Customizing the Data Protector Environment

Firewall Support

NOTE

The OB2PORTRANGE variable only applies to dynamically allocated ports.

 

It does not affect the usage of the default Data Protector port number

 

5555.

 

Defining a port range for the Data Protector processes limits the port

 

usage of Data Protector. It does not prevent other applications from

 

allocating ports from this range as well.

 

 

For a Specific Data In many cases it is not required that all Data Protector agents Protector Agent communicate across a firewall. For example, one specific agent can be

outside a firewall, while all other components are inside of it. In such environments it is useful to limit the range of port numbers only for the specific agent. This allows you to define a much smaller port range and so reduce the need of open ports through the firewall.

You can limit the port range on a system on which a specific agent runs by using the OB2PORTRANGESPEC variable in the omnirc file:

OB2PORTRANGESPEC=<AGENT>:<start_port>-<end_port>;...

All agent processes check the OB2PORTRANGESPEC for range restrictions. If there is a range defined for an agent process, all dynamically allocated ports select from this specified range. The port range is allocated by taking the first available port, starting with port "start_port". If there is no available port within the specified range, the port allocation fails and the requested operation is not done. See “Examples of Configuring Data Protector in Firewall Environments” on page 535 for information on how to calculate the required range of port numbers.

Chapter 11

529

Page 559
Image 559
HP B6960-90078 manual