NetBackup IT Analytics Data Collector Installation and Configuration Guide for Veritas NetBackup

Last Published:
Product(s): NetBackup IT Analytics (11.5)
  1. Introduction
    1.  
      Overview
    2.  
      Distributed Data Collector (recommended for NetBackup)
    3.  
      Centralized Data Collector
    4.  
      Collection of backup and restore data
    5.  
      Data Collection Policies
  2. Configure a NetBackup IT Analytics Distributed Data Collector on a NetBackup Primary Server
    1.  
      Overview
    2. Configure Data Collector on non-clustered NetBackup 10.4 and later primary server
      1.  
        Manage Data Collector installation on NetBackup primary server
    3.  
      Configuration workflow for NetBackup 10.1.1, 10.2, 10.2.01, 10.3 or 10.3.0.1 on a non-clustered NetBackup primary server
    4. Configure Data Collector on non-clustered NetBackup 10.1.1, 10.2, 10.2.01, 10.3 or 10.3.0.1 primary server
      1.  
        Manage Data Collector installation on NetBackup (install/remove)
    5.  
      Configuration workflow for NetBackup versions lower than 10.1.1
    6.  
      Configure Data Collector on NetBackup primary with version lower than 10.1.1
  3. Configure a Veritas NetBackup Data Collector Policy
    1.  
      Veritas NetBackup Data Collector policy configuration prerequisites
    2.  
      Create NetBackup Data Collector Role, Service Account, and API Key
    3.  
      Add a Veritas NetBackup Data Collector policy
    4.  
      Add/Edit NetBackup Primary Servers within the Data Collector policy
    5. Configuring file analytics in NetBackup Data Collector policy
      1.  
        Prerequisites to configure File Analytics for NetBackup
      2.  
        Data Collector and Portal sizing guidelines for File Analytics
      3.  
        Configure File Analytics
      4.  
        Export File Analytics data
  4. Installing the Data Collector software
    1.  
      Introduction
    2.  
      Considerations to install Data Collector on non-English systems
    3.  
      Install Data Collector Software on Windows
    4.  
      Install Data Collector software on Linux
    5.  
      Deploy Data Collector in native Kubernetes environment
    6.  
      Configure Data Collector manually for Veritas NetBackup
    7.  
      Install Data Collector binaries on Windows (without configuration)
    8.  
      Install Data Collector binaries on Linux host (without configuration)
    9.  
      Override default Java Heap memory (XMX) value for Data Collector utilities
  5. Configure SSL
    1.  
      SSL/TLS certificate configuration
    2.  
      SSL implementation overview
    3.  
      Obtain an SSL certificate
    4.  
      Update the web server configuration to enable SSL on the Portal server
    5.  
      Enable / Disable SSL for a Data Collector
    6.  
      Enable / Disable SSL for emailed reports
    7.  
      Test and troubleshoot SSL configurations
    8.  
      Keystore file locations on the Data Collector server
    9.  
      Import a certificate into the Data Collector Java keystore
    10.  
      Keystore on the portal server
    11.  
      Add a virtual interface to a Linux server
    12.  
      Add a virtual / secondary IP address on Windows
  6. Centralized Data Collector for NetBackup - Prerequisites, Installation, and Configuration
    1.  
      Overview
    2. Step-1: Choose operating system and complete prerequisites
      1.  
        Factors impacting Data Collector performance and memory requirements
      2.  
        Data Collector supported operating systems
      3.  
        Data Collector server memory and CPU guidelines
      4.  
        Additional prerequisites
      5.  
        Linux Data Collector Prerequisites: Changing the Linux Temporary Directory for Collection
    3.  
      Step-2: HTTPS requirement
    4.  
      Step-3: Add Data Collector on NetBackup IT Analytics Portal
    5.  
      Step-4: Create NetBackup Data Collector Role, Service Account, and API Key
    6. Step-5: SSH/WMI
      1.  
        Linux Centralized Data Collector: SSH
      2. Windows Data Collector: WMI Connectivity
        1.  
          Testing WMI connectivity
        2.  
          Installing the WMI Proxy Service (Windows Host Resources only)
    7.  
      Step-6: Install the Data Collector
    8.  
      Step-7: Configure Data Collector
    9.  
      Step-8: Verify the Data Collector is online from the Portal
    10.  
      Step-9: Confirm that the Data Collector is updated
    11.  
      Step-10: Configure the data collection policy
    12.  
      Step-11: Confirm that the NetBackup data collection policy is collecting data
  7. Upgrading Data Collector Locally
    1.  
      Overview
    2.  
      Verification of upgrade bundle available on Data Collector server
    3.  
      Upgrade the Upgrade Manager component
    4.  
      Upgrade the Data Collector component which is the aptare.jar file
    5.  
      Upgrade the Upgrade Manager and Data Collector components together
    6.  
      Upgrade logs and upgrade related database views
    7.  
      Resolve file lock issue on Windows host during Data Collector upgrade
