NetBackup™ Snapshot Manager for Data Center Administrator's Guide
- Introduction
- Preparing for NetBackup Snapshot Manager for Data Center installation
- About the deployment approach
- Hosting NetBackup Snapshot Manager for Data Center
- Host sizing recommendations
- Meeting system requirements
- Creating an instance or preparing the host to install NetBackup Snapshot Manager for Data Center
- Installing container platform (Docker, Podman)
- Creating and mounting a volume to store data
- Verifying that specific ports are open on the instance or physical host
- Deploying NetBackup Snapshot Manager for Data Center using container images
- Before you begin installing NetBackup Snapshot Manager for Data Center
- Installing NetBackup Snapshot Manager for Data Center in the Docker/Podman environment
- Securing the connection to NetBackup Snapshot Manager for Data Center
- Verifying that NetBackup Snapshot Manager for Data Center is installed successfully
- Restarting NetBackup Snapshot Manager for Data Center
- Associating NetBackup media server(s) with Snapshot Manager for Data Center
- Upgrading NetBackup Snapshot Manager for Data Center
- About NetBackup Snapshot Manager for Data Center upgrades
- Supported upgrade path
- Upgrade scenarios
- Preparing to upgrade NetBackup Snapshot Manager for Data Center
- Upgrading NetBackup Snapshot Manager for Data Center
- Upgrading NetBackup Snapshot Manager for Data Center using patch or hotfix
- Migrating and upgrading NetBackup Snapshot Manager for Data Center
- Uninstalling NetBackup Snapshot Manager for Data Center
- Snapshot Manager for Data Center catalog backup and recovery
- Configure NetBackup Snapshot Manager for Data Center
- Storage array replication
- Storage array plug-ins for Snapshot Manager for Data Center
- Configure the storage array plug-ins for Snapshot Manager for Data Center
- Required ports for different arrays
- Azure NetApp Files plug-in
- Azure Files plug-in
- Dell EMC PowerMax and VMax array
- Dell EMC PowerMax and VMax plug-in configuration prerequisites
- Supported Snapshot Manager for Data Center operations on Dell EMC PowerMax and VMax
- DELL EMC PowerMax and VMax plug-in configuration parameters
- Roles and privileges on Dell EMC Unisphere for PowerMax and VMax
- Dell EMC XtremIO plug-in considerations and limitations
- Dell EMC PowerFlex array
- Dell EMC PowerScale (Isilon)
- Supported NetBackup Snapshot Manager for Data Center Operation on DELL EMC PowerScale (Isilon)
- DELL EMC PowerScale (Isilon) plug-in configuration prerequisites
- Dell EMC PowerScale (Isilon) plug-in configuration parameters
- Using SmartConnect with Snapshot Manager for Data Center
- Roles and privileges on Dell EMC PowerScale (Isilon)
- Snapshot replication for Dell EMC PowerScale (Isilon)
- Supported Dell EMC PowerScale (Isilon) replication topologies
- Consideration for Dell EMC PowerScale (Isilon)
- Dell EMC PowerStore SAN and NAS plug-in
- Dell EMC XtremIO SAN array
- Dell EMC Unity Array
- Fujitsu Eternus AF/DX SAN array
- Fujitsu Eternus AB/HB SAN array
- Fujitsu AX/HX Series plug-in
- Supported Snapshot Manager for Data Center Operation on Fujitsu AX/HX array
- Fujitsu AX/HX plug-in Configuration prerequisites
- Fujitsu AX/HX plug-in configuration parameters
- Fujitsu AX/HX SnapDiff configuration prerequisites
- ACL configuration on Fujitsu AX/HX array
- Fujitsu AX/HX plug-in considerations and limitations
- HPE RMC plug-in
- HPE XP plug-in
- HPE Alletra 9000 SAN array
- HPE Alletra 6000 SAN array
- HPE GreenLake for Block Storage array
- HPE GreenLake for File Storage (VAST) array
- Hitachi NAS array
- Hitachi SAN array
- IBM Storwize SAN V7000 plug-in
- IBM FlashSystem plug-in
- IBM SAN Volume Controller plug-in
- Supported Snapshot Manager for Data Center Operation on IBM SAN Volume Controller array
- IBM SAN Volume Controller plug-in configuration prerequisites
- IBM SAN Volume Controller plug-in configuration parameters
- Roles and privileges on IBM SAN Volume Controller
- IBM SAN Volume Controller plug-in considerations and limitations
- InfiniBox SAN array
- InfiniBox NAS array
- Lenovo DM 5000 series array
- NetApp storage array
- Supported NetBackup Snapshot Manager for Data Center operations on NetApp storage
- NetApp plug-in configuration prerequisites
- NetApp plug-in configuration parameters
- Roles and privileges on NetApp storage array for the ZAPI interface
- Roles and privileges on NetApp storage array for REST interface
- Domain user permissions on the NetApp array
- Configuring a dedicated LIF for NetBackup operation
- Snapshot Replication
- Supported NetApp replication topologies
- Considerations for NetApp plug-in
- NetApp Cloud Volumes ONTAP (CVO)
- Amazon FSx for NetApp ONTAP Plug-in
- NetApp E-Series array
- Nutanix Files array
- Pure Storage FlashArray SAN
- Supported Snapshot Manager for Data Center operations on Pure Storage SAN array models
- Pure Storage SAN plug-in configuration pre-requisites
- Pure Storage SAN plug-in configuration parameters
- Roles and privileges on Pure Storage FlashArray
- Pure Storage FlashArray plug-in considerations and limitations
- Pure Storage Flash Array files services (NAS)
- Pure Storage FlashBlade plug-in configuration notes
- PowerMax eNAS array
- Qumulo NAS array
- Supported Snapshot Manager for Data Center operations on Qumulo plug-in
- Qumulo plug-in configuration prerequisites
- Qumulo plug-in configuration parameters
- Permissions and privileges on the Qumulo cluster
- Domain user permissions on the Qumulo cluster
- Configuring a dedicated VLAN for NetBackup access
- Qumulo plug-in considerations and limitations
- VMware vSAN File Services plug-in
- Supported Snapshot Manager for Data Center Operation on VMware vSAN cluster
- VMware vSAN File Services plug-in configuration prerequisites
- VMware vSAN File Services plug-in configuration parameters
- Domain user permissions on the VMware vSAN Cluster
- VMware vSAN File Services plug-in considerations and limitations
- NetBackup Snapshot Manager logging
- About NetBackup Snapshot Manager for Data Center logging mechanism
- How Fluentd-based NetBackup Snapshot Manager for Data Center logging works
- About the NetBackup Snapshot Manager for Data Center fluentd configuration file
- Modifying the fluentd configuration file
- Viewing NetBackup Snapshot Manager for Data Center logs
- Fluentd-based logging requirements and considerations
- NetBackup Snapshot Manager for Data Center logs
- Agentless logs
- Troubleshooting
- Troubleshooting NetBackup Snapshot Manager for Data Center
- Backup from snapshot job fails with time out error
- (SELinux) Storage array plug-in configuration failure for custom port
- Execution fails for the flexsnap_preinstall.sh command.
