84 IBM Tivoli Remote Control Across Firewalls
Figure 2-4 Case study scenario with RC Proxy architecture - Solution A
In terms of Remote Control functionality, there are three main requests that need
to be addressed:
Controllers in the External zone connecting Targets in the Internal zone:
For Controller 1 to contact Target 1, we are able to use the Endpoint/Gateway
Proxy A architecture. As Controller 1 is in the External network zone, we need
to install the RC Target Proxy A on top of the Gateway Proxy A. This means
that the RC Target Proxy A automaticallybecomes a Child. In addition, we
have to install an RC Controller Proxy A on top of the Endpoint Proxy A, and,
of course, this component becomes the Parent, as it is installed on top of a
TFST Parent component. As a DMZ zone separates the Controller 1 from the
Target 1, a new instance of the Relay, Relay A2, component must be installed
on top of the existing Relay A1.
Controller 1
RC Contr.
Proxy A
Target 2
TMR Server
DMZ
External
Firewall 2 Firewall 3Firewall 1
Endpoint GW
Endpoint GW
Servers
Internal
RC Target
Proxy A
Relay A2
Relay A1
Relay B1 Relay B2RC Target Proxy B1 RC Contr. Proxy B
Target 1
Endpoint GW
Controller 2
RC Target
Proxy B2
C:9216
P:9215 C:9214
P:9213
C:9212
P:9200-
9210
C:8116
P:8115
C:8114
C:8112-
8113
P:8100-8110
P:8111
P=Parent
C=Child
GW Proxy A EP Proxy A