NetBackup™ Web UI Cloud Object Store Administrator's Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.2)
  1. Introduction
    1.  
      Overview of NetBackup protection for Cloud object store
    2.  
      Features of NetBackup Cloud object store workload support
  2. Managing Cloud object store assets
    1.  
      Prerequisites for adding Cloud object store accounts
    2.  
      Permissions required for Amazon S3 cloud provider user
    3. Adding Cloud object store accounts
      1.  
        Creating cross account access in AWS
      2.  
        Check certificate for revocation
      3.  
        Managing Certification Authorities (CA) for NetBackup Cloud
      4.  
        Adding a new region
    4.  
      Manage Cloud object store accounts
  3. Protecting Cloud object store assets
    1. About accelerator support
      1.  
        How NetBackup accelerator works with Cloud object store
      2.  
        Accelerator notes and requirements
      3.  
        Accelerator force rescan for Cloud object store (schedule attribute)
      4.  
        Accelerator backup and NetBackup catalog
    2.  
      About incremental backup
    3.  
      About policies for Cloud object store assets
    4.  
      Planning for policies
    5.  
      Prerequisites for Cloud object store policies
    6.  
      Creating a backup policy
    7.  
      Setting up attributes
    8.  
      Creating schedule attributes for policies
    9.  
      Configuring the Start window
    10.  
      Configuring exclude dates
    11.  
      Configuring include dates
    12.  
      Configuring the Cloud objects tab
    13.  
      Adding conditions
    14.  
      Adding tag conditions
    15.  
      Example of conditions and tag conditions
    16. Managing Cloud object store policies
      1.  
        Copy a policy
      2.  
        Deactivating or deleting a policy
      3.  
        Manually backup assets
  4. Recovering Cloud object store assets
    1.  
      Prerequisites for recovering Cloud object store objects
    2.  
      Recovering Cloud object store assets
  5. Troubleshooting
    1.  
      Recovery for Cloud object store using web UI for original bucket recovery option starts but job fails with error 3601
    2.  
      Recovery Job does not start
    3.  
      Restore fails: "Error bpbrm (PID=3899) client restore EXIT STATUS 40: network connection broken"
    4.  
      Access tier property not restored after overwrite existing to original location
    5.  
      Reduced accelerator optimization in Azure for OR query with multiple tags
    6.  
      Backup is failed and shows a certificate error with Amazon S3 bucket names containing dots (.)
    7.  
      Azure backup job fails when space is provided in tag query for either tag key name or value.
    8.  
      The Cloud object store account has encountered an error
    9.  
      Bucket list empty when selecting it in policy selection
    10.  
      Creating second account on Cloudian fails by selecting existing region
    11.  
      Restore failed with 2825 incomplete restore operation
    12.  
      Bucket listing of cloud provider fails when adding bucket in Cloud objects tab
    13.  
      AIR import image restore fails on the target domain if the Cloud store account is not added in target domain.

Backup is failed and shows a certificate error with Amazon S3 bucket names containing dots (.)

Workaround

Use any of these two workarounds:

  • Use path style URL to access bucket: Since path style URL adds bucket as part of URL path and not as hostname, we did not get any SSL issues even for buckets with a . (dot) in the name. However, NetBackup default configuration uses Virtual style for all dual stack URLs like s3.dualstack.<region-id>.amazonaws.com. We can add older s3 URL as path style and can connect with bucket with a (.) in the name. To do this we can add region with plain s3 endpoint (s3.<region-id>.amazonaws.com) and selecting URL Access Style as path style.

  • Disable SSL: This workaround is not the recommended one since it replaces the secure endpoint with unsecure/unencrypted endpoint. After turning off SSL it disables peer host validation of server certificate. It bypasses the hostname match for virtual host style URL of bucket (bucket.123.s3.dualstack.us-east-1.amazonaws.com) with subject name in certificate (*. s3.dualstack.us-east-1.amazonaws.com).