NetBackup™ for Cloud Object Store Administrator's Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.5)
  1. Introduction
    1.  
      Overview of NetBackup protection for Cloud object store
    2.  
      Features of NetBackup Cloud object store workload support
  2. Managing Cloud object store assets
    1.  
      Planning NetBackup protection for Cloud object store assets
    2.  
      Prerequisites for adding Cloud object store accounts
    3.  
      Configuring buffer size for backups
    4.  
      Permissions required for Amazon S3 cloud provider user
    5.  
      Permissions required for Azure blob storage
    6.  
      Permissions required for GCP
    7.  
      Limitations and considerations
    8. Adding Cloud object store accounts
      1.  
        Creating cross-account access in AWS
      2.  
        Check certificate for revocation
      3.  
        Managing Certification Authorities (CA) for NetBackup Cloud
      4.  
        Adding a new region
    9.  
      Manage Cloud object store accounts
    10. Scan for malware
      1.  
        Backup images
      2.  
        Assets by policy type
  3. Protecting Cloud object store assets
    1. About accelerator support
      1.  
        How NetBackup accelerator works with Cloud object store
      2.  
        Accelerator notes and requirements
      3.  
        Accelerator force rescan for Cloud object store (schedule attribute)
      4.  
        Accelerator backup and NetBackup catalog
      5.  
        Calculate the NetBackup accelerator track log size
    2.  
      About incremental backup
    3.  
      About dynamic multi-streaming
    4.  
      About policies for Cloud object store assets
    5.  
      Planning for policies
    6.  
      Prerequisites for Cloud object store policies
    7.  
      Creating a backup policy
    8.  
      Policy attributes
    9.  
      Creating schedule attributes for policies
    10. Configuring the Start window
      1.  
        Adding, changing, or deleting a time window in a policy schedule
      2.  
        Example of schedule duration
    11.  
      Configuring the exclude dates
    12.  
      Configuring the include dates
    13.  
      Configuring the Cloud objects tab
    14.  
      Adding conditions
    15.  
      Adding tag conditions
    16.  
      Examples of conditions and tag conditions
    17. Managing Cloud object store policies
      1.  
        Copy a policy
      2.  
        Deactivating or deleting a policy
      3.  
        Manually backup assets
  4. Recovering Cloud object store assets
    1.  
      Prerequisites for recovering Cloud object store objects
    2.  
      Configuring Cloud object retention properties
    3.  
      Recovering Cloud object store assets
  5. Troubleshooting
    1.  
      Reduced acceleration during the first full backup, after upgrade to version 10.5
    2.  
      After backup, some files in the shm folder and shared memory are not cleaned up.
    3.  
      After an upgrade to NetBackup version 10.5, copying, activating, and deactivating policies may fail for older policies
    4.  
      Backup fails with default number of streams with the error: Failed to start NetBackup COSP process.
    5.  
      Backup fails or becomes partially successful on GCP storage for objects with content encoding as GZIP.
    6.  
      Recovery for the original bucket recovery option starts, but the job fails with error 3601
    7.  
      Recovery Job does not start
    8.  
      Restore fails: "Error bpbrm (PID=3899) client restore EXIT STATUS 40: network connection broken"
    9.  
      Access tier property not restored after overwriting the existing object in the original location
    10.  
      Reduced accelerator optimization in Azure for OR query with multiple tags
    11.  
      Backup failed and shows a certificate error with Amazon S3 bucket names containing dots (.)
    12.  
      Azure backup jobs fail when space is provided in a tag query for either tag key name or value.
    13.  
      The Cloud object store account has encountered an error
    14.  
      The bucket is list empty during policy selection
    15.  
      Creating a second account on Cloudian fails by selecting an existing region
    16.  
      Restore failed with 2825 incomplete restore operation
    17.  
      Bucket listing of a cloud provider fails when adding a bucket in the Cloud objects tab
    18.  
      AIR import image restore fails on the target domain if the Cloud store account is not added to the target domain
    19.  
      Backup for Azure Data Lake fails when a back-level media server is used with backup host or storage server version 10.3
    20.  
      Backup fails partially in Azure Data Lake: "Error nbpem (pid=16018) backup of client
    21.  
      Recovery for Azure Data Lake fails: "This operation is not permitted as the path is too deep"
    22.  
      Empty directories are not backed up in Azure Data Lake
    23.  
      Recovery error: "Invalid alternate directory location. You must specify a string with length less than 1025 valid characters"
    24.  
      Recovery error: "Invalid parameter specified"
    25.  
      Restore fails: "Cannot perform the COSP operation, skipping the object: [/testdata/FxtZMidEdTK]"
    26.  
      Cloud store account creation fails with incorrect credentials
    27.  
      Discovery failures due to improper permissions
    28.  
      Restore failures due to object lock

Recovering Cloud object store assets

You can recover Cloud object store assets to the original or a different bucket or container. You can also restore each of the objects to different buckets or containers.

To recover assets:

  1. On the left, click Recovery. Under Regular recovery, click Start recovery.
  2. In the Basic properties page, select Policy type as Cloud-Object-Store.
  3. Click the Buckets/Containers field to select assets to restore.

    • In the Add bucket/container dialog, the default option displays all available bucket/containers with completed backups. You can search the table using the search box.

