Veritas NetBackup™ Flex Scale Administrator's Guide

Last Published:
Product(s): Appliances (3.1)
Platform: NetBackup Flex Scale OS
  1. Product overview
    1.  
      About Veritas NetBackup™ Flex Scale
  2. Viewing information about the NetBackup Flex Scale cluster environment
    1.  
      Accessing NetBackup Flex Scale and NetBackup
    2.  
      Accessing the NetBackup web user interface on the appliance
    3.  
      About the NetBackup Flex Scale web UI
    4.  
      About the NetBackup Flex Scale infrastructure management UI
    5. About the Dashboard view
      1.  
        Viewing all the activities
    6.  
      Working with NetBackup Flex Scale APIs
  3. NetBackup Flex Scale infrastructure management
    1. User management
      1.  
        Considerations for managing NetBackup Flex Scale users
      2.  
        Adding users
      3.  
        Changing user password
      4.  
        Removing users
      5.  
        Modifying user roles
      6.  
        Considerations for configuring AD/LDAP
      7.  
        Configuring AD server for Universal shares and Instant Access
      8.  
        Configuring AD/LDAP servers for NetBackup services
      9.  
        Configuring additional AD/LDAP servers for managing NetBackup services/Universal Shares/Instant Access
      10.  
        Configuring AD/LDAP servers on clusters deployed with only media servers
      11.  
        Directory services and certificate management
    2.  
      Region settings management
    3.  
      About NetBackup Flex Scale storage
    4. About Universal Shares
      1.  
        Creating a Protection Point for a Universal Share
    5.  
      Cloud bucket support for NetBackup Flex Scale
    6. Node and disk management
      1.  
        NetBackup Flex Scale network cabling
      2. Adding a node to the cluster using the NetBackup Flex Scale web interface
        1.  
          Considerations for adding a node when disaster recovery is configured
      3.  
        Adding a node using the REST APIs
      4.  
        Replacing a node in a cluster
      5.  
        Starting and stopping nodes
      6.  
        Rebooting a node
      7.  
        Adding an excluded node to the cluster
      8.  
        Replacing a disk
      9.  
        Adding an excluded disk to the cluster
      10.  
        Viewing the disk sync status
      11.  
        Viewing disk details
      12.  
        Viewing node details
      13.  
        Switching management console to another cluster node
    7. License management
      1.  
        Adding or removing storage licenses
      2.  
        Adding NetBackup licenses
    8.  
      Stopping NetBackup service containers
    9.  
      Starting NetBackup service containers
    10. Managing hardware vendor packages
      1.  
        Upgrading vendor packages
      2.  
        Uninstalling vendor packages
  4. NetBackup Flex Scale network management
    1.  
      About network management
    2.  
      Modifying DNS settings
    3.  
      About bonding Ethernet interfaces
    4. Bonding operations
      1. Bonding operations on data network
        1.  
          Creating a bond
        2.  
          Modifying a bond
        3.  
          Removing a bond
    5.  
      Configuring NetBackup Flex Scale in a non-DNS environment
    6. Data network configurations
      1.  
        Choosing the correct input method for data network configuration
      2. Network configuration on plain device (eth5)
        1.  
          Adding a data network
        2.  
          Modifying a data network
        3.  
          Deleting a data network
      3.  
        Network configuration on VLAN (eth5)
      4. Network configuration on bonded interfaces (bond0 on eth5 and eth7)
        1.  
          Adding a data network
      5.  
        VLAN on bond of eth5 and eth7 (bond0)
      6.  
        Network configuration on management interface (eth1)
      7.  
        Network configurations for adding a partial data network
      8.  
        Support for multiple VLAN when disaster recovery is configured
    7.  
      Configuring static routes on a NetBackup Flex Scale cluster
  5. NetBackup Flex Scale infrastructure monitoring
    1. About alert management
      1.  
        Viewing information about alerts
      2.  
        Managing alerts
    2. About event notification
      1.  
        Purging events
    3. About AutoSupport and Call Home
      1.  
        Setting up email alerts
      2.  
        Setting up SNMP alerts
      3.  
        Configuring Call Home settings
    4. Monitoring hardware components
      1.  
        Monitoring deviations in firmware, driver, and utilities
    5.  
      Performing health check for the cluster
    6.  
      Locating the disks
    7.  
      Monitoring usage and licensed capacity using Veritas NetInsights Console
  6. Resiliency in NetBackup Flex Scale
    1.  
      Erasure coding in NetBackup Flex Scale
    2.  
      Handling split-brain scenario in NetBackup Flex Scale
    3.  
      High availability of the NetBackup primary service
    4.  
      High availability of NetBackup services
    5.  
      NetBackup catalog protection
    6. NetBackup primary service catalog protection using checkpoints
      1.  
        Performing a recovery of the catalog file system using GUI
      2.  
        Performing a recovery of the catalog file system using REST APIs
  7. EMS server configuration
    1.  
      Configuring an external BYOS media server
    2.  
      Configuring an external NBA media server
  8. Site-based disaster recovery in NetBackup Flex Scale
    1.  
      About site-based disaster recovery in NetBackup Flex Scale
    2.  
      Configuring disaster recovery using GUI
    3.  
      Clearing the host cache
    4.  
      Automated NetBackup SLP management
    5.  
      DNS key management
    6.  
      Managing disaster recovery using GUI
    7. Performing disaster recovery using RESTful APIs
      1.  
        Establishing trust and setting up authentication
      2.  
        Configuring disaster recovery
      3.  
        Managing disaster recovery
    8.  
      Active-Active disaster recovery configuration
    9.  
      NetBackup optimized duplication using Storage Lifecycle Policies
  9. NetBackup Flex Scale security
    1. STIG overview for NetBackup Flex Scale
      1.  
        STIG-compliant password policy rules
      2.  
        Enabling STIG for NetBackup Flex Scale
      3.  
        Viewing the NetBackup Flex Scale STIG status
    2. FIPS overview for NetBackup Flex Scale
      1.  
        Viewing the NetBackup Flex Scale FIPS status
    3.  
      Managing the login banner
    4.  
      Changing the password policy
    5. Support for immutability in NetBackup Flex Scale
      1.  
        About lockdown modes
      2.  
        Selecting or changing the lockdown mode
      3.  
        Restricted access to Remote Management Platform (HPe iLO)
      4.  
        Configuring immutability using GUI
    6.  
      Authenticating users using digital certificates or smart cards
    7.  
      About system certificates on NetBackup Flex Scale
    8. Deploying external certificates on NetBackup Flex Scale
      1.  
        Deploying ECA using the GUI
      2.  
        Log locations
      3.  
        Considerations for performing other operations when ECA is deployed
  10. Troubleshooting
    1.  
      Services management
    2.  
      Audit logs
    3. Collecting logs for cluster nodes
      1.  
        Uploading logs to Veritas Support
      2.  
        Downloading logs
    4. Troubleshooting NetBackup Flex Scale issues
      1.  
        If cluster configuration fails (for example because an IP address that was already in use is specified) and you try to reconfigure the cluster, the UI displays an error but the configuration process continues to run
      2.  
        Validation error while adding VMware credentials to NetBackup
      3.  
        NetBackup Web UI incorrectly displays some NetBackup Flex Scale processes as failed
      4.  
        Unable to create BMR Shared Resource Tree (SRT) on NetBackup Flex Scale Appliance
      5.  
        NetBackup configuration files are not persistent across operations that require restarting the system
  11. Appendix A. Maintenance procedures for HPE servers
    1.  
      Replacement procedure for a chassis fan
    2.  
      Replacement procedure for power supply
    3.  
      Replacement procedure for a single OS disk
    4.  
      Replacement procedure for both OS disks on the management console node
    5.  
      Replacement procedure for both OS disks on a non- management console node
    6.  
      Replacement procedure for NVMe disks (SSDs)
    7.  
      Replacement procedure for RAID controller
    8.  
      Replacement procedure for an Integrated Lights-Out (iLO) port
    9.  
      Replacement procedure for quad-port NIC
    10.  
      Procedure for memory expansion (DIMMs)
    11.  
      Replacement procedure for memory (DIMMs)
    12.  
      Replacement procedure for Mellanox port
  12. Appendix B. Configuring NetBackup optimized duplication
    1. Configuring a Storage Lifecycle Policy for optimized duplication
      1.  
        Creating a Storage Lifecycle Policy for optimized duplication
      2.  
        Configuring a policy to use an SLP
      3.  
        Updating the policy to reverse the replication direction
  13. Appendix C. Disaster recovery terminologies
    1.  
      VVR technology in disaster recovery
    2.  
      About response fields in the GET disaster recovery API
  14. Appendix D. Configuring Auto Image Replication
    1.  
      Auto Image Replication configuration

