Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] Backup through firewalls

2006-09-15 01:05:51
Subject: [Veritas-bu] Backup through firewalls
From: smpt at peppas.gr (smpt)
Date: Fri, 15 Sep 2006 07:05:51 +0200 
Hi,
I've configured some firewaled NetBackup domains with vnetd and I never had any 
problem with streams. 

I have ages to hear from someone the port model. I had proposed this to some of 
my customers and when the firewall admin understood how many ports needed they 
refused it immediately.


>  -------Original Message-------
>  From: David Rock <dave-bu at graniteweb.com>
>  Subject: Re: [Veritas-bu] Backup through firewalls
>  Sent: 14 Sep '06 23:06
>  
>  * Mark.Donaldson at cexp.com <Mark.Donaldson at cexp.com> [2006-09-14 13:48]:
>  > There's a whole section on this in the SAG.
>  >??
>  > Shortanswer, you need "bpcd" from the master or media server to the
>  > client, "vnetd" the reverse direction.??You have to make sure you
>  > configure the client for "no callback connections" via the bpclient
>  > command or, no doubt, someplace in the GUI.
>  >??
>  > Users on the client cannot perform their own restores using this.??I'm
>  > told, but have not verified, that you can enable "bprd" from client to
>  > master to allow this.
>  
>  Speaking as a backup guy who is now on the firewall team, using vnetd is
>  by far the recommended way of dealing with the firewall.??If all you are
>  dealing with is backup servers to client machine, the short list is:
>  
>  Server -> Client?? port 13782 (bpcd)
>  Client -> Server?? ports 13724 (vnetd) and 13720 (bprd)
>  
>  Yes client initiated restores will work with just these ports.??If your
>  backup servers are hanging off of a DMZ so that your admin clients using
>  the Java GUI need to get access, you can also use:
>  
>  Admin Client -> Server ports 13722 (bpjava) and 13724 (vnetd)
>  
>  This will also require the /usr/openv/java/nbj.conf file setting of
>  NBJAVA_CONNECT_OPTION=1 (default is 0)
>  
>  The only downside to vnetd that I have heard of but not seen personally
>  is that you are limited to a single stream for backups, which could
>  impact your backup model if you are trying to use NEW_STREAM file
>  directives.??If that is the case, you can configure port ranges and I
>  highly recommend using ALLOW_NON_RESERVED_PORTS as part of that.??Using
>  low ports (<1024) by default is one of the stupidest things NBU ever did.
>  
>  --
>  David Rock
>  david at graniteweb.com
>  _______________________________________________
>  Veritas-bu maillist??-??Veritas-bu at mailman.eng.auburn.edu
>  http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] Backup through firewalls, David Rock
Next by Date:  [Veritas-bu] NBU 5.1MP4 and Catalog Backups, WEAVER, Simon
Previous by Thread:  [Veritas-bu] Backup through firewalls, David Rock
Next by Thread:  [Veritas-bu] Backup through firewalls, David Rock
Indexes:  [Date] [Thread] [Top] [All Lists]