Backing up of servers in the DMZ
I really need your help. I need to know if the following scenario would have worked and if so, an explanation of how.
We are all mindful of network security and our network engineers didn't like the idea of opening the ports we need to backup servers in the DMZ. To that end, the architect worked with them to add a media server in the DMZ, open all the ports needed for communication between the DMZ media server and the rest of the environment on the internal network. The thought was to have that media server in the DMZ act as a proxy for all communication between the DMZ clients and the backup environment internally. All backups for the DMZ would be funnelled through that media server to an internal media server that had connected storage. This way no ports would have to be opened for the individual clients in the DMZ as all comms would be through the DMZ media server.
I never saw this work and can't see a way that this scenario could work. Can you either confirm that this can't work or explain it if it's possible. The architect quit claiming that this was working, but it hasn't since I've been involved. Our network engineers would like this to work and are exerting pressure on me to get it to work, but I can't see how it is possible.