Scribd Logo
Upload

Welcome to Scribd!

  • 23 views

    Applies To:: OSB: Configuring Backup / Restore Through Firewalls (Doc ID 727528.1)

    Uploaded by

    tewodros fikre

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Applies To:: OSB: Configuring Backup / Restore Through Firewalls (Doc ID 727528.1)

    Uploaded by

    tewodros fikre
    23 views2 pages

    Original Title

    OSB-FirewallConfig

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    23 views2 pages

    Applies To:: OSB: Configuring Backup / Restore Through Firewalls (Doc ID 727528.1)

    Uploaded by

    tewodros fikre

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 2

    Copyright (c) 2021, Oracle. All rights reserved. Oracle Confidential.

    OSB: Configuring Backup / Restore Through Firewalls (Doc ID 727528.1)

    In this Document

    Goal
    Solution

    APPLIES TO:

    Oracle Secure Backup - Version 10.1.0.1 to 12.1.0.1.0 [Release 10.1 to 12.1]


    Information in this document applies to any platform.
    Checked for relevance on 29-Jun-2011.

    GOAL

    Oracle Secure Backup uses TCP port 400 for UNIX, Linux and Windows and by default TCP port 10,000 for NAS hosts
    within an OSB domain. The default TCP port for NAS devices may be configured to use an alternate TCP port if deemed
    necessary because a conflict exists.

    During backup and restore operations, OSB will dynamically select a TCP port from all available TCP ports. Some IT
    organizations enforce restrictions on the TCP ports that are available for use by an application, particularly as in cases
    where backups are being performed across a firewall.

    SOLUTION

    In OSB domains, you may configure a range of TCP ports available for use during backup / restore operations. TCP ports
    400 and 10,000 (or another user-configured port) must be available to OSB along with a range of additional TCP ports (ie
    20,000 – 20,024). Some general guidance on determining how many additional TCP ports should be available can be
    estimated in one of two ways:

    1. Multiply the estimated number # of concurrent OSB activities by 5


    2. Multiply the number # of tape drives (inside the firewall) by the # of clients (outside the firewall).

    When deploying OSB in an environment, which includes a firewall, some considerations and requirements must
    be addressed for successful interoperability:

    ---Network Address Translation (NAT) cannot be used by the firewall.


    ---The firewall must permit unrestricted outbound (secure -> unsecure) connections.
    ---Once a (secure -> unsecure) connection is made, the firewall must permit unconstrained data transfer. 
    ---Consideration must given regarding any firewall data transfer constraints (ie time or volume) insuring       OSB would not
    be hampered during backup / restore operations.
    ---Firewall timeout limits during periods of inactivity could be problematic for OSB since there are periods of inactivity
    during a backup / restore operation.
    ---If a client host is configured to expect keep-alives or other messages, the firewall must allow the pass through and not
    suppress the internal TCP messages.

    When configuring a range of TCP ports to be used by OSB, follow these guidelines:

    1. On the firewall, open port 400 and a range of other ports for OSB to use (i.e. 20,000 - 20,024). Note: the port numbers
    should be above 20,000 but below 32,000.

    2. Define the range of TCP ports available to OSB by editing the /etc/services file on any UNIX or Linux OSB
    Administrative Server and clients in your domain:

    ob-daemon-low <port low #>/tcp


    ob-daemon-high <port high #>/tcp

    Configuration tip:
    If a NAS device outside the firewall has a tape drive attached to it that will be utilized for its backups (no backup of the NAS
    device will be performed to devices inside the firewall) and the OSB Administrative Server is inside the firewall:
    ---TCP port 400 is still required to work in both the inbound and outbound directions.
    ---TCP port 10,000 is only required to be configured in the outbound (secure -> unsecure) direction. This is because the
    NAS is on the “unsecure” side and won’t require bi-directional communication if the tape drive is also on the unsecure side
    of the firewall.

    Didn't find what you are looking for?

    You might also like