Solved: Need to know more details

Itegral · ‎09-27-2012

Could you please share requirements for NetBackup/Backup Exec cross forest set up i.e. dual way trust relationship, DNS settings, exchange & SQL backup etc.

we have two forest, A and B

Forest A has Exchange/SQL and NBU Media server

Forest B has NBU Master server and Media server

So, will the authentication to access Exchange/SQL in the forest A be configured via a service account on the forest A NBU media server and doesn't need to be configured on the forest B master server?

Marianne · ‎10-02-2012

whats the benefit of a media server per forest/domain?
No multiple network hops for data transfer.
Fewer firewall ports to be opened.

What impact would it have on bi-directional trust?
No idea... Domain trust is not a NBU requirement. Just forward and reverse name lookup as well as port connectivity.

What options do I have for NBU to work without issues while maintaining the security?
Port connectivity is needed for successful comms. No way without it unless you put a separate master/media server in each domain/forest.
NBU has come a long way to reduce number of ports - from 100's of ports needed in version 3.x to one port (1556) since 7.0.1. (A couple more if dedupe is used.)

If only filesystem backups are done for clients, no comms are needed between master and client. Here backup selection is sent to media server and comms is limited to media server <-> client.
If you backup ALL_LOCAL_DRIVES and/or databases, bi-directional connectivity is needed between master and client for initial job setup before data transfer is passed to media server and client.

Hope this helps.........

Handy NetBackup Links

View solution in original post

Yogesh9881 · ‎09-27-2012

Need to know more details ...

Forest A & Forest B (NBU media server) connected on same NBU master server or 2 different master server ?

i think provided info is more on active directory & not about netbackup

V4 · ‎09-28-2012

As far your Trust Relational ship is in bi-directional and is intact NBU would work. but if Trust is broken or DNS fails to resolves and route , or AD replication takes time to update object reference amongst Domain then there would be issues in connection/authentication

Marianne · ‎09-28-2012

NetBackup needs forward and reverse hostname lookup and bi-directional port connectivity.

Service account is local to client that needs to be backed up. Only the NBU process on the client itself reads the data and then sends it to the media server. The media server does not access any data on the client. Same for master server.

Handy NetBackup Links

Itegral · ‎09-28-2012

do you recon introducing a Media server per Forest would help, using the same Master server?

I understand that additional Media server requirement is based on load and performance requirements...

Itegral · ‎09-28-2012

It is a single NBU domain envrionment (one master server for both forest).

Itegral · ‎09-28-2012

Marianne van den Berg: the media server does not access any data on the client, but it still needs to be added to the NBU media server for it to communicate to the client?

If we decide to remove the Media server from "Forest A" and let Forest B Master/Media server to carry out the backups for Forest A, what do we need?

Marianne · ‎09-28-2012

Correct - SERVER entries are required to permit servers to backup clients, but the servers do not physically access the client's data.

If domains are firewalled, it will be a good idea to have a media server in each domain/forrest.

If we decide to remove the Media server from "Forest A" and let Forest B Master/Media server to carry out the backups for Forest A, what do we need?

Same as per my previous post - forward and reverse name lookup (either DNS or hosts entries), plus port connectivity.
See http://www.symantec.com/docs/TECH136090 for port requirements.

Handy NetBackup Links

Itegral · ‎09-28-2012

Thank you Marianne.

Last but not least; does it require bi-directional trust between the forests/domains?

Marianne · ‎09-28-2012

Name lookup and port connectivity is really all that is needed.

Trust between forests/domains is only required if you want to perform redirected restore across domains and retain file permission/ownership.

Handy NetBackup Links

Itegral · ‎09-28-2012

by the way, whats the benefit of a media server per forest/domain?

What impact would it have on bi-directional trust?

What options do I have for NBU to work without issues while maintaining the security? Business is quite sensitive about opening ports across the firewall.

Itegral · ‎10-02-2012

Marianne van den Berg: Apologies for repeated questions, could you please briefly advise.

Marianne · ‎10-02-2012

whats the benefit of a media server per forest/domain?
No multiple network hops for data transfer.
Fewer firewall ports to be opened.

What impact would it have on bi-directional trust?
No idea... Domain trust is not a NBU requirement. Just forward and reverse name lookup as well as port connectivity.

What options do I have for NBU to work without issues while maintaining the security?
Port connectivity is needed for successful comms. No way without it unless you put a separate master/media server in each domain/forest.
NBU has come a long way to reduce number of ports - from 100's of ports needed in version 3.x to one port (1556) since 7.0.1. (A couple more if dedupe is used.)

If only filesystem backups are done for clients, no comms are needed between master and client. Here backup selection is sent to media server and comms is limited to media server <-> client.
If you backup ALL_LOCAL_DRIVES and/or databases, bi-directional connectivity is needed between master and client for initial job setup before data transfer is passed to media server and client.

Hope this helps.........

Handy NetBackup Links

VOX

Netbackup requirements - cross forest backup