NetBackup™ Web UI Nutanix AHV Administrator's Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.0)
  1. Introducing the NetBackup web user interface
    1.  
      About the NetBackup web UI
    2.  
      Terminology
    3.  
      Sign in to the NetBackup web UI
    4.  
      Sign out of the NetBackup web UI
  2. Monitoring NetBackup
    1.  
      The NetBackup dashboard
    2.  
      Job monitoring
    3.  
      Search for or filter jobs in the jobs list
  3. Overview
    1.  
      Overview of configuring and protecting AHV assets in the NetBackup web UI
  4. Managing AHV clusters
    1.  
      Quick configuration checklist to protect AHV virtual machines
    2.  
      Configure secure communication between the AHV cluster and NetBackup host
    3.  
      Enable the iSCSI initiator service on windows backup host
    4.  
      Install the iSCSI initiator package on Linux backup host
    5.  
      Migrate Java GUI/CLI added clusters into WebUI
    6.  
      Configure Nutanix AHV cluster
    7.  
      Configure CHAP settings for iSCSI secure communication with AHV clusters
    8.  
      About the ports that NetBackup uses to communicate with AHV
    9.  
      Add or browse an AHV cluster
    10.  
      Remove AHV Clusters
    11.  
      Create an intelligent VM group
    12.  
      Assign permissions to the intelligent VM group
    13.  
      Update the intelligent VM group
    14.  
      Remove the intelligent VM group
    15.  
      Set CHAP for iSCSI
    16.  
      Add an AHV access host
    17.  
      Remove an AHV access host
    18.  
      Change resource limits for AHV resource types
    19.  
      Change the autodiscovery frequency of AHV assets
  5. Managing AHV credentials
    1.  
      Add new cluster credentials
    2.  
      Update and validate AHV cluster credentials
    3.  
      View the credential name that is applied to an asset
    4.  
      Edit or delete a named credential
  6. Protecting AHV virtual machines
    1.  
      Things to know before you protect AHV virtual machines
    2.  
      Protect AHV VMs or intelligent VM groups
    3.  
      Customize protection settings for an AHV asset
    4.  
      Schedules and retention
    5.  
      Backup options
    6.  
      Prerequisite to Enable virtual machine quiescing
    7.  
      Remove protection from VMs or intelligent VM groups
    8.  
      View the protection status of VMs or intelligent VM groups
  7. Recovering AHV virtual machines
    1.  
      Things to consider before you recover the AHV virtual machines
    2.  
      About the pre-recovery check
    3.  
      Recover an AHV virtual machine
    4.  
      About Nutanix AHV agentless files and folders restore
    5.  
      Prerequisites for agentless files and folder recovery
    6.  
      SSH key fingerprint
    7.  
      Recover files and folders with Nutanix AHV agentless restore
    8.  
      Recovery target options
    9.  
      Pre-recovery checks
    10.  
      About Nutanix-AHV agent-based files and folders restore
    11.  
      Prerequisites for agent based files and folder recovery
    12.  
      Recover files and folders with Nutanix AHV agent based restore
    13.  
      Limitations
  8. Troubleshooting AHV operations
    1.  
      Troubleshooting tips for NetBackup for AHV
    2.  
      Error during AHV credential addition
    3.  
      Error during the AHV virtual machines discovery phase
    4.  
      Errors for the Status for a newly discovered VM
    5.  
      Error run into while backing up AHV virtual machines
    6.  
      Error while restoring AHV virtual machines
  9. API and command line options for AHV
    1.  
      Using APIs and command line options to manage, protect, or recover AHV virtual machines
    2.  
      Additional NetBackup options for AHV configuration
    3.  
      Additional information about the rename file

Configure secure communication between the AHV cluster and NetBackup host

NetBackup can now validate AHV cluster certificates using their root or intermediate certificate authority (CA) certificates.

Only PEM certificate format is supported for virtualization servers.

The following procedure is applicable for the NetBackup media servers acting as backup hosts and all AHV access hosts.

To configure secure communication between AHV cluster and AHV access host:

  1. Use the openssl s_client -connect <Nutanix Cluster FQDN>:9440 -showcerts < /dev/null command from a Linux system to obtain the Nutanix certificates.
  2. Scroll to the end of the results and copy the last certificate which starts from:
    -----BEGIN CERTIFICATE----- 
<Certificate> 
-----END CERTIFICATE-----

    Note:

    Ensure to copy the five dashes before and after the BEGIN and END CERTIFICATE.

  3. Paste the information to a text file and then rename it as <certificate file name>.pem and copy it to a path to your backup host. Recommended path is:

    • For Linux: /usr/openv/netbackup.

    • For Windows: <Install drive>\Program Files\Veritas\Netbackup.

    • For Linux: Enter the PEM file path ECA_TRUST_STORE_PATH=/usr/openv/netbackup/<certificate file name>.pem in the bp.conf on the backup host.

    • For Windows: Run the command <Install drive>\Program Files\Veritas\Netbackup\bin\nbsetconfig.

  5. Use the nbsetconfig command to configure the following NetBackup configuration options on the access host:

    For more information on the configuration options, refer to the NetBackup Administrator's Guide, Volume I.

    ECA_TRUST_STORE_PATH

    Specifies the file path to the certificate file that contains all trusted root CA certificates.

    This option is specific to file-based certificates. You should not configure this option if Windows certificate store is used.

    If you have already configured this external CA option, append the Nutanix AHV CA certificates to the existing external certificate trust store.

    If you have not configured the option, add all the required Nutanix AHV server CA certificates to the trust store and set the option.

     ECA_CRL_PATH 

    Specifies the path to the directory where the certificate revocation lists (CRL) of the external CA are located.

    If you have already configured this external CA option, append the AHV CRLs to the CRL cache.

    If you have not configured the option, first add all the required CRLs to the CRL cache. Then set the option.

    VIRTUALIZATION_HOSTS_SECURE_CONNECT_ENABLED

    This option affects AHV, RHV, and VMware secure communication. Without this option, each workload and plug-in separately determine the secure or the insecure communication.

    For more information, refer to the respective workload administrator's guide.

    Disabling this option lets you skip the security certificate validation. It is recommended by NetBackup that secure communication should be enabled using the ECA_TRUST_STORE_PATH option.  

     VIRTUALIZATION_CRL_CHECK

    Lets you validate the revocation status of the virtualization server certificate against the CRLs.

    By default, the option is enabled.

    For more information on external CA support, refer to the NetBackup Security and Encryption Guide.