Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Firewall Question..

Created: 13 Dec 2012 • Updated: 01 Jan 2013 | 12 comments
This issue has been solved. See solution.

Client is behind the firewall,master server is not able to resolve it or ping it.
Media server is able to resolve the client name as it is permitted to access the client.Will the backup run ?
 

Comments 12 CommentsJump to latest comment

revaroo's picture

It will run as long as you don't have ALL_LOCAL_DRIVES defined as your file selections for backup. If you do, then the Master MUST have access to resolve and communicate to the client, as it requests the client to run bpmount to find the filesystems/drives to back up. If you are definining your file selection (i.e. C:\ D:\ or if unix / /var etc) then the Master doesn't have to communicate to the client at all, just the media server.

It's good practice to have the master communicate with the clients though, means you can make changes via the GUI to client settings.

I also believe database backups (SAP, Oracle, SQL) also require Master to have access, though I'd have to read the documentation to be 100% certain.

Hope this helps.

SOLUTION
nbuno's picture

But since the backup type is of 'scheduled' type don't when backup triggers it picks the client name from policy and then try to resolve its ip so that it can communicate to client ? i mean what you are saying is that master server has no relation with client at all...? then how even the backup will start at the first place..

 

sorry i m not trying to challenge i just want to understand better..pls

revaroo's picture

nbjm on the master server communicates to the media server to start bpbrm and sends bpbrm information such as client name. bpbrm then communicates to the client to start bpbrm.

 

IF your Master server is ALSO the media server then yes, it has to communicate to to the client.

 

The master server does no hostname lookup of the client IF it is not also the media server AND/OR you have no file selection set as ALL_LOCAL_DRIVES.

Here's the process flow for 7.x

https://www-secure.symantec.com/connect/sites/defa...

nbuno's picture

So it means backup works even if the client is not pingable from master ?

revaroo's picture

Yes. IF the Master server is not the media server hosting the storage unit or the file directive ALL_LOCAL_DRIVES is not being used.

nbuno's picture

ok..let's say i add ALL_LOCAL_DRIVES in firewall behind server where master server is not pinging the client but master server is..then  by which error it is likely to fail....any idea ?

Marianne's picture

by which error it is likely to fail....

Try that and tell us! 

We have seen that status codes change across NBU versions.

Please see the NBU process flow diagram over here as well as in Appendix A of the Troubleshooting Guide.

Supporting Storage Foundation and VCS on Unix and Windows as well as NetBackup on Unix and Windows
Handy NBU Links

nbuno's picture

lol..marianne..our NBU setup is 6.5.6 :)

Marianne's picture

The principal remains the same. See NBU 6.5 Troubleshooting Guide.

PLEASE upgrade your environment!

Supporting Storage Foundation and VCS on Unix and Windows as well as NetBackup on Unix and Windows
Handy NBU Links

nbuno's picture

Guys,

 

Sorry to say but backup is running fine even if i have "ALL_LOCAL_DRIVES" slected in the policy and all those conditions applied..i need a strong reason why not :) ?

mph999's picture

I think the master only gets the mount points from the clilent if it is a multistreamed backup.

I just ran a backup with no multi streams and nothing went into the clients bpmount log.

I enable multistreaming and reran the backup, and observed entries in the log.

So it looks like if you are not using multiple streams you don't need it.

Martin

 

Regards,  Martin
 
Setting Logs in NetBackup:
http://www.symantec.com/docs/TECH75805
 
kishorilal1986's picture

I think not, As client and master server cant communicate to have backup. the machine resolves from DNS server you need allow to specific ports for this