cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Backing up to DVD - Best Practice

Paul_Vickers
Level 3

‎02-14-2007 11:35 PM

Have a Windows 2003 server sitting in a DMZ.
So can't really "pull" data from it, from another server on the LAN to complete a backup.
Well, not with out punching holes in the firewall, and that I don't want to do.

So am considering installing a stand alone copy of Symantec Backupexec on the web server, and backing up to a DVD.

Are there any known best practice setups for this.
Pro's and Cons?
0 Kudos
5 REPLIES 5

Paul_Vickers
Level 3

‎02-15-2007 06:21 AM

So to explain things in a little more detail.......

The server in the DMZ is a webserver. Running Windows Server 2003 r2.
Not a huge amount of data to back up. Few web sites, images, scripts, config data. And of course on another drive the Operating System, and a few server applications.

There is a server on the normal lan that has a enourmus capactiy LTO tape drive, and Symantec back exec installed. I guess the obvious thing is to punch a heap of holes in the fire wall and backup the webserver over the lan. would really really like to avoid doing that.
Purchasing and installing a new separate tape drive etc in the webserver is expensive.
I happen to have a spare DVD burner. I guess I could install Symantec BackupExec and setup 2 different job. Back up the OS one night and the Data the next, and just alternate?

Wondering if anyone has tried anything like this? How well does it work? Does the Advanced Open File functionality of BackupExec work happily when backing up to a DVD etc?
0 Kudos

Joshua_Small
Level 6
Partner

‎02-15-2007 03:30 PM

Hi Paul,

The Backup Exec media server connects to the Remote Agent on the remote machine, not the other way around.

If I understand your environment correctly, this should mean that your server in you secure LAN connects OUT the firewall to your DMZ zoned web server.

That shouldn't actually involve punching holes in anything- your firewall allows outbound connections right?

In the event that your web server has an additional firewall on it, sure, you need to open the remote agent port, and then, only from your one address.

Really, backing up that server to your tape shouldn't be a major security issue. If your Media Server was outside your LAN and on your DMZ, I would understand the concern, but then, I'd question why you did that in the first place.

If you don't have the normal Active Directory communication ports open, you may have various issues browsing the shares on the server etc, but I'm sure with a little tweaking it can be overcome.
0 Kudos

Bin_Fang_2
Level 4

‎02-15-2007 04:57 PM

There are several ports needed when backing up a server behind a firewall. Assume only one firewall is between the media server and the target server. You will need the following:

1. The NDMP port (10000/TCP by default) needs to be opened on the firewall. This is an outbound port only to the server to be backed up. It is used by the media server to talk to the remote agent on the server being backed up.

2. All ports specified in the �Enable media server TCP dynamic port range� option are needed to be open. These are the incoming ports from the server being backed up.

3. All ports specified in the �Enable remote agent TCP dynamic port range� option are needed to be open. These are the outgoing ports to the server being backed up.

See details in the following link: http://support.veritas.com/docs/255831

You have the control of those ports and can limit the communication to the media and target servers only.
0 Kudos

Paul_Vickers
Level 3

‎02-18-2007 09:22 PM

The question as to if the backup can be conducted through the firewall is a moot point. Someone else controls the firewall. So I am sure on a technical level it can be done. However I do not want to go down that path.

What I am wondering is if 11d can happily back up to dvd etc. If it happily backs up to a dual layer DVD drive to the ful 8.5 Gb ot whatever, etc.
Any comments people may have about media life etc.

Paul
0 Kudos

Paul_Vickers
Level 3

‎02-19-2007 03:31 PM

And of course, any comments about the "best practise" way of going about backing up to DVD etc.

I am thinking run one job to backup up the OS, then the next night a job to backup the data - websites.

I am not expecting the data to be particualrly dynamic. ie, the data won't change all that month over 2 days.
0 Kudos