Archives of the TeradataForum
Message Posted: Mon, 05 Jun 2006 @ 14:18:34 GMT
There is one way that I can think of. You can use a separate HOST. You then only allow the user to use that HOST. You will also prevent that HOST from being used from other locations by a firewall.
Basically a HOST is assigned to an IP and PE's are assigned to HOSTs.
For this example I will use 1 and 100 as the HOSTs
The id in question will only be used from ETLBOXA.
We will also assume 4 nodes with one IP per node and 2 PE's per node.
NODE 5-4 will have ip 10.8.12.4 NODE 5-5 will have ip 10.8.12.5 NODE 5-6 will have ip 10.8.12.6 NODE 5-7 will have ip 10.8.12.7
We will assign ips 10.8.12.4 and 10.8.12.5 to HOST 1
We will assign ips 10.8.12.6 and 10.8.12.7 to HOST 100
You will setup a firewall between nodes 10.8.12.6 and 10.8.12.7 and the world. You will only open up PORT 1025 between the ETLBOXA and ips 10.8.12.6 and 10.8.12.7 You will revoke logon to 'UPDDELUSER' on all and only grant it logon on HOST 100
REVOKE LOGON ON ALL FROM "UPDDELUSER"; GRANT LOGON ON 100 TO "UPDDELUSER";
1) since you only have 120 sessions available per PE, you have to have enough available for each PE. In this case 2 PE's per node, you would have 480 logons per HOST. Please NOTE logons to any IP within a HOST will get evenly routed to any of the PES with in the HOST. Another way to put it is logons to node 5-4 may use PE's on NODE 5-4 and 5-5 since they are part of HOST 1.
2) anyone with access to the ETLBOXA can still use user 'UPDDELUSER'
3) you want to make sure you have at least 2 ips/nodes available per HOST for redundancy as you still want to be able to connect if the system is up and one node is down or network is down to a single node.
I hope this gets you pointed in the right direction. Someone with better GATEWAY knowledge can help you with how to setup the HOSTS.
|Copyright 2016 - All Rights Reserved|
|Last Modified: 15 Jun 2023|