About NAT support in NetBackup
NetBackup now supports NetBackup clients in a private network that are connected to NetBackup servers in a public network via a device that performs Network Address Translation (NAT). This document refers to such NetBackup clients as NAT clients.
NetBackup supports NAT clients in a network topology where the following conditions are met:
The NAT clients should be able to resolve the host names of the NetBackup servers and initiate connections to them. It is not required that the NetBackup servers be able to initiate connections to the NAT clients.
The NetBackup client name assigned to a NAT client should be a host name that is resolvable in the private network. It is not required that the NetBackup client name of the NAT client be resolvable from the NetBackup servers in the public network.
Bi-directional connectivity should exist between the master server and all media servers.
The NetBackup software on the NetBackup servers and NAT clients must be configured for NAT support as described in this document.
When working with NAT clients, NetBackup software ensures that all network connections are initiated from the NAT client to the NetBackup servers. In other words, no connections are directly initiated from the NetBackup servers to the NAT clients. NAT client support relies on a new NetBackup Messaging Broker (nbmqbroker) service on the master server and a subscriber service on each NAT client that maintains a persistent connection to the messaging broker service on the master server. This enables the NetBackup servers to send commands to the NAT clients via the messaging service. When a NetBackup server needs to connect to a NAT client (for example to perform a backup) it sends a 'reverse connection request' message to the NAT client via the master server. On receiving this message, the NAT client initiates a connection to the requesting NetBackup server.
Here is how a connection between a media server and a NAT client takes place:
The NetBackup Messaging Broker (nbmqbroker) service starts on the master server if NAT support is enabled.
The subscriber service starts on the NAT client along with other client services and subscribes to nbmqbroker service on the master server if NAT support is enabled on the client.
When a media server wants to connect to a NAT client, it publishes the NAT client's reverse connection request message to the message broker that exists on the master server.
The message broker delivers the message to the subscriber service on the NAT client.
The subscriber service initiates a connection from the NAT client to the requesting media server.
The media server uses this connection to communicate with the NAT client.
See Workflow to enable NAT clients in NetBackup domain.
NetBackup NAT support can also be used in the following non-NAT environments where it is desirable or mandatory for the NetBackup clients to initiate all connections to the NetBackup servers:
Clients are behind a firewall that is configured to disallow incoming connections
Clients' host names cannot be resolved to an IP address from the NetBackup servers, for example DHCP clients without a Dynamic DNS
Clients to which media or master servers cannot directly connect for any reason