Can Backup Exec Server be installed in a workgroup and backup agents over hardware firewalls
Hi Can Backup Exec be installed on a non-domain server? I have done it in the past, but wanted to know if it is possible with the latest versions and for it to still be able to back up other remote agents also in workgroups. Can it also back up agents over a third party firewall, and if so, can the number of ports required to be open, be minimised to a very limited number? Thanks Chris740Views0likes1CommentAnother firewall question. Basic setup one sever, 10 clients
I have looked at the firewall rules in https://www.veritas.com/support/en_US/article.100017208 My setup is just a single backup exec server with locally attached disks for backup to disk (no cloud, not tape no remote storage). No other servers are used (apart from the agents). No alerts, no deduplication (I think). Clients are windows servers. Here we go... The backup server needs to initiate communicate to the agents on port 10000 to the clients The backup server then needs to inititiate communicate with agents on a dynamic address range (1024 to 65535 --can be customised) The server also initiates with the agents on port 6101 for "browsing"(??). Do I need this? Do I need to open up 3527/6106 (beserver), if so is it.. The agents need to initiate communication with the backup server on ports 3527 and 6106 OR Thebackup server needs to initiate communication with the agents on ports 3527 and 6106 Same question with Backup Exec Job Engine(beengine) on port 5633 I am going to say that "backup exec managment" (port 5014) does not need to be open in a simple setup. With the above in place ..... I do not need to touch any other FWs.993Views0likes1CommentNetBackup SSO - issues writing to tape library across the domain
I am having some issues in writing to a shared (SSO) library from across the AD domain. We have capacity based licensing model using NetBackup version 7.1.0.4 There are 2 x AD domains A.local & B.com: There is a firewall between the two AD domains. However, upon request all the ports for AD and NBU across the firewall have been allowed. The name resolution has been tested. The A.local domain has 1 x NBU Master and 2 x Media servers (on seperate physical boxes) running on Windows 2008 R2. The shared tape library (4 drives) is zoned to one of the Media server in A.local domain. The 4 drives are also shared for NDMP backups. Issue: Now, a new Media server on Windows 2008 R2 in B.com domain has been introduced connected to the NetBackup Master server in A.local. The new Media server is able to communicate with the Master server and completing successful backups (of some B.com domain clients, some failing with handshaking issues) to the storage disk pool attached to this Media server. I managed to add the library and all 4 x drives through the storage configuration wizard and it allows me to create storage pool. When I try to duplicate the backups from B.com Media server using the tape library connected to A.local Media server, the duplicate job hungs with error "the drives are down". When I look at the device status, the drive showing the new media server name against it shows AVR mode. On the new media server i ran "vmoprcmd -d -h", the output is as follows; PENDING REQUESTS <NONE> DRIVE STATUS Drv Type Control User Label RecMID ExtMID Ready Wr.Enbl. ReqId 0 hcart2 AVR - No - 0 1 hcart2 AVR - No - 0 2 hcart2 AVR - No - 0 3 hcart2 AVR - No - 0 ADDITIONAL DRIVE STATUS Drv DriveName Shared Assigned Comment 0 SL500-P2_LTO5_D1 Yes - 1 SL500-P2_LTO5_D2 Yes - 2 SL500-P2_LTO5_D4 Yes - 3 SL500-P2_LTO5_D3 Yes -Solved1KViews0likes4CommentsPublishing EV Search and Archive Explorer for OWA over Sophos UTM / Astaro UTM
Hi Folks, IHAC who wants to publish EV Search and Archive Explorer over a Astaro/Sophos UTM. I have done this with TMG a couple of times and it was always working more or less easily. Has anyone ever done this before? As far as I know the UTM can not redirect a "Sub-Web" like the TMG, so all traffic to owa.customer.com is forwarded to the Exchange CAS refgardless of being /OWA/* or /EnterpriseVault/* My idea was to create another subdomain like ev.customer.com and forward this traffic to the EV-Server. In the Policy and in the WebApp I can specify the external Web Address. Sounds good to you guys? Thanks for any Ideas on this, HolgerSolved789Views0likes5CommentsMonitoring machines
Good morning, It would not be important in similar forensic software security solution to point some strange movement in net for manual configuration? Would not it be nice to send this log to the administrator so that it has real science of what happens on their machines? The fact that even happens that the only security solution for password and disable it is discovered any protection software with password folder can hold a virus where this solution can not be detected due to have a password contained Performing a test in a given security software that will not mention the name says it the same as the high power of detection can not detect which way the folder with password there is a virus code that I created is not the same as new I sent them to the database and still is not detected because the folder containing password. In this case the solution would be important to periodically report to the administrator the steps that are being taken on all machines on your network because each machine would have this solution that would monitor every activity detecting managing such facilities that protect files with password and security does not detect your code simplest is that despite being in the database. Big hug860Views2likes2CommentsPorts to open for BE10d and Remote Agent
