Veritas NetBackup™ 52xx Appliance Initial Configuration Guide

Last Published:
Product(s): Appliances (5.1.1)
Platform: NetBackup Appliance OS

Appliance configuration guidelines

Use the following configuration guidelines when you deploy new appliances:

Table: Appliance configuration guidelines

Parameter

Description

NetBackup Appliance Web Console access

The NetBackup Appliance Web Console is accessible only over HTTPS on the default port 443. Port 80 over HTTP has been disabled.

Connectivity during initial configuration

When you perform the appliance initial configuration, you must take precautions to avoid loss of connectivity. Any loss of connectivity during initial configuration results in failure.

The computer that you use to configure the appliance should be set up to avoid the following events:

  • Conditions that cause the computer to go to sleep

  • Conditions that cause the computer to shut down or to lose power

  • Conditions that cause the computer to lose its network connection

Required names and addresses

Before the configuration, gather the following information:

  • Network IP addresses, netmask, and gateway IP addresses for the appliance

  • Network names for all appliances

  • DNS or host information

    If DNS is used, make sure that the network names of all appliances and the primary server are DNS resolvable (FQHN and short name).

    If DNS is not used, make sure that you enter the proper host entries for the appliance during the initial configuration.

    Note:

    The Domain Name Suffix is appended to the host name and cannot be changed after the initial configuration is completed. If you need to change the suffix or move the appliance to a different domain at a later time, you must perform a factory reset first, and then perform the initial configuration again.

  • Names for NetBackup storage units

    The Storage Name fields appear when you configure the appliance role. You can change the default names or leave them.

    The default values that appear in the NetBackup Administration Console for the storage units and disk pools are as follows:

    • For AdvancedDisk:

      Default storage unit name: stu_adv_<hostname>

      Default disk pool name: dp_adv_<hostname>

    • For NetBackup Deduplication:

      Default storage unit name: stu_disk_<hostname>

      Default disk pool name: dp_disk_<hostname>

Note:

The short host name of the appliance appears as the default storage unit name and the disk pool name.

Default user name and password

New NetBackup appliances are shipped with the following default login credentials:

  • User name: admin

  • Password: P@ssw0rd

The initial configuration process requires that you change the default passwords for the following user accounts:

  • admin

  • maintenance

  • sysadmin (IPMI)

From the NetBackup Appliance Web Console, the first page in the initial configuration prompts you to change the default passwords. From the NetBackup Appliance Shell Menu, you are prompted to change the default passwords when you run the Main_Menu > Appliance Primary or Main_Menu > Appliance Media role configuration commands.

Firewall port usage

Make sure that the following ports are open on any firewall that exists between a primary server and a media server:

  • 13724 (vnetd)

  • 13720 (bprd)

  • 1556 (PBX)

For more information about firewall ports for NetBackup and the NetBackup appliance, see the following tech note on the Veritas Support website:

https://www.veritas.com/support/en_US/article.TECH178855

Media server role

Before you configure a NetBackup Appliance as a media server, the primary server that you plan to use with it must be updated with the new appliance media server name. Whether the primary server is a NetBackup appliance or a traditional NetBackup primary server, the name of the new appliance media server must be added to the Additional Servers list on the primary server.

Adding the new appliance media server name to the primary server before the new appliance is configured provides the following benefits when performing the initial configuration on the new appliance:

  • Provides the appropriate network communication that allows the media server to become part of the NetBackup domain.

  • Allows the media server to create the storage server and the disk pool entries.

See Configuring a primary server to communicate with an appliance media server.

Security certificate requirements

External certificate authority certificates are supported. This feature provides an alternative to using the NetBackup Certificate Authority for host verification and security. To configure this appliance as a media server, you have to deploy security certificates on the appliance to trust the primary server.

If the primary server is operating with an external CA issued certificate only, this appliance media server requires configuration with an issued certificate from the same external CA. For CA certificate provisioning, the Host certificate, Trusted certificate, Private Key certificate file, and the use of a Certificate Revocation List (CRL) are all required to proceed with the media server role configuration.

If the primary server uses both an external CA issued certificate and a NetBackup CA-signed certificate, you can choose to configure this media server appliance with a certificate issued by the same external CA or with a NetBackup CA-signed certificate. If the primary server is using a NetBackup CA-signed certificate only, a CA certificate and a host ID-based certificate must be deployed from the primary server that you plan to use with this appliance. The CA certificate is automatically downloaded and deployed if you select to trust the primary server.

To deploy the host ID-based certificate:

  • If the security level of the primary server is Very High, you need to manually enter an authorization token to deploy the host ID-based certificate to the media server.

  • If the security level of the primary server is High or Medium, the authentication token is not required. The host ID-based certificate is automatically deployed to the media server.

Note:

Regardless of the primary security level, if the appliance is ever factory reset or re-imaged, a reissue token is required when the appliance is reconfigured.

If the security certificates have been deployed on the appliance media server, you are not requested to deploy them again during the role configuration.

For more information about security certificates, refer to the chapter Security certificates in NetBackup in the NetBackup Security and Encryption Guide.

High Availability

You can deploy 53xx series appliances for a high availability (HA) solution. An HA configuration uses two NetBackup 53xx appliances that are designated as a compute node and a partner node. These nodes are connected to each other and also to specific channels on the same Primary Storage Shelf.