  8. Clustering Data Collectors with VCS and Veritas NetBackup (RHEL)
    1.  
      Clustering Data Collectors with VCS and Veritas NetBackup (RHEL)
    2.  
      Prerequisites
    3.  
      Getting started with Data Collector clustering
    4.  
      Configuring the Data Collector
    5.  
      Upgrading a clustered Data Collector
    6.  
      Considerations when Data Collector is pointing to Alta Domain Management
  9. Clustering Data Collectors with VCS and Veritas NetBackup (Windows)
    1.  
      Clustering Data Collectors with VCS and Veritas NetBackup (Windows)
    2.  
      Prerequisites
    3.  
      Getting Started with Data Collector Clustering
    4.  
      Main.cf
    5.  
      Upgrading a Clustered Data Collector
    6.  
      Manage cluster configuration during NetBackup upgrade (Windows)
    7.  
      Uninstall cluster Data Collector
  10. Install and configure NetBackup IT Analytics Data Collector on MSCS environment
    1.  
      Cluster Data Collectors with MSCS on Windows
    2.  
      Perform cluster configurations
    3.  
      Upgrade NetBackup IT Analytics Data Collector in MSCS
    4.  
      Uninstall NetBackup IT Analytics Data Collector
    5.  
      Steps to perform before and after NetBackup upgrade
  11. Data Collector Policy Migration
    1.  
      Migrate NetBackup data collection policy from centralized to distributed Data Collector
  12. Pre-Installation setup for Veritas NetBackup appliance
    1.  
      Overview
    2.  
      Prerequisites for adding Data Collectors (Veritas NetBackup appliance)
    3.  
      Installation Overview (Veritas NetBackup Appliance)
    4.  
      Adding a Veritas NetBackup Appliance Data Collector policy
  13. Pre-installation setup for Veritas Flex Appliance
    1.  
      Pre-Installation setup for Veritas Flex Appliance
    2.  
      Prerequisites for adding Data Collectors (Veritas Flex Appliance)
    3.  
      Installation overview (Veritas Flex Appliance)
    4.  
      Add a Veritas Flex Appliance policy
    5.  
      Troubleshoot Veritas Flex Appliance policy configuration
  14. Data Collector Troubleshooting
    1.  
      Resolving Data Collectors connections issues - Linux specific
    2.  
      Resolving Data Collectors connections issues - Windows specific
    3.  
      Portal upgrade performance issues
    4.  
      Configuring web proxy updates
    5.  
      Host resources troubleshooting
    6.  
      Host resources: Check the status of the WMI proxy server
    7.  
      Host resources: Post-Installation verification
    8. Host resources: Check host connectivity using standard SSH
      1.  
        Checking Paths for SSH
      2.  
        Environment setting for bash users
    9.  
      Host resources: Check host connectivity
    10.  
      Host resources: Check host connectivity using Host Resource Configuration file
    11. Host resources: Generating host resource configuration files
      1.  
        Sample lines in an input file
    12.  
      Host resources: Check the execution of a command on a remote server
    13.  
      Host resources Data Collection
    14.  
      Host resources: Collection in stand-alone mode
    15. Configuring parameters for SSH
      1.  
        Configure channelWaitTime
      2.  
        Configure singleChannelSession
      3.  
        Configure sudoWithPassword
    16.  
      Identifying Windows file system access errors (File Analytics)
    17.  
      Collect from remote shares (File Analytics)
    18.  
      Adding a certificate to the Java keystore
    19.  
      Override default Java Heap memory (XMX) value for Data Collector utilities
  15. Appendix A. Configure Appliances
    1.  
      Configure NetBackup Appliances for Data Collection
    2.  
      Configure NetBackup Flex Appliances for Data Collection
  16. Appendix B. Load historic events
    1.  
      Introduction
    2.  
      Load Commvault Simpana events
    3.  
      Load EMC Avamar events
    4.  
      Load EMC NetWorker events
    5.  
      Load HP Data Protector events
    6.  
      Load IBM Spectrum Protect (TSM) events
    7.  
      Load Oracle Recovery Manager (RMAN) events
    8.  
      Load Veeam Backup & Replication events
    9. Load Veritas NetBackup events
      1.  
        Load events for individual NetBackup clients
      2.  
        Load events for a group of NetBackup clients
    10.  
      Load Veritas Backup Exec events
    11.  
      Corrections in duplication of clients
    12.  
      Cohesity
    13.  
      Dell EMC NetWorker Backup & Recovery
  17. Appendix C. Firewall configuration: Default ports
    1.  
      Firewall configuration: Default ports
  18. Appendix D. CRON Expressions for Policy and Report Schedules
    1.  
      CRON expressions for policy probe schedules
    2.  
      CRON expressions for scheduling reports
  19. Appendix E. Maintenance Scenarios for Message Relay Server Certificate Generation
    1.  
      Regenerate authentication certificate nearing expiry (or already expired)
    2.  
      Recover inadvertently deleted aptare.ks file
    3.  
      Authenticate new database with existing SSL certificates
    4.  
      SSL certificate authentication for a new data collector

