Active IQ Unified Manager Discussions
Active IQ Unified Manager Discussions
Hi all !
I have a problem with the Backup Manager of Operation Manager : it is impossible to do a restore between two filers separated by a firewall... simply because NDMP opens a data connection on a random port between the two filers to do the restore :
This bug is clearly identified : http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=134670 and we can read "There is no workaround for this problem". That means I can't use Backup Manager with my secure architecture... crazy !
Have you ever faced this problem ? What have you found as workaround ?
Thanks a lot.
Dimitri,
Security introduces a number of challenges in every environment, especially with Firewalls being placed between equipment which expects to already be within some type of boundary of protection. You do have some options here, one of which will likely raise eyebrows of your security folks, but I've seen these routes implemented.
I have this existing in a number of environments where we have networks setup like this:
Dedicated Mgmt Network (and interfaces, shared or vif/vlan)
Dedicated Data Network for Host/Client access (shared, vif/vlan)
Dedicated Backup Network for Filer, TSM, Backup environment access (shared, or vif/vlan)
So, if your network infrastructure can support it, dedicated interfaces, vlans or the ability to split off this type of traffic in an isolated fashion - you may have a solution.
I'll always be looking for alternatives to this approach, but this is typically how I see it handled within a number of infrastructures, whether using ndmp or other.
Thanks Dimitri hopefully this helps.
Christopher
bug 134670 was updated to say that it has been fixed in several 7.3 and 8.0 ontap releases.
Has anyone try this fix out?
I have been looking for the info on how to use this fix, but have not found it yet.
len
Hi Len,
I posted a response to your question in our original post http://communities.netapp.com/message/50636#50636. Hope that's what you were looking for.
Cheers, Tony
Hello Tony
This appears to be just was I asking for.
Now I will have to try to figure out just how many ports should be opened.
Thanks very much.
len
Did you take a look at the below FAQ on what port need to be opened ?
http://now.netapp.com/NOW/knowledge/docs/DFM_win/rel40/html/faq/index.shtml#_3.14
Regards
adai