I have recently had to move my DB server which is a Solaris 9 OS box off ofdomain "A"and on todomain "B". The BE10d is installed on a Windows Server 2003 R2 EE SP2 and still lives on domain "A". The problem is now that the DB server is on a different domain from the BE server,data on the DB serveris not getting backed up. I know that certain ports need to be opened, but I don't know which ones. I think I have seen something about 10000, 6101, and 50000 - 50025. Can someone please help me with this old 10d version since Symantec would rather upgrade me than to answer this question. I'm not going to upgrade this because the hardware is getting upgraded in another 3 to 4 months from now and it would not be cost effective.Solved803Views0likes2CommentsNach hinzufügen ist der Server nicht in der Gruppe Alle Server vorhanden
Hallo zusammen wir haben folgendes Problem, bei der Installation des Agenten geht alles gut und auch die Meldung Erfolgreich wird angezeigt. Dies über die Schaltfläche Server hinzufügen: Schritt eins....... Schritt ende..... Nach der Aufliestung der Namen nach Alphabet sollte dieser hier kommen. Leider geht dies nicht, auch bei Tast F5 / Dienste neu Starten / Kompletten Server neu Starten. Beim Server läuft der Agent und auch ist hier die Angabe der BackupServers vorhanden. Besten Dank für die Hilfe und freundliche Grüsse Mike SchudelSolved3.2KViews2likes4CommentsSerious Error
Dear, good morning. I would like to make clear in this discussion, the importance that we give the integrity of our data, in particular our emails. We constantly see people everywhere reporting infections on their desktops and applications, but I do not see reporting as contracted. Importance would be a good integrity of our emails because we feed them well (cybercriminals) with new weapons by obtaining data on which they should not. Social networks registered with corporate e-mail, blogs registered with corporate e-mail etc., make each day are more targeted. As security expert, I always make sure that after all always looking for a culprit for a serious infection or destructive, and at the end of everything as it always has to have a fault, this is a security solution, but we learn that , we have to create its own policy of security as well. Attached to this discussion, is a video explaining the step taken by an attacker to collect e-mails and perform intrusion attempts with new weapons all the time are created by these criminals. Remember, a cracker does not use steps "maldados," they create their own weapons and new weapons to attack, so we never have a 100% solution, but if you create a good security policy in yourself, then it will be secured 100%, because a good percentage depends on your security solution, and so another good percentage is up to you forever! I hope you enjoyed. Big hug to everyone.Solved3.1KViews1like12CommentsPhrases that scare security professionals
Given the findings of some practices and routines, it is easy to know what the problems are with the security companies. It is your case? The scenes are classic. A child with chocolate smeared shirt says, categorically: "It was not me." Or the phone rings and mother assures you, "There's nothing to worry about." Or a systems administrator who carries a box of tapes back up guarantees: "Within minutes, all information will be retrieved." In some cases, the first words you hear - despite the distance between them and the truth - are enough to tell you everything you need to know. In some cases, the first words you hear - despite the distance between Them and the truth - are enough to tell you everything you need to know. The same applies to the world of information security. The same applies to the world of information security. Some words sound reassuring, but we know they often point out problems of internal security, technical resources or the people and processes involved in the protection systems. Get to know some of the phrases "revealing secrets" that signal the imminence of problems in security. One. One We have a culture of safety We have a culture of safety "No, you do not have" is the immediate response of the professionals. "No, you have not's" is the immediate response of the professionals. Even if only mentally. Even if only mentally. This is the kind of phrase that comes from companies that started with five people - in the traditional family business model - and, as they grew, a snap themselves operating with thousands of people without governance or policies. This is the kind of phrase That comes from companies That started with five