Chapter 2. Implementation planning 59
The remaining RC Policies should follow the same rules defined for all other RC
Objects. They don’t have a direct impact on the way IBM Tivoli Remote Control
works across firewalls. However, they could also be reviewed in orde r to fulfill
some new requirements concerning the type of actions (for example, Remote
Control, File Transfer, or Chat) that a Tivoli Administrator is able to use in a
secure environment.
For more information about how to configure the Remote Control policies, refer
to the
IBM Tivoli Remote Control User’s Guide
, SC23-4842.
If you have defined the Administrator Roles at the Resource level rather than at
the TMR level, you need to assign the Remote Control roles for the new Policy
Regions hosting the new Remote Control Objects to the Administrator.
2.1.2 Physical designThis section addresses the Physical design for the implementation of IBM Tivoli
Remote Control across firewalls. The Physical design develops the underlying
physical infrastructure on which the solution will operate. Sufficient time needs to
be allocated to ensure that the correct design has been developed because
when deployed and operational, the Physical design may be difficult to change
without a disruption of the IBM Tivoli Remote Control environment or, at worst, a
disruption of the entire Tivoli infrastructure.
Before defining where the different components of the IBM Tivoli Remote Control
Proxy — and, if necessary, the TFST components — should be installed, you
first need to identify and determine the existing firewall environment as well as
the architecture and all the restrictions that these firewalls impose on your IBM
Tivoli Remote Control environment. In addition, the placement of all the other
IBM Tivoli Remote Control components (such as RC Controllers an d Targets)
needs to be identified, especially which network zone they are located in.
As explained in 1.2, “IBM Tivoli Remote Control sessions overview” on page 12,
the scenarios supported by IBM Tivoli Remote Control can be divided into two
categories corresponding to the firewall placement:
1. Scenarios where a Tivoli Endpoint Gateway is installed in the same secure
network zone as the Targets, and the Controllers are located in another
network zone managed by another Tivoli Endpoint Gateway. In this case, the
IBM Tivoli Remote Control Proxy could be installed as a Standalone solution,
as the Tivoli Firewall Security Toolbox does not need to be deployed.
However, this means that Targets and/or Controllers are separated from their
TMR Server by one firewall.