NetBackup™ 10.2.0.1 Application Guide
- Product overview
- Release notes
- Geting started
- Creating NetBackup application instances
- Managing NetBackup application instances
- Managing application instances from Flex Appliance and NetBackup
- Accessing NetBackup primary and media server instances for management tasks
- Managing users on a primary or a media server instance
- Adding and removing local users on a primary or a media server instance
- Connecting an Active Directory user domain to a primary or a media server instance
- Connecting an LDAP user domain to a primary or a media server instance
- Changing a user password on a primary or a media server instance
- Using SSH keys for authentication on a primary or a media server instance
- Running NetBackup commands on a primary or a media server application instance
- Monitoring NetBackup services on a NetBackup primary server instance
- Mounting an NFS share on a NetBackup primary server instance
- Setting environment variables on primary and media server instances
- Storing custom data on a primary or a media server instance
- Modifying or disabling the nbdeployutil utility on a primary server instance
- Disabling SMB server signing on a media server instance
- Enabling extra OS STIG hardening on a primary or a media server instance
- Using a login banner on a primary or a media server instance
- Using a primary server instance for disaster recovery
- Managing users on a primary or a media server instance
- Accessing NetBackup WORM storage server instances for management tasks
- Managing users from the deduplication shell
- Adding and removing local users from the deduplication shell
- Adding MSDP users from the deduplication shell
- Connecting an Active Directory domain to a WORM storage server for Universal Shares and Instant Access
- Disconnecting an Active Directory domain from the deduplication shell
- Changing a user password from the deduplication shell
- Managing VLAN interfaces from the deduplication shell
- Viewing the lockdown mode on a WORM storage server
- Managing the retention policy on a WORM storage server
- Managing images with a retention lock on a WORM storage server
- Auditing WORM retention changes
- Protecting the NetBackup catalog on a WORM storage server
- Managing certificates from the deduplication shell
- Managing FIPS mode from the deduplication shell
- Encrypting backups from the deduplication shell
- Configuring an isolated recovery environment from the deduplication shell
- Managing an isolated recovery environment from the deduplication shell
- Tuning the MSDP configuration from the deduplication shell
- Setting the MSDP log level from the deduplication shell
- Managing NetBackup services from the deduplication shell
- Managing the cyclic redundancy checking (CRC) service
- Managing the content router queue processing (CRQP) service
- Managing the online checking service
- Managing the compaction service
- Managing the deduplication (MSDP) services
- Managing the Storage Platform Web Service (SPWS)
- Managing the Veritas provisioning file system (VPFS) configuration parameters
- Managing the Veritas provisioning file system (VPFS) mounts
- Managing the NGINX service
- Managing the SMB service
- Monitoring and troubleshooting NetBackup services from the deduplication shell
- Managing S3 service from the deduplication shell
- Managing users from the deduplication shell
Importing certificates from the deduplication shell
Use the following procedures to import NetBackup or external certificates from the deduplication shell.
To import a NetBackup certificate
- Open an SSH session to the server as the msdpadm user.
- Run one of the following commands:
To request the NetBackup CA certificate from the primary server:
setting certificate get-CA-certificate
By default, the command uses the first primary server entry in the NetBackup configuration file. You can specify an alternate primary server with the primary_server parameter. For example:
setting certificate get-CA-certificate primary_server=<alternate primary server hostname>
To request a host certificate from the primary server:
setting certificate get-certificate [force=true]
Where [force=true] is an optional parameter that overwrites the existing certificate if it already exists.
By default, the command uses the first primary server entry in the NetBackup configuration file. You can specify an alternate primary server with the primary_server parameter. For example:
setting certificate get-certificate primary_server=<alternate primary server hostname>
Depending on the primary server security level, the host may require an authorization or a reissue token. If the command prompts that a token is required for the request, enter the command again with the token for the host ID-based certificate. For example:
setting certificate get-certificate primary_server=<alternate primary server hostname> token=<certificate token> force=true
To import external certificates
- Open an SSH session to the server as the msdpadm user.
- Run one of the following commands:
To download and install both the external CA certificate and the host certificate:
setting certificate install-external-certificates cacert=<trust store> cert=<host certificate> private_key=<key> [passphrase=<passphrase>] scp_host=<host> scp_port=<port>
Where:
<trust store> is the trust store in PEM format.
<host certificate> is the X.509 certificate of the host in PEM format.
<key> is the RSA private key in PEM format.
[passphrase=<passphrase>] is an optional parameter for the passphrase of the private key. This parameter is required if the key is encrypted.
<host> is the hostname of the host that stores the external certificates.
<port> is the port to connect to on the remote host.
To download and install the external CA certificate:
setting certificate get-external-CA-certificate cacert=<trust store> scp_host=<host> scp_port=<port>
Where:
<trust store> is the trust store in PEM format.
<host> is the hostname of the host that stores the external certificates.
<port> is the port to connect to on the remote host.
To download and install the external host certificate:
setting certificate get-external-certificates cert=<host certificate> private_key=<key> [passphrase=<passphrase>] scp_host=<host> scp_port=<port>
Where:
<host certificate> is the X.509 certificate of the host in PEM format.
<key> is the RSA private key in PEM format.
[passphrase=<passphrase>] is an optional parameter for the passphrase of the private key. This parameter is required if the key is encrypted.
<host> is the hostname of the host that stores the external certificates.
<port> is the port to connect to on the remote host.
Note:
If an external host certificate already exists on the server, it is overwritten.
- (Optional) Run the following command to specify the revocation check level for the external certificates:
setting certificate set-CRL-check-level check_level=<DISABLE, LEAF, or CHAIN>
The check levels are as follows:
DISABLE: The revocation check is disabled. The revocation status of the certificate is not validated against the CRL during host communication.
LEAF: The revocation status of the leaf certificate is validated against the CRL. LEAF is the default value.
CHAIN: The revocation status of all certificates from the certificate chain is validated against the CRL.