NetBackup™ Web UI Cloud Administrator's Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.4)
  1. Managing and protecting cloud assets
    1.  
      About protecting cloud assets
    2.  
      Limitations and considerations
    3. Configure Snapshot Manager in NetBackup
      1.  
        Add a Snapshot Manager
      2. Add a cloud provider for a Snapshot Manager
        1.  
          IAM Role for AWS Configuration
        2.  
          IAM Role for OCI Configuration
      3.  
        Associate media servers with a Snapshot Manager
      4.  
        Discover assets on Snapshot Manager
      5.  
        Enable or disable a Snapshot Manager
      6.  
        (Optional) Add the Snapshot Manager extension
    4. Managing intelligent groups for cloud assets
      1.  
        Considerations for cloud intelligent groups
      2.  
        Create an intelligent group for cloud assets
      3.  
        Delete an intelligent group for cloud assets
    5. Protecting cloud assets or intelligent groups for cloud assets
      1.  
        Customize or edit protection for cloud assets or intelligent groups
      2.  
        Remove protection from cloud assets or intelligent groups
    6.  
      Cloud asset cleanup
    7.  
      Cloud asset filtering
    8.  
      AWS and Azure government cloud support
    9. About protecting Microsoft Azure resources using resource groups
      1.  
        Before you begin
      2.  
        Limitations and considerations
      3. About resource group configurations and outcome
        1.  
          Examples of resource group configurations
      4.  
        Troubleshoot resource group permissions
    10. About the NetBackup Accelerator for cloud workloads
      1.  
        How the NetBackup Accelerator works with virtual machines
      2.  
        Accelerator forced rescan for virtual machines (schedule attribute)
      3.  
        Accelerator backups and the NetBackup catalog
      4.  
        Accelerator messages in the backup job details log
    11.  
      Configuring backup schedules for cloud workloads
    12.  
      Backup options for cloud workloads
    13.  
      Snapshot replication
    14.  
      Configure AWS snapshot replication
    15.  
      Using AWS snapshot replication
    16.  
      Support matrix for account replication
    17.  
      Protect applications in-cloud with application-consistent snapshots
    18.  
      Protecting AWS or Azure VMs for recovering to VMware
    19. Protecting PaaS assets
      1.  
        Prerequisites for protecting PaaS assets
      2. Installing the native client utilities
        1.  
          Installing the MySQL client utility
        2.  
          Installing the sqlpackage client utility
        3.  
          Installing PostgreSQL client utility
        4.  
          Installing MongoDB client utility
        5.  
          Installing the Amazon RDS for Oracle client utility
      3.  
        Configuring the storage server for instant access
      4.  
        Prerequisites for protecting Amazon RDS SQL Server database assets
      5. Configuring storage for different deployments
        1.  
          For MSDP cloud deployments
        2.  
          For Kubernetes deployments
        3.  
          For VM-based BYO deployments
      6.  
        About incremental backup for PaaS workloads
      7.  
        About archive redo log backup for PaaS workloads
      8.  
        Limitations and considerations
      9.  
        Discovering PaaS assets
      10.  
        Viewing PaaS assets
      11.  
        Managing PaaS credentials
      12.  
        View the credential name that is applied to a database
      13. Add credentials to a database
        1.  
          Creating an IAM database username
        2.  
          Configuring permissions for the database user
        3.  
          Creating a system or user-managed identity username
      14.  
        Add protection to PaaS assets
      15.  
        Perform backup now
  2. Recovering cloud assets
    1.  
      Recovering cloud assets
    2.  
      Perform rollback recovery of cloud assets
    3. Recovering AWS or Azure VMs to VMware
      1.  
        Post-recovery considerations for cloud VMs recovered to VMware
      2. Steps to recover images from cloud VMs to VMware
        1.  
          Recovering images from AWS to VMware
        2.  
          Recovering images from Azure to VMware
    4. Recovering PaaS assets
      1.  
        Recovering non-RDS PaaS assets
      2.  
        Recovering RDS-based PaaS asset
      3.  
        Recovering Azure-protected assets
      4.  
        Recovering duplicate images from AdvancedDisk
  3. Performing granular restore
    1.  
      About granular restore
    2.  
      Supported environment list
    3.  
      List of supported file systems
    4.  
      Before you begin
    5.  
      Limitations and considerations
    6.  
      Restoring files and folders from cloud virtual machines
    7.  
      Restoring volumes on cloud virtual machines
    8.  
      Performing steps after volume restore containing LVM
    9.  
      Troubleshooting
  4. Troubleshooting protection and recovery of cloud assets
    1.  
      Troubleshoot cloud workload protection issues
    2.  
      Error Code 9855: Error occurred while exporting snapshot for the asset: <asset_name>
    3.  
      Backup from snapshot jobs take longer time than expected
    4.  
      Backup from snapshot job fails due to connectivity issues when Snapshot Manager is deployed on an Ubuntu host
    5.  
      Error disambiguation in NetBackup UI
    6. Troubleshoot PaaS workload protection and recovery issues
      1.  
        Troubleshooting Amazon Redshift issues

Recovering cloud assets

You can restore AWS, Azure, Azure Stack, OCI, and GCP VM assets from snapshot copy, replica copy, backup copy, or duplicate copy. You can also restore backup images from AWS EC2 or Azure VMs to on-premises VMware VMs.

