help on EBS software for firewalled scenario
Hi,
We have the configuration of a three-tier application on sun v890 servers and each tier sits behind a firewall. i.e. database and application have a firewall in between, web server to application has a firewall and so on.
while configuring backups for the databases we need to know the exact port number that is being used by the EBS backup software for taking the backups or possibility of configuring the minimum number of ports through which the backup can be taken for each server.
Could anybody give a clue to this scenario?
regards,
Ganadeva
# 1
> while configuring backups for the databases we need
> to know the exact port number that is being used by
> the EBS backup software for taking the backups or
> possibility of configuring the minimum number of
> ports through which the backup can be taken for each
> server.
Doesn't your firewall log who's trying to access whom and on what source port to what destination port is involved?
alan
# 2
right now the firewall is in place and the backup software has been installed after the firewall has been put in place. we have done some searching of the documents and one possible solution seems to be setting the port number for each client in the nwadmin to the same value after opening all the firewalls and then check out the backups after closing the ports except the port numbers that are being used.
The legato networker version is 7.1
# 3
@artist ...
What advice have you been able to get from EMC Corporation?
http://www.legato.com/
It's EMC's software product, not Sun's.
Perhaps the people that create that program already know
how to answer your question, because they've already discussed it
with others that have done this.
Investigate it from the perspective of what the backup program
might need instead of from what the OS can offer.
# 5
Hi,
Refer sun document 819-0286-10.pdf available for download at http://192.18.109.11/819-0286-10/819-0286-10.pdf
As per the sub-section "configuring firewall support" within "server management"
following can be the port allocations for opening the firewall for the service connections:
1) for the backup server
5+2n
n is number of devices registered on the EBS server
for the current configuration having a single LTO3 tape drive device ,
above count comes to 7
starting from 7937+7=7944
2) for every client i.e. every server 2 port 7937 and 7938
3) there is no separate storage node as the backup server is having the server software as well as the direct connection to the tape library.
-
Refer the page 83 for a possible firewall setting based on above
TCP Packet Considerations
Set firewall rules to allow inbound and outbound TCP packets to and from the
following service ports:
1)On the Sun StorEdge EBS server ?open ports between the Sun StorEdge EBS clients and the Sun StorEdge EBS server.============================>7937-7944
2) On the Sun StorEdge EBS storage node ?open ports between the Sun StorEdge EBS clients and the Sun StorEdge EBS storage node.============================> is the same as storage server in our setup
3) On port 7937 ?open the port between the Sun StorEdge EBS server
and both of the following: ?Sun StorEdge EBS clients
?Sun StorEdge EBS storage node on the client side of the
firewall
4) On port 7938 ?open the port for inbound and outbound requests.
--
My query is what about the connection ports? The range of 10001 to 30000 is too large from firewall point of view. I have not been able to find a
