NetBackup™ Deduplication Guide

Last Published:
Product(s): NetBackup (10.2.0.1)
  1. Introducing the NetBackup media server deduplication option
    1.  
      About the NetBackup deduplication options
  2. Quick start
    1.  
      About client-side deduplication
    2. About the media server deduplication (MSDP) node cloud tier
      1.  
        Configuring the MSDP node cloud tier
    3.  
      About Auto Image Replication (A.I.R.)
  3. Planning your deployment
    1.  
      Planning your MSDP deployment
    2.  
      NetBackup naming conventions
    3.  
      About MSDP deduplication nodes
    4.  
      About the NetBackup deduplication destinations
    5.  
      About MSDP storage capacity
    6. About MSDP storage and connectivity requirements
      1.  
        Fibre Channel and iSCSI comparison for MSDP
    7. About NetBackup media server deduplication
      1.  
        About MSDP storage servers
      2.  
        About MSDP load balancing servers
      3.  
        About MSDP server requirements
      4.  
        About MSDP unsupported configurations
    8. About NetBackup Client Direct deduplication
      1.  
        About MSDP client deduplication requirements and limitations
    9. About MSDP remote office client deduplication
      1.  
        About MSDP remote client data security
      2.  
        About remote client backup scheduling
    10.  
      About the NetBackup Deduplication Engine credentials
    11.  
      About the network interface for MSDP
    12.  
      About MSDP port usage
    13.  
      About MSDP optimized synthetic backups
    14.  
      About MSDP and SAN Client
    15.  
      About MSDP optimized duplication and replication
    16. About MSDP performance
      1.  
        How file size may affect the MSDP deduplication rate
    17. About MSDP stream handlers
      1.  
        Oracle stream handler
      2.  
        Microsoft SQL Server stream handler
    18. MSDP deployment best practices
      1.  
        Use fully qualified domain names
      2.  
        About scaling MSDP
      3.  
        Send initial full backups to the storage server
      4.  
        Increase the number of MSDP jobs gradually
      5.  
        Introduce MSDP load balancing servers gradually
      6.  
        Implement MSDP client deduplication gradually
      7.  
        Use MSDP compression and encryption
      8.  
        About the optimal number of backup streams for MSDP
      9.  
        About storage unit groups for MSDP
      10.  
        About protecting the MSDP data
      11.  
        Save the MSDP storage server configuration
      12.  
        Plan for disk write caching
  4. Provisioning the storage
    1.  
      About provisioning the storage for MSDP
    2.  
      Do not modify MSDP storage directories and files
    3.  
      About volume management for NetBackup MSDP
  5. Licensing deduplication
    1.  
      About the MSDP license
    2.  
      Licensing NetBackup MSDP
  6. Configuring deduplication
    1.  
      Configuring MSDP server-side deduplication
    2.  
      Configuring MSDP client-side deduplication
    3.  
      About the MSDP Deduplication Multi-Threaded Agent
    4. Configuring the Deduplication Multi-Threaded Agent behavior
      1.  
        MSDP mtstrm.conf file parameters
    5.  
      Configuring deduplication plug-in interaction with the Multi-Threaded Agent
    6.  
      About MSDP fingerprinting
    7.  
      About the MSDP fingerprint cache
    8. Configuring the MSDP fingerprint cache behavior
      1.  
        MSDP fingerprint cache behavior options
    9.  
      About seeding the MSDP fingerprint cache for remote client deduplication
    10.  
      Configuring MSDP fingerprint cache seeding on the client
    11. Configuring MSDP fingerprint cache seeding on the storage server
      1.  
        NetBackup seedutil options
    12.  
      About sampling and predictive cache
    13.  
      Enabling 400 TB support for MSDP
    14. About MSDP Encryption using NetBackup KMS service
      1.  
        Upgrading KMS for MSDP
      2.  
        Enabled KMS encryption for Local LSU
    15.  
      About MSDP Encryption using external KMS server
    16. Configuring a storage server for a Media Server Deduplication Pool
      1.  
        MSDP storage path properties
      2.  
        MSDP network interface properties
    17.  
      About disk pools for NetBackup deduplication
    18. Configuring a disk pool for deduplication
      1.  
        Media Server Deduplication Pool properties
    19.  
      Creating the data directories for 400 TB MSDP support
    20.  
      Adding volumes to a 400 TB Media Server Deduplication Pool
    21. Configuring a Media Server Deduplication Pool storage unit
      1.  
        Media Server Deduplication Pool storage unit properties
