Please enter search query.
Search <product_name> all support & community content...
Article: 100044591
Last Published: 2018-12-21
Ratings: 4 0
Product(s): NetBackup & Alta Data Protection
Description
Use this article for the latest information on restoring a disaster recovery package in NetBackup 8.1.x
Restoring a disaster recovery package on Windows
After a disaster, you need to restore disaster recovery package corresponding to the catalog backup that you want to restore. Disaster recovery package gets the master server host identity back. You need to restore the host identity before you perform catalog recovery.
Important notes
In a clustered master server setup:
- The disaster recovery package contains the identity files and configuration only for the virtual name.
- After the DR installation, the virtual name's certificate is restored.
- Cluster node-specific certificates and configuration options are not backed up and therefore are not recovered. You need to redeploy or reconfigure NetBackup or external certificates after the DR installation.
Prerequisites
If external CA-signed certificates are used in your NetBackup domain, ensure the following:
- Ensure that the certificate file path is configured, accessible, and is the same as the one that was backed up.
- You have configured the required certificate revocation lists (CRL) before you begin the disaster recovery installation, if applicable. Refer to the NetBackup Security and Encryption Guide.
- You have copied the required external certificates in Windows certificate store, if applicable.
- Only in case where external certificate was configured on the master server before the disaster and DR installation fails, you can set the environment variable called DR_PKG_MARKER_FILE to enable you to correct external certificate configuration towards the end of the DR installation. See the “About the DR_PKG_MARKER_FILE environment variable” section.
To restore the disaster recovery package during NetBackup installation
- Start the NetBackup software installation. Refer to the Installing server software on Windows systems section from the NetBackup Installation Guide.
- On the NetBackup License Key and Server Type screen, select the Disaster Recovery Master Server option.
- On the NetBackup Disaster Recovery screen, specify the location of the disaster recovery package. Click Browse to select the package location that you want to restore.
- Specify the passphrase that is associated with the disaster recovery package that you want to restore.
Ensure that you specify the appropriate passphrase:- If you specify a wrong passphrase or the passphrase is lost, you need to deploy security certificates on all hosts after installation. The disaster recovery package cannot be restored during installation. To restore the disaster recovery package after installation, refer to the following article: http://www.veritas.com/docs/000125933
- If the passphrase is validated, continue with the installation.
- If external CA-signed certificates were used in your NetBackup domain at the time of catalog backup before the disaster, at the time of DR installation, the installer shows a WARNING message to configure the certificate revocation list (CRL). The CRL settings are also displayed that you can configure.
- Review the value of the ECA_CRL_CHECK configuration option. For more information on catalog backup and external certificate configuration options, refer to the NetBackup Administrator's Guide, Volume I.
- If the ECA_CRL_CHECK configuration option is set to ‘DISABLE’ (or '0'), you do not need to do the CRL configurations.
- If the ECA_CRL_CHECK configuration option is enabled, you are prompted to configure the CRL. Configure the CRLs and continue with the DR installation.
- Depending on the value that is specified for the ECA_CRL_PATH option, make the required CRLs available.
- If ECA_CRL_PATH is not specified, NetBackup uses the CRLs from CRL distribution point (CDP) of the peer host's certificate. Ensure that the URLs that are available in the CDP are accessible.
- If ECA_CRL_PATH is specified, NetBackup uses the CRLs that are available in the directory specified for this option. Copy the valid CRLs in the directory that you specify for ECA_CRL_PATH.
- In case Windows certificate store was used to store the external CA-signed and this certificate could not be backed up in the DR package, you can see a warning to configure the external CA-signed. Configure the following external certificate configuration options on the master server as per the values provided in the installer or in the corresponding disaster recovery email:
ECA_CERT_PATH
ECA_PRIVATE_KEY_PATH
ECA_KEY_PASSPHRASEFILE
ECA_TRUST_STORE_PATH
ECA_CRL_PATH
ECA_MASTER_SERVER_LIST
Refer to the NetBackup Security and Encryption Guide.
In case the DR_PKG_MARKER_FILE environment variable was set before the DR installation, the installer waits with a message suggesting the presence of the touch file. Once the external certificate configuration is done delete the touch file that you have set for the DR_PKG_MARKER_FILE environment variable. NetBackup services are started.
- Refer to the Installing server software on Windows systems section from the NetBackup Installation Guide.
To restore the disaster recovery package after NetBackup installation
- Run the nbhostidentity -import -infile file_path command after NetBackup installation. Refer to the NetBackup Commands Reference Guide.
- Clean up the whitelist cache and restart the NetBackup services on all hosts in the domain.
- Carry out this step to remove the NetBackup certificate files in the following scenario:
- NetBackup was configured to use only external CA-signed certificates before the disaster and NetBackup was configured to use NetBackup certificates or both NetBackup and external certificates before you manually imported thedisaster recovery package.
- Run the following command to remove NetBackup certificate files:
configureWebServerCerts -removeNBCert
Restoring a disaster recovery package on UNIX
After a disaster, you need to restore disaster recovery package corresponding to the catalog backup that you want to restore. Disaster recovery package gets the master server host identity back. You need to restore the host identity before you perform catalog recovery.
Important notes
In a clustered master server setup:
- The disaster recovery package contains the identity files and configuration only for the virtual name.
- After the DR installation, the virtual name's certificate is restored.
- Cluster node-specific certificates and configuration options are not backed up and therefore are not recovered. You need to redeploy or reconfigure NetBackup or external certificates after the DR installation.
