beautypg.com

Restrictions and recommendations – HP UX B6941-90001 User Manual

Page 371

background image

Chapter 9

371

An Overview of ITO Processes

Secure Networking

❏ The Message Receiver on the server registers TCP/UDP port 1200 in

its unique RPCD/LLBD and listens there for ITO traffic.

❏ The Distribution Manager on the server registers TCP/UDP port

1051 in its unique RPCD/LLBD and listens there for ITO traffic.

❏ RPC clients doing lookups in the RPCD/LLBDs find this information

and request connections to the Control Agent, Message Receiver and
so on at the port numbers listed.

Note that, in addition to allowing you to restrict the allocation of port
numbers, ITO also allows you to work through firewalls that implement
NAT (Network Address Translation) by configuring the file

/opt/OV/share/conf/OpC/mgmt_sv/opc.hosts

on the ITO

management server in the following manner:

In the ITO GUI, you set up the ITO node with the IP-address that the
ITO server knows through its DNS-server or hostname resolution. In the

opc.hosts

file, you tell the ITO management server that it should

accept another IP-address for this node.

Restrictions and Recommendations

If the systems participating in the ITO environment are connected via a
fast network (LAN), it is generally recommended that you choose UDP
rather than TCP as the DCE RPC protocol. UDP requires significantly
less overhead and is therefore faster and less demanding of resources. If
the managed nodes and management server are connected over a slow or
busy network (WAN, X.25 etc.), or even if the volume of data to be
transmitted is large, it is more reliable to use TCP. Note that TCP
requires at least one socket to be permanently open for each managed
node.

However, if you do choose the DCE RPC (UDP) option as the
communication type between managed node and management server,
you should bear in mind that ITO’s configuration distribution and
Common Agent bulk transfer both require a plain TCP socket connection
to be open. So, if for example a packet-filtering firewall system is located
between a management server and managed node communicating via
DCE RPC (UDP) and the firewall has a specific range of ports opened
(reflected in the ITO configuration), this range must always be open for
TCP, too.

See also other documents in the category HP Computers: