NetBackup™ Deduplication Guide
- Introducing the NetBackup media server deduplication option
- Quick start
- Planning your deployment
- Planning your MSDP deployment
- NetBackup naming conventions
- About MSDP deduplication nodes
- About the NetBackup deduplication destinations
- About MSDP storage capacity
- About MSDP storage and connectivity requirements
- About NetBackup media server deduplication
- About NetBackup Client Direct deduplication
- About MSDP remote office client deduplication
- About the NetBackup Deduplication Engine credentials
- About the network interface for MSDP
- About MSDP port usage
- About MSDP optimized synthetic backups
- About MSDP and SAN Client
- About MSDP optimized duplication and replication
- About MSDP performance
- About MSDP stream handlers
- MSDP deployment best practices
- Use fully qualified domain names
- About scaling MSDP
- Send initial full backups to the storage server
- Increase the number of MSDP jobs gradually
- Introduce MSDP load balancing servers gradually
- Implement MSDP client deduplication gradually
- Use MSDP compression and encryption
- About the optimal number of backup streams for MSDP
- About storage unit groups for MSDP
- About protecting the MSDP data
- Save the MSDP storage server configuration
- Plan for disk write caching
- Provisioning the storage
- Licensing deduplication
- Configuring deduplication
- Configuring MSDP server-side deduplication
- Configuring MSDP client-side deduplication
- About the MSDP Deduplication Multi-Threaded Agent
- Configuring the Deduplication Multi-Threaded Agent behavior
- Configuring deduplication plug-in interaction with the Multi-Threaded Agent
- About MSDP fingerprinting
- About the MSDP fingerprint cache
- Configuring the MSDP fingerprint cache behavior
- About seeding the MSDP fingerprint cache for remote client deduplication
- Configuring MSDP fingerprint cache seeding on the client
- Configuring MSDP fingerprint cache seeding on the storage server
- About sampling and predictive cache
- Enabling 400 TB support for MSDP
- About MSDP Encryption using NetBackup KMS service
- About MSDP Encryption using external KMS server
- Configuring a storage server for a Media Server Deduplication Pool
- About disk pools for NetBackup deduplication
- Configuring a disk pool for deduplication
- Creating the data directories for 400 TB MSDP support
- Adding volumes to a 400 TB Media Server Deduplication Pool
- Configuring a Media Server Deduplication Pool storage unit
- Configuring client attributes for MSDP client-side deduplication
- Disabling MSDP client-side deduplication for a client
- About MSDP compression
- About MSDP encryption
- MSDP compression and encryption settings matrix
- Configuring encryption for MSDP backups
- Configuring encryption for MSDP optimized duplication and replication
- About the rolling data conversion mechanism for MSDP
- Modes of rolling data conversion
- MSDP encryption behavior and compatibilities
- Configuring optimized synthetic backups for MSDP
- About a separate network path for MSDP duplication and replication
- Configuring a separate network path for MSDP duplication and replication
- About MSDP optimized duplication within the same domain
- Configuring MSDP optimized duplication within the same NetBackup domain
- About MSDP replication to a different domain
- Configuring MSDP replication to a different NetBackup domain
- About NetBackup Auto Image Replication
- About trusted primary servers for Auto Image Replication
- About the certificate to be used for adding a trusted primary server
- Adding a trusted primary server using a NetBackup CA-signed (host ID-based) certificate
- Adding a trusted primary server using external CA-signed certificate
- Removing a trusted primary server
- Enabling NetBackup clustered primary server inter-node authentication
- Configuring NetBackup CA and NetBackup host ID-based certificate for secure communication between the source and the target MSDP storage servers
- Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server
- Configuring a target for MSDP replication to a remote domain
- About configuring MSDP optimized duplication and replication bandwidth
- About performance tuning of optimized duplication and replication for MSDP cloud
- About storage lifecycle policies
- About the storage lifecycle policies required for Auto Image Replication
- Creating a storage lifecycle policy
- About MSDP backup policy configuration
- Creating a backup policy
- Resilient Network properties
- Specifying resilient connections
- Adding an MSDP load balancing server
- About variable-length deduplication on NetBackup clients
- Managing the variable-length deduplication using the cacontrol command-line utility
- About the MSDP pd.conf configuration file
- Editing the MSDP pd.conf file
- About the MSDP contentrouter.cfg file
- About saving the MSDP storage server configuration
- Saving the MSDP storage server configuration
- Editing an MSDP storage server configuration file
- Setting the MSDP storage server configuration
- About the MSDP host configuration file
- Deleting an MSDP host configuration file
- Resetting the MSDP registry
- About protecting the MSDP catalog
- Changing the MSDP shadow catalog path
- Changing the MSDP shadow catalog schedule
- Changing the number of MSDP catalog shadow copies
- Configuring an MSDP catalog backup
- Updating an MSDP catalog backup policy
- About MSDP FIPS compliance
- Configuring the NetBackup client-side deduplication to support multiple interfaces of MSDP
- About MSDP multi-domain support
- About MSDP application user support
- About MSDP mutli-domain VLAN Support
- About NetBackup WORM storage support for immutable and indelible data
- MSDP cloud support
- About MSDP cloud support
- Create a Media Server Deduplication Pool (MSDP) storage server in the NetBackup web UI
- Creating a cloud storage unit
- Updating cloud credentials for a cloud LSU
- Updating encryption configurations for a cloud LSU
- Deleting a cloud LSU
- Backup data to cloud by using cloud LSU
- Duplicate data cloud by using cloud LSU
- Configuring AIR to use cloud LSU
- About backward compatibility support
- About the configuration items in cloud.json, contentrouter.cfg, and spa.cfg
- Cloud space reclamation
- About the tool updates for cloud support
- About the disaster recovery for cloud LSU
- About Image Sharing using MSDP cloud
- About restore from a backup in Microsoft Azure Archive
- About Veritas Alta Recovery Vault Azure
- Configuring Veritas Alta Recovery Vault Azure and Azure Government
- Configuring Veritas Alta Recovery Vault Azure and Azure Government using the CLI
- Migrating from standard authentication to token-based authentication for Recovery Vault
- About MSDP cloud immutable (WORM) storage support
- About MSDP cloud admin tool
- About immutable object support for AWS S3
- About immutable object support for AWS S3 compatible platforms
- Creating a cloud immutable storage unit for the S3 compatible platforms
- Managing HCP for Cloud Scale using msdpcldutil tool
- Managing Cloudian HyperStore using msdpcldutil tool
- Managing Seagate Lyve Cloud using msdpcldutil tool
- Managing Veritas Access Cloud using msdpcldutil tool
- Managing Wasabi cloud storage using msdpcldutil tool
- Managing Scality RING/ARTESCA using msdpcldutil tool
- Managing EMC-ECS using msdpcldutil tool
- Managing Quantum ActiveScale using msdpcldutil tool
- Managing NetApp StorageGRID Webscale - WAN using msdpcldutil tool
- About immutable storage support for Azure blob storage
- About immutable storage support for Google Cloud Storage
- About using the cloud immutable storage in a cluster environment
- Troubleshooting the error when the bucket is created without msdpcldutil
- Deleting the immutable image with the enterprise mode
- Refreshing the immutable cloud volume retention range value in the web UI
- Deleting the S3 object permanently
- About instant access for object storage in cloud
- S3 Interface for MSDP
- About S3 interface for MSDP
- Prerequisites for MSDP build-your-own (BYO) server
- Configuring S3 interface for MSDP on MSDP build-your-own (BYO) server
- Identity and Access Management (IAM) for S3 interface for MSDP
- S3 APIs for S3 interface for MSDP
- Disaster recovery in S3 interface for MSDP
- Limitations in S3 interface for MSDP
- Logging and troubleshooting
- Best practices
- Monitoring deduplication activity
- Managing deduplication
- Managing MSDP servers
- Viewing MSDP storage servers
- Determining the MSDP storage server state
- Viewing MSDP storage server attributes
- Setting MSDP storage server attributes
- Changing MSDP storage server properties
- Clearing MSDP storage server attributes
- About changing the MSDP storage server name or storage path
- Changing the MSDP storage server name or storage path
- Removing an MSDP load balancing server
- Deleting an MSDP storage server
- Deleting the MSDP storage server configuration
- Managing NetBackup Deduplication Engine credentials
- Managing Media Server Deduplication Pools
- Viewing Media Server Deduplication Pools
- Determining the Media Server Deduplication Pool state
- Changing OpenStorage disk pool state
- Viewing Media Server Deduplication Pool attributes
- Setting a Media Server Deduplication Pool attribute
- Changing a Media Server Deduplication Pool properties
- Clearing a Media Server Deduplication Pool attribute
- Determining the MSDP disk volume state
- Changing the MSDP disk volume state
- Deleting a Media Server Deduplication Pool
- Deleting backup images
- About MSDP queue processing
- Processing the MSDP transaction queue manually
- About MSDP data integrity checking
- Configuring MSDP data integrity checking behavior
- About managing MSDP storage read performance
- About MSDP storage rebasing
- About the MSDP data removal process
- Resizing the MSDP storage partition
- How MSDP restores work
- Configuring MSDP restores directly to a client
- About restoring files at a remote site
- About restoring from a backup at a target primary domain
- Specifying the restore server
- Managing MSDP servers
- Recovering MSDP
- Replacing MSDP hosts
- Uninstalling MSDP
- Deduplication architecture
- Configuring and using universal shares
- About universal shares
- Configuring and using an MSDP build-your-own (BYO) server for universal shares
- MSDP build-your-own (BYO) server prerequisites and hardware requirements to configure universal shares
- Configuring universal share user authentication
- Mounting a universal share created from the NetBackup web UI
- About universal share self-service recovery
- Performing a universal share self-service recovery
- Using the ingest mode
- About universal shares with object store
- Enabling a universal share with object store
- Disaster recovery for a universal share
- Changing the number of vpfsd instances
- Enabling variable-length deduplication (VLD) algorithm for universal shares
- Upgrading to NetBackup 10.2.0.1
- Configuring isolated recovery environment (IRE)
- Requirements
- Configuring the network isolation
- Configuring an isolated recovery environment on a NetBackup BYO media server
- Managing an isolated recovery environment on a NetBackup BYO media server
- Configuring AIR for replicating backup images from production environment to IRE BYO environment
- Configuring an isolated recovery environment on a WORM storage server
- Managing an isolated recovery environment on a WORM storage server
- Configuring data transmission between a production environment and an IRE WORM storage server
- Using the NetBackup Deduplication Shell
- About the NetBackup Deduplication Shell
- Managing users from the deduplication shell
- Adding and removing local users from the deduplication shell
- Adding MSDP users from the deduplication shell
- Connecting an Active Directory domain to a WORM or an MSDP storage server for Universal Shares and Instant Access
- Disconnecting an Active Directory domain from the deduplication shell
- Changing a user password from the deduplication shell
- Managing VLAN interfaces from the deduplication shell
- Managing the retention policy on a WORM storage server
- Managing images with a retention lock on a WORM storage server
- Auditing WORM retention changes
- Protecting the NetBackup catalog from the deduplication shell
- Managing certificates from the deduplication shell
- Managing FIPS mode from the deduplication shell
- Encrypting backups from the deduplication shell
- Tuning the MSDP configuration from the deduplication shell
- Setting the MSDP log level from the deduplication shell
- Managing NetBackup services from the deduplication shell
- Managing the cyclic redundancy checking (CRC) service
- Managing the content router queue processing (CRQP) service
- Managing the online checking service
- Managing the compaction service
- Managing the deduplication (MSDP) services
- Managing the Storage Platform Web Service (SPWS)
- Managing the Veritas provisioning file system (VPFS) configuration parameters
- Managing the Veritas provisioning file system (VPFS) mounts
- Managing the NGINX service
- Managing the SMB service
- Monitoring and troubleshooting NetBackup services from the deduplication shell
- Managing S3 service from the deduplication shell
- Troubleshooting
- About unified logging
- About legacy logging
- NetBackup MSDP log files
- Troubleshooting MSDP installation issues
- Troubleshooting MSDP configuration issues
- Troubleshooting MSDP operational issues
- Verify that the MSDP server has sufficient memory
- MSDP backup or duplication job fails
- MSDP client deduplication fails
- MSDP volume state changes to DOWN when volume is unmounted
- MSDP errors, delayed response, hangs
- Cannot delete an MSDP disk pool
- MSDP media open error (83)
- MSDP media write error (84)
- MSDP no images successfully processed (191)
- MSDP storage full conditions
- Troubleshooting MSDP catalog backup
- Storage Platform Web Service (spws) does not start
- Disk volume API or command line option does not work
- Viewing MSDP disk errors and events
- MSDP event codes and messages
- Unable to obtain the administrator password to use an AWS EC2 instance that has a Windows OS
- Trouble shooting multi-domain issues
- Troubleshooting the cloud compaction error messages
- Appendix A. Migrating to MSDP storage
- Appendix B. Migrating from Cloud Catalyst to MSDP direct cloud tiering
- About migration from Cloud Catalyst to MSDP direct cloud tiering
- About Cloud Catalyst migration strategies
- About direct migration from Cloud Catalyst to MSDP direct cloud tiering
- About postmigration configuration and cleanup
- About the Cloud Catalyst migration -dryrun option
- About Cloud Catalyst migration cacontrol options
- Reverting back to Cloud Catalyst from a successful migration
- Reverting back to Cloud Catalyst from a failed migration
- Appendix C. Encryption Crawler
- Index
About trusted primary servers for Auto Image Replication
NetBackup provides the ability to establish a trust relationship between replication domains. A trust relationship is optional for the Media Server Deduplication Pool as a target storage. Before you configure a storage server as a target storage, establish a trust relationship between the source A.I.R. and the target A.I.R operations.
