NetBackup™ Snapshot Manager Install and Upgrade Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.1)
  1. Introduction
    1.  
      About the deployment approach
    2.  
      Deciding where to run Snapshot Manager
    3.  
      About deploying Snapshot Manager in the cloud
  2. Section I. NetBackup Snapshot Manager installation and configuration
    1. Preparing for NetBackup Snapshot Manager installation
      1.  
        Meeting system requirements
      2.  
        Snapshot Manager host sizing recommendations
      3.  
        Snapshot Manager extension sizing recommendations
      4.  
        Creating an instance or preparing the host to install Snapshot Manager
      5.  
        Installing container platform (Docker, Podman)
      6.  
        Creating and mounting a volume to store Snapshot Manager data
      7.  
        Verifying that specific ports are open on the instance or physical host
      8.  
        Preparing Snapshot Manager for backup from snapshot jobs
    2. Deploying NetBackup Snapshot Manager using container images
      1.  
        Before you begin installing Snapshot Manager
      2.  
        Installing Snapshot Manager in the Docker/Podman environment
      3.  
        Verifying that Snapshot Manager is installed successfully
      4.  
        Restarting Snapshot Manager
    3. Deploying NetBackup Snapshot Manager extensions
      1.  
        Before you begin installing Snapshot Manager extensions
      2.  
        Downloading the Snapshot Manager extension
      3. Installing the Snapshot Manager extension on a VM
        1.  
          Prerequisites to install the extension on VM
        2.  
          Installing the extension on a VM
      4. Installing the Snapshot Manager extension on a managed Kubernetes cluster (AKS) in Azure
        1.  
          Prerequisites to install the extension on a managed Kubernetes cluster in Azure
        2.  
          Installing the extension on Azure (AKS)
      5. Installing the Snapshot Manager extension on a managed Kubernetes cluster (EKS) in AWS
        1.  
          Prerequisites to install the extension on a managed Kubernetes cluster in AWS
        2. Installing the extension on AWS (EKS)
          1.  
            Install extension using the extension script
      6. Installing the Snapshot Manager extension on a managed Kubernetes cluster (GKE) in GCP
        1.  
          Prerequisites to install the extension on a managed Kubernetes cluster in GCP
        2.  
          Installing the extension on GCP (GKE)
      7.  
        Install extension using the Kustomize and CR YAMLs
      8.  
        Managing the extensions
    4. NetBackup Snapshot Manager cloud plug-ins
      1.  
        How to configure the Snapshot Manager cloud plug-ins?
      2. AWS plug-in configuration notes
        1.  
          Prerequisites for configuring the AWS plug-in
        2.  
          Configuring AWS permissions for Snapshot Manager
        3.  
          AWS permissions required by Snapshot Manager
        4.  
          Before you create a cross account configuration
      3. Google Cloud Platform plug-in configuration notes
        1.  
          Google Cloud Platform permissions required by Snapshot Manager
        2.  
          Configuring a GCP service account for Snapshot Manager
        3.  
          Preparing the GCP service account for plug-in configuration
      4. Microsoft Azure plug-in configuration notes
        1.  
          Configuring permissions on Microsoft Azure
        2.  
          About Azure snapshots
      5. Microsoft Azure Stack Hub plug-in configuration notes
        1.  
          Configuring permissions on Microsoft Azure Stack Hub
        2.  
          Configuring staging location for Azure Stack Hub VMs to restore from backup
    5. NetBackup Snapshot Manager application agents and plug-ins
      1.  
        About the installation and configuration process
      2. Installing and configuring Snapshot Manager agent
        1.  
          Downloading and installing the Snapshot Manager agent
        2. Linux-based agent
          1.  
            Preparing to install the Linux-based agent
          2.  
            Registering the Linux-based agent
        3. Windows-based agent
          1.  
            Preparing to install the Windows-based agent
          2.  
            Registering the Windows-based agent
      3. Configuring the Snapshot Manager application plug-in
        1.  
          Configuring an application plug-in
        2. Microsoft SQL plug-in
          1.  
            Microsoft SQL plug-in configuration requirements
