Manualshelf

HP Data Protector Operations Guide

ManualsBrandsHP ManualsSoftwareHP Data Protector V6.10 Software
57585960616263646566
Clients will verify the source for each request and allow only those requests received from clients
selected in the Enable Security on selected client(s) window. These clients are listed in the
allow_hosts file. If the request is denied, the event is logged to the inet.log file in the
following directories:
HP-UX and Solaris systems:
/var/opt/omni/log
Other UNIX:
/usr/omni/config/cell
Windows Vista, Windows Server 2008:
<Data_Protector_program_data>/log
Other Windows systems:
<Data_Protector_home>/log
When you secure an entire cell, all clients residing in this cell at the time are secured. When you
add new clients to the cell, you should also secure them.
Note: For more information on securing clients and security considerations, see the HP Data
Protector installation and Licensing Guide (B6960-90152).
Firewall configuration
You can configure your backup environment so that the Cell Manager and GUI are in the intranet
and some
Disk Agents and Media Agents are in the DMZ.
The Disk Agent and a Media Agent need to accept connections from the Session Manager on
port 5555. This leads to the following rules for a firewall:
Allow connections from the CM system to port 5555 on the DA system
Allow connections from the CM system to port 5555 on the MA system
A Media Agent also needs to accept connections from the Disk Agent. However, since these two
agents do not communicate through the firewall, you do not need to define a firewall rule for
them.
Both agents may connect to the Session Manager and a Media Agent may need to connect to a
Utility Media Agent (UMA). However, this only occurs when shared tape libraries are used or the
Reconnect broken connections option is enabled.
Since all connections that need to go through the firewall connect to the fixed port number 5555,
you do not need to define the
OB2PORTRANGE or OB2PORTRANGESPEC variables in this
environment.
Notes:
This setup does not allow the backup of databases or applications using on clients in the
DMZ.
If a device in the DMZ has robotics configured on a separate client, this client must also be in
the DMZ.
61 | Page