[Veritas-bu] Top 10 Things I Hate About NetBackup
2002-01-24 10:58:13
Subject: |
[Veritas-bu] Top 10 Things I Hate About NetBackup |
From: |
lkingery AT veritas DOT com (Larry Kingery) |
Date: |
Thu, 24 Jan 2002 07:58:13 -0800 (PST) |
>
>
> I can't resist. I must play too :)
>
> 1. A client / server security model based on hostname / IP address
> resolution. No sane sysadmin still uses rlogin and rsh,
> but NBU still uses essentially same authentication scheme. This is
> vulnerable to all sorts of network attacks and if the backup
> server itself is compromised, NetBackup itself can be used to compromise
> any of its clients.
See enhanced authentication, or vopie, for protection against IP spoofing.
>
> 3. Restore jobs don't report the CLIENT_NAME from bp.conf (or equivalent)
> but instead use the client's hostname. (Has this been fixed in 3.4.1?)
Actually, they use the hostname associated with the incoming IP. Using
CLIENT_NAME would open things up even more than #1.
>
> 6. Duplications with bpduplicate don't show up in the job monitor and can
> only be monitored by logfile.
4.5: Duplication, imports, verify, etc, in activity monitor
>
> 7. NBU doesn't allow more than 2 copies of a backup image! If I stage to
> disk and want two copies on tape, I can't make each copy from disk
> to tape. Instead, I have to make the 1st copy to tape from disk, then
> expire the copy on disk, then copy the 1st from tape to tape.
>
4.5 allows 10 copies, and with optional Inline Tape Copy you can make
up to four concurrently.
|
|
|