116 IBM Tivoli Remote C ontrol Across Firewalls
4.1 Scenario overview
In this section we provide an overview of our Remote Control Non-Standalone
testing scenario. A typical Remote Control Non-Standalone architecture is
implemented when the firewall stands between the Endpoint Targets and the
Endpoint Gateway. A common environment, for example, could be managing the
Endpoint in the DMZ with the Gateway located at the most secured zone.
The goal of this scenario is to provide detailed information to the System
Administrator of the requirements and considerations that will help him to work
with session management across the firewall. We provide as much information
as possible to deeply describe the implementation of Remote Control using the
TFST component functionalities. We also show a diagram outlining the data flow
mechanism and include the firewall configuration tables in order to allow the
successful usage of IBM Tivoli Remote Control across the firewalls.
In this testing scenario we assume that the IBM Tivoli Management Framework
4.1 and the Tivoli Firewall Security Toolbox 1.3 have been properly installed and
configured and that any down call to the Endpoint can be successfully executed
as the up call to the Gateway. You can refer to the Firewall Security Toolbox
User s Guide, GC23-4826 if you have any problems in this area. Moreover, we
assume you have already installed and configured the Endpoint Proxy, Relay,
and Gateway Proxy components, and that the communication works from the
Framework point of view.
These are the basic requirements before configuring and installing IBM Tivoli
Remote Contr ol across firewalls. We assume that IBM T ivoli Remote Contr ol 3.8
server component is already installed on the TMR and all Tivoli Gateways
hosting the Endpoints, controllers and Targets. Refer to
IBM Tivoli Remote
Control Users Guide
, SC23-4842 for details.
4.2 Environment description
In our testing scenario, the goal was to reproduce the most common environment
using all the required components in order to provide valuable inputs a nd
illustrate our conclusions. We used different machine types and operating
systems. Even though the goal here is not to test firewall products, we used
different firewall products with this configuration, keeping in mind the services,
protocol, and ports used by the Remote Control Proxies.