people - in the traditional family business model - and, As They grew to snap Themselves Thousands of people operating with or without governance policies. Some exchanged and its "safety culture" are enough to buy a good espresso in a quiet corner allowing look to the horizon and find out how much work lies ahead. Some Exchanged and its "safety culture" are enough to buy a good espresso in a quiet corner Allowing look to the horizon and find out how much work lies ahead. The simple fact is that without support guidelines or feedback mechanisms (feedback), security is defined differently by each and is not verified by anyone. The simple fact is without support guidelines That common mechanisms or feedback (feedback), security is defined differently by each and is not verified by anyone. There are no metrics for compliance with the "culture" and a "safety culture" is hidden by a practice of "do your job". If there are rules, write them down. If there are rules, write down Them. If technology is put into action to implement or monitor the rules, write that down too. If technology is put into action to Implement or monitor the rules, write down That too. If people break the rules, comply with what was agreed. If the rules undermine the legitimacy of the business when completed, change them. 2nd. 2nd. IT security is information security IT security is the security of information Information security is not the same thing in the information technology security. If the term "information security" is used in the same way that "IT security", it invariably means that nobody has taken decisions not primarily security techniques that affect departments - IT, human resources, legal, audit and perhaps others in the organization. Join those who have influence in the departments listed above and decide whether information (not paper documents or equipment) is an asset of the company, such as computers and desks. Decide whether the company authorizes people to do jobs, logical and physical access to information as individuals. Decides Whether the company authorizes people to the jobs, logical and physical access to the information Individuals. Take these policies in group decisions. Take these policies in group decisions. Then maybe there will be more time to decide "how to" manage security - rather than trying to guess ... 3rd. 3rd. This does not apply to the chief This does not apply to the chief Although this is becoming less of an issue in public, occasionally an executive simply refuses to follow security guidelines that he himself approved. Although this is less of an issue Becoming in public, occasionally an executive simply Refuses to follow security guidelines That he himself approved. Unless you are prepared to meticulously document all "escapades" following the model of forensics and then deliver them to the directors or the police (or just quit), be prepared to work around the situation. Most bad apples can be managed by applying the Machiavellian sense of having influence the relationship of the other: they must at least pretend to lead by example, while continuing to do whatever they do behind closed doors. Few will admit it, but many Organizations simply put in the budget and install a DSL line access to "guests" in the halls of top executives and Their Eyes close to anything that is plugged into That line. This is not a desirable solution, but if you still solve these executives sign the documents required by Sarbanes-Oxley, the rest comes from the ability to deny knowledge of security professionals. 4th. 4th. Our department gets information security IT staff Our department gets information security IT staff Titles do not matter. Titles of not matter. A report by a security expert at the IT director is always a security administrator, even if that person has the job of information security officer. The problem is that in the corporate world the word "officer" usually means that professional has the authority to verify and monitor whether all the techniques and processes that control proprietary information are efficient. An IT security administrator is usually involved in designing technical control and therefore can not be "self-audit" and make sure that IT is doing the right thing, particularly if it relates to someone within IT. The security professional with the position of "officer" should always report the same level or higher as the IT director. The security professional with the position of "officer" should always report the same level or higher to the IT director. 5th. 5th. We have a password policy We have a password policy Speaking directly, a document that specifies the size, shape and complexity of a password is a technical standard or procedure, not a policy. Speaking directly, the document that specifies the size, shape and complexity of the password is a technical standard or procedure, not a policy. Politics is a directory for directing business, something like "individuals must be identified uniquely and authenticated priority to have the condition to access the company's assets." Politics is a business directory for directing, something like "Individuals must be authenticated and uniquely Identified priority to have the condition to access the company's assets." Note that this example policy involves "what" to do about people and access, not "how" to construct a sequence of character types. 