Veritas-bu

[Veritas-bu] backing up through firewalls, opinions?

2007-02-01 09:45:13
Subject: [Veritas-bu] backing up through firewalls, opinions?
From: JMARTI05 at intersil.com (Martin, Jonathan (Contractor))
Date: Thu, 1 Feb 2007 09:45:13 -0500
Here's my current documented configuration.  This is assuming your media
and master servers are NOT in the dmz.
 

Proposed Firewall Groups


 

NBU_MASTER - <MASTER IP>

NBU_MEDIA - <MASTER & MEDAI SERVER IPS)

NBU_DMZ_CLIENTS - 192.168.1.0 / 24 (Whatever subnet your DMZ internal
interface is)

 


Proposed Firewall Rules


 

Source

Destination

Port

Allow File Level Backups

NBU_DMZ_CLIENTS

NBU_MEDIA

13724  (vnetd)

NBU_MEDIA

NBU_DMZ_CLIENTS

13782 (bpcd)

Allow ALL_LOCAL_DRIVES

NBU_DMZ_CLIENTS

NBU_MEDIA

13724  (vnetd)

NBU_MASTER

NBU_DMZ_CLIENTS

13782 (bpcd)

Allow Client Backup / Restores

NBU_DMZ_CLIENTS

NBU_MASTER

13720  (bprd)

Allow Database Backups

NBU_DMZ_CLIENTS

NBU_MASTER

13720  (bprd)

NBU_DMZ_CLIENTS

NBU_MEDIA

13724  (vnetd)

NBU_MASTER

NBU_DMZ_CLIENTS

13782 (bpcd)

***Grayed out rules are unnecessary due to current firewall
configuration.

 
Before working on multiplexing etc I would look at your firewalls
config.  Most firewalls don't handle a lot of traffic and due to costs
commonly have 100F or even sinlge Gigabit ethernet connections.  If you
have 10 DMZ hosts w/ Gigabit, and they all try to write to a single
firewall thats got Gigabit on both ends, you are going to kill the
connection.
 
-Jonathan

 
________________________________

From: veritas-bu-bounces at mailman.eng.auburn.edu
[mailto:veritas-bu-bounces at mailman.eng.auburn.edu] On Behalf Of Hindle,
Greg
Sent: Thursday, February 01, 2007 9:16 AM
To: NB List Mail
Subject: [Veritas-bu] backing up through firewalls, opinions?


nb 5.0 mp6 Solaris 9
 
What is the recommend practice of backing up servers through a firewall?
Do you use the vnet option or any ports?
Should we use one data stream or multiple data streams?.
To multiplex or not to multiplex?
 
Greg 
 
>>> This e-mail and any attachments are confidential, may contain legal,
professional or other privileged information, and are intended solely
for the addressee.  If you are not the intended recipient, do not use
the information in this e-mail in any way, delete this e-mail and notify
the sender. CEG-IP1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
http://mailman.eng.auburn.edu/pipermail/veritas-bu/attachments/20070201/08ec7e29/attachment.html

<Prev in Thread] Current Thread [Next in Thread>