Beruflich Dokumente
Kultur Dokumente
Contents:
Overview: ........................................................................................................................1 Standard CONTROL-M Implementation .......................................................................2 Connecting CONTROL-M/Server and CONTROL-M/Agent Through a Firewall ........3 Customizing CONTROL-M/Agent: ..............................................................................3 Customizing CONTROL-M/Server: .............................................................................3 Connecting CONTROL-M/Server and Enterprise Controlstation Through a Firewall....4 Customizing Enterprise Controlstation:.......................................................................4 Customizing CONTROL-M/Server: .............................................................................4 Connecting Enterprise Controlstation Components Through a Firewall .................5 Establishing a GatewayGUI connection through a firewall: ......................................6 Establishing a GatewayGlobal Conditions Server connection through a firewall:.....6 Establishing a GUI ClientGUI Server connection through a firewall: ........................6 Establishing a GUIGlobal Alerts Server connection through a firewall: ....................6
Overview:
As a result of the ever-increasing importance and need for secure environments, organizations are implementing firewalls extensively. Most CONTROL-M and Enterprise Controlstation implementations are spread across a large number of machines. These machines vary in type and physical location, and are found typically in environments that are shielded by firewalls. CONTROL-M and Enterprise Controlstation implementations must maintain high availability and exibility, without affecting the security of the customers computing environment. This document focuses on the best practices for implementing CONTROL-M and Enterprise Controlstation in rewall-protected environments.
Page 1
Page 2
Customizing CONTROL-M/Server:
To establish communication, the CONTROL-M/Server uses the host names of all connecting CONTROL-M/Agents and two ports per each agent. One of these ports is used for server-to-agent communication and the other is used for agent-to-server communication. All parameters are specied during CONTROL-M/Server installation and can be changed later using the parameters customization option of the ctm_menu utility. The host name and server-to-agent port number parameters can be found under the Default Parameters for Communication with Agent Platforms and Parameters for Communication with a Specic Agent Platform menu options. The agent-to-server port number parameter can be found under Communication and Operational Parameters. If a firewall separates the CONTROL-M/Server from the connected CONTROL-M/Agent(s), the agent-to-server port(s) should be defined as accept in the firewall to allow communication between the machines. Please note that when using node groups, this process should be repeated for each node included in the group.
Page 3
Customizing CONTROL-M/Server:
Each connected CONTROL-M/Server uses the host name of the relevant CONTROLM/Server and two ports. One of these ports is used for communication from the Enterprise Controlstation to CONTROL-M, and the other port is used for communication in the opposite direction. The port number used for communication from the Enterprise Controlstation is dened using the ctm_menu utility. Select the parameters customization option under Communication and Operational Parameters. If a rewall separates the CONTROL-M/Server from the Enterprise Controlstation, the port used for communication from the Enterprise Controlstation should be dened as accept in the rewall to allow communication between the two machines.
Page 4
Enterprise Controlstation components can be spread across multiple machines, and may be separated by a rewall. The most likely connections to cross rewalls include: 1. Gateway and GUI 2. Gateway and Global Conditions Server 3. GUI Client and GUI Server 4. GUI and Global Alerts Server
Page 5
BMC Software, the BMC Software logos and all other BMC Software product or service names are registered trademarks or trademarks of BMC Software, Inc. All other registered trademarks or trademarks belong to their respective companies. 2000 BMC Software, Inc. All rights reserved. 100035657 12/00