For Alternate client restores, need to be able to restrict a couple clients while using the /usr/openv/netbackup/db/altnames/No.Restriction
Currently, in the /usr/openv/netbackup/db/altnames directory, if it is blank, all clients are restricted from doing Alternate Client restores. You can create files to grant clients the ability to do Alternate client restores. You can also create the touch file /usr/openv/netbackup/db/altnames/No.Restrictions which grants all clients the ability to do Alternate client restores. There needs to be a way to have the No.Restrictions touch file in place and still have a way to prevent individual clients from being able to do Alternate client restores.
On our environment, we have around 800 clients. On approximately 8 client, we need the ability to shut off Alternate client restores so the data on these clients can not be restored to any other client. Currently, my only option is to remove the No.Restrictions touch file and create 792 files, each file containing the other 791 clients.
Comments
Keep in mind those
Keep in mind those restriction files only apply to user-directed restores, not stuff you do through the GUI. Do you really want your users to be able to restore to any or all of the other 792 servers in your Enterprise ? Or is your intention to allow your NetBackup admins to be able to restore to any of the 792 servers only ?
Anyone with restore access to the NetBackup GUI on the Master or Media(s) will be able to restore the data from those 8 critical servers anywhere they want anyway, just so you know. =)
Personally I think there's a lot to be said for restricting users to only restoring their own files, on their own server(s), unless they submit a ticket. Or outright blocking all user restores in NetBackup (and training them to use NAS snapshots instead if possible). But that's just me.
- "Your backups are only as good as your restores."
I'm also curious - how
I'm also curious - how closely did my list of 8 servers not-to-be-open-to-general-restore-access come to yours ? =)
DNS server
payroll server
HR server
exchange server
netbackup master
netbackup media
anything in your DMZ
at least one important 'propriatary info' server (i.e. main customer database, etc)
All it takes is someone filling up C:\ or /tmp/ to ruin your whole day.....
Things to think about.
- "Your backups are only as good as your restores."
Would you like to reply?
Login or Register to post your comment.