Firewall proxy systems and methods in a backup environment
First Claim
1. A method for performing remote backup operations, the method comprising:
- receiving with a proxy computing device a first unidirectional connection request from a media agent module that resides within a trusted enterprise network, the first unidirectional connection request being received through a first firewall;
receiving with the proxy computing device a second unidirectional connection request from a remote computing device coupled to an untrusted network, the second unidirectional connection request being received through a second firewall coupled to the untrusted network, the proxy computing device having a data agent executing thereon that is configured to facilitate the backup of backup data received from the remote computing device;
unidirectionally establishing a first secure connection from the media agent module to the proxy computing device in response to said receiving the first unidirectional connection request;
unidirectionally establishing a second secure connection from the remote computing device to the proxy computing device in response to said receiving the second unidirectional connection request;
routing with the proxy computing device backup data received from the remote computing device via the first secure connection to the media agent module over the second secure connection; and
with the media agent module, and at the direction of the storage manager module, storing the backup data on at least one storage device within the enterprise network, wherein during establishing said first and second secure connections identification of the media agent module or the at least one storage device is not exposed to the untrusted network.
4 Assignments
0 Petitions
Accused Products
Abstract
According to certain aspects, a method for performing remote backup operations is provided that includes receiving a first unidirectional connection request from a media agent module to a proxy device within an enterprise network, through a firewall. The method also includes receiving a second unidirectional connection request from a remote device coupled to an untrusted network, such as through a second firewall. Secure connections are established from the media agent module to the proxy and from the remote device to the proxy. Additionally, the method can include routing with the proxy device backup data from the remote computing device to the media agent over the secured connections. The method also may include storing the backup data on a storage device within the enterprise network. In certain embodiments, during establishment of the secure connections, identification of the media agent or the storage device is not exposed to the untrusted network.
-
Citations
18 Claims
-
1. A method for performing remote backup operations, the method comprising:
-
receiving with a proxy computing device a first unidirectional connection request from a media agent module that resides within a trusted enterprise network, the first unidirectional connection request being received through a first firewall; receiving with the proxy computing device a second unidirectional connection request from a remote computing device coupled to an untrusted network, the second unidirectional connection request being received through a second firewall coupled to the untrusted network, the proxy computing device having a data agent executing thereon that is configured to facilitate the backup of backup data received from the remote computing device; unidirectionally establishing a first secure connection from the media agent module to the proxy computing device in response to said receiving the first unidirectional connection request; unidirectionally establishing a second secure connection from the remote computing device to the proxy computing device in response to said receiving the second unidirectional connection request; routing with the proxy computing device backup data received from the remote computing device via the first secure connection to the media agent module over the second secure connection; and with the media agent module, and at the direction of the storage manager module, storing the backup data on at least one storage device within the enterprise network, wherein during establishing said first and second secure connections identification of the media agent module or the at least one storage device is not exposed to the untrusted network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for performing remote backup operations, the system comprising:
-
an enterprise network comprising, at least one storage device, a media agent module configured to direct backup operations with respect to the at least one storage device, and a first firewall component in communication with the media agent module and configured to prevent connection requests to the media agent module from outside the enterprise network; a second firewall component located outside the enterprise network and configured to receive communication from an untrusted network; a proxy computing device located outside the enterprise network and coupled to the first firewall component and the second firewall component, wherein the proxy computing device is configured to, receive through the second firewall component a first connection request from a remote computing device coupled to the untrusted network, the proxy computing device having a data agent executing thereon that is configured to facilitate the backup of backup data received from the remote computing device, establish a first secure connection with the remote computing device in response to said receiving the first connection request, receive through the first firewall component a second connection request from the media agent module, establish a second secure connection with the media agent module in response to said receiving the second connection request, and route backup data received from the remote computing device via the first secure connection to the media agent module over the second secure connection, and wherein the media agent module is configured to direct the backup data to the at least one storage device. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for performing remote backup operations, the system comprising:
-
an enterprise network comprising, means for storing data, means for directing backup operations with respect to said storing means, and means for preventing connection requests to said directing means from outside the enterprise network; means for restricting communication between the enterprise network and an untrusted network; means for receiving through said restricting means a first connection request from a remote computing device coupled to the untrusted network and for receiving through said preventing means a second connection request from said directing means, wherein said receiving means is further configured to, establish a first secure connection with the remote computing device in response to receiving the first connection request, the receiving means comprising a proxy computing device having a data agent executing thereon that is configured to facilitate the backup of backup data received from the remote computing device, establish a second secure connection said directing means in response to receiving the second connection request, and route backup data received from the remote computing device via the first secure connection to said directing means over the second secure connection, and wherein said directing means is further configured to store the backup data on said storing means. - View Dependent Claims (18)
-
Specification