Active IQ Unified Manager Discussions

NDMP restore failed with Operation Manager

danieljunet
3,772 Views

Hi all !


I have a problem with the Backup Manager of Operation Manager : it is impossible to do a restore between two filers separated by a firewall... simply because NDMP opens a data connection on a random port between the two filers to do the restore :

bug_ndmp_firewalls_english.jpg

This bug is clearly identified : http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=134670 and we can read "There is no workaround for this problem". That means I can't use Backup Manager with my secure architecture... crazy !

Have you ever faced this problem ? What have you found as workaround ?

Thanks a lot.

5 REPLIES 5

kusek
3,772 Views

Dimitri,

Security introduces a number of challenges in every environment, especially with Firewalls being placed between equipment which expects to already be within some type of boundary of protection. You do have some options here, one of which will likely raise eyebrows of your security folks, but I've seen these routes implemented.

I have this existing in a number of environments where we have networks setup like this:

Dedicated Mgmt Network (and interfaces, shared or vif/vlan)

Dedicated Data Network for Host/Client access (shared, vif/vlan)

Dedicated Backup Network for Filer, TSM, Backup environment access (shared, or vif/vlan)

So, if your network infrastructure can support it, dedicated interfaces, vlans or the ability to split off this type of traffic in an isolated fashion - you may have a solution.

I'll always be looking for alternatives to this approach, but this is typically how I see it handled within a number of infrastructures, whether using ndmp or other.

Thanks Dimitri hopefully this helps.

Christopher

lenboyle
3,772 Views

bug 134670 was updated to say that it has been fixed in several 7.3 and 8.0 ontap releases.

Has anyone try this fix out?

I have been looking for the info on how to use this fix, but have not found it yet.

len

tjlee
3,772 Views

Hi Len,

I posted a response to your question in our original post  http://communities.netapp.com/message/50636#50636.  Hope that's what you were looking for.

Cheers, Tony

lenboyle
3,772 Views

Hello Tony

This appears to be just was I asking for.

Now I will have to try to figure out just how many ports should be opened.

Thanks very much.

len

adaikkap
3,772 Views

Did you take a look at the below FAQ on what port need to be opened ?

http://now.netapp.com/NOW/knowledge/docs/DFM_win/rel40/html/faq/index.shtml#_3.14

Regards

adai

Public