08-02-2011 02:37 PM
I have a bit of a hurdle to overcome, maybe someone can help me here.
I have backup exec on what is also a hyper-v server (server 2008 r2), on the local network, it has an unused nic port.
I have a hyper-v server (server 2008 r2) with a few vm's, all of which are in the dmz, it also has an unused nic port.
Would it be advantageous to put the two extra nic ports onto their own network for backup purposes?
Is this considered bad news as far as security goes?
I would use windows firewall at the backup exec server to only allow backup exec information to pass thru.
If this is not a bad idea, should I still keep them physically separated via their own switch, or should I simply put them on their own subnet and let them share the local networks switch?
Any advice on backuping up these servers in the dmz would be great.
One final note: we are not using snapshots, but are grabbing the files from each server and backing up, as if they were physical servers.
thanks in advance
-chris
Solved! Go to Solution.
08-02-2011 06:19 PM
Would it be advantageous to put the two extra nic ports onto their own network for backup purposes?
Definitely, this means that your backup traffic will not have to content with your other network traffic.
Is this considered bad news as far as security goes?
Again definitely, the fact that you put the servers in a dmz is that you want to isolate them. If you do set up a dedicated backup LAN, then you would have to firewall the servers and the media server.
08-02-2011 06:19 PM
Would it be advantageous to put the two extra nic ports onto their own network for backup purposes?
Definitely, this means that your backup traffic will not have to content with your other network traffic.
Is this considered bad news as far as security goes?
Again definitely, the fact that you put the servers in a dmz is that you want to isolate them. If you do set up a dedicated backup LAN, then you would have to firewall the servers and the media server.
08-03-2011 05:38 AM
thanks for the quick reply!
as far as security goes, to me that method seems more secure than simply having the backup machine pass through into the dmz through the firewall; but maybe it depends on how it's setup.