We are trying to develop an approach to backup the clients who are in the DMZ via TSM server sitting inside the firewall. Please comment on the following strategy:
To backup the Clients in DMZ from TSM Lib located within the Intranet, install the TSM client on the Client in DMZ and open a port in the firewall. Additionally, use data encryption. To do this, you would use the include.exclude and exclude.encrypt options in your options file. . The encryption key for these can either be stored locally on your machine or prompted for each time a backup or restore is attempted. This is set with encryptkey option in your options file. TSM clients in DMZ should not be allowed do any administrative function. You can only prevent the client from deleting backups and archives. This can be performed by running (on the TSM server): update node <nodename> archdelete=no backdelete=no . Note: You could also change password=prompt in the client options file to require a password before a client could perform any actions. Not recommended though. Additionally, since the TSM server address is required in client options file, you can't hide information about the TSM server, in case of security breach. ANY BETTER IDEA is appreciated. Additionally, any red flags in the strategy. Thanks in Advance. Jas [EMAIL PROTECTED]