cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

OpsCenter 7.5 reporting on NAT/PAT Master Servers - has anyone gotten this to work?

hsoverma
Level 2

‎02-15-2012 10:37 AM

All,

 

We are running our own private 100mbit (or more) WAN connecting several sites (about 10) within the state. Everything is Cisco.

We have a master/media server placed at each site which then sends puredisk data to our master/media server at our D.R. site.

Also at our D.R. site is a single Opscenter Server, sitting on a local LAN, which has been collecting data from all the master/media servers.

For obvious reasons, (security, reliability, segmentation, etc) the media servers use NAT from the internal LANs to our private WAN.

As of this week, we have been running 7.1.0.3 and all is well. OpsCenter has had no problem collecting data from the site master/media servers using local DNS A records pointing to the NAT'ted addresses on our WAN.

 

With the advent of Netbackup 7.5, there were two huge features (among several others) we and our sites needed/demanded/were excited about: BMR over AIR and limiting views by user accounts in OpsCenter.

So, we took the plunge and wholesale upgraded to 7.5. Overall ,the upgrade has gone very well, but now OpsCenter wont communicate to any of our master/media servers except the local master/media server located on the same local LAN subnet.

Has anyone been successful getting OPSCENTER 7.5 talking to NAT'ted Media Servers? Any suggestions on how we can get around this other than using site-site VPNs?

3 REPLIES 3

tom_sprouse
Level 6
Employee Accredited Certified

‎02-16-2012 07:32 AM

■ OpsCenter does not collect data from the managed servers that are configured within a network address translation (NAT) network.

■ The OpsCenter server should be configured as a fixed host with a static IP address.

 

 

OpsCenter 7.1 Admin Guide -- http://www.symantec.com/docs/DOC3708

page 91

 

0 Kudos

hsoverma
Level 2

‎02-16-2012 07:45 AM

Thanks for the response, but what I am asking is NOT what the docs say but if anyone has figured out a way to get this to work...

One thing that makes us good as consultants/engineers is figuring out how to make things work despite certain limitations, right? If I got paid to read the docs and say "it isnt possible" without at least trying to come up with an innovative solution, then I wouldnt have a job. :)

My engineering team got things to work just fine under 7.1.0.3. Obviously something has changed under 7.5. What is interested is, I notice last night the OpsCenter can talk to the NAT'ted master/media server but not vice versa. Its like I need to config something with NBSL that I am missing.

If I keep running into a wall with NAT, then I will use VPNs, and I will keep this updated.

0 Kudos

hsoverma
Level 2

‎02-21-2012 07:17 AM

So my team worked on this further and after putting wireshark on the master/media server and wireshark on the Opscenter server ,we are seeing some interesting things.

The OpsCenter box initiates the connection to the NAT IP address of the remote Media/Master server just fine, but the remote Master/Media server responds to the REAL IP address of the OpsCenter box rather than the MAPPED IP address, even though the packets are seen coming from the MAPPED IP address of the OpsCenter.

With this in mind, we looked at these articles:

http://www.symantec.com/business/support/index?page=content&id=TECH124631

http://www.symantec.com/business/support/index?page=content&id=HOWTO43331

We also played with the NOM configuration files/registry entries.

Nothing above worked; the remote Master/Media server kept trying to respond to our OpsCenter REAL IP address rather than the MAPPED address.

So all of this is rather frustrating, as normally, netbackup is heavily dependent upon DNS and NOT IP addresses. In the past (up to version 7.1.0.3), as long as we had DNS setup properly, everything communicates just fine. In the case of this connection, the Master/Media server is ignoring our DNS entry for the MAPPED address of our OpsCenter. It would be interesting to bring up the 7.1.0.3 version of OpsCenter just to see what the packets look like, but we dont have the time to pursue this, as 7.5 has features we MUST have.

What also adds to the frustration is all the remote Media/Master servers connect to and talk just fine over NAT to our local Master/Media server for AIR. We have no issues here. You would think since all of this is built upon the same Veritas PBX java code, that both OpsCenter and the Master Server should work over NAT.

Finally, we added a NIC to the OpsCenter and did a NAT exempt through the ASA and assigned the second NIC the MAPPED address. The problem here is that OpsCenter simply wouldnt see the second NIC in the dropdown box when trying to add the remote Media/Master server.

We then instead removed the second NIC from OpsCenter and just added in the MAPPED ip address to the Primary NIC (in the advanced settings). This allowed us to then choose the IP address in OpsCenter. Note that we have to reboot 1 to 2 times everytime we added/removed a NIC or added an IP address to get OpsCenter going again.

Now we are having NAT issues on our firewall with this setup, as on the return path our firewall is tearing down the connection (possibly due to stateful inspection) before it gets to OpsCenter.

We have decided to try site-site VPNs at this point, so I will update this thread on how this goes. I wont be able to get to this until later in the week.

0 Kudos