Search <book_title>...

NetBackup™ Deduplication Guide

Last Published: 2023-06-18

Product(s): NetBackup (10.2.0.1)

Introducing the NetBackup media server deduplication option
1. About the NetBackup deduplication options
Quick start
1. About client-side deduplication
2. About the media server deduplication (MSDP) node cloud tier
  1. Configuring the MSDP node cloud tier
3. About Auto Image Replication (A.I.R.)
Planning your deployment
1. Planning your MSDP deployment
2. NetBackup naming conventions
3. About MSDP deduplication nodes
4. About the NetBackup deduplication destinations
5. About MSDP storage capacity
6. About MSDP storage and connectivity requirements
  1. Fibre Channel and iSCSI comparison for MSDP
7. About NetBackup media server deduplication
8. About NetBackup Client Direct deduplication
  1. About MSDP client deduplication requirements and limitations
9. About MSDP remote office client deduplication
  1. About MSDP remote client data security
  2. About remote client backup scheduling
10. About the NetBackup Deduplication Engine credentials
11. About the network interface for MSDP
12. About MSDP port usage
13. About MSDP optimized synthetic backups
14. About MSDP and SAN Client
15. About MSDP optimized duplication and replication
16. About MSDP performance
  1. How file size may affect the MSDP deduplication rate
17. About MSDP stream handlers
  1. Oracle stream handler
  2. Microsoft SQL Server stream handler
18. MSDP deployment best practices
Provisioning the storage
1. About provisioning the storage for MSDP
2. Do not modify MSDP storage directories and files
3. About volume management for NetBackup MSDP
Licensing deduplication
1. About the MSDP license
2. Licensing NetBackup MSDP
Configuring deduplication
1. Configuring MSDP server-side deduplication
2. Configuring MSDP client-side deduplication
3. About the MSDP Deduplication Multi-Threaded Agent
4. Configuring the Deduplication Multi-Threaded Agent behavior
  1. MSDP mtstrm.conf file parameters
5. Configuring deduplication plug-in interaction with the Multi-Threaded Agent
6. About MSDP fingerprinting
7. About the MSDP fingerprint cache
8. Configuring the MSDP fingerprint cache behavior
  1. MSDP fingerprint cache behavior options
9. About seeding the MSDP fingerprint cache for remote client deduplication
10. Configuring MSDP fingerprint cache seeding on the client
11. Configuring MSDP fingerprint cache seeding on the storage server
  1. NetBackup seedutil options
12. About sampling and predictive cache
13. Enabling 400 TB support for MSDP
14. About MSDP Encryption using NetBackup KMS service
  1. Upgrading KMS for MSDP
  2. Enabled KMS encryption for Local LSU
15. About MSDP Encryption using external KMS server
16. Configuring a storage server for a Media Server Deduplication Pool
  1. MSDP storage path properties
  2. MSDP network interface properties
17. About disk pools for NetBackup deduplication
18. Configuring a disk pool for deduplication
  1. Media Server Deduplication Pool properties
19. Creating the data directories for 400 TB MSDP support
20. Adding volumes to a 400 TB Media Server Deduplication Pool
21. Configuring a Media Server Deduplication Pool storage unit
  1. Media Server Deduplication Pool storage unit properties
  2. MSDP storage unit recommendations
22. Configuring client attributes for MSDP client-side deduplication
23. Disabling MSDP client-side deduplication for a client
24. About MSDP compression
25. About MSDP encryption
26. MSDP compression and encryption settings matrix
27. Configuring encryption for MSDP backups
28. Configuring encryption for MSDP optimized duplication and replication
29. About the rolling data conversion mechanism for MSDP
30. Modes of rolling data conversion
31. MSDP encryption behavior and compatibilities
32. Configuring optimized synthetic backups for MSDP
33. About a separate network path for MSDP duplication and replication
34. Configuring a separate network path for MSDP duplication and replication
35. About MSDP optimized duplication within the same domain