6th. 6th. Our executives have copies of all passwords Our executives have copies of all passwords Although the idea to make a young student faint, ex ist indeed managers who demand that their direct employees to disclose their individual passwords. Although the idea to make the faint young student, ex ist indeed managers who demand That Their direct employees to Disclose Their individual passwords. The explanation for this is always: "What if someone is fired or sick? How could we find your documents?." When this happens, the only effective strategy is to tell anyone who asks such a thing: "If you do, then you are a suspect in any negative situation that arises. When this happens, the only effective strategy is to tell anyone who ASKs such a thing: " You'll never be Able to fire anybody because you will Also be a suspect. "Or you can always summarize it all in a simple:" Grow friend. " 7th. 7th. The brand is our standard I have nothing against the major hardware vendors in the market, but when the personal shopping company says: "Our standard is Dell" (or any other brand), what they are really saying is: "We play our standards security out the window in exchange for discounts and now we buy whatever the vendor offers. " I have nothing against the major hardware vendors in the market, but When the personal shopping company says: "Our standard is Dell" (or any other brand), What They are really saying is: "We play our security standards out the window in exchange for discounts and now we buy whatever the vendor offers. "It's the equivalent of shopping that her great-aunt in a store with inflated prices, getting happy because" a product is discounted 75%. " It's the equivalent of shopping That her great-aunt in the store with inflated prices, getting happy because "the product is discounted 75%." The point is, that both her great-aunt when IT people in the real world have other decisions to make and are commodity PCs. The point is, that her great-aunt ambos When IT people in the real world have other Decisions to make and are commodity PCs are all sure to choose the product from a vendor and maintain applications with it for a while. It's all right to choose the product from the vendor and Maintain applications with it for a while. But a manufacturer is not a technical standard and there is a problem in that mix if anyone does their homework. But the manufacturer is not a technical standard and there is a problem in That mix if anyone does Their homework. When a manufacturer makes changes in line or software product - especially when that part of an equipment manufacturer and network security such as Cisco Systems - it is important to have clearly defined functional requirements to assess whether the products still work as desired. When the customers not know what They want, any bargain Seems to be what you need. 8th. 8th. Hey, where did that come from? It is conceivable that those highly technical users should organize their own equipment as well as support them. On the other hand, this means that the area of IT and support personnel were knocked out by hardware manufacturers that provide only an 0800 number that never works. Security policies must be present everywhere, including the bathrooms attached to the wall behind the toilet paper of an organization. Security policy in the company can be exposed Also next to the bathroom towels. The important thing is to be clear and known to all. Solving this problem is a fundamental respect. Solving this problem is a fundamental respect. Start with the basic governance and making it clear that there are rules, with much effort and communication, this will at least make the "safety culture" a settled matter. 9th. 9th. We ship to the firewall rules ... Most network administrators cowers with the words mentioned above. Still, many will still send free email with a copy of the firewall rules. Worse, they have an OEM or a freelance consultant who set up the firewall for them and retain the single copy of the rules. These rules, if they present complexity, provide a detailed map of the security scheme of the company, with important information about the identity of internal networks and services and how to make them a target. No serious security professional would date a copy of the firewall rules of someone without a specific requirement to do so. A competent auditor of information systems certificate or other auditor will review firewall rules directly into the system administrator and can not take. The Competent auditor of information systems certificate or other auditor will review firewall rules Directly into the system administrator and can not take. If you see a copy of your corporate firewall rules put in an audit report, especially an audience, get ready to redo the design of IP ... and call their lawyers. Their lawyers and call.Solved1.3KViews2likes6Comments