Chapter 1. Remote Control sessions overview 45
rem-oc 972 12
Results: (encoded):
0
1.2.5 Session using Remote Control Proxies in a TFST environment
In the following sections we describe the Remote Control Proxy architecture
running on top of Tivoli Firewall Security Toolbox for both single-TMR and
multi-TMR environments.
The Remote Control Proxy components enable machines on one side of a
firewall to communicate, through a common definable port, with machines on the
other side of the firewall. The Controller is able to start a Target session by
minimizing the impact on the security infrastructure.
The Remote Control Proxy-TFST solution can only be used if a Tivoli Firewall
Security Toolbox environment is already deployed.
The Endpoint Proxy emulates the Endpoints located in another network zone to
the standard Tivoli Gateway located in the same network zone as the TMR
Server. Thus, the Endpoint Proxy is able to find the path to contact all distant
Endpoints. In this context, the RC Target Proxy, which emulates the Target
located in another network zone, could take the advantage of the Endpoint Proxy
to find the way to contact the Targets. However, the Target Proxy must be able to
communicate with the Controller without any firewall constraints, and thus must
be located in the same network zone as the Controller.
On the other side, the RC Controller Proxy emulates the Controller located in
another zone to the Target. The RC Controller Proxy must be able to
communicate with the Target without any firewall constraints, and thus must be
located in the same network zone as the Target. Furthermore, as the RC Target
Proxy is installed on top of the Endpoint Proxy, the RC Controller Proxy must be
installed on the top of the Gateway Proxy, which emulates a standard Tivoli
Gateway to the distant Endpoints.
Data flow for RC Proxy-TFST/single-TMR session
Figure 1-8 shows in detail how a Remote Control session works using a Remote
Control Proxy - TFST architecture in a single-TMR environment with firewall
restrictions: