Troubleshooting
Problem
Configuring external ACSLS library communications through a firewall with the IBM Spectrum Protect (Tivoli Storage Manager) server.
Environment
External ACSLS library users when there is a firewall between the IBM Spectrum Protect (Tivoli Storage Manager) server and the ACSLS server.
Resolving The Problem
When there is a firewall between the IBM Spectrum Protect (Tivoli Storage Manager) server (the Automated Cartridge System Library Software or ACSLS client) and the ACSLS server, use the following configuration steps to configure an external ACSLS library. Otherwise, the Tivoli Storage Manager server is unable to communicate with an ACSLS server on the other side of a firewall.
ACSLS Server options (CSI): |
Configure the following options through the acsss_config program on the ACSLS server. Further information on this program and its options can be located within the Oracle ACSLS documentation.
- Select option 1 (Set CSI tuning variables)
Accept default variables for all except the following:
CSI_TCP_RPCSERVICE – Set to TRUE
CSI_UDP_RPCSERVICE – Set to FALSE
CSI_USE_PORTMAPPER – Set to NEVER
CSI_FIREWALL_SECURE – Set to TRUE
CSI_INET_PORT – Set to port that is opened for bidirectional communication through the firewall.
ACSLS Client options (SSI on Tivoli Storage Manager host): |
Configure the following options by editing the rc.acs_ssi script provided with IBM Spectrum Protect (Tivoli Storage Manager) in the /opt/tivoli/tsm/devices/bin/ directory.
- Change the following line from: CSI_UDP_RPCSERVICE="TRUE";
to: CSI_UDP_RPCSERVICE="FALSE";
Add the following line:
SSI_INET_PORT=30032;
Note: Set this port to the same port that is defined within the acsss_config program for the CSI_INET_PORT option. Also, the port must be enabled for bidirectional communication through the firewall.
- Add the following line:
export SSI_INET_PORT
Other considerations and notes: |
1. The port mapper must be enabled on the IBM Spectrum Protect (Tivoli Storage Manager) host workstation.
2. The ACSLS client daemons and ACSLS server processes must be recycled so that the new configuration is enabled. The ACSLS server processes must be recycled first, followed by the ACSLS client daemons on the Tivoli Storage Manager host.
3. The rc.acs_ssi file is overwritten if the IBM Spectrum Protect (Tivoli Storage Manager) software is upgraded. If this occurs, it is important to edit the server and client options into the new file instead of restoring the original file. This is because the script provided by IBM Spectrum Protect (Tivoli Storage Manager) might include changes. Recycle the ACSLS client daemons after making any changes to this script.
4. Port range 50001-50010 is invalid for the CSI_INET_PORT and SSI_INET_PORT options, as well as any port already used by another application.
5. There is no firewall support if the ACSLS library is controlled by a library station (HSC or HSC/LS)
6. There is no firewall support if UDP ports are blocked on the firewall.
7. If possible, use the most current version of the IBM Spectrum Protect (Tivoli Storage Manager) release to obtain the latest ACSLS client software (SSI).
Testing an ACSLS client connection: |
Client applications, such as the IBM Spectrum Protect (Tivoli Storage Manager)server, communicate with the ACSLS server over TCP/IP using the Remote Procedure Call (RPC) protocol. If a client system is unable to communicate with the ACSLS server, you can use the rpcinfo command to test whether it is reachable from the client workstation.
1. From the ACSLS server, verify that ACSLS is running:
- psacs
- ps -ef | grep rpc
- rpcinfo | grep 300031
This program number confirms that ACSLS is running and that ACSLS has registered with RPC.
4. From the client workstation (Tivoli Storage Manager server), or any AIX, Linux, or UNIX workstation on the network, use the rpcinfo command to exchange a packet with program number 300031 on the ACSLS server. Specify the IP address of the ACSLS server also:
- rpcinfo -t <ip address> 300031
5. If the communication exchange is successful, this message is displayed:
- program 300031 version 1 ready and waiting
program 300031 version 2 ready and waiting
This message confirms that ACSLS is available for client connections across the network.
Related Information
Historical Number
1231145
Product Synonym
ITSM ADSM TSM IBM SPECTRUM PROTECT
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21597895