Update the web server configuration to enable SSL on the Portal server

These instructions apply to Apache version 2.4.xx and the steps should be taken on the designated Web server (the Portal server). the path mentioned in the sample commands assumes default installation path on Linux and Windows.

  1. Create the directory where the certificate and private key files will be located on the portal. Use the chmod command to ensure that only the root account can make changes to this folder as both the key file and certificate will be installed in this folder.

    • On Linux: Use the chmod command to ensure that only the root account can make changes to this folder as both the key file and certificate will be installed in this folder.

      Example:

      # cd /opt/apache/conf/ 
# mkdir ssl_cert 
# chmod 744 ssl_cert/

    • On Windows: Create folder ssl_cert inside C:\opt\apache\conf\.

  2. Copy the certificate files, typically generated via a certificate authority (CA), to a folder in the Web server's Apache configuration folder.

    Linux:

    cp -p server.* /opt/apache/conf/ssl_cert/

    Windows:

    C:\opt\apache\conf\ssl_cert

    Note:

    Configuration files shipped with NetBackup IT Analytics licensed modules may use path names with recommended folder names. To use folders with different names, be sure to update all references to the recommended name in the default configuration files.

  3. Stop the Apache and Tomcat services. From a terminal console, enter the following commands.

    Linux

    /opt/aptare/bin/tomcat-agent stop
/opt/aptare/bin/tomcat-portal stop
/opt/aptare/bin/apache stop

    Windows

    C:\opt\aptare\utils\stopagent.bat
C:\opt\aptare\utils\stopportal.bat
C:\opt\aptare\utils\stopapache.bat

  4. Make a copy of the httpd.conf file.

    Linux:

    cp -p /opt/apache/conf/httpd.conf  /opt/apache/conf/original-httpd.conf

    Windows:

    Copy C:\opt\apache\conf\httpd.conf as C:\opt\apache\conf\original-httpd.conf

  5. Update the Apache configuration file httpd.conf to enable SSL.

    Linux: /opt/apache/conf/httpd.conf

    Windows: C:\opt\apache\conf\httpd.conf

    Un-comment the following lines by removing the highlighted # character.

    #LoadModule ssl_module modules/mod_ssl.so
#Include conf/extra/httpd-ssl.conf

  6. When configuring SSL on a Portal server, it is recommended to either disable http or redirect http protocol traffic to https.

