Necessity of open ports during backup (was: help)

[Gregory Hicks <ghicks () cadence com>]

> Date: Fri, 1 Jun 2001 12:00:03 +0530 (IST)
> From: "G.Sambasiva Rao" <gsrao () cdach ernet in>
>
> I am beginner in this field and am from india.  I would like to know
> one thing regarding backup. Pl enlighten me.
>
> What is the necessity of ports to be open during backup?

An analogy would be ISDN with its control channels (D-channel) and data 
channels (B-Channels).  

The user connects with one B-Channel using the D-Channel to provide info 
on the type of connection, speed, et al.  The user transfers data.  The 
ISDN modem decides that data is not flowing fast enough and signals the 
remote end (via the D-Channel) to open another B-Channel.  This process 
repeats until one of two things happens: 

a) data is leaving the modem as fast as it is arriving;  (The server has 
no more bandwidth.)
or
b) there are no more B-Channels available.  (If you have an ISDN PRI 
connection, there can be LOTS of B-channels!)

In the case of a) above, the machine doing the transferring is 
physically limited in speed.  In the case of b) above, the transmission 
medium is limited.

Backups work about the same.  The machine doing the storage is the 
server while the machine doing the transfer is the client.  The client 
signals the server that it has data to store.  The server and client 
exchange 'signals' and open a data connection (one set of data ports).  
At this point, the server may signal the client to say that it can take 
data faster.  They open another data connection.  (Another set of 
ports).  This process repeats until one of four things happens:

a) The pipe cannot take any more data (get a faster LAN);
b) The server cannot accept any more connections;
c) The client cannot make any more connections;
or
d) The storage medium cannot take data any faster.

In the case of b) or c) you might want to get a more robust OS or 
faster, bigger machines.  In the case of d) you might consider either 
getting more tape drives (to handle the backup in parallel) or getting 
faster drives. Or both!

Of course, getting faster involves more money.  Sometimes, LOTS of 
money...

You'd have to figure out if the time available for the backup is 
sufficient to complete the backup.  If you have 12 hours and only 10 
hours of data, why spend money to make things faster?  Unless you are 
planning for the future and are expanding...?  (Expanding, in this case, 
means either more machines (perhaps, more users) or more data to 
backup...)

Since we were talking about backing up machines in the DMZ, each set of 
data connections is another set of ports to open through the firewall.

The above is not exact, but I believe it is a fair representation.  If 
not, someone will correct me...  (I hope!)
 
Hope this helps.

Regards,
Gregory Hicks

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards