AIOps & Management

 View Only

Port Scanner Usage and Known Limitations with IBM Tivoli Monitoring

By Kristen Meren posted Fri January 12, 2018 08:06 AM

  

by Oneil Richardson

A port vulnerability scanner is an application designed to probe a server or host for open ports. Most scanners will run for a 30 minute period, assessing open ports on a host and then producing a report to identify potential security compromises on the enterprise system(s) scanned to the end user.

Running such a scan can sometimes cause unforeseen problems with already running applications, such as ITM.

This blog highlights the known issues and limitations of running a port scanner on an environment featuring ITM. The aim here is to assist you to plan your scans at appropriate times to minimize the effects on your ITM infrastructure.

The Tivoli Enterprise Monitoring Server (TEMS) may be affected and cause a brief interruption of service in a 3-5 minute window, when the scanner is actively reviewing the component's communication ports. Once the scan has completed on the ports in use by the TEMS, normal ITM operations will resume.


Symptoms
Possible symptoms may include the following...

  • When the communications to the TEMS are suspended by the port scanner, any events that have not been sent will be sent once normal operation has been resumed.
     
  • TEP clients connected before the scan can continue to use the TEP console, however TEP clients attempting a new login whilst the scan is running will not get authenticated and therefore will not be able to log in


Limitations

The following functions will fail even after the port scanner has completed, and will not work until both the TEMS & TEPS components are restarted...

  • new TEP clients started via the browser or as a WebStart application. These clients will not be able to authenticate and log in.
     
  • a tacmd login issued from the CLI to the TEMS is not possible
     
  • the Gateway component is intolerant of port scanning
     
  • users of the http service (kdh) SOAP, tacmd, must manually recover from the kdh session loss resulting from the unexpected data packets from the port scanner.  
    kdh does not recover on the application's  behalf.

For coexistent products such as JAZZ and Omnibus/TEC, please refer to the respective Support teams for their response on known limitations and recommendations


Recommendations
IBM Tivoli Monitoring does not have compatibility support with any port scanning technology in any current, or planned releases of the product.

If port scanning in your environment is mandatory, please follow the recommendations below to maintain a running ITM infrastructure.

  • aim to run port scans outside peak / core business hours to reduce the potential outage to end users
     
  • implement a policy to schedule a restart of ITM to occur after the port scanner is completed to restore full functionality each time a scan is run
0 comments
9 views