Networker

Re: [Networker] backup of nas shares...

2008-01-10 18:43:20
Subject: Re: [Networker] backup of nas shares...
From: Rodney Rutherford <rrutherf AT TRIPOS DOT COM>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Thu, 10 Jan 2008 17:40:13 -0600
Matthew Huff wrote:
In order to backup via CIFS you would need to either have a user
auto-logged in the console with the drive mounted as a user with enough
permissions to backup all NFS and CIFS files or you would have to have
permanent drive assignments which have their own set of issues with
security. Either way, it has both performance and permission issues. The
security issues may have not been an issue in the old days, but with the
Sarbanes/Oxley, HIPPA , etc, having a windows share open like that is
asking for trouble.

Actually, you don't need either.  You can create a service account with
the proper permissions to run the networker service as, and the shares
can be backed up via UNC paths, i.e. \\nasserver\C$\filesystem (in the
case of our EMC). Having the service account properly locked down and documented takes care of the security/compliance issues.

That is how we do it to backup our EMC NS-series NAS, and have been doing so for many years now.

As for the ACL issue, while most of our NAS filesystems are shared out
via both NFS and CIFS, each share has a primary use of only one or the other. So the primarily CIFS backups are done via a Windows server, and the NFS backups are mounted/backed up directly on our NetWorker server (linux now, previously solaris).


Again, other than the cost of the NDMP license (and if you have a legato
server and a NetApp, the license cost can't be a huge issue), what's the
issue of using Legato NDMP and DSA? The performance is very good,
especially if you dedicate a VLAN for it and use jumbo frames.

----
Matthew Huff       | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
www.otaotr.com     | Phone: 914-460-4039
aim: matthewbhuff  | Fax:   914-460-4139


What about the case of losing your NAS device in a disaster?  It then
requires replacing it with the same device just so you can recover data,
as you can't just recover it using normal methods to a generic server.
(unless the new DSA feature allows you do now do so, I have never used it?)

For example, you can't just replace vendor A with vendor B and expect to recover your NDMP data. In the case of a widespread disaster, you are then left waiting on the vendor to be able to provide replacement hardware before you can even begin to recover data.

Of course, the solution to that is to have redundant NAS devices spread
apart geographically, but that increases cost exponentially and becomes
prohibitively expensive for many companies.

So the low cost solution, especially if you have only a single NAS device, is to just backup the data via the native filesystem protocol, using existing backup server(s)/client(s). You then have total flexibility for recovering critical data quickly to whatever hardware
you have available in the event of a major failure.

Rodney
--
Rodney P. Rutherford -- Senior UNIX Administrator
Tripos International -- http://www.tripos.com/
1699 S. Hanley Road, St. Louis, MO 63144
Phone: 314-647-1099 -- Fax: 314-647-9241

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER