IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Installation Guides > Installation Guide > Firewalls > Determine which option to use
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Server address continuity
If the barrier firewall has no restrictions and all ports are permitted, the next factor to consider is server address continuity.
Address continuity refers to the validity and reachability of published IP addresses. Address continuity exists when a published server address is universally reachable by all network clients requesting that service. An example of a server address with address continuity is update.microsoft.com (207.46.211.124).
Tivoli Management Services server components register their services and the location of these services (IP address) with a location broker. Clients send queries to the location broker to request address information for a service, and receive responses that a list of protocols (address families), and IP addresses at which these services are available. The client then sends a specific server request to one of the addresses in the list received from the location broker. Service registration with the location broker assumes address continuity.
If the published address of the Tivoli service (a remote monitoring server, for example) is identical and reachable for either side of the barrier firewall, then nothing further needs to be done to achieve interoperability in this firewall environment. If the same address cannot be reached from either side of the barrier firewall, then option 2 (ephemeral pipe configuration) or option 3 (broker partition files) is required for interoperability.
Both options are used when traversing a firewall with Network Address Translation (NAT) in effect. While option 2 (ephemeral pipe) is easier to implement, it restricts the endpoint: ephemeral endpoints cannot warehouse data. If warehousing data at the endpoint is required, then partition files must be used for interoperability in this firewall environment (see Implementation with partition files); otherwise ephemeral pipes are sufficient to traverse the translating firewall (see Implementation with ephemeral pipe).
Parent topic:
Determine which option to use