  1. About the media servers for MSDP optimized duplication within the same domain
    1. About MSDP push duplication within the same domain
    2. About MSDP pull duplication within the same domain
36. Configuring MSDP optimized duplication within the same NetBackup domain
  1. Configuring NetBackup optimized duplication or replication behavior
    1. Setting NetBackup configuration options by using the command line
37. About MSDP replication to a different domain
38. Configuring MSDP replication to a different NetBackup domain
  1. About NetBackup Auto Image Replication
  2. About trusted primary servers for Auto Image Replication
  3. About the certificate to be used for adding a trusted primary server
  4. Adding a trusted primary server using a NetBackup CA-signed (host ID-based) certificate
  5. Adding a trusted primary server using external CA-signed certificate
  6. Removing a trusted primary server
  7. Enabling NetBackup clustered primary server inter-node authentication
  8. Configuring NetBackup CA and NetBackup host ID-based certificate for secure communication between the source and the target MSDP storage servers
  9. Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server
  10. Configuring a target for MSDP replication to a remote domain
    1. Target options for MSDP replication
    2. Configuring a NetBackup Deduplication Engine user with limited permissions for Auto Image Replication
39. About configuring MSDP optimized duplication and replication bandwidth
40. About performance tuning of optimized duplication and replication for MSDP cloud
41. About storage lifecycle policies
42. About the storage lifecycle policies required for Auto Image Replication
43. Creating a storage lifecycle policy
  1. Storage Lifecycle Policy dialog box settings
44. About MSDP backup policy configuration
45. Creating a backup policy
46. Resilient Network properties
  1. Resilient connection resource usage
47. Specifying resilient connections
48. Adding an MSDP load balancing server
49. About variable-length deduplication on NetBackup clients
50. Managing the variable-length deduplication using the cacontrol command-line utility
51. About the MSDP pd.conf configuration file
52. Editing the MSDP pd.conf file
  1. MSDP pd.conf file parameters
53. About the MSDP contentrouter.cfg file
54. About saving the MSDP storage server configuration
55. Saving the MSDP storage server configuration
56. Editing an MSDP storage server configuration file
57. Setting the MSDP storage server configuration
58. About the MSDP host configuration file
59. Deleting an MSDP host configuration file
60. Resetting the MSDP registry
61. About protecting the MSDP catalog
  1. About the MSDP shadow catalog
  2. About the MSDP catalog backup policy
62. Changing the MSDP shadow catalog path
63. Changing the MSDP shadow catalog schedule
64. Changing the number of MSDP catalog shadow copies
65. Configuring an MSDP catalog backup
  1. MSDP drcontrol options
66. Updating an MSDP catalog backup policy
67. About MSDP FIPS compliance
68. Configuring the NetBackup client-side deduplication to support multiple interfaces of MSDP
69. About MSDP multi-domain support
70. About MSDP application user support
71. About MSDP mutli-domain VLAN Support
72. About NetBackup WORM storage support for immutable and indelible data
  1. About the NetBackup command line options to configure immutable and indelible data
MSDP cloud support
1. About MSDP cloud support
  1. Operating system requirement for configuration
  2. Limitations
2. Create a Media Server Deduplication Pool (MSDP) storage server in the NetBackup web UI
3. Creating a cloud storage unit
4. Updating cloud credentials for a cloud LSU
5. Updating encryption configurations for a cloud LSU
6. Deleting a cloud LSU
7. Backup data to cloud by using cloud LSU
8. Duplicate data cloud by using cloud LSU
9. Configuring AIR to use cloud LSU
10. About backward compatibility support
11. About the configuration items in cloud.json, contentrouter.cfg, and spa.cfg
