[Veritas-bu] backing up through firewalls, opinions?
2007-02-01 09:45:13
Subject: |
[Veritas-bu] backing up through firewalls, opinions? |
From: |
JMARTI05 at intersil.com (Martin, Jonathan (Contractor)) |
Date: |
Thu, 1 Feb 2007 09:45:13 -0500 |
Here's my current documented configuration. This is assuming your media
and master servers are NOT in the dmz.
Proposed Firewall Groups
NBU_MASTER - <MASTER IP>
NBU_MEDIA - <MASTER & MEDAI SERVER IPS)
NBU_DMZ_CLIENTS - 192.168.1.0 / 24 (Whatever subnet your DMZ internal
interface is)
Proposed Firewall Rules
Source
Destination
Port
Allow File Level Backups
NBU_DMZ_CLIENTS
NBU_MEDIA
13724 (vnetd)
NBU_MEDIA
NBU_DMZ_CLIENTS
13782 (bpcd)
Allow ALL_LOCAL_DRIVES
NBU_DMZ_CLIENTS
NBU_MEDIA
13724 (vnetd)
NBU_MASTER
NBU_DMZ_CLIENTS
13782 (bpcd)
Allow Client Backup / Restores
NBU_DMZ_CLIENTS
NBU_MASTER
13720 (bprd)
Allow Database Backups
NBU_DMZ_CLIENTS
NBU_MASTER
13720 (bprd)
NBU_DMZ_CLIENTS
NBU_MEDIA
13724 (vnetd)
NBU_MASTER
NBU_DMZ_CLIENTS
13782 (bpcd)
***Grayed out rules are unnecessary due to current firewall
configuration.
Before working on multiplexing etc I would look at your firewalls
config. Most firewalls don't handle a lot of traffic and due to costs
commonly have 100F or even sinlge Gigabit ethernet connections. If you
have 10 DMZ hosts w/ Gigabit, and they all try to write to a single
firewall thats got Gigabit on both ends, you are going to kill the
connection.
-Jonathan
________________________________
From: veritas-bu-bounces at mailman.eng.auburn.edu
[mailto:veritas-bu-bounces at mailman.eng.auburn.edu] On Behalf Of Hindle,
Greg
Sent: Thursday, February 01, 2007 9:16 AM
To: NB List Mail
Subject: [Veritas-bu] backing up through firewalls, opinions?
nb 5.0 mp6 Solaris 9
What is the recommend practice of backing up servers through a firewall?
Do you use the vnet option or any ports?
Should we use one data stream or multiple data streams?.
To multiplex or not to multiplex?
Greg
>>> This e-mail and any attachments are confidential, may contain legal,
professional or other privileged information, and are intended solely
for the addressee. If you are not the intended recipient, do not use
the information in this e-mail in any way, delete this e-mail and notify
the sender. CEG-IP1
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mailman.eng.auburn.edu/pipermail/veritas-bu/attachments/20070201/08ec7e29/attachment.html
|
Previous by Date: |
[Veritas-bu] backing up through firewalls, opinions?, Hindle, Greg |
Next by Date: |
[Veritas-bu] RES: backing up through firewalls, opinions?, Carlos Alberto Lima dos Santos |
Previous by Thread: |
[Veritas-bu] backing up through firewalls, opinions?, Hindle, Greg |
Next by Thread: |
[Veritas-bu] RES: backing up through firewalls, opinions?, Carlos Alberto Lima dos Santos |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|