www.rembo.com setup an out-of-band rembo backup server. Use the PXE boot extensions on a nic that has no network protocols bound to it. When server boots, pxe does a bootp request to the rembo server then loads a small loader OS. Then it checks to see if a disk image needs to be made, incremental etc, otherwise continues booting.
You will need to do coding/scripting on your own. Not for the faint of heart. If you are PARANOID, you can have the server reload a base diskimage on every boot. Pros: Requires no software loaded on DMZ bastion hosts. Out-of-band solution Fault tolerant, plus MD5's on files. Forces proper change controls. Cheaper than BackupExec Disk images can be loaded from CD-ROM. Cons: Setup is a bitch (technical term) Not terribly fast. No "realtime" backups (however, in terms of "security" I would put this in PRO's column!) Did I mention setup is a bitch? This is not software for the typical SHRINK WRAP Systems Engineer... > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Alvin Oga > Sent: Wednesday, February 06, 2002 12:49 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: Strategy for backing up servers in DMZ? > > > > hi ya roy > > you dont.... > > never bring stuff from the outside back inside your lan > > do your work/updates on a local staging server.. > and release that to the utside dmz > - you already have a backup of all servers on the dmz > > - if the webservers create its own local db and stuff > on the fly... keep that backup on the second decicated dmz only > accessbile by that web server that needs its db > > > c ya > alvin > http://www.Linux-Backup.net > > > On Tue, 5 Feb 2002 [EMAIL PROTECTED] wrote: > > > We have a need to backup servers in the DMZ. We're using > Veritas BackupExec > > 8.6 for NT/2000. However, I'm a bit concerned about > running the backups > > through the firewall (Sonicwall Pro), just because it's a > lot of data that > > possibly could instead go through a separate physical > Ethernet network - if > > you all bless it!? > > > > Backup Exec does have the ability to utilize a separate > physical Ethernet > > network/sub-net. So long as none of the servers (LAN > Backup Server and DMZ > > Web Servers) have TCP/IP forwarding enabled, would it > really represent a > > security risk/vulnerability to stick another NIC in the DMZ > servers and the > > Backup Server and simply back them up through the separate > Ethernet network > > rather than bogging down the firewall with all packets??? > > > > Thanks very much! > > > > Roy. > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
