Forum Discussion

BKPEXEAdmin's avatar
BKPEXEAdmin
Level 3
2 months ago

NBU over FLEX network configuration

Hi Folks,

I apologize in advance for the length of the text, as there are many details we wanted to share in order to expose our use case.

Description:

We have some questions regarding the network configuration of our NetBackup (NBU) infrastructure and its impact on Primary Server availability, WebUI access, and MSDPs replication. We would appreciate your guidance on the feasibility and best practices for our planned setup.

Current Setup:

DC1:

Subnet 1: Contains all database (DB) and application servers, and is isolated from all other Subnets, even DC2's Subnet 1).

Subnet 2: Used for virtualization management (vCenter) and inter-site communication (Routed with Subnet 3).

Primary Server in DC1: Currently has a single interface in Subnet 1.

Media Server in DC1: Configured in Subnet 1.

DC2:

Subnet 1: Contains DB and application servers (isolated from DC1’s Subnet 1).

Subnet 3: Used for virtualization management (vCenter) and inter-site communication (Routed with Subnet 2).

Primary Server (planned replication using Primary Server Availability from DC1): Intended to retain Subnet 1 IP but will need a new IP in Subnet 3.

Media Server in DC2: Configured in Subnet 1 while the subnet was not yet isolated.

Questions:

Q1 Adding an Interface to the Primary Server in DC1

Our Primary Server in DC1 currently has an interface in Subnet 1. We want to add another interface in Subnet 2 to allow communication with nodes in that subnet and subnet 3 (Media Server from DC2). Is it feasible to add an interface to a Primary Server? Would this impact the accessibility of the NBU WebUI?  If so, will the WebUI be accessible from both subnets or only from Subnet 1 IP that is already configured?

 

 

Q2 Primary Server Availability Feature and IP Configuration in DC2

We intend to purchase the "Primary Server Availability" feature to replicate the Primary Server from DC1 to DC2. Since Subnet 1 exists in both DCs, we plan to keep the same IP for Subnet 1 in DC2. However, the second subnet does not exist in DC2—instead, we have Subnet 3. Can we configure the replication without impact, keeping the same Subnet 1 IP and assigning a new IP from Subnet 3 in DC2 in case of a Failover?

 

Q3 Media Server Replication and Deduplication

We plan to replicate backed-up data from DC1 to DC2 using deduplication. Initially, our Media Servers in both DCs were configured in Subnet 1 while inter-site communication was open. Now that Subnet 1 will be isolated, we must add an interface for each Media Server to allow communication between them: Subnet 2 for the Media Server in DC1, Subnet 3 for the Media Server in DC2

Does NetBackup require additional configuration to recognize and use the new interfaces for replication? Can we change the configured IPs (Subnet 1 of each Media Server) and set both for Subnets 2 and 3, while keeping Subnet 1 dedicated for DB and application backup?

 

Sorry again for the length, we appreciate your advice on these points.

Regards,

 

FLEX 5.0
flex 5260
NBU 10.5

2 Replies

Sort By
  • davidmoline's avatar
    davidmoline
    Level 6
    2 months ago

    Hi BKPEXEAdmin 

    I can see some immediate issues with what you are proposing. 

    You say you have subnet 1 available in both DC1 & DC2, but they are isolated, so how do clients/media servers in DC1 communicate with the master on failover, and how do clients/media server in DC2 communicate with the primary in DC1 in normal operation. 

    Q1. Adding an interface to the primary server is supported, relatively simple and should not affect the WebUI (the web server listens on 0.0.0.0:443) which should be available from either IP.

    Q2. It is possible to update the network configuration as part of the failover process (I believe this is a manual step and cannot be not automated). 

    Q3. Adding or changing the media server IP addresses is possible. Using a different interface for duplication is also achievable - just requires careful use of hostnames etc. to ensure the correct interface is selected. What may be simpler from what you describe is to change the primary IP to subnet 2 or 3, and add an additional interface on subnet 1 to allow that subnet to backup. 

    I would suggest though, talking to you Veritas/Cohesity rep about what you are trying to achieve and ask them for help in finding the optimal way to get this done.

    I assume subnet 1 is being isolated for security reasons, if so then adding a media server in this subnet (which also connects to other subnets) provides a potential vector for attack. This is a perennial problem with backup devices and secure networks. 

    Cheers

    • BKPEXEAdmin's avatar
      BKPEXEAdmin
      Level 3
      2 months ago

      Hello David,

       

      Thank you very much for taking the time to answer my questions.

       

      Subnet 1 is present in both DCs and serves as the production subnet where our databases and applications run on virtual machines. These VMs are replicated to DC2 via communication between Subnet 2 and Subnet 3 (vCenter's). In DC2, the VMs remain operational on Subnet 1 but are isolated at the network level to avoid conflicts with Subnet 1 in DC1. I know it's a bit tricky, but that's the design that was implemented for our Prod.

      Regarding NetBackup, we initially configured all nodes—both Primary and Media Servers in DC1 and DC2—using Subnet 1, without realizing that this subnet would be isolated from DC2 by the Network team.

      Essentially, once the Network Team fully isolates Subnet 1 from DC2, the Media Server in DC2 will no longer be reachable by the Primary Server and Media Server in DC1. This is why additional interfaces in Subnet 2 and Subnet 3 are necessary in our case.

      Thank you again for your time, it's truly appreciated!

      Kind regards,