Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
2
Replies

Keeping Backing up Safe - Your Strategies

Pete89
Level 2
Level 2

‎05-31-2011 11:13 AM - edited ‎03-11-2019 01:40 PM

Hello,

We are in the midst of drawing up a network for a datacenter and I got to the VLAN for backups and wondered how I could make things safer. I mean afterall, the backup server is pretty powerfull considering it can talk to many hosts.

So, in a senerio where my backup server has been compromised I am putting in danger all those hosts that are getting backed up as well. I know we can firewall these devices so they can talk over a single port but what other strategies are you using to mitigate the risk of your back up server being owned? More than one back server(s)? L2 backup devices?

Thanks for any ideas,

P.

Labels:
0 Helpful
2 Replies 2

IAN WHITMORE
Level 4
Level 4

‎05-31-2011 12:30 PM

Well the expensive answer is - and this is what we are doing now in our company - put another NIC in each server if there isn't a free one already and put new switches top of the rack exclusively for backup. i.e. it's not a VLAN it's a whole new network just for backup so you can effectively backup 24hours a day and no backup traffic is going over production links/interfaces.

We use juniper switches because they have a 6m uplink cable to stack the switches which is far superior to Cisco's uplink cable (in length I mean and of course we don't want to put a switch in every rack...there are over 50).

The juniper switches hang off a couple of Cisco 4500 and we reutilized our old PIX525 for security and filtering to leave nothing to chance

Bingo. Backup LAN completely isolated (well the backup servers, TSM in our case, have an interface in the backup LAN and production networks hence the firewalls).

Great solution: YES.

Expensive: YES.

Needed: YES in our case because we are hadling many servers, a lot of traffic and our backup window was full already. Plus the backup traffic was saturating networking links and monitoring at night was a nightmare. Red alarms everywhere until the backups finished.

Maybe that was a bit more than you wanted...or not enough, but I hope it helps.

Ian

0 Helpful

Pete89
Level 2
Level 2
In response to IAN WHITMORE

‎05-31-2011 01:11 PM

Ian,

I appreciate your sharing how you do safe backups.We are going to discuss your idea although the costs as you mentioned are high, but definately worth investigating.

Thanks again,

P.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card