    • To add a specific bucket or container, select Add the bucket/container details option. If you have selected an Azure Data Lake workload, select Add files/directories.

      Select the cloud provider, and enter the bucket/container name, and the Cloud object store account name. For Azure workloads, specify the storage account name, if available in the UI.

      Note:

      In a rare scenario, if you cannot find the required bucket listed in the table for selection. But you can see the same bucket listed in the catalog view as a backup ID. You can select the bucket by manually entering the bucket name, provider ID, and the Cloud object store account name as per the backup ID. The backup ID is formed as <providerId>_<cloudAccountname>_<uniquename>_<timestamp>

      for Azure the uniquename is storageaccountname.bucketname, and for S3 providers it is the bucket name.

  4. Click Add, and then click Next.
  5. In the Add objects page, select the Start date and the End date of the period from which you want to restore.

    (Optionally) Enter a keyword phrase to filter the images, and click Apply.

  6. Click Backup history, and select the required images for recovery from the Backup history dialog. Click Select.
  7. In the Recovery details page, you can add the objects and folders or prefix and scan the selected images for malware before restoring the images:

    • (Optional) Click Add objects and folders, and select the required objects to recover from the Add Object/blobs and folders dialog. Select Include all objects/blobs and folders to include all available assets. For an Azure Data Lake workload, this option is available as Include all files/directories. You can use the left navigation tree structure to filter the table. Click Add.

      The following warning message is displayed when images which are not scanned are selected for recovery:

      One or more images selected for recovery are not scanned.

      Note:

      To restore from malware-affected images, you must have the Administrator role or equivalent RBAC permissions.

      For more information on recovering from malware infected images, see Security and Encryption Guide.

    • (Optional) Select Scan for malware before recovery. Click Next. This option is visible only when malware scan host is configured.

      Note:

      The Allow the selection of images that are malware-affected option will be disabled if user selects Scan for malware before recovery option.

    • (Optionally) Click Add prefix. In the Add prefix dialog, enter a prefix in the search box to display relevant results in the table. Click Add, to select all the matching prefixes displayed in the table for recovery. The selected prefixes are displayed in a table below the selected objects/blobs. Click Next.

    Note:

    Clean file recovery (Skip infected files) as part of recovery is not supported for Cloud-Object-Store.

  8. In the Recovery options page, you can select whether you want to restore to the source bucket of the container or use a different one. These are the Object restore options:

    • Restore to the original bucket or container: Select to recover to the same bucket or container from where the backup was taken.

      Optionally:

      • Add a prefix for the recovered assets in the Add a prefix field.

      • If you have selected an Azure Data Lake workload, enter the Directory to restore.

    • Restore to a different bucket or container: Select to recover to a different bucket or container than the one from where the backup was taken.

      • You can select a different Cloud object store account as the destination, from the list above.

      • Select a destination Bucket/Container name. You can use different Cloud object store accounts that can access the original bucket. This method also helps you create accounts with limited and specific permissions for backup and restore. In this case, you can provide the same bucket as the original to restore to the original bucket/container.

      • Optionally, add a prefix for the recovered assets in the Add a prefix field.

    • Restore object/blobs or prefixes to different destinations: Select to recover each of your selected assets to different destinations.

      • You can select a different Cloud object store account as the destination from the list.

      • Click Edit object destination, enter the Destination and Destination bucket/container name. Click Save.

      Note:

      If you have selected Include all objects/blobs and folders, in step 7, the Restore objects/blobs or prefixes to different destinations option is disabled.

  9. Select a Recovery host. The recovery host that is associated with the Cloud object store account is displayed by default. If required, change the Backup host. If the Cloud object store account uses a scale-out server, this field is disabled.
  10. Optionally, to overwrite any existing object or blobs using the recovered assets, select Overwrite existing objects/blobs.
  11. (Optional) To override the default priority of the restore job, select Override default priority, and assign the required value.
  12. In the Advanced restore options:

    • To apply the original object lock attributes from the backed-up objects, select Retain original object lock properties.

    • To change the values of different properties, select Customize object lock properties. From the Object lock mode list:

      • Select Compliance or Governance for Amazon or other S3 workloads.

      • Select Locked or Unlocked for Azure workloads.

      • Select a future date and time till which the object lock is valid. Note that the recovered object is locked till this specified date and time.

    • Select Object lock legal hold status to implement it on the restored objects.

    See Configuring Cloud object retention properties.

    The Advanced restore options are not applicable to the Azure Data Lake workload.

  13. In the Malware scan and recovery options:

    Note:

    These options are visible only when you select the Scan for malware before recovery in the Recovery details page.

    • (Not recommended) Select If any files are infected with malware, recover all files, including infected files option to recover files infected with malware.

    • Select If any files are infected with malware, do not perform the recovery job option. By default this option is selected and recommended.

    • Select the desired Scan host pool.

    Note:

    For recovery followed by malware scan, the Allow recovery of files infected by malware option is always enabled by default as clean recovery is not supported for Cloud-Object-Store.

  14. In the Review page, view the summary of all the selections that you made, and click:

    • Start recovery

      Or

    • (Applicable when Scan for malware before recovery is selected) Start scan and recovery

    You can see the progress of the restore job in the Activity monitor.