          2.  
            Restore requirements and limitations for Microsoft SQL Server
          3.  
            Steps required before restoring SQL AG databases
          4.  
            Additional steps required after restoring SQL AG databases
          5. Additional steps required after a SQL Server instance snapshot restore
            1.  
              Steps required after a SQL Server host-level restore
            2.  
              Steps required after a SQL Server instance disk-level snapshot restore to new location
        3. Oracle plug-in
          1. Oracle plug-in configuration requirements
            1.  
              Optimizing your Oracle database data and metadata files
          2.  
            Restore requirements and limitations for Oracle
          3.  
            Additional steps required after an Oracle snapshot restore
      4. NetBackup protection plan
        1.  
          Creating a NetBackup protection plan for cloud assets
        2.  
          Subscribing cloud assets to a NetBackup protection plan
      5.  
        Configuring VSS to store shadow copies on the originating drive
      6.  
        Additional steps required after restoring an AWS RDS database instance
    6. Protecting assets with NetBackup Snapshot Manager's agentless feature
      1.  
        About the agentless feature
      2. Prerequisites for the agentless configuration
        1.  
          Configuring SMB for Windows (Optional)
        2.  
          Configuring WMI security for Windows (optional)
      3.  
        Configuring the agentless feature
      4.  
        Configuring the agentless feature after upgrading Snapshot Manager
    7. Volume Encryption in NetBackup Snapshot Manager
      1.  
        About volume encryption support in Snapshot Manager
      2.  
        Volume encryption for Azure
      3.  
        Volume encryption for GCP
      4.  
        Volume encryption for AWS
    8. NetBackup Snapshot Manager security
      1.  
        Configuring security for Azure Stack
      2.  
        Configuring the cloud connector for Azure Stack
      3.  
        CA configuration for Azure Stack
      4.  
        Securing the connection to Snapshot Manager
  3. Section II. NetBackup Snapshot Manager maintenance
    1. NetBackup Snapshot Manager logging
      1.  
        About Snapshot Manager logging mechanism
      2. How Fluentd-based Snapshot Manager logging works
        1.  
          About the Snapshot Manager fluentd configuration file
        2.  
          Modifying the fluentd configuration file
      3.  
        Snapshot Manager logs
      4.  
        Agentless logs
      5.  
        Troubleshooting Snapshot Manager logging
    2. Upgrading NetBackup Snapshot Manager
      1.  
        About Snapshot Manager upgrades
      2.  
        Supported upgrade path
      3.  
        Upgrade scenarios
      4.  
        Preparing to upgrade Snapshot Manager
      5.  
        Upgrading Snapshot Manager
      6.  
        Upgrading Snapshot Manager using patch or hotfix
      7. Migrating and upgrading Snapshot Manager
        1.  
          Before you begin migrating Snapshot Manager
        2.  
          Migrate and upgrade Snapshot Manager on RHEL 8.6 or 8.4
      8. Post-upgrade tasks
        1.  
          Upgrading Snapshot Manager extensions
      9.  
        Post-migration tasks
    3. Uninstalling NetBackup Snapshot Manager
      1.  
        Preparing to uninstall Snapshot Manager
      2.  
        Backing up Snapshot Manager
      3.  
        Unconfiguring Snapshot Manager plug-ins
      4.  
        Unconfiguring Snapshot Manager agents
      5.  
        Removing the Snapshot Manager agents
      6.  
        Removing Snapshot Manager from a standalone Docker host environment
      7.  
        Removing Snapshot Manager extensions - VM-based or managed Kubernetes cluster-based
      8.  
        Restoring Snapshot Manager
    4. Troubleshooting NetBackup Snapshot Manager
      1.  
        Troubleshooting Snapshot Manager
      2.  
        SQL snapshot or restore and granular restore operations fail if the Windows instance loses connectivity with the Snapshot Manager host
      3.  
        Disk-level snapshot restore fails if the original disk is detached from the instance
      4.  
        Discovery is not working even after assigning system managed identity to the control node pool
      5.  
        Performance issue with GCP backup from snapshot
      6.  
        Post migration on host agents fail with an error message
      7.  
        File restore job fails with an error message

