IBM 3.8 2.1 Design

58 IBM Tivoli Remote Control Across Firewalls

2.1 Design

In this section we address design considerations for the implementation of IBM

Tivoli Remote Control in a secure environment. In fact, we assume that the Tivoli

environment is already deployed within the enterprise. Thus, no information on

planning for the IBM Tivoli Management Framework and the Tivoli Firewall

Security Toolbox is provided in this section. For more information about the IBM

Tivoli Management Framework architecture, refer to the

, GC32-0803, and for more

information about the Tivoli Firewall Security Toolbox architecture, refer to the

Firewall Security Toolbox User ’s Guide

, GC23-4826.

Furthermore, as the main topic of this book is to describe IBM Tivoli Remote

Control in a firewall environment, this section focuses more on the IBM Tivoli

Remote Control Proxy planning considerations than on the whole picture of IBM

Tivoli Remote Control planning. You can get more information about architecture

considerations and configuration for a standard IBM Tivoli Remote Control

environment in the

IBM Tivoli Remote Control User’s Guide

, SC23-4842.

We should also point out that we will not cover planning for the Remote Control

component, as the Remote Control Proxies provide a better technology and are

more flexible in responding to all security constraints an enterprise may have.

In order to force the RC Controller to use an RC Target Proxy, some specific

Remote Control policies need to be configured. This means that a new Logical

structure must be defined for each secure environment served by a different RC

Target-Controller Proxy architecture.

In order to satisfy this requirement, and because the Remote Control object is a

Tivoli managed resource, a new Policy Region must be created to host the new

Remote Control Tool (RC Tool) object. This RC Tool will manage the list of

Targets for a specific secure zone served by the same RC Target Proxy. All RC

Tools created in this Policy Region will respond to the same set of RC policies as

they apply to a Policy Region and not to a specific RC Object. You should create

as many Policy Regions as RC Target-Controller Proxy architectures you plan to

have.

The main RC policies that need be reviewed for a secure environment are:

򐂰rc_def_proxy: Defines whether to use Remote Control Proxies or not.

򐂰rc_def_ports: Defines the ports to use for Controller-Target communications.

򐂰rc_def_encryption: Defines data encryption using DES method.