NetBackup™ Snapshot Manager Install and Upgrade Guide

Last Published:
Product(s): NetBackup (10.2)
  1. Introduction
    1.  
      About the deployment approach
    2.  
      Deciding where to run NetBackup Snapshot Manager
    3.  
      About deploying NetBackup Snapshot Manager in the cloud
  2. Section I. NetBackup Snapshot Manager installation and configuration
    1. Preparing for NetBackup Snapshot Manager installation
      1.  
        Meeting system requirements
      2.  
        NetBackup Snapshot Manager host sizing recommendations
      3.  
        NetBackup Snapshot Manager extension sizing recommendations
      4.  
        Creating an instance or preparing the host to install NetBackup Snapshot Manager
      5.  
        Installing container platform (Docker, Podman)
      6.  
        Creating and mounting a volume to store NetBackup Snapshot Manager data
      7.  
        Verifying that specific ports are open on the instance or physical host
      8.  
        Preparing NetBackup Snapshot Manager for backup from snapshot jobs
    2. Deploying NetBackup Snapshot Manager using container images
      1.  
        Before you begin installing NetBackup Snapshot Manager
      2.  
        Installing NetBackup Snapshot Manager in the Docker/Podman environment
      3.  
        Verifying that NetBackup Snapshot Manager is installed successfully
      4.  
        Restarting NetBackup Snapshot Manager
    3. Deploying NetBackup Snapshot Manager extensions
      1.  
        Before you begin installing NetBackup Snapshot Manager extensions
      2.  
        Downloading the NetBackup Snapshot Manager extension
      3. Installing the NetBackup Snapshot Manager extension on a VM
        1.  
          Prerequisites to install the extension on VM
        2.  
          Installing the extension on a VM
      4. Installing the NetBackup Snapshot Manager extension on a managed Kubernetes cluster (AKS) in Azure
        1.  
          Prerequisites to install the extension on a managed Kubernetes cluster in Azure
        2.  
          Installing the extension on Azure (AKS)
      5. Installing the NetBackup Snapshot Manager extension on a managed Kubernetes cluster (EKS) in AWS
        1.  
          Prerequisites to install the extension on a managed Kubernetes cluster in AWS
        2. Installing the extension on AWS (EKS)
          1.  
            Install extension using the extension script
      6. Installing the NetBackup Snapshot Manager extension on a managed Kubernetes cluster (GKE) in GCP
        1.  
          Prerequisites to install the extension on a managed Kubernetes cluster in GCP
        2.  
          Installing the extension on GCP (GKE)
      7.  
        Install extension using the Kustomize and CR YAMLs
      8.  
        Managing the extensions
    4. NetBackup Snapshot Manager cloud providers
      1.  
        Why to configure the NetBackup Snapshot Manager cloud providers?
      2. AWS plug-in configuration notes
        1.  
          Prerequisites for configuring the AWS plug-in
        2.  
          Configuring AWS permissions for NetBackup Snapshot Manager
        3.  
          AWS permissions required by NetBackup Snapshot Manager
        4.  
          Before you create a cross account configuration
      3. Google Cloud Platform plug-in configuration notes
        1.  
          Google Cloud Platform permissions required by NetBackup Snapshot Manager
        2.  
          Configuring a GCP service account for NetBackup Snapshot Manager
        3.  
          Preparing the GCP service account for plug-in configuration
        4.  
          GCP cross-project restore configuration
      4. Microsoft Azure plug-in configuration notes
        1.  
          Configuring permissions on Microsoft Azure
        2.  
          About Azure snapshots
      5. Microsoft Azure Stack Hub plug-in configuration notes
        1.  
          Configuring permissions on Microsoft Azure Stack Hub
        2.  
          Configuring staging location for Azure Stack Hub VMs to restore from backup
    5. Configuration for protecting assets on cloud hosts/VM
      1.  
        Deciding which feature (on-host agent or agentless) of NetBackup Snapshot Manager is to be used for protecting the assets
      2. Protecting assets with NetBackup Snapshot Manager's on-host agent feature
        1. Installing and configuring NetBackup Snapshot Manager agent
          1.  
            Downloading and installing the NetBackup Snapshot Manager agent
          2. Linux-based agent
            1.  
              Preparing to install the Linux-based agent
            2.  
              Registering the Linux-based agent
          3. Windows-based agent
            1.  
              Preparing to install the Windows-based agent
            2.  
              Registering the Windows-based agent
        2. Configuring the NetBackup Snapshot Manager application plug-in
          1.  
            Configuring an application plug-in
          2. Microsoft SQL plug-in
            1.  
              Microsoft SQL plug-in configuration requirements
            2.  
              Restore requirements and limitations for Microsoft SQL Server
            3.  
              Steps required before restoring SQL AG databases
            4.  
              Additional steps required after restoring SQL AG databases
            5. Additional steps required after a SQL Server instance snapshot restore
              1.  
                Steps required after a SQL Server host-level restore
              2.  
                Steps required after a SQL Server instance disk-level snapshot restore to new location
          3. Oracle plug-in
            1. Oracle plug-in configuration requirements
              1.  
                Optimizing your Oracle database data and metadata files
            2.  
              Restore requirements and limitations for Oracle
            3.  
              Additional steps required after an Oracle snapshot restore
      3. Protecting assets with NetBackup Snapshot Manager's agentless feature
        1. Prerequisites for the agentless configuration
          1.  
            Configuring SMB for Windows (Optional)
          2.  
            Configuring WMI security for Windows (optional)
        2.  
          Configuring the agentless feature
        3.  
          Configuring the agentless feature after upgrading NetBackup Snapshot Manager
    6. NetBackup Snapshot Manager assets protection
      1. NetBackup protection plan
        1.  
          Creating a NetBackup protection plan for cloud assets
        2.  
          Subscribing cloud assets to a NetBackup protection plan
      2.  
        Configuring VSS to store shadow copies on the originating drive
      3.  
        Additional steps required after restoring an AWS RDS database instance
    7. Volume Encryption in NetBackup Snapshot Manager
      1.  
        About volume encryption support in NetBackup Snapshot Manager
      2.  
        Volume encryption for Azure
      3.  
        Volume encryption for GCP
      4.  
        Volume encryption for AWS
    8. NetBackup Snapshot Manager security
      1.  
        Configuring security for Azure Stack
      2.  
        Configuring the cloud connector for Azure Stack
      3.  
        CA configuration for Azure Stack
      4.  
        Securing the connection to NetBackup Snapshot Manager
  3. Section II. NetBackup Snapshot Manager maintenance
    1. NetBackup Snapshot Manager logging
      1.  
        About NetBackup Snapshot Manager logging mechanism
      2. How Fluentd-based NetBackup Snapshot Manager logging works
        1.  
          About the NetBackup Snapshot Manager fluentd configuration file
        2.  
          Modifying the fluentd configuration file
      3.  
        NetBackup Snapshot Manager logs
      4.  
        Agentless logs
      5.  
        Troubleshooting NetBackup Snapshot Manager logging
    2. Upgrading NetBackup Snapshot Manager
      1.  
        About NetBackup Snapshot Manager upgrades
      2.  
        Supported upgrade path
      3.  
        Upgrade scenarios
      4.  
        Preparing to upgrade NetBackup Snapshot Manager
      5.  
        Upgrading NetBackup Snapshot Manager
      6.  
        Upgrading NetBackup Snapshot Manager using patch or hotfix
      7. Migrating and upgrading NetBackup Snapshot Manager
        1.  
          Before you begin migrating NetBackup Snapshot Manager
        2.  
          Migrate and upgrade NetBackup Snapshot Manager on RHEL 8.6 or 8.4
      8.  
        GCP configuration for migration from zone to region
      9. Post-upgrade tasks
        1.  
          Upgrading NetBackup Snapshot Manager extensions
      10.  
        Post-migration tasks
    3. Uninstalling NetBackup Snapshot Manager
      1.  
        Preparing to uninstall NetBackup Snapshot Manager
      2.  
        Backing up NetBackup Snapshot Manager
      3.  
        Unconfiguring NetBackup Snapshot Manager plug-ins
      4.  
        Unconfiguring NetBackup Snapshot Manager agents
      5.  
        Removing the NetBackup Snapshot Manager agents
      6.  
        Removing NetBackup Snapshot Manager from a standalone Docker host environment
      7.  
        Removing NetBackup Snapshot Manager extensions - VM-based or managed Kubernetes cluster-based
      8.  
        Restoring NetBackup Snapshot Manager
    4. Troubleshooting NetBackup Snapshot Manager
      1.  
        Troubleshooting NetBackup Snapshot Manager
      2.  
        SQL snapshot or restore and granular restore operations fail if the Windows instance loses connectivity with the NetBackup Snapshot Manager host
      3.  
        Disk-level snapshot restore fails if the original disk is detached from the instance
      4.  
        Discovery is not working even after assigning system managed identity to the control node pool
      5.  
        Performance issue with GCP backup from snapshot
      6.  
        Post migration on host agents fail with an error message
      7.  
        File restore job fails with an error message
      8.  
        Acknowledgment not received for datamover
      9.  
        Upgrade of extension on AWS (EKS) fails when upgrading through script
      10.  
        Backup from snapshot job fails with timeout error

