88 IBM Tivoli Remote Control Across Firewalls
Implementation Planning Case Study: Solution BIn this scenario, the requirements imposed by CSI Corporation are the same as
presented for Solution A. The goal for in this section is to provide an alternate
solution design for CSI — in this case, a change on the existing physical design
by eliminating the current Tivoli Endpoint Gateway installed in the Servers
network zone. This will allow us to close the IOM Range and other Tivoli ports in
the firewalls and decide upon a unidirectional communication from the Servers
zone to the Internal zone. In this case, with a new Endpo int/gateway Proxy
connection, only one pipe needs to be opened in Firewall 3. In terms of a firewall
security solution, this architecture provides a great enhancement. In addition to
that, there is only the need to use the RC Non-Standalone solutions.
Figure 2-5 depicts the proposed CSI Corporation Tivoli environment with an IBM
Tivoli Remote Control Proxy solution, for Solution B.
Figure 2-5 Case study scenario with RC Proxy architecture - Solution B
RC Contr.
Proxy A
Target 1
Target 2
TMR Server
DMZ
External
Controller 1
Firewall 2 Firewall 3Firewall 1 Endpoint GW
Endpoint GW
Endpoint GW
Servers
Internal
RC Target
Proxy A
GW Proxy A
Relay A2
Relay A1 EP Proxy A
RC Contr.
Proxy B
GW Proxy B
RC Target
Proxy B
EP Proxy B
Controller 2
C:8116 P:8115
C:8114
C:8112-
8113 P:8100-8110
P:8111
P:9211
C:9200-
9210
P=Parent
C=Child