      2.  
        MSDP storage unit recommendations
    22.  
      Configuring client attributes for MSDP client-side deduplication
    23.  
      Disabling MSDP client-side deduplication for a client
    24.  
      About MSDP compression
    25.  
      About MSDP encryption
    26.  
      MSDP compression and encryption settings matrix
    27.  
      Configuring encryption for MSDP backups
    28.  
      Configuring encryption for MSDP optimized duplication and replication
    29.  
      About the rolling data conversion mechanism for MSDP
    30.  
      Modes of rolling data conversion
    31.  
      MSDP encryption behavior and compatibilities
    32.  
      Configuring optimized synthetic backups for MSDP
    33.  
      About a separate network path for MSDP duplication and replication
    34.  
      Configuring a separate network path for MSDP duplication and replication
    35. About MSDP optimized duplication within the same domain
      1. About the media servers for MSDP optimized duplication within the same domain
        1.  
          About MSDP push duplication within the same domain
        2.  
          About MSDP pull duplication within the same domain
    36. Configuring MSDP optimized duplication within the same NetBackup domain
      1. Configuring NetBackup optimized duplication or replication behavior
        1.  
          Setting NetBackup configuration options by using the command line
    37.  
      About MSDP replication to a different domain
    38. Configuring MSDP replication to a different NetBackup domain
      1. About NetBackup Auto Image Replication
        1.  
          One-to-many Auto Image Replication model
        2.  
          Cascading Auto Image Replication model
        3.  
          About the domain relationship for replication
        4.  
          About the replication topology for Auto Image Replication
        5. Viewing the replication topology for Auto Image Replication
          1.  
            Sample volume properties output for MSDP replication
      2.  
        About trusted primary servers for Auto Image Replication
      3.  
        About the certificate to be used for adding a trusted primary server
      4.  
        Adding a trusted primary server using a NetBackup CA-signed (host ID-based) certificate
      5.  
        Adding a trusted primary server using external CA-signed certificate
      6.  
        Removing a trusted primary server
      7.  
        Enabling NetBackup clustered primary server inter-node authentication
      8.  
        Configuring NetBackup CA and NetBackup host ID-based certificate for secure communication between the source and the target MSDP storage servers
      9.  
        Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server
      10. Configuring a target for MSDP replication to a remote domain
        1.  
          Target options for MSDP replication
        2.  
          Configuring a NetBackup Deduplication Engine user with limited permissions for Auto Image Replication
    39.  
      About configuring MSDP optimized duplication and replication bandwidth
    40.  
      About performance tuning of optimized duplication and replication for MSDP cloud
    41.  
      About storage lifecycle policies
    42.  
      About the storage lifecycle policies required for Auto Image Replication
    43. Creating a storage lifecycle policy
      1.  
        Storage Lifecycle Policy dialog box settings
    44.  
      About MSDP backup policy configuration
    45.  
      Creating a backup policy
    46. Resilient Network properties
      1.  
        Resilient connection resource usage
    47.  
      Specifying resilient connections
    48.  
      Adding an MSDP load balancing server
    49.  
      About variable-length deduplication on NetBackup clients
    50.  
      Managing the variable-length deduplication using the cacontrol command-line utility
    51.  
      About the MSDP pd.conf configuration file
    52. Editing the MSDP pd.conf file
      1.  
        MSDP pd.conf file parameters
    53.  
      About the MSDP contentrouter.cfg file
    54.  
      About saving the MSDP storage server configuration
    55.  
      Saving the MSDP storage server configuration
    56.  
      Editing an MSDP storage server configuration file
    57.  
      Setting the MSDP storage server configuration
    58.  
      About the MSDP host configuration file
    59.  
      Deleting an MSDP host configuration file
    60.  
      Resetting the MSDP registry
    61. About protecting the MSDP catalog
      1.  
        About the MSDP shadow catalog
      2.  
        About the MSDP catalog backup policy
    62.  
      Changing the MSDP shadow catalog path
    63.  
      Changing the MSDP shadow catalog schedule
    64.  
      Changing the number of MSDP catalog shadow copies
    65. Configuring an MSDP catalog backup
      1.  
        MSDP drcontrol options
    66.  
      Updating an MSDP catalog backup policy
    67.  
      About MSDP FIPS compliance
    68.  
      Configuring the NetBackup client-side deduplication to support multiple interfaces of MSDP
    69.  
      About MSDP multi-domain support
    70.  
      About MSDP application user support
    71.  
      About MSDP mutli-domain VLAN Support
    72. About NetBackup WORM storage support for immutable and indelible data
      1.  
        About the NetBackup command line options to configure immutable and indelible data
  7. MSDP cloud support
    1. About MSDP cloud support
      1.  
        Operating system requirement for configuration
      2.  
        Limitations
    2.  
      Create a Media Server Deduplication Pool (MSDP) storage server in the NetBackup web UI
    3.  
      Creating a cloud storage unit
    4.  
      Updating cloud credentials for a cloud LSU
    5.  
      Updating encryption configurations for a cloud LSU
    6.  
      Deleting a cloud LSU
    7.  
      Backup data to cloud by using cloud LSU
    8.  
      Duplicate data cloud by using cloud LSU
    9.  
      Configuring AIR to use cloud LSU
    10.  
      About backward compatibility support
    11.  
      About the configuration items in cloud.json, contentrouter.cfg, and spa.cfg
    12. Cloud space reclamation
      1.  
        Configuring the container aging
      2.  
        Configuring the cloud compaction
    13.  
      About the tool updates for cloud support
    14. About the disaster recovery for cloud LSU
      1.  
        Common disaster recovery steps
      2.  
        Disaster recovery for cloud LSU in Flex Scale
    15. About Image Sharing using MSDP cloud
      1.  
        Things to consider before you use image sharing to convert VM image to VHD in Azure
      2.  
        Converting the VM image to VHD in Azure
    16.  
      About restore from a backup in Microsoft Azure Archive
    17.  
      About Veritas Alta Recovery Vault Azure
    18.  
      Configuring Veritas Alta Recovery Vault Azure and Azure Government
    19.  
      Configuring Veritas Alta Recovery Vault Azure and Azure Government using the CLI
    20.  
      Migrating from standard authentication to token-based authentication for Recovery Vault
    21. About MSDP cloud immutable (WORM) storage support
      1.  
        About MSDP cloud admin tool
      2. About immutable object support for AWS S3
        1.  
          Creating a cloud immutable storage unit
        2.  
          Managing AWS S3 immutable storage using msdpcldutil tool
        3.  
          Extend the cloud immutable volume live duration automatically
        4.  
          Performance tuning
        5.  
          AWS user permissions to create the cloud immutable volume
        6.  
          About bucket policy for immutable storage
      3. About immutable object support for AWS S3 compatible platforms
        1.  
          Creating a cloud immutable storage unit for the S3 compatible platforms
        2.  
          Managing HCP for Cloud Scale using msdpcldutil tool
        3.  
          Managing Cloudian HyperStore using msdpcldutil tool
        4.  
          Managing Seagate Lyve Cloud using msdpcldutil tool
        5.  
          Managing Veritas Access Cloud using msdpcldutil tool
        6.  
          Managing Wasabi cloud storage using msdpcldutil tool
        7.  
          Managing Scality RING/ARTESCA using msdpcldutil tool
        8.  
          Managing EMC-ECS using msdpcldutil tool
        9.  
          Managing Quantum ActiveScale using msdpcldutil tool
        10.  
          Managing NetApp StorageGRID Webscale - WAN using msdpcldutil tool
      4. About immutable storage support for Azure blob storage
        1.  
          Creating an Azure cloud immutable storage unit using the Web UI
        2.  
          Managing an Azure cloud immutable volume using msdpcldutil tool
      5. About immutable storage support for Google Cloud Storage
        1.  
          Creating a Google cloud immutable storage using the Web UI
        2.  
          Managing a Google cloud immutable storage using msdpcldutil tool
      6.  
        About using the cloud immutable storage in a cluster environment
      7.  
        Troubleshooting the error when the bucket is created without msdpcldutil
      8.  
        Deleting the immutable image with the enterprise mode
      9.  
        Refreshing the immutable cloud volume retention range value in the web UI
      10.  
        Deleting the S3 object permanently
    22.  
      About instant access for object storage in cloud
  8. S3 Interface for MSDP
    1.  
      About S3 interface for MSDP