Configuring permissions on Microsoft Azure

Before NetBackup Snapshot Manager can protect your Microsoft Azure assets, it must have access to them. You must associate a custom role that NetBackup Snapshot Manager users can use to work with Azure assets.

The following is a custom role definition (in JSON format) that gives NetBackup Snapshot Manager the ability to:

  • Configure the Azure plug-in and discover assets.

  • Create host and disk snapshots.

  • Restore snapshots to the original location or to a new location.

  • Delete snapshots.

{
"properties": {
    "roleName": "snapshot-manager-role",
    "description": "Necessary permissions for Azure plug-in operations in CloudPoint",
    "assignableScopes": [
        "/subscriptions/<SusbcriptionName>"
    ],
     "permissions": [
        {
            "actions": [
                "Microsoft.Storage/*/read",
                "Microsoft.Compute/*/read",
                "Microsoft.Sql/*/read",
                "Microsoft.Compute/disks/write",
                "Microsoft.Compute/disks/delete",
                "Microsoft.Compute/disks/beginGetAccess/action",
                "Microsoft.Compute/disks/endGetAccess/action",
                "Microsoft.Compute/snapshots/delete",
                "Microsoft.Compute/snapshots/write",
                "Microsoft.Compute/snapshots/beginGetAccess/action",
                "Microsoft.Compute/snapshots/endGetAccess/action",
                "Microsoft.Compute/virtualMachines/write",
                "Microsoft.Compute/virtualMachines/delete",
                "Microsoft.Compute/virtualMachines/start/action",
                "Microsoft.Compute/virtualMachines/vmSizes/read",
                "Microsoft.Compute/virtualMachines/powerOff/action",
                "Microsoft.Network/*/read",
                "Microsoft.Network/networkInterfaces/delete",
                "Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action",
                "Microsoft.Network/networkInterfaces/join/action",
                "Microsoft.Network/networkInterfaces/write",
                "Microsoft.Network/networkSecurityGroups/join/action",
                "Microsoft.Network/networkSecurityGroups/write",
                "Microsoft.Network/publicIPAddresses/delete",
                "Microsoft.Network/publicIPAddresses/join/action",
                "Microsoft.Network/publicIPAddresses/write",
                "Microsoft.Network/virtualNetworks/subnets/join/action",
                "Microsoft.Resources/*/read",
                "Microsoft.Resources/subscriptions/tagNames/tagValues/write",
                "Microsoft.Resources/subscriptions/tagNames/write",
                "Microsoft.Subscription/*/read",
                "Microsoft.Authorization/locks/*",
                "Microsoft.Authorization/*/read",
                "Microsoft.ContainerService/managedClusters/agentPools/read",
                "Microsoft.ContainerService/managedClusters/read",
                "Microsoft.Compute/virtualMachineScaleSets/write",
                "Microsoft.Compute/virtualMachineScaleSets/delete/action",
                "Microsoft.Compute/restorePointCollections/read",
                "Microsoft.Compute/restorePointCollections/write",
                "Microsoft.Compute/restorePointCollections/delete",
                "Microsoft.Compute/restorePointCollections/restorePoints/read",
                "Microsoft.Compute/restorePointCollections/restorePoints/write",
                "Microsoft.Compute/restorePointCollections/restorePoints/delete",
                "Microsoft.Compute/restorePointCollections/restorePoints/retrieveSasUris/action",
                "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/read",
                "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/beginGetAccess/action",
                "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/endGetAccess/action"
            ],
            "notActions": [],
            "dataActions": [],
            "notDataActions": []
        }
    ]
}
}

