176 IBM Tivoli Remote C ontrol Across Firewalls
Introduction
Tivoli Firewall Security Toolbox enables Tivoli network management across
firewalls without compromising security. When one or more firewalls exist
between Endpoint and Gateway, the communication channels permitted by the
firewall are limited. The Tivoli firewall Security Toolbox enables the Endpoint and
Gateway communication across firewalls while respecting firewall restrictions. In
a TFST scenario, the Endpoint Proxy on the secure side and the G ateway Proxy
on the less secure side communicate with each other using proprietary Tivoli
protocol encapsulated TCP/IP packets through the firewall.
Components of TFST
In the following sections we describe the four components that make up Tivoli
Firewall Security Toolbox:
򐂰Endpoint Proxy
򐂰Gateway Proxy
򐂰Relay
򐂰Event Sink

Endpoint Proxy

This component is utilized by the Tivoli Gateway on the secure side and this
emulates the Tivoli Endpoint for the Gateway in TME Framework. This in turn
establishes the connection with the Gateway Proxy across the firewall on behalf
of Tivoli Gateway.

Gateway Proxy

This component is installed in the less secure side or DMZ to emulate a Tivoli
Gateway. This is connected to the Tivoli Endpoints on the less secure side and
Tivoli Endpoints are configured to point to this as their Ga teway.

Relay

The Relay allows the Endpoints to be manageable even if they are separated
from their Gateway by multiple firewalls, and this component is placed between
layers of firewall to manage the Endpoints. The main purpose of the Relay is to
pass the information as it is received up or down the chain to the Endpoint Proxy,
the Gateway Proxy, or other Relay components in the chain.