ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Lib client mounts and firewall timeouts.

2014-05-27 09:42:26
Subject: Re: [ADSM-L] Lib client mounts and firewall timeouts.
From: "Huebner, Andy" <andy.huebner AT NOVARTIS DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 27 May 2014 13:40:12 +0000 
To me it sounds like you have a political problem.  I would assume you will 
have the same issue on a restore.  Perhaps a failed DR test will shed some 
light on the situation.  We have had non-negotiable things changed when it was 
shown to adversely affect the business.

We placed the library and the servers inside the firewall to prevent such 
issues.  VLANs helped with this.  Our library is a mile from the servers.

Andy Huebner

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Steven Harris
Sent: Tuesday, May 27, 2014 4:22 AM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Lib client mounts and firewall timeouts.

Hi All

I have a situation that is causing me grief.  As part of a V5 to V6 upgrade I 
have implemented library managers.  These live in one part of the network and 
the library clients live in another separated by a firewall.  The customer 
insists that timeouts be implemented on the firewall for any session over 60 
minutes: its a security thing for some reason and is non-negotiable.

At times I get a lot of mounts queued, in the past when these were local 
mounts, they would eventually resolve themselves but now they time out in the 
firewall, never complete, and I get a cascading blockage until the whole server 
grinds to a halt.

I'm told I can set recourcetimeout to less than the firewall timeout and that 
will cause the mounts to fail, but a lot of these are oracle and
DB2 backups and they won't retry in a reasonable manner.

Yes, I could use devicelasses and mount limits to reserve drives, and I could 
put some stuff on disk that now goes direct to tape, but neither of those are 
palatable.

Of course the easiest thing would be to have the library clients use keepalives 
on their sessions, as was added in recent versions for NDMP backups.  I have 
raised an RFE to this effect at

http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=54030

and I'd appreciate your votes.

Does anyone have bright ideas on how to proceed?  I have thought about SSL port 
forwarding, but apparently bypassing the controls that way is frowned upon. 
Even if the RFE gets up, it won't help me as half of the clients are still TSM 
5.5 for the next six months or so while we cut them over.

Thanks

Steve

Steven Harris
TSM Admin
Canberra Australia.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ADSM-L] Lib client mounts and firewall timeouts., Steven Harris
Next by Date:  Re: [ADSM-L] Lib client mounts and firewall timeouts., Thomas Denier
Previous by Thread:  [ADSM-L] Lib client mounts and firewall timeouts., Steven Harris
Next by Thread:  Re: [ADSM-L] Lib client mounts and firewall timeouts., Thomas Denier
Indexes:  [Date] [Thread] [Top] [All Lists]