Note:

The Copilot feature becomes unavailable as a result of configuring an HA setup.

A NetBackup appliance HA configuration must use two identical appliances with regard to the model number, the hardware configuration, and the appliance software version as follows:

  • Model number and hardware configuration

    The model number and the I/O configuration of both appliances must match. For example, use two model 5340 appliances with configuration D. You cannot use one model 5340 appliance with configuration D and one model 5340 appliance with configuration C.

  • Appliance software version

    Both appliances must use the same software version. The appliance primary server that is used must also use the same software version as the HA appliances. If a traditional (non-appliance) primary server is used, it must use the NetBackup software version that is associated with the appliance software version. For example, if the HA appliances use version 3.1, the traditional NetBackup primary server must use NetBackup version 8.1.

You can set up an HA configuration as follows:

  • New system installations

    Perform the initial configuration on one NetBackup 53xx appliance (compute node), then set up the HA configuration on this same node. Next, perform the initial configuration on the other appliance (partner node). Finally, complete the HA configuration on the compute node by adding the configured partner node.

  • Existing systems

    The existing components must first be upgraded as follows:

    Primary server: Traditional NetBackup (non-appliance) primary servers must be upgraded to NetBackup release version 8.1 or later. NetBackup appliance primary servers must be upgraded to appliance release version 3.1 or later.

    Media server (existing model 53xx): This appliance must be upgraded to appliance release version 3.1 or later.

    After these upgrades are completed, set up the HA configuration on the existing 53xx compute node. Next, perform the initial configuration on the partner node. Finally, complete the HA configuration on the compute node by adding the partner node.

  • Host name and IP address requirements

    In an HA setup, three host names with corresponding IP addresses are required as follows:

    • Physical nodes

      A dedicated host name and IP address must be assigned to each of the two physical media server nodes. Each host name should resolve to its corresponding IP address in the same subnet.

    • Virtual host name and IP address

      This host name and its corresponding IP address are used for the HA identity that encompasses the two physical nodes with the common attached storage. The virtual host name and IP address work as a pointer within the HA setup between the two nodes. For example, if one node is not running properly or is down for an upgrade or maintenance, the virtual host name automatically points to the node that is still operational.

      Before you configure the HA setup, all of the HA host names and IP addresses must be added to the Host Name Mappings property in the NetBackup Administration Console. This task must be performed on the associated primary server. If the mappings property is not updated before the initial configuration of the physical nodes, the HA setup configuration process can fail. Starting with appliance release 3.1.2, the host name mappings also require approval.

      For complete details on adding host name mappings and approval, see the NetBackup Security and Encryption Guide.

When you set up the HA configuration, the host name and the IP address of the first configured or existing media server are automatically elevated as the virtual host name and IP address for the HA configuration. You must provide a new host name and IP address for this media server at that time.

Note:

If you plan to use Active Directory (AD) authentication, do not set up the HA configuration until after you update the AD server with the host names and IP addresses of the HA configuration. The virtual host name and virtual IP address, along with the host name and IP address for each node are required on the AD server before setting up the HA configuration. Otherwise, AD users may experience problems when they access the system.

If you plan to use a NetBackup client to manage the NetBackup jobs, add the three host names to the bp.conf file on the client: the host name of the two nodes and the new host name.

Product licenses

The appliance comes with a not for resale (NFR) license key that expires after a specific period of time. The appliance does not provide a warning message that this license key is about to expire. Therefore, Veritas recommends that you change this key to a permanent key after you install and configure the appliance. See the NetBackup Appliance Administrator's Guide for information and instructions on how to view and change a license key. Replace the NFR keys with permanent keys before they expire.

Starting with NetBackup Appliance release 5.1.1, the following operations also require license compliance:

  • Storage partition creation (Co-Pilot Shares, CDP Gateway partition, MSDP, AdvancedDisk)

  • Storage resize (CDP Gateway partition, MSDP, AdvancedDisk)

  • Online download of appliance upgrade packages from the appliance web console or the appliance shell menu

  • Installation of the upgrade package from the appliance shell menu

Before you begin any of these tasks, review your existing licenses to determine if you need additional storage capacity or license renewal. To obtain the appropriate licenses for your environment, see the following article: VEMS User Guide. Click on the License Keys Page and Generating License Keys links.

NetBackup version compatibility

NetBackup appliance release 5.1.1 includes NetBackup version 10.1.1.

If you plan to configure a NetBackup appliance as a media server, use the following guidelines for the associated primary server and clients:

  • Appliance primary server

    The appliance primary server that you plan to use with this appliance media server must use appliance software version 5.1.1 or later. If the appliance primary server currently uses appliance software version 5.0 or earlier, it must be upgraded to version 5.1.1 before you configure this appliance.

  • Traditional NetBackup primary server

    To use an appliance media server with a traditional NetBackup primary server, the primary server must use NetBackup version 10.1 or later. If the NetBackup primary server currently uses NetBackup version 10.0 or earlier, it must first be upgraded to version 10.1.1 before you configure this appliance as a media server.

  • Clients and client add-ons

    NetBackup clients must use the same or an earlier software version as the appliance. Clients cannot run at a later version than the appliance. For example, a client with NetBackup version 10.1.1 can only be used with an appliance server with version 5.1.1 or later. Client add-ons must also be the same version as the client version.

More Information

About appliance system configuration sequence