![background image](http://html1.mh-extra.com/html/ibm/system-storage-ts3500/html/ibm/system-storage-ts3500/system-storage-ts3500_introduction-and-planning-manual_4089689090.webp)
Security for Encryption Support
Encryption support in the TS3500 Tape Library and 3592 tape controllers (models
C07, C06 and J70) allow system-managed tape encryption on IBM System z
platforms. An IBM service representative installs routers between the internal LAN
network, which is connected to the controllers, and the customer's LAN network.
The router provides access to the customer's key manager. Network traffic through
this router is outbound only. The Network Address Translation (NAT) function in
the router prevents externally-initiated connections to any internal components.
Port information for firewall environments
Table 19 shows the only ports that are required to be opened on the firewall for
environments where the tape configuration is separated from the LAN-attached
hosts and/or Web clients by a firewall. All other ports may be closed.
Table 19. Port Information for firewall environments
Function
Port
Direction (from
library)
Protocol
Library Operations
3494
Bi-directional
TCP/IP
TotalStorage
®
Specialist
80
Inbound
TCP/IP
SNMP Traps
161/162
Bi-directional
UDP/IP
Encryption key manager
1443
Outbound
SSL
Encryption key manager
3801
Outbound
TCP/IP
Note:
The TS3000 System Console uses the following ports: HTTPS: Port 443;
HTTP: Port 80; and DNS: Port 53.
Port information communications can be initiated either by the tape library or by
the host. Typically, the library only initiates a connection when responding to the
host; however, in the case of unsolicited messages such as statistics notifications
and operator interventions, the library initiates a connection through port 3494. If
the library manager needs to make a connection to the host, it chooses a temporary
port and uses that port to make an outbound connection to a 3494 listening port
on the host. When the host has a message to deliver to the library manager, it
chooses its own ephemeral port by which to make an outbound connection to
listening port 3494 on the library manager. The connection is only maintained for
the duration required to pass a single message, and then it is disabled.
Table 19 describes the minimum level of connectivity required to perform library
operations. Other ports that could be opened up on the firewall, but are not
necessary in order to have full functionality include:
v
The standard HTTP port, 80, allows inbound communication to the library from
the IBM System Storage Tape Library Specialist (IBM's Enterprise Storage
Resource Management solution).
v
Ports 161 and 162, which are the standard ports for sending SNMP traps. The
tape library can be configured to send traps to SNMP target machines in the
case of operator interventions, if you want to do that. In this case the firewall
needs to allow outbound connections from the library from its port 161 to port
162 on the listening SNMP target machine.
66
IBM System Storage TS3500 Tape Library with ALMS: Introduction and Planning Guide
Summary of Contents for System Storage TS3500
Page 1: ...IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide GA32 0593 07...
Page 6: ...vi IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 8: ...viii IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 14: ...xiv IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 18: ...xviii IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 24: ...xxiv IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 114: ...90 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 156: ...132 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 196: ...172 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 234: ...210 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 238: ...214 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 246: ...222 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 254: ...230 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 289: ......
Page 290: ...Printed in USA GA32 0593 07...