    2.  
      Prerequisites for MSDP build-your-own (BYO) server
    3. Configuring S3 interface for MSDP on MSDP build-your-own (BYO) server
      1.  
        Changing the certificate in S3 server
    4. Identity and Access Management (IAM) for S3 interface for MSDP
      1.  
        Signing IAM and S3 API requests
      2.  
        IAM workflow
      3. IAM APIs for S3 interface for MSDP
        1.  
          Common Parameters
        2.  
          Common Error Codes
        3.  
          CreateUser
        4.  
          GetUser
        5.  
          ListUsers
        6.  
          DeleteUser
        7.  
          CreateAccessKey
        8.  
          ListAccessKeys
        9.  
          DeleteAccessKey
        10.  
          UpdateAccessKey
        11.  
          PutUserPolicy
        12.  
          GetUserPolicy
        13.  
          ListUserPolicies
        14.  
          DeleteUserPolicy
        15.  
          Data Types
      4.  
        IAM policy document syntax
    5. S3 APIs for S3 interface for MSDP
      1. S3 APIs on Buckets
        1.  
          CreateBucket
        2.  
          DeleteBucket
        3.  
          GETBucketEncryption
        4.  
          GETBucketLocation
        5.  
          GetBucketVersioning
        6.  
          HeadBucket
        7.  
          ListBuckets
        8.  
          ListMultipartUploads
        9.  
          ListObjects
        10.  
          ListObjectsV2
        11.  
          ListObjectVersions
        12.  
          PutBucketVersioning
      2. S3 APIs on Objects
        1.  
          AbortMultipartUpload
        2.  
          CompleteMultipartUpload
        3.  
          CreateMultipartUpload
        4.  
          DeleteObject
        5.  
          DeleteObjects
        6.  
          GetObject
        7.  
          HeadObject
        8.  
          PutObject
        9.  
          UploadPart
        10.  
          PutObject (snowball-auto-extract for small files)
      3.  
        The naming rules for buckets and objects
    6.  
      Disaster recovery in S3 interface for MSDP
    7.  
      Limitations in S3 interface for MSDP
    8.  
      Logging and troubleshooting
    9.  
      Best practices
  9. Monitoring deduplication activity
    1.  
      Monitoring the MSDP deduplication and compression rates
    2. Viewing MSDP job details
      1.  
        MSDP job details
    3.  
      About MSDP storage capacity and usage reporting
    4.  
      About MSDP container files
    5.  
      Viewing storage usage within MSDP container files
    6.  
      About monitoring MSDP processes
    7.  
      Reporting on Auto Image Replication jobs
  10. Managing deduplication
    1. Managing MSDP servers
      1.  
        Viewing MSDP storage servers
      2.  
        Determining the MSDP storage server state
      3.  
        Viewing MSDP storage server attributes
      4.  
        Setting MSDP storage server attributes
      5.  
        Changing MSDP storage server properties
      6.  
        Clearing MSDP storage server attributes
      7.  
        About changing the MSDP storage server name or storage path
      8.  
        Changing the MSDP storage server name or storage path
      9.  
        Removing an MSDP load balancing server
      10.  
        Deleting an MSDP storage server
      11.  
        Deleting the MSDP storage server configuration
    2. Managing NetBackup Deduplication Engine credentials
      1.  
        Determining which media servers have deduplication credentials
      2.  
        Adding NetBackup Deduplication Engine credentials
      3.  
        Changing NetBackup Deduplication Engine credentials
      4.  
        Deleting credentials from a load balancing server
    3. Managing Media Server Deduplication Pools
      1.  
        Viewing Media Server Deduplication Pools
      2.  
        Determining the Media Server Deduplication Pool state
      3.  
        Changing OpenStorage disk pool state
      4.  
        Viewing Media Server Deduplication Pool attributes
      5.  
        Setting a Media Server Deduplication Pool attribute
      6. Changing a Media Server Deduplication Pool properties
        1.  
          How to resolve volume changes for Auto Image Replication
      7.  
        Clearing a Media Server Deduplication Pool attribute
      8.  
        Determining the MSDP disk volume state
      9.  
        Changing the MSDP disk volume state
      10.  
        Deleting a Media Server Deduplication Pool
    4.  
      Deleting backup images
    5.  
      About MSDP queue processing
    6.  
      Processing the MSDP transaction queue manually
    7.  
      About MSDP data integrity checking
    8. Configuring MSDP data integrity checking behavior
      1.  
        MSDP data integrity checking configuration parameters