AWS plug-in configuration notes

The Amazon Web Services (AWS) plug-in lets you create, restore, and delete snapshots of the following assets in an Amazon cloud:

  • Elastic Compute Cloud (EC2) instances

  • Elastic Block Store (EBS) volumes

  • Amazon Relational Database Service (RDS) instances

  • Aurora clusters

Note:

Before you configure the AWS plug-in, make sure that you have configured the proper permissions so Snapshot Manager can work with your AWS assets.

Snapshot Manager supports the following AWS regions:

Table: AWS regions supported by Snapshot Manager

AWS commercial regions

AWS GovCloud (US) regions

  • us-east-1, us-east-2, us-west-1, us-west-2

  • ap-east-1, ap-south-1, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-southeast-3

  • eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, eu-south-1 Milan, eu-south-1 Cape Town

  • cn-north-1, cn-northwest-1

  • ca-central-1

  • me-south-1

  • sa-east-1

  • us-gov-east-1

  • us-gov-west-1

The following information is required for configuring the Snapshot Manager plug-in for AWS:

If Snapshot Manager is deployed on a on-premise host or a virtual machine:

Table: AWS plug-in configuration parameters

Snapshot Manager configuration parameter

AWS equivalent term and description

Access key

The access key ID, when specified with the secret access key, authorizes Snapshot Manager to interact with the AWS APIs.

Secret key

The secret access key.

Regions

One or more AWS regions in which to discover cloud assets.

Note:

Snapshot Manager encrypts credentials using AES-256 encryption.

If Snapshot Manager is deployed in the AWS cloud:

Table: AWS plug-in configuration parameters: cloud deployment

Snapshot Manager configuration parameter

Description

For Source Account configuration

Regions

One or more AWS regions associated with the AWS source account in which to discover cloud assets.

Note:

If you deploy Snapshot Manager using the CloudFormation template (CFT), then the source account is automatically configured as part of the template-based deployment workflow.

For Cross Account configuration

Account ID

The account ID of the other AWS account (cross account) whose assets you wish to protect using the Snapshot Manager instance configured in the Source Account.

Role Name

The IAM role that is attached to the other AWS account (cross account).

Regions

One or more AWS regions associated with the AWS cross account in which to discover cloud assets.

When Snapshot Manager connects to AWS, it uses the following endpoints. You can use this information to create a allowed list on your firewall.

  • ec2.*.amazonaws.com

  • sts.amazonaws.com

  • rds.*.amazonaws.com

  • kms. *.amazonaws.com

  • ebs.*.amazonaws.com

  • iam.amazonaws.com

  • eks.*.amazonaws.com

  • autoscaling.*.amazonaws.com

  • (For DBPaaS protection) dynamodb.*.amazonaws.com

In addition, you must specify the following resources and actions:

  • ec2.SecurityGroup.*

  • ec2.Subnet.*

  • ec2.Vpc.*

  • ec2.createInstance

  • ec2.runInstances

Configuring multiple accounts or subscriptions or projects

  • If you are creating multiple configurations for the same plug-in, ensure that they manage assets from different Regions. Two or more plug-in configurations should not manage the same set of cloud assets simultaneously.

  • When multiple accounts are all managed with a single Snapshot Manager, the number of assets being managed by a single Snapshot Manager instance might get too large and it would be better to space them out.

  • To achieve application consistent snapshots, we would require agent/agentless network connections between the remote VM instance and Snapshot Manager. This would require setting up cross account/subscription/project networking.

AWS plug-in considerations and limitations

Before you configure the plug-in, consider the following:

  • Snapshot Manager does not support AWS Nitro-based instances that use EBS volumes that are exposed as non-volatile memory express (NVMe) devices.

