Dial in security features of the IMC
Dial-in is used by IBM service representatives to log on to the system
console and provide service support. All dial-in connectivity to the system
console is through either a modem or broadband connection, which
restricts all incoming traffic. Separate logon IDs are required for access to
each attached system.
Note: The TS4500 tape library does not support dial-in. Only the IMC
supports dial-in.
The system console supports the following data security requirements
when properly configured:
v Customer data, which is stored on tape or in memory, cannot be
transmitted or accessed in remote support sessions.
v Remote dial-in is enabled or disabled by the customer by using the
TS4500 management GUI. Remote dial-in is disabled by default. When
remote dial-in is enabled, it is enabled for 24 hours by default.
v Remote dial-in requires a password for access. The password is managed
by the customer. The default setting for dial-in is that no password is
required. A password can be specified by the customer and set by the
IBM service representative.
Note: The IMC and TSSC both run system console code, so all of the TSSC
functions are integrated into the IMC. The security requirements for the IMC are
the same as the security requirements for the TSSC.
Port information for firewall environments
Table 21 shows the ports that are required to be opened on the firewall for
environments where the tape configuration is separated from the LAN-attached
hosts and/or Web clients by a firewall. All other ports can be closed.
Table 21. Port information for firewall environments
Function Port
Direction (from
library) Protocol
Library Operations 3494 Bidirectional TCP
TotalStorage
®
Specialist 80 Inbound TCP
SNMP Traps 161/162 Bidirectional UDP
Encryption key manager 1443 Outbound SSL
Encryption key manager 3801 Outbound TCP
LDAP 389 Bidirectional TCP and UDP
LDAP over TLS/SSL 636 Bidirectional TCP and UDP
Kerberos 88 Bidirectional TCP and UDP
HTTPS 443 Bidirectional TCP
Note: The system console uses the following ports:
v HTTPS: Port 443
v HTTP: Port 80
v DNS: Port 53
HTTPS: Port 443; HTTP: Port 80; and DNS: Port 53.
56 IBM TS4500: Introduction and Planning Guide
To Next Page
Loading...
Need help?
General