    • To disable all http protocol connections, edit httpd.conf file and remove the VirtualHost sections.

    • To redirect all connection attempts on the http protocol to the Portal user interface, edit httpd.conf file, remove all entries of VirtualHost section of portal configuration and add following lines in same VirtualHost section:

      ServerName   itanalyticsportal.<domainname> 
Redirect permanent / https://itanalyticsportal.<domainname>/ 

IF WILLING TO HAVE INITIAL CONNECTIONS BE ANSWERED using HTTP, but redirecting that traffic to HTTPS: 
ServerName   itanalyticsagent.<domainname> 
Redirect permanent / https://itanalyticsagent.<domainname>/

  7. Make a copy of the http-ssl.conf file.

    Linux:

    cp -p /opt/apache/conf/extra/httpd-ssl.conf /opt/apache/conf/extra/original-httpd-ssl.conf

    Windows:

    Copy C:\opt\apache\conf\extra\httpd-ssl.conf as C:\opt\apache\conf\extra\original-httpd-ssl.conf

  8. Update the Apache SSL configuration file.

    Linux: /opt/apache/conf/extra/httpd-ssl.conf

    Windows: C:\opt\apache\conf\extra\httpd-ssl.conf

  9. For each active virtual host section in the Apache SSL configuration file (httpd-ssl.conf), ensure that declaration lines beginning with the following are un-commented (they do not have a # at the beginning of the line), and adjust the SSLCertificateFile and SSLCertificateKeyFile sections to point to the respective certificate and private key files referenced in Step 2. 

    SSLCertificateFile <Provide the path of SSL certificate file> 
SSLCertificateKeyFile <Provide the path of SSL key file>

    Example:

    SSLCertificateFile /opt/apache/conf/ssl_cert/server.crt

    SSLCertificateKeyFile <Provide the path of SSL key file> /opt/apache/conf/ssl_cert/server.key

    Note:

    If you have a CA issued certificate, ensure you add the SSLCertificateChainFile < Provide the path of Certificate chain file > entry uncommented in httpd-ssl.conf.

  10. Run the deployCert utility as root user on the Portal server to save the SSL certificates configured with Apache in java keystore itanalytics.jks.

    Use this as a prerequisite to configure single sign-on and syslog over SSL.

    • Linux portal command location: /opt/aptare/utils/deployCert.sh update

    • Windows portal command location: C:\opt\aptare\utils>deployCert.bat update

  11. Linux only: Verify the Apache configuration is valid.

    # export LD_LIBRARY_PATH=/opt/apache/ssl/lib:$LD_LIBRARY_PATH 
# /opt/apache/bin/apachectl -t

    If this message occurs:

      httpd: Syntax error on line 23 of /opt/apache/conf/httpd.conf: Cannot load modules/mod_ssl.so into server: libssl.so.1.0.0: cannot open shared object file: No such file or directory.

    Resolve Syntax Error by linking libraries: 

    cd /usr/lib 
# ln -s /opt/apache/ssl/lib/libssl.so.1.0.0 libssl.so.1.0.0
# ln -s /opt/apache/ssl/lib/libcrypto.so.1.0.0 libcrypto.so.1.0.0

  12. Change the application URL in portal.properties to https instead of http. The portal.properties file is located here:

    Linux: /opt/aptare/portalconf/portal.properties

    Windows: C:\opt\aptare\portalconf\portal.properties

  13. Start Apache and both Tomcat (Portal and Data Collector) services.

    Linux

    /opt/aptare/bin/apache start
/opt/aptare/bin/tomcat-portal start
/opt/aptare/bin/tomcat-agent start

    Windows

    C:\opt\aptare\utils\startapache.bat
C:\opt\aptare\utils\startagent.bat
C:\opt\aptare\utils\startportal.bat
Configure virtual hosts for Portal and / or Data Collector SSL

Refer to the following sections in the NetBackup IT Analytics Administrator Guide that are relevant for your environment. The instructions above accomplish SSL Implementation for Both the Portal and Data Collection.

  • SSL Implementation for the Portal only

  • SSL Implementation for data collection only

  • SSL Implementation for both portal and data collection