- For NetApp SAN volumes, failure to create snapshot of a volume
- D-NAS backup fails with the error: The file system crawler process timed-out waiting for streams to attach with shared memory. (3003)
- Isilon backup from snapshot failed with the Snapshot cannot be mounted error.
Securing the connection to NetBackup Snapshot Manager for Data Center
Supported scenarios:
Primary server and Snapshot Manager for Data Center must be with ECA or NBCA.
For NBCA and ECA mixed mode continue with ECA mode for NetBackup Snapshot Manager for Data Center installation.
Unsupported scenario: Primary with NBCA and NetBackup Snapshot Manager for Data Center with ECA and vice versa.
In the NetBackup Snapshot Manager for Data Center, you can upload CRLs of the external CA at /cloudpoint/eca/crl file. The uploaded CRL does not work, if the crl directory is not present or is empty.
The following three parameters are tuneable, you can add the entry under the eca section in the /cloudpoint/flexsnap.conf file.
Table: ECA parameters
Parameter | Default | Value | Remarks |
|---|---|---|---|
eca_crl_check | 0 (Disabled) | 0 (disabled) 1 (leaf) 2 (chain) | Certificate check level. Used to control the CRL/OCSP validation level for NetBackup Snapshot Manager for Data Center host connecting to On-prem/cloud workloads.
|
eca_crl_refresh_ hours | 24 | A numerical value between 0 and 4830 | Time interval in hours to update the NetBackup Snapshot Manager for Data Center CRLs cache from CA through the certificate CDP URL. This option is not applicable if the |
eca_crl_path_sync_ hours | 1 | A numerical value between 1 and 720 | Time interval in hours to update the NetBackup Snapshot Manager for Data Center CRL cache from |
For more information, refer to the following sections of the NetBackup™ Security and Encryption Guide.
About the host ID-based certificate revocation list
When an authorization token is required during certificate deployment.
Note:
Cache is not validated if any of the ECA tuneable are added or modified manually inside the /cloudpoint/flexsnap.conf file.
For detailed information on NetBackup CA and certificates, refer to the "NetBackup CA and NetBackup certificates" chapter of NetBackup™ Security and Encryption Guide.
The following table provides the regeneration steps to be performed for revoking the certificates in Snapshot Manager for Data Center:
Use case | Commands |
|---|---|
|
CA migration |
|
Post revoke certificate regeneration for NBCA | # flexsnap_configure renew --token <reissue-token> Generating new NetBackup Host-ID certificate... Snapshot Manager certificate is renewed. |
Post revoke certificate regeneration for ECA | # flexsnap_configure renew --ca /eca2/trusted/cacerts.pem --key /eca2/private/key.pem --chain /eca2/cert_chain.pem Enrolling external CA certificates with NetBackup... Snapshot Manager certificate is renewed. |
Post migration regenerated certificates for ECA/NBCA | # flexsnap_configure renew --hostnames new-nbsm.veritas.com --token <authentication-token> Generating new NetBackup Host-ID certificate... Snapshot Manager certificate is renewed. Please run 'flexsnap_configure renew --internal --hostnames <nbsm_fqdn> to renew Snapshot Manager's internal CA and certificates. |
Certificate regeneration for extension | # flexsnap_configure renew --extension --primary <nbsm_fqdn> --token <extension_token> |
Certificate rotation | # flexsnap_configure renew --force Generating new NetBackup Host-ID certificate... Snapshot Manager certificate is renewed. |
Internal flexsnap CA certificate in case of migration, disaster recovery scenarios | # flexsnap_configure renew --internal --hostnames <nbsm_fqdn> Renewed Flexsnap CA ... skip Renewed rabbitmq certificate ... done Renewed postgresql certificate ... done Renewed listener certificate ... done Renewed workflow certificate ... done Renewed scheduler certificate ... done Renewed agent certificate ... done Renewed client certificate ... done Renewed certmaster certificate ... done Renewed agent certificate ... done Renewed notification certificate ... done Renewed client certificate ... done Renewed client certificate ... done Renewed mongodb certificate ... done Renewed coordinator certificate ... done Renewed config certificate ... done Renewed idm certificate ... done Renewed agent certificate ... done Renewed client certificate ... done Renewed policy certificate ... done Snapshot Manager's CA and certificates are renewed. Restart the Snapshot Manager stack using 'flexsnap_configure restart' to take effect. |