This document is intended to give people a little more background on how Bucky Backup's IBM Tivoli Storage Manager (TSM) operates and how to deal with firewalls while still protecting their data.
There are 2 methods of communication for the TSM client scheduler: PROMPTED and POLLING. The Bucky Backup Support Team recommends using POLLING. The POLLING option requires less work on the firewall and some simple changes to the client configurations. Also, the Bucky Backup Support Team has found the POLLING option decreases the chance of missed backups (regardless of the existence of a firewall), so it is the recommended method. But either option is a valid solution.
POLLING Summary: When the TSM client scheduler starts, it contacts the server and synchronizes what the server knows about the local client. It retrieves the backup schedule, and then checks in with the server every 4 hours up until it's time to do the backup. When the time comes, the client scheduler polls the server, basically asking "Can I back myself up now?" The server will tell the client scheduler to begin backing up, or to wait a period of time and ask again. The client scheduler will continue polling the server throughout the backup window until it gets backed up. The machine inside the firewall is initiating all the communications, so this approach is instantly compatible with most firewall installations.
If your firewall does not permit outbound connections you may wish to permit connections to the server's IP address, and at least to the port(s) that the TSM server is using. You may also need to permit "related" connections through the firewall also.
Note: The Bucky Backup servers and associated ports are:
Bucky Backup Enterprise Server Addresses | Bucky Backup Enterprise Port Numbers |
---|---|
bucky1.doit.wisc.edu | 1499 |
bucky2.doit.wisc.edu | 1500 |
bucky5.doit.wisc.edu | 1503 |
bucky6.doit.wisc.edu | 1504 |
Bucky Backup Lite Server Addresses |
Bucky Backup Lite Port Numbers |
---|---|
bl1.doit.wisc.edu | 1501 |
bl2.doit.wisc.edu | 1502 |
bl3.doit.wisc.edu | 1503 |
Bucky Backup Archive Server Addresses
Bucky Backup Archive Port Numbers
ba1.doit.wisc.edu
1501
To change the client scheduler mode, look in dsm.sys or dsm.opt for the SCHEDMODE directive and change it from PROMPTED to POLLING. If it is missing this directive, add the line. You will need to save your changes & restart the TSM client scheduler for it to take effect.
PROMPTED Summary: When the TSM client scheduler starts, it opens and begins listening on a port on the local machine. It then contacts the server and synchronizes what the server knows about the local client. The client scheduler retrieves the backup schedule and then sits in the background and waits for the server to contact it. At some point the server will contact the client scheduler, using the local port that was registered with the server at startup, and initiate a backup. That works quite well, because the server can then manage its load and only start new backups when it has the capacity. And with a firewall, the TSM client scheduler startup sequence works well, because many firewalls are configured to allow all outbound connections while blocking most inbound ones.
However, when it comes time for the TSM server to tell the client scheduler to start backing up, the firewall blocks the connection from the TSM server, so your client scheduler never receives the message and the backup never occurs. There are two good solutions for this:
Note: The Bucky Backup servers and associated ports are:
Bucky Backup Enterprise Server Addresses | Bucky Backup Enterprise Port Numbers |
---|---|
bucky1.doit.wisc.edu | 1499 |
bucky2.doit.wisc.edu | 1500 |
bucky5.doit.wisc.edu | 1503 |
bucky6.doit.wisc.edu | 1504 |
Bucky Backup Lite Server Addresses |
Bucky Backup Lite Port Numbers |
---|---|
bl1.doit.wisc.edu | 1501 |
bl2.doit.wisc.edu | 1502 |
bl3.doit.wisc.edu | 1503 |
Bucky Backup Archive Server Addresses
Bucky Backup Archive Port Numbers
ba1.doit.wisc.edu
1501