Networker

Re: [Networker] Tips for doing a DR at SunGard

2008-01-16 11:28:19
Subject: Re: [Networker] Tips for doing a DR at SunGard
From: Stan Horwitz <stan AT TEMPLE DOT EDU>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Wed, 16 Jan 2008 11:25:24 -0500
On Jan 16, 2008, at 11:20 AM, Greggs, Dana wrote:

Stan,

Unless I missed it are you saying that you have no security context in
place when you backup your data? And that you have no restrictions in
place as to who can recover your data? I run in a mixed environment but
at times even I have security issues recovering data in the same
environment that it was backed up in. As an example an account may have enough privileges to backup the data but not have sufficient privileges
to restore the data. (On Windows SYSTEM can often backup the data but
not be able to restore it <especially in Windows 2003>)One major benefit
for me with Networker is that it preserves the security context of the
data on tape. You may be able to scan the data in but you won't be able
to actually use it which mutes the point.

The reason why all the DR guides tell you to recover the Networker
Server first is because the Server you build to recover the data has no access to what was backed up in the Production environment. It's not in
an ACL or access group anywhere on tape.

Quite honestly, I wouldn't know how to implement such security constraints in our production environment. The account we use in production to back up the data on the client is the root account and that's what we use on our NetWorker server. Our storage node that handles this backup and the client sit behind a firewall with extremely limited access on how is authorized to access the machines involved and the network on which they sit. We do not use any ACLs.

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER