Veritas NetBackup™ Flex Scale Administrator's Guide
- Product overview
- Viewing information about the NetBackup Flex Scale cluster environment
- NetBackup Flex Scale infrastructure management
- User management
- Considerations for managing NetBackup Flex Scale users
- Adding users
- Changing user password
- Removing users
- Modifying user roles
- Considerations for configuring AD/LDAP
- Configuring AD server for Universal shares and Instant Access
- Configuring AD/LDAP servers for NetBackup services
- Configuring additional AD/LDAP servers for managing NetBackup services/Universal Shares/Instant Access
- Configuring AD/LDAP servers on clusters deployed with only media servers
- Directory services and certificate management
- Region settings management
- About NetBackup Flex Scale storage
- About Universal Shares
- Cloud bucket support for NetBackup Flex Scale
- Node and disk management
- NetBackup Flex Scale network cabling
- Adding a node to the cluster using the NetBackup Flex Scale web interface
- Adding a node using the REST APIs
- Replacing a node in a cluster
- Starting and stopping nodes
- Rebooting a node
- Adding an excluded node to the cluster
- Replacing a disk
- Adding an excluded disk to the cluster
- Viewing the disk sync status
- Viewing disk details
- Viewing node details
- Switching management console to another cluster node
- License management
- Stopping NetBackup service containers
- Starting NetBackup service containers
- Managing hardware vendor packages
- User management
- NetBackup Flex Scale network management
- About network management
- Modifying DNS settings
- About bonding Ethernet interfaces
- Bonding operations
- Configuring NetBackup Flex Scale in a non-DNS environment
- Data network configurations
- Choosing the correct input method for data network configuration
- Network configuration on plain device (eth5)
- Network configuration on VLAN (eth5)
- Network configuration on bonded interfaces (bond0 on eth5 and eth7)
- VLAN on bond of eth5 and eth7 (bond0)
- Network configuration on management interface (eth1)
- Network configurations for adding a partial data network
- Support for multiple VLAN when disaster recovery is configured
- Configuring static routes on a NetBackup Flex Scale cluster
- NetBackup Flex Scale infrastructure monitoring
- Resiliency in NetBackup Flex Scale
- EMS server configuration
- Site-based disaster recovery in NetBackup Flex Scale
- About site-based disaster recovery in NetBackup Flex Scale
- Configuring disaster recovery using GUI
- Clearing the host cache
- Automated NetBackup SLP management
- DNS key management
- Managing disaster recovery using GUI
- Performing disaster recovery using RESTful APIs
- Active-Active disaster recovery configuration
- NetBackup optimized duplication using Storage Lifecycle Policies
- NetBackup Flex Scale security
- STIG overview for NetBackup Flex Scale
- FIPS overview for NetBackup Flex Scale
- Managing the login banner
- Changing the password policy
- Support for immutability in NetBackup Flex Scale
- Authenticating users using digital certificates or smart cards
- About system certificates on NetBackup Flex Scale
- Deploying external certificates on NetBackup Flex Scale
- Troubleshooting
- Services management
- Audit logs
- Collecting logs for cluster nodes
- Troubleshooting NetBackup Flex Scale issues
- If cluster configuration fails (for example because an IP address that was already in use is specified) and you try to reconfigure the cluster, the UI displays an error but the configuration process continues to run
- Validation error while adding VMware credentials to NetBackup
- NetBackup Web UI incorrectly displays some NetBackup Flex Scale processes as failed
- Unable to create BMR Shared Resource Tree (SRT) on NetBackup Flex Scale Appliance
- NetBackup configuration files are not persistent across operations that require restarting the system
- Appendix A. Maintenance procedures for HPE servers
- Replacement procedure for a chassis fan
- Replacement procedure for power supply
- Replacement procedure for a single OS disk
- Replacement procedure for both OS disks on the management console node
- Replacement procedure for both OS disks on a non- management console node
- Replacement procedure for NVMe disks (SSDs)
- Replacement procedure for RAID controller
- Replacement procedure for an Integrated Lights-Out (iLO) port
- Replacement procedure for quad-port NIC
- Procedure for memory expansion (DIMMs)
- Replacement procedure for memory (DIMMs)
- Replacement procedure for Mellanox port
- Appendix B. Configuring NetBackup optimized duplication
- Appendix C. Disaster recovery terminologies
- Appendix D. Configuring Auto Image Replication
DNS key management
Before changing the replication roles, the DNS server(s) configured with NetBackup Flex Scale may need to be updated to correctly resolve NetBackup primary server FQDN(s). NetBackup Flex Scale gives you the option to update the DNS server(s) automatically when changing the replication role of the cluster.
The DNS key management wizard in the Primary service replication page can be used to configure TSIG (Transaction signature) key for DNS servers configured on the NetBackup Flex Scale cluster. TSIG as specified in RFC 2845 is a shared key message authentication mechanism that is available in BIND DNS. A TSIG key provides the means to authenticate and verify the validity of exchanged DNS data. It uses a shared secret key between a resolver and either one or two servers to provide security. For TSIG authentication to work correctly, the clock has to be in sync between the NetBackup Flex Scale cluster(s) and the DNS server(s).
NetBackup Flex Scale 3.1 supports Bind 9 compatible DNS servers for automatic updates. Windows DNS server is not supported for automatic DNS update. If the primary service replication is configured to use same virtual IP for NetBackup primary service on both clusters, then DNS update is not required before changing the replication role. So the DNS key management wizard and automatic DNS update option are not available in this configuration.
You can manage the DNS keys using the GUI.
To manage DNS secret key using GUI
- Log on to NetBackup Flex Scale GUI of the primary or secondary site.
- Go to Settings > Primary service replication. Click View details under DNS key management.
- The DNS key management screen appears. It lists all the configured DNS server that you can manage.
Note:
DNS key management tab does not appear if NetBackup primary service configuration has been done using a single virtual IP.
You can also upload the secret key using GUI.
To upload secret key using GUI
- Ensure that the DNS server secret key file (generated using tsig-keygen on the DNS server) is ready for upload.
Only DNS servers with valid secret keys are allowed to be updated automatically during role change.
- Click the Actions menu (vertical ellipsis) from the right side of the row in the GUI to open the additional options for a selected DNS server.
- Select Upload secret key option.
- Using the File select dialog box, select the secret key file to upload. The secret key file is uploaded and then validated against the DNS server. Once the key is validated, the screen shows the key as valid or invalid.
You can also remove the secret key using GUI.
To remove secret key using GUI
- Click the Actions menu (vertical ellipsis) from the right side of the row in the GUI to open the additional options for a selected DNS server.
- Select Remove secret key option.
You can also manage the DNS keys using RESTful APIs.
To retrieve the list of DNS servers to configure automatic DNS update.
GET api/appliance/v1.0/disaster-recovery/dns
To upload a secret key file for a given DNS server.
PUT api/appliance/v1.0/disaster-recovery/dns/{serverIP}To configure a DNS server for DNS automatic update.
POST /api/appliance/v1.0/disaster-recovery/dns/{serverIP}To validate a secret key file for a given DNS server.
POST /api/appliance/v1.0/disaster-recovery/dns/{serverIP}/validateTo unconfigure a DNS server from DNS automatic update.
DELETE /api/appliance/v1.0/disaster-recovery/dns/{serverIP}