What I need is to turn an internet facing DMZ media server into nothing more than a simple data mover without the ability to run commands that could be a security risk if the master server is on the internal network. If possible I want only apply security on that media server. The internal network media servers should remain as per normal i.e. relying upon the security services of the server and the internal environment they live in.
From what I can see MSEO focuses on data encryption only - correct?
NBAC looks it may be a possibility but does it have the granularity to turn a media server into a simple data mover?
I don't need backup data encryption. I see a regular media server in DMZ as real security risk becasue from there you can run many of the commands for information, change configurations, etc without having to be located in the internal netowork. If the DMZ media server is compromised the last thing you want is giving somebody the ability to remotely get all the client information from vCenters (nbdiscover), expire backup images etc.
