ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Question - Firewall Backup Approach

2002-02-21 11:27:40
Subject: Re: Question - Firewall Backup Approach
From: Tony Sinclair <tsinclai AT REGENCE DOT COM>
Date: Thu, 21 Feb 2002 22:50:29 -0800 
What from I understand, we (our department) may need to approach the TSM
backups for the DMZ(Firewall) environments a little differently than other
servers within the organization... I believe the goal should be to recover
the server, the application, the data (if any) and the HARDENING(tweaking
of the core OS) in a timely fashion...

The Business Need is to recover servers in the DMZs quickly (ideally 4
hours).  This cannot be accomplished if we have to manually take the
servers through the application installation and hardening processes.

Application recovery could be manually accomplished in one working day, but
re-hardening the servers will probably take about 1 week or more, so it is
a major roadblock for server recovery.

(Just in case you aren't familiar with the process, Hardening is basically
"tweaking" the OS using documents created by IT Security (100+ pages).
This document contains "guidelines" that are reviewed and implemented or
declined based on application requirements.  Unfortunately, it is NOT a
trivial process.)

Based on what I understand at this point, I would suggest the following
general approach for NT/Win2K servers, assuming that a server fails and
need to be recovered from "scratch".
1.   Load the OS from CD.
2.   Load the TSM Client software from CD/Diskette.
3.   Recover all Application and "HARDENING" files via TSM mechanism.
4.   Recover all Registry entries via TSM mechanism.
5.   Retest the Server Hardening with IT Security to validate that the
recovery was successful
6.   Return the Server to production status.

We'd probably want to use a similar process for UNIX systems.

Can anyone address these issues, as to what they currently do with Firewall
Backups or suggest we do, and let me know what you think???
I am trying to get a consensus of the TSM community as to the current way
of handling Firewall backups.


Tony Sinclair
TSM Admin
Regence Blue


 ==========================================================================
IMPORTANT NOTICE: This communication, including any attachment, contains
information that may be confidential or privileged, and is intended solely
for the entity or individual to whom it is addressed.  If you are not the
intended recipient, you should delete this message and are hereby notified
that any disclosure, copying, or distribution of this message is strictly
prohibited.  Nothing in this email, including any attachment, is intended
to be a legally binding signature.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ADSM/TSM ERROR Message, John Naylor
Next by Date:  Re: Bad performance with FC attached disk and tape, Wu, Jie
Previous by Thread:  Error while deleting a node ..., PAC Brion Arnaud
Next by Thread:  Re: Question - Firewall Backup Approach, Thomas Denier
Indexes:  [Date] [Thread] [Top] [All Lists]