Veritas NetBackup™ 52xx Appliance Initial Configuration Guide

To perform the initial configuration on a NetBackup 5240 Cloud Catalyst Appliance

1. On the laptop that is connected to the NIC1 appliance port, navigate to the Local Area Connection Properties dialog box.

   On the General tab, select Internet Protocol (TCP/IP) so that it is highlighted, then click Properties.

   

   On the Alternate Configuration tab, perform the following tasks:

   

   • Click User Configured.

   • For the IP address, enter 192.168.229.nnn, where nnn is any number from 2 through 254 except for 233.

   • For the Subnet mask, enter 255.255.255.0.

   • Click OK.

2. On the laptop that is connected to the appliance, open an SSH session to 192.168.229.233 and log on to your appliance.

   The logon is admin and the default password is P@ssw0rd.

   After you log on, the welcome message appears in the shell menu and the prompt is at the Main_Menu view.

3. From the Main_Menu > Network view, enter the following command to configure the IP address of a single network that you want your appliance to connect to.

   Configure IPAddress Netmask GatewayIPAddress [InterfaceNames]

   Where IPAddress is the new IP address, Netmask is the netmask, and GatewayIPAddress is the default gateway for the interface. The [InterfaceNames] option is optional.

   The IP Address or the Gateway IP Address must be an IPv4 address. NetBackup Cloud Catalyst does not currently support IPv6.

   If you want to configure multiple networks you must first configure the IP address of each network that you want to add. Then you configure the Gateway address for each network you added. You must make sure that you add the default Gateway address first. Use the following two commands:

   Configure the IP address of each network	To configure the IPv4 address of a network interface: IPv4 IPAddress Netmask [InterfaceName] Where IPAddress is the new IP address, Netmask is the netmask, and [InterfaceName] is optional. Repeat this command for each IP address that you want to add.
   Configure the gateway address for each network that you added	Gateway Add GatewayIPAddress [TargetNetworkIPAddress] [Netmask] [InterfaceName] Where GatewayIPAddress is the gateway for the interface and TargetNetworkIPAddress, Netmask, and InterfaceName are optional. Repeat this command to add the gateway to all of the destination networks.

4. From the Main_Menu > Network view, use the following command to set the appliance DNS domain name.

   Note:

   If you do not use DNS, then you can proceed to Step 7.

   DNS Domain Name

   Where Name is the new domain name for the appliance.

5. From the Main_Menu > Network view, use the following command to add the DNS name server to your appliance configuration.

   DNS Add NameServer IPAddress

   Where IPAddress is the IP address of the DNS server.

   To add multiple IP addresses, use a comma to separate each address and no space.

6. From the Main_Menu > Network view, use the following command to add a DNS search domain to your appliance configuration so the appliance can resolve the host names that are in different domains:

   DNS Add SearchDomain SearchDomain

   Where SearchDomain is the target domain to add for searching.

7. This step is optional. It lets you add the IP addresses of other hosts in the appliance hosts file.

   From the Main_Menu > Network view, use the following command to add host entries to the hosts file on your appliance.

   Hosts Add IPAddress FQHN ShortName

   Where IPAddress is the IPv4 address, FQHN is the fully qualified host name, and ShortName is the short host name.

8. From the Main_Menu > Network view, use the following command to set the host name for your appliance.

   Note:

   If you plan to configure Active Directory (AD) authentication on this appliance, the host name must be 15 characters or less. Otherwise, AD configuration can fail.

   Hostname Set Name

   Where Name is the short host name or the fully qualified domain name (FQDN) of this appliance.

   The host name is applied to the entire appliance configuration with a few exceptions. The short name always appears in the following places:

   • NetBackup Appliance Shell Menu prompts

   • Deduplication pool catalog backup policy

   • Default storage unit and disk pool names

   If this appliance has been factory reset and you want to import any of its previous backup images, the appliance host name must meet one of the following rules:

   • The host name must be exactly the same as the one used before the factory reset.

   • If you want to change the host name to an FQDN, it must include the short name that was used before the factory reset. For example, if "myhost" was used before the factory reset, use "myhost.domainname.com" as the new FQDN.

   • If you want to change the host name to a short host name, it must be derived from the FQDN that was used before the factory reset. For example, if "myhost.domainname.com" was used before the factory reset, use "myhost" as the new short host name.

