Chapter 9
369
An Overview of ITO Processes
Secure Networking
Secure Networking
ITO’s concept of securing a network is based on the idea of improving the
security of the connection between processes either within a network or
across multiple networks as well as through routers and other restrictive
devices. For example, you could limit access to a network or a section of a
network by restricting the set of nodes (with or without ITO agents
running on them) that are allowed to communicate with the
management server across restrictive routers or even a packet-filtering
firewall. It is not important to ITO which element, the server or the
network of managed nodes, is inside or outside the firewall. For example,
a network of nodes inside a firewall could be managed by a management
server outside the firewall. Conversely, a management server inside a
firewall can manage nodes in or outside.
One way of limiting access to a network and consequently improving the
network’s inherent security would be to restrict to a specific range of
ports all connections between ITO processes on the management server
and a managed node. To simplify matters, ITO sets the default value on
the managed node to “No security” and allows you to select the security
configuration node by node. In this way, the administrator can change a
given node’s security level depending, for example, on whether or not
there is a need for a given node to communicate across a firewall or
through a restricted router.
The RPC Client/Server Connection
A connection between an RPC-server and an RPC-client needs at least
two ports: one on the server machine, one on the client. Each ITO process
that is either an RPC client or RPC server has its own port for
communication: the port remains blocked by the ITO process which owns
it until the process exits, whereupon the port becomes free for dynamic
assignment to the next RPC client-server request. For more information
on dynamic port assignment in ITO, see “Processes and Ports” on page
370.
An RPC client using DCE or NCS does not automatically know the port
number of the RPC server on the remote system and, consequently, has
to obtain this information before initiating an RPC request. The first
thing it does is to look up in the LLBD or RPCD on the remote system
the specific port number of the RPC server it needs to talk to: the LLBD
Содержание -UX B6941-90001
Страница 6: ...6 ...
Страница 8: ...8 ...
Страница 27: ...27 1 Prerequisites for Installing ITO Agent Software ...
Страница 43: ...43 2 Installing ITO Agents on the Managed Nodes ...
Страница 115: ...115 3 File Tree Layouts on the Managed Node Platforms ...
Страница 162: ...162 Chapter3 File Tree Layouts on the Managed Node Platforms File Tree Layout on Windows NT Managed Nodes ...
Страница 163: ...163 4 Software Maintenance on Managed Nodes ...
Страница 183: ...183 5 Configuring ITO ...
Страница 298: ...298 Chapter5 Configuring ITO Variables ...
Страница 299: ...299 6 Installing Updating the ITO Configuration on the Managed Nodes ...
Страница 315: ...315 7 Integrating Applications into ITO ...
Страница 333: ...333 8 ITO Language Support ...
Страница 352: ...352 Chapter8 ITO Language Support Flexible Management in a Japanese Environment ...
Страница 353: ...353 9 An Overview of ITO Processes ...
Страница 372: ...372 Chapter9 An Overview of ITO Processes Secure Networking ...
Страница 373: ...373 10 Tuning Troubleshooting Security and Maintenance ...
Страница 481: ...481 A ITO Managed Node APIs and Libraries ...
Страница 499: ...499 B Administration of MC ServiceGuard ...
Страница 512: ...512 AppendixB Administration of MC ServiceGuard Troubleshooting ITO in a ServiceGuard Environment ...
Страница 513: ...513 C ITO Tables and Tablespaces in the Database ...
Страница 520: ...520 AppendixC ITO Tables and Tablespaces in the Database ITO Tables and Tablespace ...
Страница 521: ...521 D ITO Man Pages Listing ...