Forum Discussion

Leed_Engineer's avatar
11 years ago

Netbackup Restore to different location

Hi ,

     Does anyone knows how can I dis-allow Master server to initiate restores for specific client to different client locations. This is needed for security purposes.

 

Thanks..

  • You could use Client Encryption to achieve this, somewhat. Though I don't think it was designed specifically for your use case, it should give you something close.

    Essentially, with the encryption key kept private on the client, not even the Master or Media servers could restore the client's data. The restore would only succeed when initiated from the client, because it has the key.

    It doesn't just stop the Master from restoring ClientA's data to ClientB, it stops anyone else - including the Master - from being able to restore ClientA's data altogether, regardless of destination.

     

    More info in the NetBackup security and encryption guides:
    http://www.symantec.com/docs/DOC5185
    http://www.symantec.com/docs/DOC6486

     

  • You can disallow restores from clients.  You cannot disallow Master server restore to clients.

     

    It would be poor business practice to disable the latter even if it was possible. 

    How could you handle Disaster Recovery when the client no longer exists?

  • This can be affordable in some business cases where the security of data is much more important. Still in DR scenario we can afford reinstallation of the client and restoration to that client (with some config changes , NB will realize that it is the same client)

     

    However , We need to dis-allow the backup administrator to restore some critical files to different clients. Is that possible?

     

  • Sorry, that doesn't make sense.  Security will allow you to build a new server and it's OK to restore to it but can't allow restore to an existing albeit alternate client?  See a flaw there?

    If you can't trust your admin, who can you trust?   frown

  • I like RLeon's idea.

    Mine was going to be something akin to a SAN media server + drive encryption, but had yet to nail down a few details myself and RLeon's requires less resources and configuration.

  • You could use Client Encryption to achieve this, somewhat. Though I don't think it was designed specifically for your use case, it should give you something close.

    Essentially, with the encryption key kept private on the client, not even the Master or Media servers could restore the client's data. The restore would only succeed when initiated from the client, because it has the key.

    It doesn't just stop the Master from restoring ClientA's data to ClientB, it stops anyone else - including the Master - from being able to restore ClientA's data altogether, regardless of destination.

     

    More info in the NetBackup security and encryption guides:
    http://www.symantec.com/docs/DOC5185
    http://www.symantec.com/docs/DOC6486

     

  • Thanks mnolan,

    Another possibility would be to implement some customized access rights for the NetBackup admin account using NBAC. But then, that doesn't stop data from being imported into another Nbu domain if the Nbu admin has physical access to the tapes or disks; besides, who'd be the admin's admin? And God help your soul if you venture in to the land of NBAC. (Also documented in the NetBackup security and encryption guides BTW)

  • Thanks for all your replies.

     

     

    Thanks RLeon , I already thought about this and I kept it as a last resort in case there is no other solution. 

  • I agree with RLeon - each time I attempted to implement NBAC, it ended up in lengthy Support calls. (I have also posted personal issues with a clustered master server here..). And probably the worst documented feature in NBU...

    To get back to your question, Server alternate restore is allowed by default from the master. It can be disabled under Host Properties -> Master -> Client Attritibutes, but the Admin on the master server can enable and disable this feature any time.

    As wr said - you need to lay down rules in writing and employ trustworthy NBU admins.

    Client side encryption seems to be the easiest way to prevent alternate client restore.

  • Thanks Marianne for your answer.

    The problem is not in the NBU admin as much as in the customers requesting some specific security requriements especially if the service provider is different from the customer.

    I would consider and offer the client side encryption solution and also consider adding DISALLOW_SERVER_WRITES parameter in the bp.conf file as well.