   Note:

   The host name can only be set during an initial configuration session. After the initial configuration has completed successfully, you can re-enter initial configuration by performing a factory reset on the appliance. See the NetBackup appliance Administrator's Guide for more information.

   With this step, NetBackup is re-configured to operate with the new host name. This process may take a while to complete.

   For the command Hostname set to work, at least one IPv4 address is required. For example, you may want to set the host name of a specific host to v46. To do that, first ensure that the specific host has at least an IPv4 address and then run the following command.

   Main_Menu > Network > Hostname Set v46

9. (Optional) In addition to the above network configuration settings, you may also use the Main_Menu > Network view to create a bond and to tag a VLAN during the initial configuration of your appliance

   • Use the Network > LinkAggregation Create command to create a bond between two or more network interfaces.

   • Use the Network > VLAN Tag command to tag a VLAN to a physical interface or bond interface.

   For detailed information about the LinkAggregation and the VLAN command options, refer to the NetBackup Appliance Command Reference Guide.

10. From the Main_Menu > Network view, use the following commands to set the time zone, the date, and the time for this appliance:

    • Set the time zone by entering the following command:

      TimeZone Set

      Select the appropriate time zone from the displayed list.

    • Set the date and the time by entering the following command:

      Date Set Month Day HHMMSS Year

      Where Month is the name of the month.

      Where Day is the day of the month from 0 to 31.

      Where HHMMSS is the hour, minute, and seconds in a 24-hour format. The fields are separated by semi-colons, for example, HH:MM:SS.

      Where Year is the calendar year from 1970 through 2037.

11. From the Main_Menu > Settings > Alerts > Email view, use the following commands to enter the SMTP server name and the email addresses for appliance failure alerts.

    Enter the SMTP server name	Email SMTP Add Server [Account] [Password] The Server variable is the host name of the target SMTP server that is used to send emails. The [Account] option identifies the name of the account that was used or the authentication to the SMTP server. The [Password] option is the password for authentication to the SMTP server.
    Enter email addresses	Email Software Add Addresses Where Addresses is the user's email address. To define multiple emails, separate them with a semi-colon.

12. Set the role for the appliance to a media server.

    Note:

    Before you configure this appliance as a media server, you must add the name of this appliance to the master server that must work with this appliance. See Configuring a master server to communicate with an appliance media server.

    From the Main_Menu > Appliance view, run the following command:

    Media MasterServer

    Where MasterServer is either a standalone master server, a multihomed master server, or a clustered master server. The following defines each of these scenarios:

    Standalone master server	This scenario shows one master server host name. This name does not need to be a fully qualified name as long as your appliance recognizes the master server on your network. The following is an example of how the command would appear. Media MasterServerName
    Multihomed master server	In this scenario, the master server has more than one host name that is associated with it. You must use a comma as a delimiter between the host names. The following is an example of how the command would appear. Media MasterNet1Name,MasterNet2Name
    Clustered master server	In this scenario, the master server is in a cluster. Veritas recommends that you list the cluster name first, followed by the active node, and then the passive nodes in the cluster. This list requires you to separate the node names with a comma. The following is an example of how the command would appear. Media MasterClusterName,ActiveNodeName,PassiveNodeName
    Multihomed clustered master server	In this scenario, the master server is in a cluster and has more than one host name that is associated with it. Veritas recommends that you list the cluster name first, followed by the active node, and then the passive nodes in the cluster. This list requires you to separate the node names with a comma. The following is an example of how the command would appear. Media MasterClusterName,ActiveNodeName, PassiveNodeName,MasterNet1Name,MasterNet2Name To prevent any future issues, when you perform the appliance role configuration, Veritas recommends that you provide all of the associated master server names.
    Certificate provisioning Certificate revocation list (CRL)	After you have entered the master server name, the appliance pings the master server for the Certificate Authority (CA) status and shows the result. Each of the following bullet statements describes the possible status results. Follow the instructions that appear below the applicable status result to complete the certificate configuration. The master server <master_server_name> has an enabled External CA-signed certificate. Do you want to import the External CA-signed certificate for this Media server now [yes,no](yes): Press Enter to continue. The following message appears: The following shares have been opened on the appliance for you to upload certificate files: NFS share <media_server_name>:/inst/share CIFS share \\<media_server_name>\general_share Enter the following details for external certificate configuration: Enter the certificate file path: Enter the trust store file path: Enter the private key path: Enter the password for the passphrase file path or skip security configuration (default: NONE): Enter the following details for CRL usage: Should a CRL be honored for the external certificate? 1) Use the CRL defined in the certificate. 2) Use the specific CRL directory. 3) Do not use a CRL. q) Skip security configuration. CRL option: Enter 1, 2, 3, or q. Verify the External CA details that you entered: Certificate file name: Trust store file name: Private key file name: CRL check level: (Shows the selected CRL option.) Do you want to use the above certificate files? [yes, no](yes): After verifying that the entered information is correct, press Enter to continue and answer the following prompt: Is this correct? [yes, no](yes): If all of the information is correct, press Enter to continue. The appliance performs an ECA health check and shows the result of each validation check. When the health check has completed successfully, the following messages appear: ECA health check was successful. The external certificate has been registered successfully. The master server <master_server_name> currently uses an external CA issued certificate and its own internal certificate. Would you like to proceed with the external CA issued certificate? [yes,no](yes): If you select no, the following message appears: This appliance will use a NetBackup issued certificate for secure communication. If you select yes, enter the following details for external certificate configuration: Enter the certificate file path: Enter the trust store file path: Enter the private key path: Enter the password for the passphrase file path or skip security configuration (default: NONE): Enter the following details for CRL usage: Should a CRL be honored for the external certificate? 1) Use the CRL defined in the certificate. 2) Use the specific CRL directory. 3) Do not use a CRL. q) Skip security configuration. CRL option: Enter 1, 2, 3, or q. Verify the External CA details that you entered: Certificate file name: Trust store file name: Private key file name: CRL check level: (Shows the selected CRL option.) Do you want to use the above certificate files? [yes, no](yes): After verifying that the entered information is correct, press Enter to continue and answer the following prompt: Is this correct? [yes, no](yes): If all of the information is correct, press Enter to continue. The appliance performs an ECA health check and shows the result of each validation check. When the health check has completed successfully, the following messages appear: ECA health check was successful. The external certificate has been registered successfully. This appliance will use a NetBackup issued certificate for secure communication. No further certificate configuration is required. Click Next to continue

    For more information about security certificates, refer to the chapter Security certificates in NetBackup in the NetBackup Security and Encryption Guide.

    Note:

    If the host name of the master server is an FQDN, Veritas recommends that you use the FQDN to specify the master server for the media server.

13. The following prompt appears:

    >> Do you want to configure the appliance as a dedicated media server for NetBackup Cloud Catalyst? [yes, no] (yes):

    Type yes.

14. Change the default Maintenance user password as follows:

    • Enter the Main_Menu > Support > Maintenance command.

    • At the password prompt, enter the default Maintenance user password (P@ssw0rd).

    • At the Maintenance shell prompt, enter the passwd command to change the password.

    • Type Exit to return to the NetBackup Appliance Shell Menu.

    For complete information about using the Support > Maintenance command, see the NetBackup Appliance Commands Reference Guide.

15. Disconnect the laptop from the NIC1 appliance port.

    Note:

    If your network uses the 192.168.x.x IP address range, refer to the following topic for important information:

    See About NIC1 (eth0) port usage on NetBackup appliances.

16. Log in to the NetBackup Administration Console and configure the cloud storage provider that you want to use. From the console, launch the Cloud Storage Configuration wizard. For complete configuration details, see the Veritas NetBackup Cloud Administrator's Guide.

    Note the following important points about cloud storage provider configuration on the appliance:

    • Each NetBackup 5240 Cloud Catalyst Appliance can only be configured for a single cloud storage provider. For example, the appliance cannot be configured to use both Amazon S3 and Amazon GovCloud.

    • Each NetBackup 5240 Cloud Catalyst Appliance must have its Local cache directory set to the /msdpc path. The following shows the Local cache directory as it appears in the Cloud Storage Configuration wizard:

    
17. To complete the appliance configuration, you must create a backup policy for the deduplication (MSDP) pool catalog. For complete details about the MSDP catalog backup policy and how to configure and update the policy, see the Veritas NetBackup Deduplication Guide.
18. After you have completed all of the steps above, you are ready to install client software on the computers that you want to back up.

    See Downloading NetBackup client packages to a client from a NetBackup appliance.

    See Installing NetBackup client software through an NFS share.