The following items describe how a trust relationship affects Auto Image Replication:
No trust relationship | NetBackup replicates to all defined target storage servers. You cannot select a specific host or hosts as a target. |
Trust relationship | You can select a subset of your trusted domains as a target for replication. NetBackup then replicates to the specified domains only rather than to all configured replication targets. This type of Auto Image Replication is known as targeted A.I.R. |
With targeted A.I.R., when trust is established between the source and the remote target server, you need to establish trust in both the domains.
In the source primary server, add the target primary server as a trusted server.
In the target primary server, add the source primary server as a trusted server.
Note:
The does not support adding a trusted primary server using an external CA-signed certificate.
See Adding a trusted primary server using external CA-signed certificate.
See About the certificate to be used for adding a trusted primary server.
The following diagram illustrates the different tasks for adding trusted primary servers when NetBackup CA-signed certificate (or host ID-based certificate) is used to establish trust between the source and the target primary servers.
Figure: Tasks to establish a trust relationship between primary servers for targeted A.I.R. using NetBackup CA-signed certificate
Table: Tasks to establish a trust relationship between primary servers for targeted A.I.R.
Step | Task | Procedure |
|---|---|---|
Step 1 | Administrators of both the source and the target primary servers must obtain each other's CA certificate fingerprint and authorization tokens or the user credentials. This activity must be performed offline. Note: It is recommended to use an authentication token to connect to the remote primary server. An authentication token provides restricted access and allows secure communication between both the hosts. The use of user credentials (user name and password) may present a possible security breach. | To obtain the authorization tokens, use the bpnbat command to log on and nbcertcmd to get the authorization tokens. To obtain the SHA1 fingerprint of root certificate, use the nbcertcmd -displayCACertDetail command. To perform this task, see the NetBackup Commands Reference Guide. Note: When you run the commands, keep the target as the remote server. |
Step 2 | Establish trust between the source and the target domains.
| To perform this task in the NetBackup web UI, see the following topic: See Adding a trusted primary server using a NetBackup CA-signed (host ID-based) certificate. To perform this task using the nbseccmd, see the NetBackup Commands Reference Guide. |
Step 3 | After you have added the source and target trusted servers, they have each other's host ID-based certificates. The certificates are used during each communication. Primary Server A has a certificate that Primary Server B issued and vice versa. Before communication can occur, Primary Server A presents the certificate that Primary Server B issued and vice versa. The communication between the source and the target primary servers is now secured. | To understand the use of host ID-based certificates, see the NetBackup Security and Encryption Guide. |
Step 3.1 | Configure the source media server to get the security certificates and the host ID certificates from the target primary server. | |
Step 4 | Create an import storage lifecycle policy in the target domain. | |
| Step 5 | On the source MSDP server, use the Replication tab from the Change Storage Server dialog box to add the credentials of the target storage server. | See Configuring a target for MSDP replication to a remote domain. |
Step 5.1 | Create a replication storage lifecycle policy in the source domain using the specific target primary server and storage lifecycle policy. The backups that are generated in one NetBackup domain can be replicated to storage in one or more target NetBackup domains. | |
Step 6 | The backups that are generated in one NetBackup domain can be replicated to storage in one or more target NetBackup domains. This process is referred to as Auto Image Replication. |
If your source and target trusted servers use different NetBackup versions, consider the following.
Note:
When you upgrade both the source and the target primary server to version 8.1 or later, you need to update the trust relationship. Run the following command:
nbseccmd -setuptrustedmaster -update
See the NetBackup Commands Reference Guide.
Table: Trust setup methods for different NetBackup versions
Source server version | Target server version | Trust setup method |
|---|---|---|
8.1 and later | 8.1 and later | Add a trusted primary server using authorization token. Complete action on both the servers. |
8.1 and later | 8.0 or earlier | On the source server, add the target as the trusted primary server using the remote (target) server's credentials. |
8.0 or earlier | 8.1 and later | On the source server, add the target as the trusted primary server using the remote (target) server's credentials. |