    9.  
      About managing MSDP storage read performance
    10. About MSDP storage rebasing
      1.  
        MSDP server-side rebasing parameters
    11.  
      About the MSDP data removal process
    12.  
      Resizing the MSDP storage partition
    13.  
      How MSDP restores work
    14.  
      Configuring MSDP restores directly to a client
    15.  
      About restoring files at a remote site
    16.  
      About restoring from a backup at a target primary domain
    17.  
      Specifying the restore server
  11. Recovering MSDP
    1.  
      About recovering the MSDP catalog
    2.  
      Restoring the MSDP catalog from a shadow copy
    3.  
      Recovering from an MSDP storage server disk failure
    4.  
      Recovering from an MSDP storage server failure
    5.  
      Recovering the MSDP storage server after NetBackup catalog recovery
  12. Replacing MSDP hosts
    1.  
      Replacing the MSDP storage server host computer
  13. Uninstalling MSDP
    1.  
      About uninstalling MSDP
    2.  
      Deactivating MSDP
  14. Deduplication architecture
    1.  
      MSDP server components
    2.  
      Media server deduplication backup process
    3.  
      MSDP client components
    4.  
      MSDP client - side deduplication backup process
  15. Configuring and using universal shares
    1.  
      About universal shares
    2.  
      Configuring and using an MSDP build-your-own (BYO) server for universal shares
    3.  
      MSDP build-your-own (BYO) server prerequisites and hardware requirements to configure universal shares
    4.  
      Configuring universal share user authentication
    5.  
      Mounting a universal share created from the NetBackup web UI
    6.  
      About universal share self-service recovery
    7.  
      Performing a universal share self-service recovery
    8. Using the ingest mode
      1.  
        Using the ingest mode to take a snapshot over NFS or SMB
      2.  
        Using the ingest mode to run a policy using NFS or SMB
    9.  
      About universal shares with object store
    10. Enabling a universal share with object store
      1.  
        Enabling instant access with object storage
    11.  
      Disaster recovery for a universal share
    12.  
      Changing the number of vpfsd instances
    13.  
      Enabling variable-length deduplication (VLD) algorithm for universal shares
    14.  
      Upgrading to NetBackup 10.2.0.1
  16. Configuring isolated recovery environment (IRE)
    1.  
      Requirements
    2.  
      Configuring the network isolation
    3.  
      Configuring an isolated recovery environment on a NetBackup BYO media server
    4.  
      Managing an isolated recovery environment on a NetBackup BYO media server
    5.  
      Configuring AIR for replicating backup images from production environment to IRE BYO environment
    6.  
      Configuring an isolated recovery environment on a WORM storage server
    7.  
      Managing an isolated recovery environment on a WORM storage server
    8.  
      Configuring data transmission between a production environment and an IRE WORM storage server
  17. Using the NetBackup Deduplication Shell
    1.  
      About the NetBackup Deduplication Shell
    2. Managing users from the deduplication shell
      1.  
        Adding and removing local users from the deduplication shell
      2.  
        Adding MSDP users from the deduplication shell
      3.  
        Connecting an Active Directory domain to a WORM or an MSDP storage server for Universal Shares and Instant Access
      4.  
        Disconnecting an Active Directory domain from the deduplication shell
      5.  
        Changing a user password from the deduplication shell
    3.  
      Managing VLAN interfaces from the deduplication shell
    4.  
      Managing the retention policy on a WORM storage server
    5.  
      Managing images with a retention lock on a WORM storage server
    6.  
      Auditing WORM retention changes
    7.  
      Protecting the NetBackup catalog from the deduplication shell
    8. Managing certificates from the deduplication shell
      1.  
        Viewing the certificate details from the deduplication shell
      2.  
        Importing certificates from the deduplication shell
      3.  
        Removing certificates from the deduplication shell
    9.  
      Managing FIPS mode from the deduplication shell
    10.  
      Encrypting backups from the deduplication shell
    11.  
      Tuning the MSDP configuration from the deduplication shell
    12.  
      Setting the MSDP log level from the deduplication shell
    13. Managing NetBackup services from the deduplication shell
      1.  
        Managing the cyclic redundancy checking (CRC) service
      2.  
