I would imagine he's encountering the same issue as I am.
Policy here doesn't permit connections initiated from the DMZ,
therefore, without a "true" no-callback we can't backup anything in the
DMZ.
Many sites would sacrifice the ability to do user initiated restores,
backups, or DB agent backups in the DMZ in favour of just being able to
do regular plain vanilla backups.
I guess it should just be an "available feature".
In our environment, we don't permit user initiated backups or restores
anyway, so there would be no loss to us....and we don't do DB agent
backups, unless absolutely required.
A work around to this (which I've not yet tested) is to bring up an SSH
tunnel from the master/media server to the client in the DMZ, before the
job kicks off. Once the tunnel is up, the client can reply on the tunnel
session, without the connection being initiated from the DMZ.
Once the backup is complete, the tunnel gets torn down.
Paul
> -----Original Message-----
> From: veritas-bu-admin AT mailman.eng.auburn DOT edu
> [mailto:veritas-bu-admin AT mailman.eng.auburn DOT edu] On Behalf Of
> Wayne T Smith
> Sent: January 24, 2005 4:26 PM
> To: veritas-bu AT mailman.eng.auburn DOT edu
> Subject: Re: [Veritas-bu] FW: Verifying a feature of vnetd's
> no-callback feature
>
>
> I don't know the answer to your question, but I don't see how
> you could
> have a user initiated backup, user initiated restore, or a DB Agent
> backup without allowing the client to initiate contact with
> the master.
> cheers, wayne
|