    To allow Snapshot Manager to discover and protect AWS Nitro-based Windows instances that use NVMe EBS volumes, ensure that the AWS NVMe tool executable file, ebsnvme-id.exe, is present in any of the following locations on the AWS Windows instance:

  • To allow Snapshot Manager to discover and protect Windows instances created from custom/community AMI.

    • AWS NVMe drivers must be installed on custom or community AMIs. See this link.

    • Install the ebsnvme-id.exe either in %PROGRAMDATA%\Amazon\Tools or %PROGRAMFILES%\Veritas\Cloudpoint

    • Friendly device name must contain the substring "NVMe", or update in Windows registry for all NVMe backed devices.

      Registry path:

      Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001

      \Enum\SCSI\Disk&Ven_NVMe&Prod_Amazon_Elastic_B\

      Property Name: FriendlyName

      Value: NVMe Amazon Elastic B SCSI Disk Drive

  • You cannot delete automated snapshots of RDS instances and Aurora clusters through Snapshot Manager.

  • The application consistency of AWS RDS applications depend on the behavior of AWS. (AWS suspends I/O while backing up the DB instance).

    This is a limitation from AWS and is currently outside the scope of Snapshot Manager.

  • All automated snapshot names start with the pattern rds:.

  • If you are configuring the plug-in to discover and protect AWS Nitro-based Windows instances that use NVMe EBS volumes, you must ensure that the AWS NVMe tool executable file, ebsnvme-id.exe, is present in any of the following locations on the AWS instance:

    • %PROGRAMDATA%\Amazon\Tools

      This is the default location for most AWS instances.

    • %PROGRAMFILES%\Veritas\Cloudpoint

      Manually download and copy the executable file to this location.

    • System PATH environment variable

      Add or update the executable file path in the system's PATH environment variable.

    If the NVMe tool is not present in one of the mentioned locations, Snapshot Manager may fail to discover the file systems on such instances. You may see the following error in the logs:

    "ebsnvme-id.exe" not found in expected paths!"

    This is required for AWS Nitro-based Windows instances only. Also, if the instance is launched using the community AMI or custom AMI, you might need to install the tool manually.

  • Snapshot Manager does not support cross-account replication for AWS RDS instances or clusters, if the snapshots are encrypted using the default RDS encryption key (aws/rds). You cannot share such encrypted snapshots between AWS accounts.

    If you try to replicate such snapshots between AWS accounts, the operation fails with the following error:

    Replication failed The source snapshot KMS key [<key>] does not exist, 
is not enabled or you do not have permissions to access it.

    This is a limitation from AWS and is currently outside the scope of Snapshot Manager.

  • If a region is removed from the AWS plug-in configuration, then all the discovered assets from that region are also removed from the Snapshot Manager assets database. If there are any active snapshots that are associated with the assets that get removed, then you may not be able perform any operations on those snapshots.

    Once you add that region back into the plug-in configuration, Snapshot Manager discovers all the assets again and you can resume operations on the associated snapshots. However, you cannot perform restore operations on the associated snapshots.

  • Snapshot Manager supports commercial as well as GovCloud (US) regions. During AWS plug-in configuration, even though you can select a combination of AWS commercial and GovCloud (US) regions, the configuration will eventually fail.

  • Snapshot Manager does not support IPv6 addresses for AWS RDS instances. This is a limitation of Amazon RDS itself and is not related to Snapshot Manager.

    For more information, refer to the AWS documentation.

  • Snapshot Manager does not support application consistent snapshots and granular file restores for Windows systems with virtual disks or storage spaces that are created from a storage pool. If a Microsoft SQL server snapshot job uses disks from a storage pool, the job fails with an error. But if a snapshot job for virtual machine which is in a connected state is triggered, the job might be successful. In this case, the file system quiescing and indexing is skipped. The restore job for such an individual disk to original location also fails. In this condition, the host might move to an unrecoverable state and requires a manual recovery.