While restoring VMs, NetBackup gives you the option to change certain parameters of the original backup or snapshot copy. Including options like changing the VM display name, changing power options of the VM, removing tag associations during restore, and restoring to an alternate network. You can also restore VMs to an alternate configuration, to a different zone, to a different subscription, and restore VMs or disks to a different resource group.

  • For GCP: Select Firewall rule.

  • For Azure: Select Network security group.

  • For AWS: Select Security group.

  • For OCI: Select Network security group.

About the pre-recovery check for VMs

The pre-recovery check indicates how a restore may fail, before the restore is initiated. The pre-recovery check verifies the following:

  • Usage of supported characters and the length of the display name.

  • Existence of destination network

  • Existence of selected Resource group for VMs and disks

  • Existence of source VM snapshot (applicable for restore from snapshot)

  • Existence of the staging location added in the file /cloudpoint/azurestack.conf (applicable for restore from backup for Azure stack)

  • Existence of a VM with the same display name.

  • Connectivity with the Snapshot Manager and cloud credential validation.

  • Validity of selected encryption keys.

Supported parameters for restoring cloud assets

The following table summarizes the different parameters that you can change while restoring assets for different cloud providers.

Table: Supported parameters for Azure, Azure Stack, GCP, and AWS snapshot and backup copies

         

Parameters

Snapshot copy

Backup copy

         

Azure

Azure Stack

GCP and AWS

OCI

Azure

Azure Stack

GCP and AWS

OCI

   
         

Change VM display name

Y

Y

Y

Y

Y

Y

Y

Y

   
         

Change power state of the VM

Y

Y

Y

Y

Y

Y

Y

Y

   
         

Remove tag associations

Y

Y

Y

Y

Y

Y

Y

Y

   
         

Restore to a different network

Y

Y

Y

Y

Y

Y

Y

Y

   
         

Subscription ID

    

Y

Y

Y

    
         

Change resource group

Y

Y

  

Y

Y

     
         

Change the region of the VM

    

Y

Y

Y

    
         

Change provider configuration

    

Y

Y

     
         

Change resource group for disks

Y

Y

  

Y

Y

     
         

Zone/Availability domain

Y

 

Y

Y

Y

 

Y

Y

   
         

Security group/Firewall rule/Network security group

Y

Y

Y

Y

Y

Y

Y

Y

   
         

Edit disk encryption

Y

 

Y

Y

Y

 

Y

Y

   
Recovering virtual machines

To recover a VM

  1. On the left, click Workloads > Cloud.
  2. Click the Virtual Machines tab.

    All the discovered cloud assets for the respective category are displayed.

  3. Double-click the protected asset that you want to recover.
  4. Click the Recovery points tab.

    The available images are listed in rows with the backup timestamp for each image. For AWS workloads you can see replicas as well as backup images, if available.

  5. In the Copies column, click the copy that you want to recover. You can see the backup, snapshot, and replica copy, if available. Click Recover. If you don't select a copy to restore, the primary copy is selected.
  6. Click Restore Virtual Machine.
  7. In the Recovery target page, do the following:

    If you restore a backup copy, modify the values of these parameters as required:

    • Configuration: To restore to an alternate configuration, select one from the drop-down.

    • Region: To restore to an alternate region, select one from the drop-down.

    • Subscription: To restore to an alternate subscription, select one from the drop-down. For Azure and Azure Stack only.

    • Resource group: To restore to an alternate resource group, click the search icon, in the Select resource group dialog, and select the required resource group. For Azure and Azure Stack only.

    • Display name: To change the display name, enter the new one in the field. The specified display name is validated during the pre-recovery check.

      Note:

      Except in AWS and OCI workloads, the following special characters are not allowed in the display name: ` ~ ! @ # $ % ^ & * ( ) = + _ [ ] { } \\ | ; : ' \" , < > / ?."

    If you restore a snapshot copy, specify only the Resource group and the Display name.

    During VM restore from snapshot or backup copy, encryption keys can be selected from individual disks or all disks at the same time as follows:

    • Select the Volume and click Edit the encryption key option.

    • Select the required Encryption type.

    • Select the required encryption Key and click Save.

  8. Click Next.
  9. In the Recovery options page:

    • If you restore a backup copy, to restore to a different zone, select a Zone or Availability domain. To select a network available in that zone, click the search icon near Network configuration, and select a target network for recovery.

      You can also select:

      • For GCP: Firewall rule

      • For Azure: Network security group

      • For AWS: Security group

      • For OCI: Network security group

    • (Only for GCP) If you restore a snapshot copy, to restore to a different region, select a Region. To select a network available in that zone, click the search icon in Network configuration, and select a target network for recovery. The list shows networks available in that zone.

