Problem
How to include support for immutability, also known as Write Once Read Many (WORM), for Veritas Alta Recovery Vault cloud storage.
Error Message
Running the command
/usr/openv/pdde/pdcr/bin/msdpcldutil create --bucket mynamebucket1 --volume myname-worm-uswest1 --mode GOVERNANCE --max 10D --min 1D --live 2022-03-20
Returned the error:
failed to create volume: myname-worm-uswest1 Error: AccessDenied: Access Denied
Cause
The command msdpcldutil is trying to upload WORM configuration files into a STANDARD storage class but the Veritas Alta Recovery Vault bucket does not support it with the initial release of Veritas Alta Recovery Vault.
Solution
AWS WORM support is available now for the NetBackup 9.1.0.1, 10,0, 10.0.0.1 and 10.1 releases.
Azure WORM support is available for NetBackup 10.0, 10.0.0,1 and 10.1.
Emergency Engineering Binaries (EEBs) are needed to add WORM support with Veritas Alta Recovery Vault.
Please see the article 100051821 for more details regarding the required EEBs.
As part of this a new "storageclass" option has been added to msdpcldutil:
--storageclass value, -s value Amazon S3 storage class (default: "STANDARD")
For more information regarding the msdpcldutil command please see the NetBackup Deduplication Guide
https://www.veritas.com/support/en_US/doc/25074086-151874763-0/v152917675-151874763
Once you have created the the WORM bucket using msdpcldutil you can then proceed to create a diskpool via the webUI to make use of it.
WORM support in Amazon:
See the chapter in the Deduplication Guide: Managing AWS S3 immutable storage using msdpcldutil tool.
Veritas Alta Recovery Vault Amazon/Amazon gov only supports STADARD_IA and GLACIER_IR storage tiers. The command msdpcldutil has been updated with a new "storageclass" option.
Before using the msdpcldutil utility the following environment variable must be defined:
export MSDPC_ACCESS_KEY=xxxx
export MSDPC_SECRET_KEY=yyyyyyyyyyyyy
export MSDPC_REGION=<your region> (pick the appropriate region e.g. us-east-1)
export MSDPC_PROVIDER=amazon
Usage and an example of using the msdpcldutil command for AWS (run on the media server):
cd /usr/openv/pdde/pdcr/bin
./msdpcldutil create -h
NAME:
msdpcldutil create - create immutable cloud volume
USAGE:
msdpcldutil create [command options] [arguments...]
OPTIONS:
--bucket value, -b value bucket name
--volume value, -v value volume name
--mode value, -m value retention mode: COMPLIANCE or GOVERNANCE
--max value, -M value max lock duration: number plus 'D' or 'Y', such as 12Y means 12 years
--min value, -N value min lock duration: number plus 'D' or 'Y', such as 12D means 12 days
--live value, -l value live until date(example, 2021-08-18, format:'YYYY-MM-DD', clock is set:'00:00:00', timezone is set:'UTC'
--storageclass value, -s value only STANDARD_IA, GLACIER_IR are supported. (default: "STANDARD")
--help, -h show help (default: false)
./msdpcldutil create -b jzh-worm-bucket07 -v jzh-b01-v02 --mode GOVERNANCE --min 1D --max 1Y -l 2024-10-24 -s STANDARD_IA
Volume: jzh-b01-v02 in bucket: jzh-worm-bucket07 is created successfully
./msdpcldutil create -b jzh-worm-bucket07 -v jzh-b01-v03 --mode GOVERNANCE --min 1D --max 1Y -l 2024-10-24 -s GLACIER_IR
If the bucket/container is not WORM enabled or if storage class is not specified then you can see Access denied errors.
./msdpcldutil create --bucket nra81rva0006bucket1 --volume rkalyan-worm-uswest1 --mode GOVERNANCE --max 10D --min 1D --live 2022-03-20
failed to create volume: rkalyan-worm-uswest1
Error: AccessDenied: Access Denied
WORM support in Azure:
See the section in the Deduplication Guide: Managing an Azure cloud immutable volume using msdpcldutil tool.
- Azure WORM is supported in 10.0 and later versions only.
- Provision team provides Immutable enabled storage account to use WORM for msdpcloud configuration.
- msdpcldutil is used to create the immutable volume, please refer to the deduce guide for more information. or https://confluence.community.veritas.com/display/CDT/NBU-119140+Azure+Immutable+Storage+Configurations
Set the following environment variables prior to running msdpcldutil:
# export MSDPC_REGION=<your region>
# export MSDPC_PROVIDER=azure
# export MSDPC_ACCESS_KEY=<your storage account>
# export MSDPC_SECRET_KEY=<your access key>
# export MSDPC_ENDPOINT=https://xxxx.blob.core.windows.net/
If you see error like below while creating blob with msdpcldutil tool please reach to your cloud support team. This indicates WORM is not enabled for the storage account in the cloud
./msdpcldutil create -b rk-test -v test-worm-vol --mode GOVERNANCE --min 1D --max 2D -l 2022-03-29
Error: createVolume(): The immutable of the current storage account is not enabled. So,you need to use a storage account whose immutable is enable; or set these ENV settings(MSDPC_SUBSCRIPTION_ID/MSDPC_RESOURCE_GROUP/AZURE_TENANT_ID/AZURE_CLIENT_ID/AZURE_CLIENT_SECRET)
List the cloud volumes:
#/usr/openv/pdde/pdcr/bin/msdpcldutil list
Veritas Technologies LLC is aware that the above-mentioned issue is present in the current version(s) of the product(s) mentioned above. Veritas is committed to product quality and satisfied customers. The issue will look to be addressed in a future release of NetBackup.
Related Knowledge Base Articles
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.