5 1 0:Backup in Different Networks
Overview
This article describes how to configure backup clients in different network segments by using a backup LAN. To be able to perform a backup in different networks, you have to configure network settings, hosts and interfaces.
Configuration example
In our example, the network consists of multiple segments:
192.168.59.0/24 : Network for regular service traffic (user LAN) 172.16.1.0/24 : Network for backup related tasks (backup LAN)
The following example shows how to perform a backup using the dedicated backup network 172.16.1.0/24.
Step 1: Network configuration
Make sure that the SEP sesam Server and all servers which should be backed up via the separate backup LAN have a network card in both network segments. Make sure that a TCP connection between hosts works properly. In this example, the backup server is a Linux system and has multiple network cards:
eth0: 192.168.59.200 eth1: 172.16.1.200
Step 2: Name resolution/hosts file configuration on the backup server
For both network segments (172.16.1.0/24 and 192.168.59.0/24) the SEP sesam Server should have a proper DNS entry. SEP strongly recommends to use a central DNS (Domain Name System) server. For details on DNS name resolution, see How to check DNS configuration.
If your environment does not have a DNS server, you have to configure the hosts files on all systems for a working name resolution.
Configure the hostnames in the system's hosts file to make them available via a DNS name. The location of the hosts file depends on the operating system:
On Linux
/etc/hosts
On Windows
C:\Windows\system32\drivers\etc\hosts
Open the hosts file in your text editor and add an entry.
# SEP sesam Server main IP, licensed IP and name 192.168.59.200 backup-server.mydomain.com backup-server # SEP sesam device server IP for data transfer over a separated LAN 172.16.1.200 backup-server-172.mydomain.com backup-server-172 # all clients that should be backed up 192.168.59.10 client01.mydomain.com client01 192.168.59.11 client02.mydomain.com client02
Note | |
The first entry must match the server name as specified in the SEP sesam license. |
Step 3: Hosts configuration on the clients
This step is only required if you do not have a central DNS server.
The backup client client02 should be backed up using the network 172.16.1.0/24. In this case, the control communication will take place over the network 193.28.59.0/24, the data transfer will run over 172.16.1.0/24 and a hosts file on the client have to include:
# my client IP and name 193.28.59.2 client02.mydomain.com client02 # name <-> IP resolution for control communication 193.28.59.200 backup-server.mydomain.com backup-server # name <-> IP resolution for data transfer 172.16.1.200 backup-server-172.mydomain.com backup-server-172
Step 4: Control configuration on the clients
During the Windows client software installation, the SEP sesam Server is added to the allowed hosts to communicate with the client (via SMSSH and CTRL). In case of a Linux client, you have already executed the command /opt/sesam/bin/sesam/sm_setup set_client <name of backup server>
.
In both cases the SEP sesam Server is added in the CTRL file <sesam_var_dir>/var/ini/sm_ctrld.auth
on the client and the SEP sesam Server public SSH key is inserted in the <sesam_var_dir>/var/ini/sm_ssh/authorized_keys
file on the client.
You have to add the second name of the SEP sesam Server to the client authentication possibilities by specifying the following command (for Windows and Linux):
/opt/sesam/bin/sesam/sm_setup set_client backup-server-172.mydomain.com
c:\program files\SEPsesam\bin\sesam\sm_setup set_client backup-server-172.mydomain.com
Step 5: Interfaces configuration
With working DNS name resolution or after configuring the hosts files, switch to the SEP sesam GUI -> Components -> Clients and double-click the SEP sesam server (backup server) to open its properties.
In the Interfaces field, check/add both hostnames. Add the hostnames multiple times with the different prefixes and suffixes for the different SEP sesam data transfer modes (ftp,http,https). SEP recommends to use always the fully qualified domain name (FQDN) for the interfaces.
In our example, these are:
backup-server.mydomain.com http://backup-server.mydomain.com:11000 https://backup-server.mydomain.com:11443 backup-server-172.mydomain.com http://backup-server-172.mydomain.com:11000 https://backup-server-172.mydomain.com:11443
Then configure your backup as described in Standard Backup Procedure. You can either schedule your backup or start it immediately, but make sure that you select the relevant interface from the drop-down list.
In our example, the selected interface is http://backup-server-172.mydomain.com:11000. This means that the backup server will connect to the client via the network 192.168.59.0/24 and the data transfer will take place over the 172.16.1.0/24 network. So there is no impact to the user LAN during the backup.
See also
Client properties – Standard Backup Procedure