There are several questions about how to secure the Catalogic DPX solution that the Catalogic experts have been frequently asked by users. Review these popular questions and answers in this article.
-
Question 1. Any client with the DPX client installed can start the management console and connect to the master server if the master server's hostname or IP and credentials are known, which poses a potential security threat. Is it possible to restrict access altogether? From our point of view it's sufficient if restores can be triggered from the master server only, not from the client.
-
Ans. If the master server's address and sysadmin credentials are known, then access cannot be easily restricted from client nodes. However, users can disable the "Catalogic DPX Web Server" service on the master server to restrict remote access from remote nodes.
-
Question 2. Can a client gain access to backups taken from another client on the vFiler? If yes, why, and how can this be prohibited?
-
Ans. If there is a single administrator account and all vFilers are assigned to that account, then all vFilers and backups will be accessible. To provide client isolation, use the DPX sub administrator configuration facilities and only assign appropriate resources to each sub administrator.
-
Question 3. Based on the established control paths, clients also need to communicate with the master server (as opposed to the preferred concept that only the master server initiates necessary communication to the clients). What type of communication can be initiated from the client to the master server? What kind of damage could be achieved if unauthorized users used this connection maliciously?
-
Ans. Clients communicate with the master server mainly to query the catalog. The DPX proprietary protocol is used for communication. If an unauthorized user compromises this connection, it can only be used effectively if the details of the control messages that are exchanged are known. However, if the message data is compromised, then it could disrupt master server components through crashes or service disruption.
-
Question 4. What protocol is used between a DPX client and the vFiler during a block-based backup?
-
Ans. The following protocols are used:
- Standard NDMP protocol for control operations
- NetApp proprietary protocol for data transfer
-
Question 5. What protocol is used between a master server and clients?
-
Ans. The DPX proprietary protocol is used for all communication and data movement operations.
-
Question 6. According the product documentation, a so called client proxy can be introduced. A client proxy is described as follows: "Node used to communicate with NetApp Storage System. Can be any node of the enterprise. (Ports: 6123, 6124, 10000, 10566)". Apart from load balancing considerations, can the introduction of at least one client proxy per security zone help address the aforementioned security concerns? Are client proxies recommended?
-
Ans. The client proxy is used to establish a session with the NetApp vFiler(s). This involves authentication with user provided credentials. Depending on the authentication mode, a secure zone is recommended in order to avoid compromising the user ID and password in the event of a network breach. A client proxy is always required for all NDMP related operations, including archive and advanced backup tasks.
-
Question 7. What other means are available to make access from any security zone to the management zone as restrictive as possible?
-
Ans. It is recommended to limit open ports across the firewall.
See also. For a comprehensive list of firewall configurations for Catalogic DPX, see