03-31-2014 05:25 PM
Hi ,
Does anyone knows how can I dis-allow Master server to initiate restores for specific client to different client locations. This is needed for security purposes.
Thanks..
Solved! Go to Solution.
03-31-2014 09:37 PM
You could use Client Encryption to achieve this, somewhat. Though I don't think it was designed specifically for your use case, it should give you something close.
Essentially, with the encryption key kept private on the client, not even the Master or Media servers could restore the client's data. The restore would only succeed when initiated from the client, because it has the key.
It doesn't just stop the Master from restoring ClientA's data to ClientB, it stops anyone else - including the Master - from being able to restore ClientA's data altogether, regardless of destination.
More info in the NetBackup security and encryption guides:
http://www.symantec.com/docs/DOC5185
http://www.symantec.com/docs/DOC6486
03-31-2014 06:00 PM
You can disallow restores from clients. You cannot disallow Master server restore to clients.
It would be poor business practice to disable the latter even if it was possible.
How could you handle Disaster Recovery when the client no longer exists?
03-31-2014 06:13 PM
This can be affordable in some business cases where the security of data is much more important. Still in DR scenario we can afford reinstallation of the client and restoration to that client (with some config changes , NB will realize that it is the same client)
However , We need to dis-allow the backup administrator to restore some critical files to different clients. Is that possible?
03-31-2014 07:28 PM
Sorry, that doesn't make sense. Security will allow you to build a new server and it's OK to restore to it but can't allow restore to an existing albeit alternate client? See a flaw there?
If you can't trust your admin, who can you trust?
03-31-2014 09:37 PM
I like RLeon's idea.
Mine was going to be something akin to a SAN media server + drive encryption, but had yet to nail down a few details myself and RLeon's requires less resources and configuration.
03-31-2014 09:37 PM
You could use Client Encryption to achieve this, somewhat. Though I don't think it was designed specifically for your use case, it should give you something close.
Essentially, with the encryption key kept private on the client, not even the Master or Media servers could restore the client's data. The restore would only succeed when initiated from the client, because it has the key.
It doesn't just stop the Master from restoring ClientA's data to ClientB, it stops anyone else - including the Master - from being able to restore ClientA's data altogether, regardless of destination.
More info in the NetBackup security and encryption guides:
http://www.symantec.com/docs/DOC5185
http://www.symantec.com/docs/DOC6486
03-31-2014 09:54 PM
Thanks mnolan,
Another possibility would be to implement some customized access rights for the NetBackup admin account using NBAC. But then, that doesn't stop data from being imported into another Nbu domain if the Nbu admin has physical access to the tapes or disks; besides, who'd be the admin's admin? And God help your soul if you venture in to the land of NBAC. (Also documented in the NetBackup security and encryption guides BTW)
03-31-2014 10:42 PM
Thanks for all your replies.
Thanks RLeon , I already thought about this and I kept it as a last resort in case there is no other solution.
03-31-2014 10:48 PM
I agree with RLeon - each time I attempted to implement NBAC, it ended up in lengthy Support calls. (I have also posted personal issues with a clustered master server here..). And probably the worst documented feature in NBU...
To get back to your question, Server alternate restore is allowed by default from the master. It can be disabled under Host Properties -> Master -> Client Attritibutes, but the Admin on the master server can enable and disable this feature any time.
As wr said - you need to lay down rules in writing and employ trustworthy NBU admins.
Client side encryption seems to be the easiest way to prevent alternate client restore.
03-31-2014 11:49 PM
Thanks Marianne for your answer.
The problem is not in the NBU admin as much as in the customers requesting some specific security requriements especially if the service provider is different from the customer.
I would consider and offer the client side encryption solution and also consider adding DISALLOW_SERVER_WRITES parameter in the bp.conf file as well.