On Wednesday, June 25, 2003 6:46 AM, Bob Grabbe wrote:

> I've seen enough posts about backing up clients through a firewall to
> know that it's not something I really want to do. Has anyone any
> experience with a master server on an internal network and a media
> server on the other side of a firewall, though ? 

We do exactly that.  Our master server and most of our media servers are on
an internal network, and we have one media server and several clients in our
DMZ.  We use SSO to share the tape drives in our STK library, and the DMZ
media server is able to use SSO, as well. The media server in the DMZ has no
problems backing up, restoring or duplicating images.  To get it working, we
opened up vmd, vnetd, bpdbm, bpjobd, bprd, tldcd and bpcd from the DMZ media
server to the internal media/master servers, and we opened up vmd, bpcd and
vnetd from the internal media/master servers to the DMZ media server.  Then
we just used the GUI to tell each of the internal media servers to
communicate with the DMZ media server via VNETD, and vise versa.  We used to
do NAT on our firewall, and this worked both with and without NAT (although
I had to do some creative, non-supported things to get it working with NAT).

There is a fairly thorough Tech Note on Veritas' site about doing this
(sorry, I tossed my printed copy after I got everything working or I'd give
you the number).

HTH.

~Jeff