I need some architectural advice.
There are multiple networks (DMZ) and we would like to contain backup data per zone as much as possible. No component of zone A should be able to access (backup) data of zone B.
We are not using special appliances like DD but instead prefer plain and simple storage server(s) running VHR hardened repo (VBR 13 appliance) potentially with SOBR layer on top.
If you do not want to cross firewall boundaries between proxy/gateway and repo (for performance reasons), VHR would need to be multi-homed. (Not sure if it can/should be done.)
Otherwise we'd need to contain the one and only repo inside some isolated network, and have all flows from the DMZ (and prod) proxies go through the firewall to the repo. (probably not too bad unless you do many fulls at the same time)
However, in both cases, it's still the same repo. How does it actually limit access to backup data depending on which zone (its proxies) the request comes from? <- I think that's the main question here.
Maybe it doesn't matter as long as VBR server is not compromised.
What is the recommended (and safest) approach here?
Note we talk about Vsphere (Hot-add), but there is also a little file- and application-based workload.The situation seems worse when the proxy is in-band with the clients like for application-based backups as that would not require initial hypervisor-level escape to gain access to the proxy.
Thanks.
PS. Paranoid is my middle name.
