HPE Community
Operating System - OpenVMS
1752786 Members
5846 Online
108789 Solutions
New Discussion юеВ

Re: Experience with Availability Manager V2.6

 
SOLVED
Go to solution
Jan van den Ende
Honored Contributor

тАО09-11-2006 04:30 AM

тАО09-11-2006 04:30 AM

Re: Experience with Availability Manager V2.6

Barry,

1 & 2, but "we" are (for all platforms) looking at moving towards configs where 3 would be just the thing. It would void another of the arguments for those that want to declare VMS unfit for today's enterprise.


Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Reply
Barry Kierstein
Advisor

тАО09-11-2006 05:42 AM

тАО09-11-2006 05:42 AM

Re: Experience with Availability Manager V2.6

Internal routers shouldn't be a problem as long as they forward the packets correctly. The data goes over an IP socket from what is called the Data Analyzer to the Data Server. Firewalls might be another matter. You can specify which port the Data Server listens for connections from Data Analyzers. Would this be enough? If not, what kind of IP magic is needed to go from point A to point B where you are.

Barry
0 Kudos
Reply
Andy Bustamante
Honored Contributor

тАО09-11-2006 10:06 AM

тАО09-11-2006 10:06 AM

Re: Experience with Availability Manager V2.6


Hi Barry,

Options 2 and 3 are most likely to fit us.

I'd prefer to see Option 3 with ports well enough documented that I can provide firewall configuration rules. Another nice to have would be to be able to specify allowed hosts/networks to accept connections from.

We define services at the firewall and in TCPIP for services like telnet/ssh access.


Andy Bustamante
If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
0 Kudos
Reply
Jeffrey Goodwin
Frequent Advisor

тАО09-11-2006 11:48 AM

тАО09-11-2006 11:48 AM

Re: Experience with Availability Manager V2.6


Initially we'll just need 1). I can see uses for the other situations, but right now, I need something that will run on V8.2 that will replace AMDS in our internal environment.

-Jeff
0 Kudos
Reply
Bart Zorn_1
Trusted Contributor

тАО09-11-2006 06:45 PM

тАО09-11-2006 06:45 PM

Re: Experience with Availability Manager V2.6

Barry,

Option 1 applies to my environment.

Regards,

Bart
0 Kudos
Reply
Karl Rohwedder
Honored Contributor

тАО09-11-2006 07:03 PM

тАО09-11-2006 07:03 PM

Re: Experience with Availability Manager V2.6

Options 1 would fit here too...

regards Kalle
0 Kudos
Reply
Ian Miller.
Honored Contributor

тАО09-11-2006 08:12 PM

тАО09-11-2006 08:12 PM

Re: Experience with Availability Manager V2.6

The corporate network is sufficently complex that it can not be entirely trusted, therefore encryption and authentication is a must. ssh is fine.
____________________
Purely Personal Opinion
0 Kudos
Reply
Jeffrey Goodwin
Frequent Advisor

тАО09-12-2006 12:27 AM

тАО09-12-2006 12:27 AM

Re: Experience with Availability Manager V2.6

Barry,

A bit of clarification please: Option 1) would still provide the authentication using the password provided by the current triplets implementation, correct?

-Jeff
0 Kudos
Reply
Barry Kierstein
Advisor

тАО09-12-2006 03:08 AM

тАО09-12-2006 03:08 AM

Re: Experience with Availability Manager V2.6

Some clarifications:

The security triplet system will still be in effect between the Data Analyzer and the Data Collector, regardless of where the packet comes from (direct on the LAN or through the Data Server).

The Data Analyzer will be able to connect to multiple Data Servers at the same time. The System Overview screen is reorganized a bit to show as level 1 the WAN/LAN connection, then the OpenVMS, Group and node level.

The Data Server will be able to support multiple Data Analyzer connections.

A filter level on the Data Server that has IP addresses or masks, and/or MAC addresses could be done. Is this an effective method of security?

0 Kudos
Reply
Jeffrey Goodwin
Frequent Advisor

тАО09-14-2006 01:36 AM

тАО09-14-2006 01:36 AM

Re: Experience with Availability Manager V2.6


Barry,

>>A filter level on the Data Server that has IP addresses or masks, and/or MAC addresses could be done. Is this an effective method of security?

The Triplet based security would be enough to use the WAN version in my environment. Even if I was external to our WAN, we would still use VPN to connect.

I can forsee using the above features in the future. MAC addresses would have to included as IP addresses change so frequently.

-Jeff
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.