What are the network requirements for Tivoli Endpoint Manager Clients to access the TEM Server?

Technote (troubleshooting)


Problem(Abstract)

TEM Clients communicate with the TEM Server by connecting to a web server using the TCP/IP protocol over a configurable port (default port is 52311). The TEM Server communicates with the TEM Clients by sending UDP packets over a configurable port (default port is 52311). The TEM Server communicates with TEM Relays using TCP/IP protocol over a configurable port (default port is 52311).

Resolving the problem

Communication between TEM Clients and the TEM Server occurs as follows:

Note: We do not test using NAT'd configurations. All components assume they are connecting using the ports configured and defined in the masthead of the deployment (default: 52311)
  • TEM Clients communicate with the TEM Server by connecting to a web server using the TCP/IP protocol over a configurable port (default port is 52311). Using this mechanism, the TEM Clients gather the latest Fixlet messages, report relevant Fixlet messages, report action status, etc.
  • The TEM Server communicates with the TEM Clients by sending UDP packets over a configurable port (default port is 52311). Using this mechanism, the TEM Server notifies the TEM Clients about a new site that has been gathered, about refreshes, etc.
  • The TEM Server communicates with TEM Relays using TCP/IP protocol over a configurable port (default port is 52311) to tell the TEM Relays about new actions, Fixlet messages, etc.

In order for TEM to work properly, TEM Clients must be able to access the server on the specified IP address (or hostname) and port number. However, it is not necessary that the TEM Server be able to reach the TEM Clients because the TEM Clients periodically check in to the TEM Server to see if there is any new data (this is known as the 'action site gather interval').

Note: Although this configuration works, there will often be a delay for the TEM Clients to communicate with the TEM Server when deploying an action and when a new Fixlet site is gathered. Sending a refresh to the TEM Client will also not work.

The action site gather interval is configurable in the masthead and through a custom action. See KB article 185 for more information. Examples of configurations that will work with TEM are:

  • The TEM Clients and the TEM Server are on the same LAN with no firewalls or NATs in between.
  • The TEM Clients and the TEM Server are located in different geographic areas, but a VPN connection allows the TEM Clients to access the TEM Server on the specified port.
  • The TEM Server is located outside of a firewall with a publicly accessible IP address and the TEM Clients are located within a LAN.
    Note: Although this configuration will work, for security reasons we recommend that the TEM Server be located inside a LAN with a firewall protecting it from public access.

Examples of configurations that will not work with TEM are:

  • The TEM Clients are located outside of a LAN and they cannot access the IP address of the TEM Server located within the LAN
  • A firewall or some other device between the TEM Client and the TEM Server, blocks the port that TEM is configured to use.
Untested configurations include the following:
  • Configurations where the TEM Client is separated from its parent using VPN software
  • Configurations where a NAT device separates the TEM Client from its parent.
The client will attempt to communicate via the defined port for the deployment via the standard TCP/IP networking of the client.

Historical Number

37

Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Endpoint Manager

Software version:

Version Independent

Operating system(s):

Platform Independent

Software edition:

Edition Independent

Reference #:

1505811

Modified date:

2014-12-01

Translate my page

Machine Translation

Content navigation