12. Cloud space reclamation
  1. Configuring the container aging
  2. Configuring the cloud compaction
13. About the tool updates for cloud support
14. About the disaster recovery for cloud LSU
  1. Common disaster recovery steps
  2. Disaster recovery for cloud LSU in Flex Scale
15. About Image Sharing using MSDP cloud
  1. Things to consider before you use image sharing to convert VM image to VHD in Azure
  2. Converting the VM image to VHD in Azure
16. About restore from a backup in Microsoft Azure Archive
17. About Veritas Alta Recovery Vault Azure
18. Configuring Veritas Alta Recovery Vault Azure and Azure Government
19. Configuring Veritas Alta Recovery Vault Azure and Azure Government using the CLI
20. Migrating from standard authentication to token-based authentication for Recovery Vault
21. About MSDP cloud immutable (WORM) storage support
  1. About MSDP cloud admin tool
  2. About immutable object support for AWS S3
  3. About immutable object support for AWS S3 compatible platforms
  4. About immutable storage support for Azure blob storage
    1. Creating an Azure cloud immutable storage unit using the Web UI
    2. Managing an Azure cloud immutable volume using msdpcldutil tool
  5. About immutable storage support for Google Cloud Storage
    1. Creating a Google cloud immutable storage using the Web UI
    2. Managing a Google cloud immutable storage using msdpcldutil tool
  6. About using the cloud immutable storage in a cluster environment
  7. Troubleshooting the error when the bucket is created without msdpcldutil
  8. Deleting the immutable image with the enterprise mode
  9. Refreshing the immutable cloud volume retention range value in the web UI
  10. Deleting the S3 object permanently
22. About instant access for object storage in cloud
S3 Interface for MSDP
1. About S3 interface for MSDP
2. Prerequisites for MSDP build-your-own (BYO) server
3. Configuring S3 interface for MSDP on MSDP build-your-own (BYO) server
  1. Changing the certificate in S3 server
4. Identity and Access Management (IAM) for S3 interface for MSDP
5. S3 APIs for S3 interface for MSDP
6. Disaster recovery in S3 interface for MSDP
7. Limitations in S3 interface for MSDP
8. Logging and troubleshooting
9. Best practices
Monitoring deduplication activity
1. Monitoring the MSDP deduplication and compression rates
2. Viewing MSDP job details
  1. MSDP job details
3. About MSDP storage capacity and usage reporting
4. About MSDP container files
5. Viewing storage usage within MSDP container files
6. About monitoring MSDP processes
7. Reporting on Auto Image Replication jobs
Managing deduplication
1. Managing MSDP servers
2. Managing NetBackup Deduplication Engine credentials
3. Managing Media Server Deduplication Pools
4. Deleting backup images
5. About MSDP queue processing
6. Processing the MSDP transaction queue manually
7. About MSDP data integrity checking
8. Configuring MSDP data integrity checking behavior
  1. MSDP data integrity checking configuration parameters
9. About managing MSDP storage read performance
10. About MSDP storage rebasing
  1. MSDP server-side rebasing parameters
11. About the MSDP data removal process
12. Resizing the MSDP storage partition
13. How MSDP restores work
14. Configuring MSDP restores directly to a client
15. About restoring files at a remote site
16. About restoring from a backup at a target primary domain
17. Specifying the restore server
Recovering MSDP
1. About recovering the MSDP catalog
2. Restoring the MSDP catalog from a shadow copy
3. Recovering from an MSDP storage server disk failure
4. Recovering from an MSDP storage server failure
5. Recovering the MSDP storage server after NetBackup catalog recovery
Replacing MSDP hosts
1. Replacing the MSDP storage server host computer
Uninstalling MSDP
1. About uninstalling MSDP
2. Deactivating MSDP
Deduplication architecture
1. MSDP server components
2. Media server deduplication backup process
3. MSDP client components
4. MSDP client - side deduplication backup process