The following set of permissions are required to use managed identity for discovery, create, delete, database authentication and point in time restore(applicable only for Azure SQL and Managed Instance databases) for supported PaaS databases:

actions": [
															"Microsoft.Authorization/*/read",
															"Microsoft.Subscription/*/read",
															"Microsoft.Resources/*/read",
															"Microsoft.ManagedIdentity/*/read",
															"Microsoft.Sql/*/read",
															"Microsoft.Sql/servers/databases/write",
															"Microsoft.Sql/servers/databases/delete",
															"Microsoft.Sql/managedInstances/databases/write",
															"Microsoft.Sql/managedInstances/databases/delete",
															"Microsoft.DBforMySQL/servers/read",
															"Microsoft.DBforMySQL/servers/databases/read",
															"Microsoft.DBforMySQL/flexibleServers/read",
															"Microsoft.DBforMySQL/flexibleServers/databases/read",
															"Microsoft.DBforMySQL/servers/databases/write",
															"Microsoft.DBforMySQL/flexibleServers/databases/write",
															"Microsoft.DBforMySQL/servers/databases/delete",
															"Microsoft.DBforMySQL/flexibleServers/databases/delete",
															"Microsoft.DBforPostgreSQL/servers/databases/delete",
															"Microsoft.DBforPostgreSQL/flexibleServers/databases/delete",
															"Microsoft.DBforPostgreSQL/servers/databases/write",
															"Microsoft.DBforPostgreSQL/flexibleServers/databases/write",
															"Microsoft.DBforPostgreSQL/servers/read",
															"Microsoft.DBforPostgreSQL/servers/databases/read",
															"Microsoft.DBforPostgreSQL/flexibleServers/read",
															"Microsoft.DBforPostgreSQL/flexibleServers/databases/read"
            ],

If NetBackup Snapshot Manager extension is installed on a managed Kubernetes cluster in Azure, then the following permissions can also be added before configuring the plugin:

"Microsoft.ContainerService/managedClusters/agentPools/read",
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.Compute/virtualMachineScaleSets/write",
"Microsoft.Compute/virtualMachineScaleSets/delete/action"

Additional permissions required by PaaS workloads:

"Microsoft.DBforMySQL/servers/read",
"Microsoft.DBforMySQL/servers/databases/read",
"Microsoft.DBforMySQL/flexibleServers/read",
"Microsoft.DBforMySQL/flexibleServers/databases/read",
"Microsoft.DBforPostgreSQL/servers/read",
"Microsoft.DBforPostgreSQL/servers/databases/read",
"Microsoft.DBforPostgreSQL/flexibleServers/read",
"Microsoft.DBforPostgreSQL/flexibleServers/databases/read",
"Microsoft.Sql/*/write",
"Microsoft.Sql/*/delete"

If you use system managed identity for the PaaS Azure SQL and Managed Instance, apply the same set of permissions/rules to the media server(s) and snapshot manager. If you use user managed identity, attach the same user managed identity to the media server(s) and snapshot manager.

To create a custom role using powershell, follow the steps mentioned in the Azure documentation.

For example:

New-AzureRmRoleDefinition -InputFile "C:\CustomRoles\ReaderSupportRole.json"

To create a custom role using Azure CLI, follow the steps mentioned in the Azure documentation.

For example:

az role definition create --role-definition "~/CustomRoles/
ReaderSupportRole.json"

Note:

Before creating a role, you must copy the role definition given earlier (text in JSON format) in a .json file and then use that file as the input file. In the sample command displayed earlier, ReaderSupportRole.json is used as the input file that contains the role definition text.

To use this role, perform the following:

  • Assign the role to an application running in the Azure environment.

  • In NetBackup Snapshot Manager, configure the Azure off-host plug-in with the application's credentials.

More Information

Microsoft Azure plug-in configuration notes