Veritas Access Appliance 8.2 Solutions Guide for NetBackup
- Access Appliance integration with NetBackup
- System requirements
- Configuring Veritas Data Deduplication with Access Appliance
- About Veritas Data Deduplication
- Benefits of using Veritas Data Deduplication with Access Appliance
- Supported features with different versions of Veritas Data Deduplication
- Configuring Veritas Data Deduplication without WORM
- Configuring Veritas Data Deduplication with WORM
- Managing Veritas Data Deduplication using the Access CLISH
- Managing Veritas Data Deduplication using GUI
- Viewing information about Veritas Data Deduplication
- Starting or stopping the Veritas Data Deduplication service
- Increasing storage for Veritas Data Deduplication
- Unconfiguring Veritas Data Deduplication
- Adding secondary IP for Veritas Data Deduplication
- Deleting secondary IP for Veritas Data Deduplication
- Changing the primary IP for Veritas Data Deduplication
- Upgrade the deduplication version for Veritas Data Deduplication
- Setting affinity node for Veritas Data Deduplication
- Accessing Access Appliance storage shell for management tasks
- Support for multiple domains across networks for Veritas Data Deduplication
- Veritas Data Deduplication storage layout
- Configuring a Veritas Data Deduplication storage unit on NetBackup
- Configuring global deduplication using the Veritas Data Deduplication storage server across the domain
- Enabling Veritas Data Deduplication encryption
- Support for bandwidth throttling during duplication
- Setting up secure communication between Veritas Data Deduplication on Access Appliance and the NetBackup primary server
- About MSDP encryption using NetBackup KMS service
- Support for NetBackup Auto Image Replication
- Setting up Auto Image Replication (AIR) between two Access Appliances which have secure communication enabled
- NetBackup Dedupe Direct for Oracle
- Configuring MSDP-C with Access Appliance
- Migrating the NetBackup images from existing storage to Veritas Access storage
- Configuring Access Appliance with the NetBackup client
- Configuring Access Appliance for NetBackup client
- Installing the NetBackup client add-on packages
- Prerequisites for configuring the NetBackup client
- Configuring the NetBackup client
- Adding an optional media server
- Adding multiple primary servers
- Adding file systems to the backup configuration
- Removing file systems from backup configuration
- Changing the virtual IP address used by the NetBackup client
- Upgrade the NetBackup client
- Unconfiguring the NetBackup client
- Enabling Veritas Data Deduplication catalog backup with NetBackup client
- Disabling Veritas Data Deduplication catalog backup from NetBackup client
- Displaying the status of NetBackup services
- Configuring backup operations using NetBackup or other third-party backup applications
- Restoring filesystems backed up with NetBackup client
- Configuring isolated recovery environment (IRE)
- Requirements
- Configuring the network isolation
- Configuring an isolated recovery environment using the command line
- Configuring an isolated recovery environment on a storage server
- Managing an isolated recovery environment on a storage server
- Configuring data transmission between a production environment and an IRE storage server
- Troubleshooting
- Index
About MSDP encryption using NetBackup KMS service
Access Appliance incorporates Key Management Server (KMS) with Media Server Deduplication Pool. MSDP encryption carries out segment-level encryption and assigns a unique encryption key for every data segment. A customer key is retrieved from NetBackup KMS to encrypt the segment key. Key creation and activation actions must be done manually (or using scripts) by the user.
The version of the NetBackup primary server which is to be used as the KMS server should be 10.1.1 for KMS encryption.
Pre-requisite:
Set up secure communication between Access Appliance and the primary server in its domain.
You can use the kms enable command to enable encryption in the deduplication server using KMS. The key group specified should have an active key for encryption to work. Ensure that secure communication has been set up between the deduplication server and the NetBackup primary server before enabling KMS. The deduplication server is restarted as a part of the kms enable enable command.
dedupe> kms enable primary_server keygroup config_name
primary_server | FQDN of the NetBackup primary server which is also the KMS server. |
keygroup | Name of the key group whose active key is used to encrypt data. |
config_name | Name for the deduplication service in which KMS is to be enabled. Note: This is an optional parameter when only one deduplication server is present in the cluster. It is mandatory if more than one deduplication servers are present. |
The kms enable command can be used to enable external KMS in Access Appliance MSDP. Ensure that the NetBackup primary server is already configured to work with the external KMS.
The encryption and KMS status of the deduplication servers can be verified with the dedupe show command. After you enable the KMS server, the existing unencrypted data can be encrypted with KMS encryption by running the encryption crawler.
If the MSDP storage server is being used in multiple NetBackup domains, backup and restores from other domains fail if secure communication has been set up with the NetBackup primary server or the NetBackup KMS server. To avoid the backup and restore failure from other domains, you must set up trust between the NetBackup primary server with which secure communication has been set up, and the rest of the NetBackup primary servers. You can set up trust using the same steps that you use to set up AIR between two appliances.
For detailed steps, refer to the NetBackup™ Deduplication Guide on SORT.