Configuring and using universal shares
1. About universal shares
2. Configuring and using an MSDP build-your-own (BYO) server for universal shares
3. MSDP build-your-own (BYO) server prerequisites and hardware requirements to configure universal shares
4. Configuring universal share user authentication
5. Mounting a universal share created from the NetBackup web UI
6. About universal share self-service recovery
7. Performing a universal share self-service recovery
8. Using the ingest mode
  1. Using the ingest mode to take a snapshot over NFS or SMB
  2. Using the ingest mode to run a policy using NFS or SMB
9. About universal shares with object store
10. Enabling a universal share with object store
  1. Enabling instant access with object storage
11. Disaster recovery for a universal share
12. Changing the number of vpfsd instances
13. Enabling variable-length deduplication (VLD) algorithm for universal shares
14. Upgrading to NetBackup 10.2.0.1
Configuring isolated recovery environment (IRE)
1. Requirements
2. Configuring the network isolation
3. Configuring an isolated recovery environment on a NetBackup BYO media server
4. Managing an isolated recovery environment on a NetBackup BYO media server
5. Configuring AIR for replicating backup images from production environment to IRE BYO environment
6. Configuring an isolated recovery environment on a WORM storage server
7. Managing an isolated recovery environment on a WORM storage server
8. Configuring data transmission between a production environment and an IRE WORM storage server
Using the NetBackup Deduplication Shell
1. About the NetBackup Deduplication Shell
2. Managing users from the deduplication shell
3. Managing VLAN interfaces from the deduplication shell
4. Managing the retention policy on a WORM storage server
5. Managing images with a retention lock on a WORM storage server
6. Auditing WORM retention changes
7. Protecting the NetBackup catalog from the deduplication shell
8. Managing certificates from the deduplication shell
9. Managing FIPS mode from the deduplication shell
10. Encrypting backups from the deduplication shell
11. Tuning the MSDP configuration from the deduplication shell
12. Setting the MSDP log level from the deduplication shell
13. Managing NetBackup services from the deduplication shell
14. Monitoring and troubleshooting NetBackup services from the deduplication shell
15. Managing S3 service from the deduplication shell
Troubleshooting
1. About unified logging
  1. About using the vxlogview command to view unified logs
  2. Examples of using vxlogview to view unified logs
2. About legacy logging
  1. Creating NetBackup log file directories for MSDP
3. NetBackup MSDP log files
4. Troubleshooting MSDP installation issues
  1. MSDP installation on SUSE Linux fails
5. Troubleshooting MSDP configuration issues
6. Troubleshooting MSDP operational issues
7. Viewing MSDP disk errors and events
8. MSDP event codes and messages
9. Unable to obtain the administrator password to use an AWS EC2 instance that has a Windows OS
10. Trouble shooting multi-domain issues
11. Troubleshooting the cloud compaction error messages
Appendix A. Migrating to MSDP storage
1. Migrating from another storage type to MSDP
Appendix B. Migrating from Cloud Catalyst to MSDP direct cloud tiering
1. About migration from Cloud Catalyst to MSDP direct cloud tiering
2. About Cloud Catalyst migration strategies
3. About direct migration from Cloud Catalyst to MSDP direct cloud tiering
4. About postmigration configuration and cleanup
5. About the Cloud Catalyst migration -dryrun option
6. About Cloud Catalyst migration cacontrol options
7. Reverting back to Cloud Catalyst from a successful migration
8. Reverting back to Cloud Catalyst from a failed migration
Appendix C. Encryption Crawler
1. About the Encryption Crawler
2. About the two modes of the Encryption Crawler
3. Managing the Encryption Crawler
4. Advanced options
5. Tuning options
6. Encrypting the data
7. Command usage example outputs
Index