Prerequisites
If external CA-signed certificates are used in your NetBackup domain, ensure the following:
- In case of file-based external certificates, ensure that the certificate file path is configured, accessible, and is the same as the one that was backed up.
- If you used Windows certificate store as a certificate store before the disaster and the certificate files were not backed up during catalog backup, you need to manually configure the external certificate for the host after the disaster. Refer to the following article: https://www.veritas.com/support/en_US/article.100044249
- You have configured the required certificate revocation lists (CRL) before you begin the disaster recovery installation, if applicable. For more information on the CRLs, refer to the NetBackup Security and Encryption Guide.
- Only in case where external certificate was configured on the master server before the disaster and DR installation fails, you can set the environment variable called DR_PKG_MARKER_FILE to enable you to correct external certificate configuration towards the end of the DR installation. See the “About the DR_PKG_MARKER_FILE environment variable” section.
To restore the disaster recovery package during NetBackup installation
- Start the NetBackup software installation. Refer to the Installing server software on UNIX systems section from the NetBackup Installation Guide.
- When the following message appears, press Enter to continue:
Is this host a master server? [y/n] (y)
- When the following message appears, select Y.
Are you currently performing a disaster recovery of a master server? [y/n] (y)
- When the following message appears, provide the name and the path of the disaster recovery package that you want to restore.
Enter the name of your disaster recovery package along with the path, or type q to exit the install script:
If external certificates are used in your domain, a warning message is displayed. When the Installer waits during subsequent steps, configure the external certificate configuration options as per step 6.
- When the following message appears, provide the passphrase that is associated with the disaster recovery package that you want to restore.
Caution: Ensure that you specify the appropriate passphrase. If you specify a wrong passphrase or the passphrase is lost, you need to deploy security certificates on all hosts after installation. The disaster recovery package cannot be restored during installation. To restore the disaster recovery package after installation, refer to the following article: http://www.veritas.com/docs/000125933
Enter your disaster recovery passphrase, or enter q to exit installation:
The following message appears:
Validating disaster recovery passphrase...
If the passphrase is validated, continue with the installation.
- If external CA-signed certificates are used in your NetBackup domain, do the following:
- Review the value of the ECA_CRL_CHECK configuration option. For more information on catalog backup and external certificate configuration options, refer to the NetBackup Administrator's Guide, Volume I.
- If the ECA_CRL_CHECK configuration option is set to ‘DISABLE’ (or '0'), you do not need to do the CRL configurations.
- If the ECA_CRL_CHECK configuration option is enabled, you are prompted to configure the CRL. The UNIX installer does not wait for any action but proceeds to the next step in the installer. When the installer waits after the following step, you can configure the CRLs and continue with the DR installation. Configure the CRLs and continue with the DR installation.
- Depending on the value that is specified for the ECA_CRL_PATH option, make the required CRLs available.
- If ECA_CRL_PATH is not specified, NetBackup uses the CRLs from CRL distribution point (CDP) of the peer host's certificate. Ensure that the URLs that are available in the CDP are accessible.
- If ECA_CRL_PATH is specified, NetBackup uses the CRLs that are available in the directory specified for this option. Copy the valid CRLs in the directory that you specify for ECA_CRL_PATH.
- In case the DR_PKG_MARKER_FILE environment variable was set before the DR installation, the installer waits with a message suggesting the presence of the touch file. Once the external certificate configuration is done delete the touch file that you have set for the DR_PKG_MARKER_FILE environment variable. NetBackup services are started.
- Review the value of the ECA_CRL_CHECK configuration option. For more information on catalog backup and external certificate configuration options, refer to the NetBackup Administrator's Guide, Volume I.
- Refer to the Installing server software on UNIX systems section from the NetBackup Installation Guide.
To restore the disaster recovery package after NetBackup installation
- Run the nbhostidentity -import -infile file_path command after NetBackup installation. Refer to the NetBackup Commands Reference Guide.Clean up the whitelist cache and restart the NetBackup services on all hosts in the domain.
- Carry out this step to remove the NetBackup certificate files in the following scenario:
NetBackup was configured to use only external CA-signed certificates before the disaster and it was configured to use NetBackup certificates or both NetBackup and external certificates before you manually imported the disaster recovery package. - Run the following command to remove NetBackup certificate files:
configureWebServerCerts -removeNBCert
About the DR_PKG_MARKER_FILE environment variable
In case external CA was configured on the master server before the disaster and the DR installation is not successful, you can use this utility to re-configure the external CA configuration settings. This hook enables DR Install to wait after recovering the DR Package, and before the final restart of the services. This gives you an opportunity to correct/re-configure ECA settings as desired.
For more information on external CA-signed certificates, refer to the NetBackup Security and Encryption Guide.
See the “Restoring disaster recovery package on Windows” section.
See the “Restoring disaster recovery package on UNIX” section.
To let the NetBackup Installer hold the installation process until you have made the desired changes to external CA configuration settings, you should set an environment variable called DR_PKG_MARKER_FILE with a touch file. After this environment variable is set, you can start the DR installation.
The DR installation waits towards the end of installation, before starting the NetBackup services, as long it finds the touch file present on the filesystem. You can change the external certificate configuration settings during this time. Once done, you must delete the touch file that contains the DR_PKG_MARKER_FILE environment variable to let the Installer resume the installation process.
Note: This marker files should be used only in case of DR installation failures because of external certificate configurations.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.