wide range of ports on different servers: 9385, 37872, 29423, some others. Any thoughts are appreciated, especially how to set specific ports for the tsm client to use. Thanks Rick - The information contained in this message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately, and delete the original message.
Re: tcp port usage of client
Plus, I believe a client in polling mode uses 1500, a client in prompted mode uses both 1500 and 1501, unless 1501 isn't available then it will pick something else. Is that wrong? -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Lee, Gary Sent: Monday, June 17, 2013 2:27 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] tcp port usage of client Your analysis looks correct to me. Ports for the CAD are specified with the webport option. Only valid if managedservices is used with the schedule option. Managedservices schedule I believe the httpport option is only used if you have Managedservices web Or managedservices web schedule The random ports for dsmcad I believe are when webport is not specified. -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Richard Rhodes Sent: Monday, June 17, 2013 2:19 PM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] tcp port usage of client Hi Everyone, I am SO confused . . . The security folks are checking/verifying what tcp ports are used on some servers. We got the question of just what ports TSM clients are using on these servers. The clients are all behind a firewall, but the question is not about firewall port. Rather it's just what ports these TSM clients are using. Client backups run just fine thru the firewall. Clients are all AIX. The TSM server the clients backup to runs on tcpport 1500 (default). The dsm.opt is empty. Here is the dsm.sys file on one of the AIX clients. SErvername tsmX COMMmethod TCPIP TCPPort1500 TCPServeraddress tsmX nodename clientY passwordaccess generate inclexcl /usr/tivoli/tsm/client/ba/bin/inclexcl schedlogname /usr/tivoli/tsm/client/ba/bin/dsmsched.log webports 2123 2124 httpport 1581 1582 schedlogret5 errorlogname /usr/tivoli/tsm/client/ba/bin/dsmerror.log errorlogret5 txnbytelimit 25600 tcpwindowsize 64 schedmode prompted tcpbuf 64 resourceutilization 3 This seems messed up: - has two entries on httpport which is invalid, not sure what result of this is. - webports is specified, but is not using managedservcies. I thought this options only applied if using managedservices with the scheduler running under cad. - Since scheduler is running directly (not under cad), there is no tcpclientport parm, so this is defaulting to 1501 (I think). This is the port the tsm server uses to prompt the client. - How does a webports and httport (that is bad) interact? WIth all that, what tcp ports would a client like this be using? I come up with this: 1501 (dsmsched listening for prompt from TSM server) 1581 (http connection for web gui via dsmcad) 2123/2124 ? - no, parm is ignored 1582 ? - no, invalid 2nd port on httpport random ? - I read several things about the client using a random port Now, the security folks found dsmcad running on a wide range of ports on different servers: 9385, 37872, 29423, some others. Any thoughts are appreciated, especially how to set specific ports for the tsm client to use. Thanks Rick - The information contained in this message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately, and delete the original message.
Re: tcp port usage of client
Hi all, 1) Interactive If you're using the client in an interactive way (dsmc), it simply connects to the server TCPPORT (1500). 2) Schedmode Polling It's the same if using the SCHEDMODE POLLING option. No matter if the TSM Scheduler runs by his own or is launched by the CAD? 3) Schedmode Prompted If using the SCHEDMODE PROMPTED option, behavior depends on the way the TSM Scheduler is running. If TSM Scheduler is running by himself (dsmc sched), then the dsmc sched is listenning to the TCPCLIENTPORT (1501 by default, or another backup one 17xx if 1501 is already binded by another process. ANS1018E if TSM is using this port). If TSM Scheduler is managed by the CAD, it it listenning to a random port, unless you specify it by using the WEBPORTS option. -- Best regards / Cordialement / مع تحياتي Erwann SIMON - Mail original - De: "Wanda Prather" À: ADSM-L@VM.MARIST.EDU Envoyé: Lundi 17 Juin 2013 20:31:07 Objet: Re: [ADSM-L] tcp port usage of client Plus, I believe a client in polling mode uses 1500, a client in prompted mode uses both 1500 and 1501, unless 1501 isn't available then it will pick something else. Is that wrong? -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Lee, Gary Sent: Monday, June 17, 2013 2:27 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] tcp port usage of client Your analysis looks correct to me. Ports for the CAD are specified with the webport option. Only valid if managedservices is used with the schedule option. Managedservices schedule I believe the httpport option is only used if you have Managedservices web Or managedservices web schedule The random ports for dsmcad I believe are when webport is not specified. -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Richard Rhodes Sent: Monday, June 