IBM TS3500 Introduction And Planning Manual page 89

1. Dial-out is from the customer location to the IBM connection point. The
IBM service support system (RETAIN
the attached systems.
2. Dial out through the TSSC can either be over a modem connection or
over an outbound Ethernet connection to the customer network. All
outbound traffic is limited to HTTP, HTTPS, and DNS information. All
service-related data is communicated using HTTPS and is therefore
encrypted.
3. The data exchanged between the attached systems and RETAIN
service-related data. The protocol used is specific to this application
and not publicly available.
4. On the first data exchange of each transmission, RETAIN
that the calling system is entitled to service. If the calling system is not
validated, it is disconnected.
5. The default setting for the call home feature is enabled. The Call Home
feature may be disabled by an IBM Service Representative.
None of the customer data stored on the tape or in memory for the TS3500
Tape Library is transmitted or accessed in a Call Home session. Call Home
is enabled or disabled by a CETool menu selection. When properly
configured, Call Home uses an IBM Global Services secure network or an
internet connection. A unique account code is used which establishes
connections only to RETAIN
Dial In security features
Dial in is used by IBM Service Representatives to logon to and provide
service support. Dialing in through the modem and TSSC, or WTI switch
for legacy systems, provides connectivity to the 3953 and 3494 Tape
Library managers. All dial-in connectivity to the TSSC must be through the
modem connection. The optional Ethernet connection restricts all incoming
traffic. Separate log ons are required for access to each of the Attached
Systems.
Note: TS3500 Tape Library does not support dial in.
The TSSC supports the following data security requirements when
properly configured:
v Customer data, stored on tape or in memory, can not be transmitted or
accessed in remote support sessions.
v Remote dial in is enabled or disabled through an operator panel or Web
specialist menu selection by the customer. The default is to disable
remote call in. When remote call in is enabled, the default is to enable it
for 24 hours.
v Remote dial in requires a password for access. The password is managed
by the customer.
The following dial in security properties are available:
Modem
The default modem setting for dial in is no password required. A
password can be specified by the customer and set by the IBM
Service Representative.
WTI Switch (used with some legacy systems)
The WTI Switch has a default password. A different password can
be set locally by the IBM Service Representative.
®
) does not initiate connections to
®
.
®
is
®
validates
65
Chapter 1. Introduction