    • If you restore a snapshot copy, to restore to a different zone, select a Zone or Availability domain. To select a network available in that zone, click the search icon in Network configuration, and select a target network for recovery. The list shows networks available in that zone or Availability domain.

      You can also select Security group / Network security group / Firewall rule for AWS, Azure, OCI, and GCP cloud providers respectively.

    In the Advanced section:

    • To keep the VM powered on after recovery, select Power on after recovery.

    • To remove the tags associated with the asset at the time of backup or creating a snapshot, select Remove tag associations.

      Note:

      If you do not select the Remove tag associations option, any tag value for assets should not have spaces, before and after a comma. After the restoration of an asset, the spaces before and after any comma in the tag values are removed. For example, the value for the tag name: created_on: Fri, 02-Apr-2021 07:54:59 PM , EDT is converted to: Fri,02-Apr-2021 07:54:59 PM,EDT. You can manually edit the tag values to reinstate the spaces.

      Note:

      Selection of None for zone means that the VM is not placed in any zone and selection of None for Network security group/Security group/Firewall rule means that no security rules are applied to the restored VM.

  10. Click Next. The pre-recovery check begins. This stage validates all the recovery parameters and displays errors, if any. You can fix the errors before starting the recovery.
  11. Click Start recovery.

    The Restore activity tab shows the job progress.

For information on the recovery status codes, see the NetBackup administrator or the NetBackup Status Codes Reference Guide, available here:

http://www.veritas.com/docs/000003214

Recovering applications and volumes to their original location

For GCP, when you restore a snapshot that was created before the upgrade, if the source disk is not present, a default restored disk, pd-standard is created.

To recover applications and volumes to the original location

  1. On the left, click Workloads > Cloud.
  2. Click the Applications or Volumes tab.

    All the discovered cloud assets for the respective category are displayed.

  3. Double-click on the protected asset that you want to recover.
  4. Click the Recovery points tab. In the calendar view, click the date on which the backup occurred.

    The available images are listed in rows with the backup timestamp for each image.

  5. On the top right for the preferred recovery point, select Original location.
  6. Click Start recovery.
  7. On the left, click Activity monitor to view the job status.
Recovering applications and volumes to an alternate location

Considerations

  • For encrypted VM restore in AWS to an alternate location, the key-pair names must be the same on the source and destination region. If not, create a new key-pair in the destination region that is consistent with the key-pair in the source region.

To recover applications and volumes to alternate location

  1. On the left, click Workloads > Cloud.
  2. Click the Applications or Volumes tab.

    All the discovered cloud assets for the respective category are displayed.

  3. Double-click on the protected asset that you want to recover.
  4. Click the Recovery points tab. In the calendar view, click the date on which the backup occurred.

    The available images are listed in rows with the backup timestamp for each image.

  5. On the top right for the preferred recovery point, select Alternate location.
  6. Select the location where you want to restore the cloud asset.
  7. Click Start recovery.
  8. On the left, click Activity monitor to view the job status.

Note:

(Applicable for Azure cloud) Application restore to an alternate location for the ADE-enabled VMs is not supported.

Recovery scenarios for GCP VMs with read-only volumes

The following table describes how NetBackup handles the restore/recovery of GCP VMs that have read-only volumes.

Table: Recovery scenarios for read-only GCP VMs

Scenario

Handling

Restoring a volume from the snapshot of an attached read-only disk, from the Volumes tab under Cloud workload.

During restore, the disk is attached in the read/write mode to the original or alternate location.

Restoring a VM, with a read-only disk, from a crash-consistent snapshot, from the Virtual machines tab under Cloud workloads.

During the restore of such a VM to its original or alternate location, a read-only disk is restored in a read/write mode.

Restoring a VM with a read-only disk, from an app-consistent snapshot, from the Virtual machine tab under Cloud workload.

You can attach a read-only disk to multiple VMs, but NetBackup discovers it under only one VM.

For a Windows VM, the snapshot fails with a VSS error, similar to the following:

Failure: flexsnap.GenericError: Failed to take snapshot (error: Failed to create VSS snapshot of the selected volumes.)"

For a Linux VM, the snapshot may or may not be successful for the VM under which the disk is discovered, but fails for the rest of the VMs due to the missing dependencies. Error example:

linear_flow.Flow: create snapshot (test-win) of host linux-1(len=4)' requires ['snap_google- gcepd-us-west 2-b-7534340043 132122994'] but no other entity produces said requirements\n MissingDependencies

In the above case, if a snapshot is successful for a Linux VM, a read-only disk is restored in a read/write mode.

When taking a snapshot or backup from snapshot of a source VM, additional information about disks is saved. The autoDelete flag determines whether to delete the disk when deleting the VM. Hence, if a new VM is created from snapshot or backup from snapshot, then disks are set as the source VM.

For example,

Source VM:

Disk1: autoDelete is set to true (When the source VM is deleted and autoDelete is set to true then the disk is deleted automatically)

Disk2: autoDelete is set to false.

Restored VM:

Disk1_suffix: autoDelete is set to true.

Disk2_suffix: autoDelete is set to false.