Configuring universal share user authentication

The universal share created with CIFS/SMB protocol supports two methods of user authentication:

Active Directory-based user authentication
Local user-based authentication

Active Directory-based authentication

If the appliance, Flex Appliance application instance, or MSDP BYO server is part of the Active Directory domain, you can use this approach.

When you create a universal share from the NetBackup web UI, you can specify Active Directory users or groups. This approach restricts access to only specified users or groups. You can also control permissions from the Windows client where the universal share is mounted. See the NetBackup Web UI Administrator's Guide for more information.

For information about setting up Active Directory users or groups with an appliance, see the NetBackup Appliance Security Guide.

Universal shares can be created with NFS or SMB protocol. When the SMB protocol is used, SMB must be set up with ADS or in local user mode. The following table describes how to configure the media server with Active Directory for various platforms and create a universal share using SMB.

Table: Describes the requirements for different platforms to join the Active Directory domain

Platform	Requirements
BYO appliance	For BYO, `/usr/openv/pdde/vpfs/bin/register_samba_to_ad.sh` is used for joining an Active Directory domain. Example usage of register_samba_to_ad.sh: /usr/openv/pdde/vpfs/bin/register_samba_to_ad.sh --domain=<domain> --username=<username> The following are other options you can use with register_samba_to_ad.sh: --domain=<domain> : domain name --domaincontroller=<domain controller> : domain controller --username=<username> : windows domain username which has the privilege to join the client to domain --help\|-h : Print the usage
NetBackup appliance (NBA)	Review the section Adding an Active Directory server configuration in the NetBackup Appliance Administrator's Guide.
Flex media server	The same as BYO.
Flex media server HA	The same as BYO.
WORM enabled storage server	The storage server can be configured to join or leave Active Directory with Restricted Shell commands. [msdp-16.0] deecl01vm046p3 > setting ActiveDirectory configure ad_server=<ad_server> domain=<domain_server> domain_admin=<domain_adin> See Connecting an Active Directory domain to a WORM or an MSDP storage server for Universal Shares and Instant Access.
Flex Scale	Review the section Configuring AD server for Universal shares and Instant Access in the NetBackup Flex Scale Administrator's Guide.
AKS/EKS AD	NetBackup support only SMB local user mode. The SMB server is configured with local user mode by default.

Once the storage server has been added to an Active Directory domain, a universal share can be created as normal. Any users and user groups that are specified are checked using the wbinfo command to ensure that they are valid. The following procedure describes how to add a universal share to an Active Directory.

Adding a universal share to an Active Directory

Create a universal share with SMB protocol on NetBackup web UI.
Mount the shared storage on a Windows client.
Provide all necessary credentials.
Verify that the universal share is fully set up, and can be backed up and restored using a Universal-Share policy.

The following items must be set up for to add Microsoft SQL Instant Access to an Active Directory:

Storage server and client must be in the same domain.
Use domain user to log in to the Microsoft SQL client.
Register Microsoft SQL instance with the domain user on the NetBackup web UI.
See "Manually add a SQL Server instance" in Veritas NetBackup web UI Microsoft SQL Server Administrator's Guide.
Must use domain user credentials to do instant access.

Local user-based authentication

You must configure SMB users on the corresponding storage server and enter the credentials on the client.

If the SMB service is part of a Windows domain, the Windows domain users can use the SMB share. In this scenario, credentials are not required to access the share.

For Azure Kubernetes Service (AKS) and Amazon Elastic Kubernetes Service (EKS) cloud platforms, only a SMB local user can access the SMB share. You must add SMB users to access the SMB share.

If the SMB service is not part of Windows domain, perform the following steps:

For a NetBackup Appliance:
For a NetBackup Appliance, local users are also SMB users. To manage local users, log in to the CLISH and select Main > Settings > Security > Authentication > LocalUser. The SMB password is the same as the local user's login password.
For an MDSP BYO server:
For an MDSP BYO server, create a Linux user (if one does not exist). Then, add the user to SMB.
For example, the following commands create a test_smb_user use for the SMB service only:
# adduser --no-create-home -s /sbin/nologin test_smb_user
# smbpasswd -a test_smb_user
To add an existing user to the SMB service, run the following command:
# smbpasswd -a username
For a Flex Appliance primary or media server application instance:
For a Flex Appliance primary or media server application instance, log in to the instance and add any local user to the SMB service as follows:
- If desired, create a new local user with the following commands:
```
#useradd <username>
#passwd <username>
```
  You can also use an existing local user.
- Run the following commands to create user credentials for the SMB service and enable the user:
```
smbpasswd -a <username>
smbpasswd -e <username>
```
For a WORM storage server application instance:
For a WORM storage server instance, log in to the instance and add a local SMB user with the following command: setting smb add-user username=<username> password=<password>
You can view the new user with the setting smb list-users command. To remove a user, run the setting smb remove-user username=<username> command.
For the AKS and the EKS cloud platform:
- Log in to the MSDP engine pod in a cluster using kubectl.
- Run the following command to log in to RShell in the MSDP engine.
  su - msdpadm
- Run the following RShell command to add a SMB user.
  setting samba add-user username=[samba user name] password=[samba password]
  For example,
  msdp-16.1] > setting samba add-user username=test_samba_user password=Te@Pss1fg0
  You can use the same command to update the password for an existing user.
  In AKS and EKS cloud platforms, the SMB RShell command configures SMB servers in all MSDP engines in a cluster.