HP (Hewlett-Packard) B6960-90078 Computer Drive User Manual


 
Customizing the Data Protector Environment
Firewall Support
Chapter 11528
Firewall Support
This section describes how to configure Data Protector in an
environment where the Data Protector processes communicate across a
firewall.
Communication in
Data Protector
Data Protector processes communicate using TCP/IP connections. Every
Data Protector system accepts connections on port 5555 by default. In
addition, some processes dynamically allocate ports on which they accept
connections from other Data Protector processes.
To enable Data Protector processes to communicate across a firewall,
Data Protector allows you to limit the range of port numbers from which
dynamically allocated ports are selected. Port ranges are defined on a per
system basis. It is possible to define a port range for all Data Protector
processes on a specific system, as well as to define a port range for a
specific Data Protector agent only.
Configuration
Mechanism
The port allocation behavior can be configured through two omnirc
variables: OB2PORTRANGE and OB2PORTRANGESPEC. By default, both
variables are not set and ports are assigned dynamically by the
operating system.
Limiting the Range of Port Numbers
For All Data
Protector
Processes
You can limit the port range for all Data Protector processes on a system
by using the OB2PORTRANGE variable in the omnirc file:
OB2PORTRANGE=<start_port>-<end_port>
Data Protector processes use dynamically allocated ports and select
ports from this range. The port range is allocated by taking the first
available port, starting with port "start_port". If there is no available
port within the specified range, the port allocation fails and the
requested operation is not done. Refer to Table 11-1 on page 530 for
information on port consumption.