17, 2013 2:19 PM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] tcp port usage of client Hi Everyone, I am SO confused . . . The security folks are checking/verifying what tcp ports are used on some servers. We got the question of just what ports TSM clients are using on these servers. The clients are all behind a firewall, but the question is not about firewall port. Rather it's just what ports these TSM clients are using. Client backups run just fine thru the firewall. Clients are all AIX. The TSM server the clients backup to runs on tcpport 1500 (default). The dsm.opt is empty. Here is the dsm.sys file on one of the AIX clients. SErvername tsmX COMMmethod TCPIP TCPPort1500 TCPServeraddress tsmX nodename clientY passwordaccess generate inclexcl /usr/tivoli/tsm/client/ba/bin/inclexcl schedlogname /usr/tivoli/tsm/client/ba/bin/dsmsched.log webports 2123 2124 httpport 1581 1582 schedlogret5 errorlogname /usr/tivoli/tsm/client/ba/bin/dsmerror.log errorlogret5 txnbytelimit 25600 tcpwindowsize 64 schedmode prompted tcpbuf 64 resourceutilization 3 This seems messed up: - has two entries on httpport which is invalid, not sure what result of this is. - webports is specified, but is not using managedservcies. I thought this options only applied if using managedservices with the scheduler running under cad. - Since scheduler is running directly (not under cad), there is no tcpclientport parm, so this is defaulting to 1501 (I think). This is the port the tsm server uses to prompt the client. - How does a webports and httport (that is bad) interact? WIth all that, what tcp ports would a client like this be using? I come up with this: 1501 (dsmsched listening for prompt from TSM server) 1581 (http connection for web gui via dsmcad) 2123/2124 ? - no, parm is ignored 1582 ? - no, invalid 2nd port on httpport random ? - I read several things about the client using a random port Now, the security folks found dsmcad running on a wide range of ports on different servers: 9385, 37872, 29423, some others. Any thoughts are appreciated, especially how to set specific ports for the tsm client to use. Thanks Rick - The information contained in this message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately, and delete the original message.
Re: tcp port usage of client
What is being asked for to do is to limit TSM client to a limited set of defined ports. They want to be able to run a utility to list ports used and by whom, save it, then run it later and compare them. So the goal is to limit the client to defined ports. To do this we need: - use:managedservices web schedule specifying: WEBPORTS 1501 1581 1501 = port for cad daemon tsm server contacting the client 1581 = "web client agent service" - is this just listening for gui access? this replaces httpport, and is no longer used with managedservices/webports If I do the above, then is my client ONLY using ports: 1501 - tsm server contacting the client, including the scheduler cad spawns 1581 - web client Is that even close to being right? Rick From: Erwann Simon To: ADSM-L@VM.MARIST.EDU Date: 06/17/2013 04:17 PM Subject: Re: tcp port usage of client Sent by:"ADSM: Dist Stor Manager" Hi all, 1) Interactive If you're using the client in an interactive way (dsmc), it simply connects to the server TCPPORT (1500). 2) Schedmode Polling It's the same if using the SCHEDMODE POLLING option. No matter if the TSM Scheduler runs by his own or is launched by the CAD? 3) Schedmode Prompted If using the SCHEDMODE PROMPTED option, behavior depends on the way the TSM Scheduler is running. If TSM Scheduler is running by himself (dsmc sched), then the dsmc sched is listenning to the TCPCLIENTPORT (1501 by default, or another backup one 17xx if 1501 is already binded by another process. ANS1018E if TSM is using this port). If TSM Scheduler is managed by the CAD, it it listenning to a random port, unless you specify it by using the WEBPORTS option. -- Best regards / Cordialement / مع تحياتي Erwann SIMON - Mail original - De: "Wanda Prather" À: ADSM-L@VM.MARIST.EDU Envoyé: Lundi 17 Juin 2013 20:31:07 Objet: Re: [ADSM-L] tcp port usage of client Plus, I believe a client in polling mode uses 1500, a client in prompted mode uses both 1500 and 1501, unless 1501 isn't available then it will pick something else. Is that wrong? -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Lee, Gary Sent: Monday, June 17, 2013 2:27 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] tcp port usage of client Your analysis looks correct to me. Ports for the CAD are specified with the webport option. Only valid if managedservices is used with the schedule option. Managedservices schedule I believe the httpport option is only used if you have Managedservices web Or managedservices web schedule The random ports for dsmcad I believe are when webport is not specified. -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Richard Rhodes Sent: Monday, June 17, 2013 2:19 PM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] tcp port usage of client Hi Everyone, I am SO confused . . . The security folks are checking/verifying what tcp ports are used on some servers. We got the question of just what ports TSM clients