Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Veritas-bu] NBAC vs hot catalog

2010-09-20 14:34:15
Subject: Re: [Veritas-bu] NBAC vs hot catalog
From: Girish Jorapurkar <girishsj AT yahoo DOT com>
To: "veritas-bu AT mailman.eng.auburn DOT edu" <veritas-bu AT mailman.eng.auburn DOT edu>, WALLEBROEK Bart <Bart.WALLEBROEK AT swift DOT com>
Date: Mon, 20 Sep 2010 11:34:08 -0700 (PDT) 
I can think of a possible workaround, but it depends on relaxing security for 
requests originating on master server and applying granular tightened security 
at network/domain level.

Let me explain:

- Hot catalog backup does not work with NBAC because DB agent (that backs  up 
EMM database) does not support NBAC. But the DB agent that backs up EMM db runs 
on the master server.

- So, we need to relax NBAC on the master server without relaxing for others. 
---> This compromise should be acceptable <---

USE_VXSS = AUTOMATIC
VXSS_NETWORK = localhost AUTOMATIC
VXSS_NETWORK = <master_server_name> AUTOMATIC
VXSS_NETWORK = <network/domain> REQUIRED

<domain> - A dot followed by the Internet domain name of the remote systems.
<network> - The network of the remote systems followed by a dot.

(Refer: NB Admin Guide Vol II)

- The order of VXSS_NETWORK entries above is important.


Relaxing NBAC on master means - the master server root/administrator can bypass 
NBAC by not doing bpnbat login. All non-root user must use NBAC (bpbnat login) 
anyways.

If acceptable, give it a try.

Regards,
/Girish
 

--- On Tue, 9/14/10, WALLEBROEK Bart <Bart.WALLEBROEK AT swift DOT com> wrote:

> From: WALLEBROEK Bart <Bart.WALLEBROEK AT swift DOT com>
> Subject: RE: [Veritas-bu] NBAC vs hot catalog
> To: "Girish Jorapurkar" <girishsj AT yahoo DOT com>, "veritas-bu AT 
> mailman.eng.auburn DOT edu" <veritas-bu AT mailman.eng.auburn DOT edu>
> Date: Tuesday, September 14, 2010, 2:23 PM
> Page 203 of Security and Encryption
> Guide :
> 
> 
>     Including authentication and
> authorization databases in NetBackup hot catalog backups
>     In NetBackup environments using the
> online hot catalog backup method: no
>     additional configuration is needed to
> include the Symantec Product Authentication
>     Service and Symantec Product
> Authorization Service databases in the catalog
>     backup.
>    
> ----------------------------------------------------------------
>     Note: Hot catalog backup does not run in
> the NBAC mode REQUIRED.
>    
> ----------------------------------------------------------------
> 
> Which I believe is weird because on 1 side you want to
> secure NetBackup but on the other side you can no longer
> take any backups of your catalog.  Not even cold ones
> because this is no longer supported as of NBU 7.
> We contacted Symantec support and they do not have any
> workaround for this.
> 
> 
> 
> Best Regards,
> Bart WALLEBROEK
> Backup Admin & Systems & Applications Management
> & Support Specialist 
> Enterprise Applications Delivery - Infrastructure
> Management
> Tel: + 32 2 655 30 75    Mobile: + 32 478 31 61 77
> S.W.I.F.T. SCRL
> 
> Have you visited http://www.swift.com/support lately? In
> the Knowledge Base, you will find a lot of information. If
> you have a question, you can report it online using Case
> Manager.
> 
> This e-mail and any attachments thereto may contain
> information which is confidential and/or proprietary and
> intended for the sole use of the recipient(s) named above.
> If you have received this e-mail in error, please
> immediately notify the sender and delete the mail. Thank you
> for your co-operation. SWIFT reserves the right to retain
> e-mail messages on its systems and, under circumstances
> permitted by applicable law, to monitor and intercept e-mail
> messages to and from its systems. 
> 
> -----Original Message-----
> From: Girish Jorapurkar [mailto:girishsj AT yahoo DOT com]
> 
> Sent: Monday, September 13, 2010 4:30 PM
> To: veritas-bu AT mailman.eng.auburn DOT edu;
> WALLEBROEK Bart
> Subject: Re: [Veritas-bu] NBAC vs hot catalog
> 
> Why do think that hot catalog backup does not work or is
> not supported with NBAC?
> 
> /Girish
> 
> --- On Mon, 9/13/10, WALLEBROEK Bart <Bart.WALLEBROEK AT swift DOT com>
> wrote:
> 
> > From: WALLEBROEK Bart <Bart.WALLEBROEK AT swift DOT com>
> > Subject: [Veritas-bu] NBAC vs hot catalog
> > To: "veritas-bu AT mailman.eng.auburn DOT edu"
> <veritas-bu AT mailman.eng.auburn DOT edu>
> > Date: Monday, September 13, 2010, 4:50 PM
> > We are setting up NBAC in our
> > NetBackup environments but came to the conclusion that
> hot
> > catalog backups are not longer working / supported
> when you
> > run vxss in restricted mode.
> > 
> > Does anyone of you could think of a workaround ?
> > 
> > The 2 possible workarounds I see are:
> > - cold catalog backup every month and daily backup of
> the
> > images and class folder
> > - realtime for the catalog
> > 
> > Best Regards,
> > Bart WALLEBROEK
> > _______________________________________________
> > Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
> > http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
> > 
> 
> 
>       
> 


      
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Veritas-bu] backupids on advanced disk / disk pools, WEAVER, Simon (external)
Next by Date:  [Veritas-bu] BPFIS processes running, BlueChris69
Previous by Thread:  Re: [Veritas-bu] NBAC vs hot catalog, WALLEBROEK Bart
Next by Thread:  [Veritas-bu] Error code 240, shekhar deshingkar
Indexes:  [Date] [Thread] [Top] [All Lists]