> So "zfs send" AND "cpio" are not reliable to backup > ZFS fs. It's a problem every time I have isolated DMZ > server with local DAT that can't access to my > enterprise backup solution.
I have found the best solution for isolated DMZ servers is to create a zone with exclusive IP and place the zone in the DMZ. keep the Global in a backend network with access to you backup server. I have done this with web, mail and DNS servers and have had huge success with it. This methodology has allowed me to turn off all listeners except DNS for example on the zone and use zlogin from the global which even eliminates port 22 listener on the DMZ. Your zpool and all filesystems would reside on the global and be presented to the zone. Now your backup software and all of its associated open ports is not on your DMZ but on your safe network yet all filesystems can be backed up and restored safely. -- This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