        Managing the content router queue processing (CRQP) service
      3.  
        Managing the online checking service
      4.  
        Managing the compaction service
      5.  
        Managing the deduplication (MSDP) services
      6.  
        Managing the Storage Platform Web Service (SPWS)
      7.  
        Managing the Veritas provisioning file system (VPFS) configuration parameters
      8.  
        Managing the Veritas provisioning file system (VPFS) mounts
      9.  
        Managing the NGINX service
      10.  
        Managing the SMB service
    14. Monitoring and troubleshooting NetBackup services from the deduplication shell
      1.  
        Managing the health monitor
      2.  
        Viewing information about the system
      3.  
        Viewing the deduplication (MSDP) history or configuration files
      4.  
        Viewing the log files
      5.  
        Collecting and transferring troubleshooting files
    15. Managing S3 service from the deduplication shell
      1.  
        Configuring the S3 service
      2.  
        Creating or resetting root credentials
      3.  
        Changing the S3 service certificates
      4.  
        Managing the S3 service
  18. Troubleshooting
    1. About unified logging
      1.  
        About using the vxlogview command to view unified logs
      2.  
        Examples of using vxlogview to view unified logs
    2. About legacy logging
      1.  
        Creating NetBackup log file directories for MSDP
    3.  
      NetBackup MSDP log files
    4. Troubleshooting MSDP installation issues
      1.  
        MSDP installation on SUSE Linux fails
    5. Troubleshooting MSDP configuration issues
      1.  
        MSDP storage server configuration fails
      2.  
        MSDP database system error (220)
      3.  
        MSDP server not found error
      4.  
        License information failure during MSDP configuration
      5.  
        The disk pool wizard does not display an MSDP volume
    6. Troubleshooting MSDP operational issues
      1.  
        Verify that the MSDP server has sufficient memory
      2.  
        MSDP backup or duplication job fails
      3.  
        MSDP client deduplication fails
      4.  
        MSDP volume state changes to DOWN when volume is unmounted
      5.  
        MSDP errors, delayed response, hangs
      6.  
        Cannot delete an MSDP disk pool
      7.  
        MSDP media open error (83)
      8.  
        MSDP media write error (84)
      9.  
        MSDP no images successfully processed (191)
      10.  
        MSDP storage full conditions
      11.  
        Troubleshooting MSDP catalog backup
      12.  
        Storage Platform Web Service (spws) does not start
      13.  
        Disk volume API or command line option does not work
    7.  
      Viewing MSDP disk errors and events
    8.  
      MSDP event codes and messages
    9.  
      Unable to obtain the administrator password to use an AWS EC2 instance that has a Windows OS
    10. Trouble shooting multi-domain issues
      1.  
        Unable to configure OpenStorage server from another domain
      2.  
        MSDP storage server is down when you configure an OpenStorage server
      3.  
        MSDP server is overloaded when it is used by multiple NetBackup domains
    11.  
      Troubleshooting the cloud compaction error messages
  19. Appendix A. Migrating to MSDP storage
    1.  
      Migrating from another storage type to MSDP
  20. Appendix B. Migrating from Cloud Catalyst to MSDP direct cloud tiering
    1.  
      About migration from Cloud Catalyst to MSDP direct cloud tiering
    2.  
      About Cloud Catalyst migration strategies
    3. About direct migration from Cloud Catalyst to MSDP direct cloud tiering
      1.  
        About requirements for a new MSDP direct cloud tier storage server
      2.  
        About beginning the direct migration
      3.  
        Placing the Cloud Catalyst server in a consistent state
      4.  
        About installing and configuring the new MSDP direct cloud tier server
      5.  
        Running the migration to the new MSDP direct cloud tier server
    4.  
      About postmigration configuration and cleanup
    5.  
      About the Cloud Catalyst migration -dryrun option
    6.  
      About Cloud Catalyst migration cacontrol options
    7.  
      Reverting back to Cloud Catalyst from a successful migration
    8.  
      Reverting back to Cloud Catalyst from a failed migration
  21. Appendix C. Encryption Crawler
    1.  
      About the Encryption Crawler
    2.  
      About the two modes of the Encryption Crawler
    3.  
      Managing the Encryption Crawler
    4.  
      Advanced options
    5.  
      Tuning options
    6.  
      Encrypting the data
    7.  
      Command usage example outputs
  22.  
    Index