are using on these servers. The clients are all behind a firewall, but the question is not about firewall port. Rather it's just what ports these TSM clients are using. Client backups run just fine thru the firewall. Clients are all AIX. The TSM server the clients backup to runs on tcpport 1500 (default). The dsm.opt is empty. Here is the dsm.sys file on one of the AIX clients. SErvername tsmX COMMmethod TCPIP TCPPort1500 TCPServeraddress tsmX nodename clientY passwordaccess generate inclexcl /usr/tivoli/tsm/client/ba/bin/inclexcl schedlogname /usr/tivoli/tsm/client/ba/bin/dsmsched.log webports 2123 2124 httpport 1581 1582 schedlogret5 errorlogname /usr/tivoli/tsm/client/ba/bin/dsmerror.log errorlogret5 txnbytelimit 25600 tcpwindowsize 64 schedmode prompted tcpbuf 64 resourceutilization 3 This seems messed up: - has two entries on httpport which is invalid, not sure what result of this is. - webports is specified, but is not using managedservcies. I thought this options only applied if using managedservices with the scheduler running under cad. - Since scheduler is running directly (not under cad), there is no tcpclientport parm, so this is defaulting to 1501 (I think). This is the port the tsm server uses to prompt the client. - How does a webports and httport (that is bad) interact? WIth all that, what tcp ports would a client like this be using? I come up with this: 1501 (dsmsched listening for prompt from TSM server) 1581 (http connection for web gui via dsmcad) 2123/2124 ? - no, parm is ignored 1582 ? - no, invalid 2nd port on httpport random ? - I r
Re: tcp port usage of client
I'm sorry to post a long winded confusing post. I'm tempted to open a case with IBM, but I know I'll just get someone who will just quote the manual and not answer my questions. . . . anyway . . . Here is my understanding and questions about client ports at this time (completely subject to change and probably wrong!). 1) Using old way - dsmcad for web client and dsmc sched for scheduler => dsmcad dsmcad controls the web client, which is dsmagent. you never start dsmagent by itself - it's always started through dsmcad httpport controls which port dsmcad listens on httpport defaults to 1581 In use: dsmcad listens on 1581 you browse to http://:1581 dsmcad spawns dsmagent which talks to your browser you use the web client over httpport You can change httpport to something else. => dsmc sched (promtped mode) runs as a separate process uses tsmclientport for port to listen on for being contacted by the TSM server tcpclientport defaults to 1501 First time you start the scheduler it does this: contacts the TSm server and tells it the port it is listening on tsm server then prompts the client at that port You can change tcpclientport to any port you want. 2) Using "managedservices scheduler webclient" point: Nothing says that httpport and tcpclientport DON"T work with managedservices. Nothing says that webports is specific to managedservices. Nothing relates how httpport/tcpclientport interacts with webports. => dsmcad dsmcad now handles both the scheduler and web client You never start dsmagent by yourself You can start "dsmc sched" manually, but you are letting dsmcad handle it for you. web client handles the web client just like before. listens for browsers on httpport with dflt 1581 Spawns dsmagent you use the web client over httpport You can change the port by changing httpport scheduler When cad first starts it (or the scheduler it starts) contacts the tsm server and reports the port it listens on. Listening port is tcpclientport which defaults to 1581. TSM Server prompts to client tcpclientport where dsmcad is listening and starts the scheduler. 3) QUESTIONS about webports option WEBPORTS - I thought this option was limited to when running managedservuces, but I can't find anything in the BA client manual or IBM's web site that states this. I don't know why I thought this. - The BA client manual doesn't say how this option effects running separate scheduler/dsmcad or running managedservers for both. - It explains nothing on how the webports ports you enter relate to httpport and tcpclientport. webports = cad daemon port, dflt="0" which is a random port = web client agent service port, dflt="0" which is a random port Does tcpclientport = ? Does httpport = ? What is the "web client agent service"? Is this just a thread in dsmcad to spawn dsmagent? Is this dsmagent itself? If you specify both webports and tcpclientport/httpport, what does it do? How do they interact? It seems httpport can't = , because if it can be a random number then how do you know what port to set your browser to? - The docs simply do not explain what the webports port parms are for. If I have httpport=1581 and tcpclientport=1501, then what/why would webports even be needed? Why would it use two random ports for? I'm beginning to think webports are actually some internal communication ports used between dsmcad and the scheduler, dsmagent, threads, something else? If anyone truly understand the webports option, I'd love to here about it - The information contained in this message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately, and delete the original message.
