Workgroup with NetBackup
A workgroup with NetBackup is classified as a small group of systems (less than 50). The workgroup is used with NetBackup internally. Typically, this configuration does not have a unified naming service such as NIS or Active Directory. It may not have an authoritative host naming service such as DNS or WINS. This configuration is typically found in the test labs of large corporations, or as environments in small corporations.
The workgroup with NetBackup includes the following highlights:
Very few NetBackup servers
Small computer environments
No externally facing equipment involved
Figure: Workgroup with NetBackup shows an example workgroup with NetBackup.
The following table describes the NetBackup parts that are used with the workgroup.
Table: NetBackup parts used with the workgroup
Part | Description |
|---|---|
Master server |
Communicates with the media server and clients 1, 2, 3, and 4. |
Media server |
Communicates with the primary server and clients 1, 2, 3, and 4. The media server manages the writing of unencrypted data to tape for clients 1, 2, 3 and 4. |
Tape |
Contains unencrypted backup data that is written for clients 1, 2, 3, and 4. |
Clients |
Specifies that clients 1, 2, 3, and 4 are Standard NetBackup clients managed by the primary server. They have their unencrypted data backed up to tape by the media server. |
Internal firewall |
Allows NetBackup to have access to clients in the DMZ. Only selected NetBackup ports and possibly other application ports are enabled for data communication into and out of the DMZ. HTTP ports that are open in the external firewall are not allowed to pass through the internal firewall from the Internet. The internal firewall is not used with the Workgroup deployment model. In this example, no clients access the internal firewall so the NetBackup ports should not be opened through it. Note: In this example, there are no clients beyond the internal firewall. So the NetBackup ports should not be open through the internal firewall. |
Demilitarized Zone (DMZ) |
Provides a "safe" area of operation for NetBackup clients existing between the internal firewall and external firewall. Possible clients operating in the DMZ include Web server NetBackup clients using either standard NetBackup clients or encrypted NetBackup clients. Clients in the DMZ can communicate to NetBackup through the internal firewall using designated NetBackup ports. Web server NetBackup clients can receive connections from the external firewall to the Internet using typical HTTP ports. The DMZ is not accessible by clients in the Workgroup deployment model. |
External firewall |
Allows external users to access Web server NetBackup clients that are located in the DMZ from the Internet typically over HTTP ports. NetBackup ports open for clients to communicate through the internal firewall are not allowed to pass through the external firewall to the Internet. |
Internet |
Specifies a collection of interconnected computer networks linked by copper wires, fiber-optic cables, and wireless connections. Clients do not use the Internet in the Workgroup deployment model. Caution: Customers should never put NetBackup clients outside the DMZ and directly in the Internet. You must use an external firewall to block the outside world from NetBackup ports at all times. |