cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

VM.conf for trusted host access?

Brian_Hesseling
Level 3

‎03-12-2007 10:29 AM

I am trying to configure the the VM.conf file on my Netbackup 6.0 mp2 servers to be secure. Am I right in that the only SERVER= entries I should put in it are master, media servers and workstation that I manage from? Would this keep any unauthorized requests from hosts (such as DMZ servers) from working? Thanks.
0 Kudos
5 REPLIES 5

Dennis_Strom
Level 6

‎03-12-2007 10:34 AM

yes. SERVER = only for servers that you are managing from. I do not manage from my media servers so for those I have MEDIA SERVER = . Also this belongs in /opt/openv/netbackup/bp.conf
/opt/openv/volmgr/vm.conf contains DEVICE_HOST = this is for units that control robots.
0 Kudos

Brian_Hesseling
Level 3

‎03-12-2007 10:40 AM

I was working off of this document:
http://support.veritas.com/docs/285082

Which says to put the entries in the vm.conf file. Is this incorrect? I am trying to mitigate this security problem until I can upgrade to MP 4.
0 Kudos

Dennis_Strom
Level 6

‎03-12-2007 10:59 AM

looks like you are correct. I think that I would only put the master server in there first. Then see if every still works fine. I do not think you will need remote administration machines in there although I could be correct.

Another fairly simple solution is ipfilter. I have this install on my Master Server that is in the DMZ and as of yet have not failed a security audit (or been hacked that I know of). I actually run ipfilter on all my Master and Media Servers.
0 Kudos

Dennis_Strom
Level 6

‎03-12-2007 12:59 PM

Ok I have re-read the technote. in vm.conf you only want DEVICE_HOST = SERVERNAME for the servers that control a robot. Nothing else. If you leave this file blank then any server can control the robots by have DEVICE_HOST = you only allow that server to control a robot.

in bp.conf the only way you can have control over the server in question is to have SERVER = SERVERNAME in bp.conf

So yes only DEVICE_HOST = in vm.conf
and
only SERVER = in bp.conf
0 Kudos

Ankur_Kumar_3
Level 3

‎03-12-2007 01:33 PM

only the master server entry would suffice i believe

ciao
Ankur Kumar
0 Kudos