Importing certificates from the deduplication shell

Use the following procedures to import NetBackup or external certificates from the deduplication shell.

Importing a NetBackup certificate

To import a NetBackup certificate

  1. Open an SSH session to the server as the msdpadm user, or for NetBackup Flex Scale, as an appliance administrator.
  2. Run one of the following commands:

    • To request the NetBackup CA certificate from the primary server:

      setting certificate get-CA-certificate

      By default, the command uses the first primary server entry in the NetBackup configuration file. You can specify an alternate primary server with the primary_server parameter. For example:

      setting certificate get-CA-certificate primary_server=<alternate primary server hostname>

    • To request a host certificate from the primary server:

      setting certificate get-certificate [force=true]

      Where [force=true] is an optional parameter that overwrites the existing certificate if it already exists.

      By default, the command uses the first primary server entry in the NetBackup configuration file. You can specify an alternate primary server with the primary_server parameter. For example:

      setting certificate get-certificate primary_server=<alternate primary server hostname>

      Depending on the primary server security level, the host may require an authorization or a reissue token. If the command prompts that a token is required for the request, enter the command again with the token for the host ID-based certificate. For example:

      setting certificate get-certificate primary_server=<alternate primary server hostname> token=<certificate token> force=true

Importing external certificates

To import external certificates

  1. Open an SSH session to the server as the msdpadm user, or for NetBackup Flex Scale, as an appliance administrator.
  2. Run one of the following commands:

    • To download and install both the external CA certificate and the host certificate:

      setting certificate install-external-certificates cacert=<trust store> cert=<host certificate> private_key=<key> [passphrase=<passphrase>] scp_host=<host> scp_port=<port>

      Where:

      • <trust store> is the trust store in PEM format.

      • <host certificate> is the X.509 certificate of the host in PEM format.

      • <key> is the RSA private key in PEM format.

      • [passphrase=<passphrase>] is an optional parameter for the passphrase of the private key. This parameter is required if the key is encrypted.

      • <host> is the hostname of the host that stores the external certificates.

      • <port> is the port to connect to on the remote host.

    • To download and install the external CA certificate:

      setting certificate get-external-CA-certificate cacert=<trust store> scp_host=<host> scp_port=<port>

      Where:

      • <trust store> is the trust store in PEM format.

      • <host> is the hostname of the host that stores the external certificates.

      • <port> is the port to connect to on the remote host.

    • To download and install the external host certificate:

      setting certificate get-external-certificates cert=<host certificate> private_key=<key> [passphrase=<passphrase>] scp_host=<host> scp_port=<port>

      Where:

      • <host certificate> is the X.509 certificate of the host in PEM format.

      • <key> is the RSA private key in PEM format.

      • [passphrase=<passphrase>] is an optional parameter for the passphrase of the private key. This parameter is required if the key is encrypted.

      • <host> is the hostname of the host that stores the external certificates.

      • <port> is the port to connect to on the remote host.

      Note:

      If an external host certificate already exists on the server, it is overwritten.

  3. (Optional) Run the following command to specify the revocation check level for the external certificates:

    setting certificate set-CRL-check-level check_level=<DISABLE, LEAF, or CHAIN>

    The check levels are as follows:

    • DISABLE: The revocation check is disabled. The revocation status of the certificate is not validated against the CRL during host communication.

    • LEAF: The revocation status of the leaf certificate is validated against the CRL. LEAF is the default value.

    • CHAIN: The revocation status of all certificates from the certificate chain is validated against the CRL.