WTI Switch (used with some legacy systems)
The WTI Switch has a default password. A different password can be set locally by
the IBM Service Representative.
Security for Encryption Support
Encryption support in the TS3500 Tape Library and TS1120 tape controllers models C06 and
J70 allow system-managed tape encryption on IBM® System z® platforms. An IBM Service
Representative installs routers between the internal LAN network, which is connected to the
controllers, and the customer's LAN network. The router provides access to the customer's
key manager. Network traffic through this router is outbound only. The Network Address
Translation (NAT) function in the router prevents externally-initiated connections to any
internal components.
Port information for firewall environments
Table 1 shows the only ports that are required to be opened on the firewall for
environments where the tape configuration is separated from the LAN-attached hosts
and/or Web clients by a firewall. All other ports may be closed.
Table 1. Port Information for firewall environments
Function Port
Direction (from
library) Protocol
Library Operations 3494 Bi-directional TCP/IP
TotalStorage® Specialist 80 Inbound TCP/IP
SNMP Traps 161/162 Bi-directional UDP/IP
Encryption key manager 1443 Outbound SSL
Encryption key manager 3801 Outbound TCP/IP
Note: The TS3000 System Console uses the following ports: HTTPS: Port 443; HTTP: Port
80; and DNS: Port 53.
Port information communications can be initiated either by the tape library or by the host.
Typically, the library only initiates a connection when responding to the host; however, in
the case of unsolicited messages such as statistics notifications and operator interventions,
the library initiates a connection through port 3494. If the library manager needs to make a
connection to the host, it chooses a temporary port and uses that port to make an outbound
connection to a 3494 listening port on the host. When the host has a message to deliver to
the library manager, it chooses its own ephemeral port by which to make an outbound
connection to listening port 3494 on the library manager. The connection is only maintained
for the duration required to pass a single message, and then it is disabled.
Table 1 describes the minimum level of connectivity required to perform library operations.
Other ports that could be opened up on the firewall, but are not necessary in order to have
full functionality include:
To Next Page
Loading...
Need help?
General