When you say multihomed I will assume you have backup and management and/or production networks. To keep it simple I will focus on two networks (prod and bck).
NetWorker has nasty ability to take identity always of production network name. Reason for that is simply because daemon/service when running will check hostname which usually always binds to prod network and it will say "I'm prod-name". From there it will check IP and it will listen on that IP for anything else. That would server and client is no different. Same applies NMC.
Obviously this is when planning comes to game to achieve goals like backup network. Having data communication between server and client (metadata) and NMC console and server over prod network is not such a big deal as this traffic is really small. What you wish to keep an eye on is backup data. Usually you have setup where backup server is dedicated and no backups are going there (against local ones so no network) and you have group of storage nodes. Clients should have storage nodes listed for their backup address. If however your server is storage nodes for network clients you will need to adjust client's parameter server network interface to server's backup interface.
In NMC you will need to define your backup server name - if both NMC and server are on bck LAN then simply define backup server over the name belonging to bck LAN. While certain communication will still use prod I believe (just a guess) I think NMC will initiate communication against server-bck via NMC-bck (as local routing will see that bck<->bck is the way to go) and majority of the data should go over that. Again, metadata and NMC data are not such a big deal when it comes to traffic. I never run TCP analysis of NMC and server communication as I prefer that to use production/management LAN which is usually default, but in case you wish to play have sniffer ready and check what happens during gathering process and during operation process.
That would short version. Few scenarios and more details on what I said above have been covered by at least two articles that used to be part of old Legato KB so I would expect them to be here on PowerLink too - so check it out.
You're right, I do have two networks, one for backup and one "public". What I'm afraid of is the management server servicing requests via the public interface. I don't wat a listener sitting there, giving hackers a chance to get access to my backups. I can configure firewall rules to only allow the console's ports on the private interface, but I wish there was a way to prevent it from listening in the first place.
If you have dedicated NMC box use trick - name that box after nmc-bck instead of nmc-prod and thus bck will become primary interface on which NMC will listen and show up to the rest of the world.
ble1
4 Operator
•
14.4K Posts
0
January 8th, 2007 11:00
NetWorker has nasty ability to take identity always of production network name. Reason for that is simply because daemon/service when running will check hostname which usually always binds to prod network and it will say "I'm prod-name". From there it will check IP and it will listen on that IP for anything else. That would server and client is no different. Same applies NMC.
Obviously this is when planning comes to game to achieve goals like backup network. Having data communication between server and client (metadata) and NMC console and server over prod network is not such a big deal as this traffic is really small. What you wish to keep an eye on is backup data. Usually you have setup where backup server is dedicated and no backups are going there (against local ones so no network) and you have group of storage nodes. Clients should have storage nodes listed for their backup address. If however your server is storage nodes for network clients you will need to adjust client's parameter server network interface to server's backup interface.
In NMC you will need to define your backup server name - if both NMC and server are on bck LAN then simply define backup server over the name belonging to bck LAN. While certain communication will still use prod I believe (just a guess) I think NMC will initiate communication against server-bck via NMC-bck (as local routing will see that bck<->bck is the way to go) and majority of the data should go over that. Again, metadata and NMC data are not such a big deal when it comes to traffic. I never run TCP analysis of NMC and server communication as I prefer that to use production/management LAN which is usually default, but in case you wish to play have sniffer ready and check what happens during gathering process and during operation process.
That would short version. Few scenarios and more details on what I said above have been covered by at least two articles that used to be part of old Legato KB so I would expect them to be here on PowerLink too - so check it out.
mefwsf
35 Posts
0
January 9th, 2007 10:00
ble1
4 Operator
•
14.4K Posts
0
January 9th, 2007 12:00