Deploying external certificates on NetBackup Flex Scale

You can generate and use external certificates instead of internal certificates. External Certificate Authority (ECA) certificates are the digital credentials that attest to the certificate owner's identity and affiliation. Once you deploy the external certificates, all the NetBackup Flex Scale components use them. These include the NetBackup primary server, media server, storage engine, management gateway, and the NetBackup Flex Scale web services. One certificate is deployed for all the components. The external certificates also deploy a certificate bundle and (optionally) certificate revocation list. To generate an external certificate, you have to create a certificate request with proper 'Subject Distinguished Name' and 'Subject Alternative Names.' You can generate a certificate request using the GUI. The necessary FQDNs are auto-populated to generate the correct request. You can add additional information as needed. Based on the certificate request, you can create an external certificate. When deploying external certificate for the first time, you have to provide a CA certificate bundle. This is used to validate the incoming and deployed external certificate. You can also optionally provide a certification revocation list. NetBackup components use the CRL.

Some important terminologies:

  • A certificate authority, also known as a certification authority, is a trusted organization that verifies websites (and other entities) so that you know who you are communicating with online. Their objective is to make the internet a more secure place for both organizations and users. Becoming a Certificate Authority (CA) means that you (or your customers) oversee the issuing process of cryptographic pairs of private keys and public certificates.

  • Certificate bundle (CA bundle) is a file that contains root and intermediate certificates. The end-entity certificate along with a CA bundle constitutes the certificate chain.

  • Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted. CRL is optional. It may be provided as a file or embedded in certificate as a URL.

  • Subject Alternative Name: This field lets you specify additional host names (such as sites, IP addresses, common names) to be protected by a single SSL certificate. They are added to generate certificates for new nodes or additional VLAN IPs to be added in the future.

Considerations while deploying ECA:

  • All certificates for communication should be obtained from a common trusted CA. Auto Image Replication (AIR) between MDSPs that uses different external CAs is not supported but you can concatenate the individual root CA certificates into one file and upload them as a CA bundle.

  • After ECA is deployed on the cluster, you can renew or update the ECA.

  • It is recommended to pause backup/restore operations before starting ECA deployment/renewal.

  • The CA bundle and CRL file independent of other security artifacts.

  • When you deploy security artifacts, they are validated and if inconsistencies are found, you are notified, and deployment does not proceed. If you provide an external certificate and CA certificate bundle, the EC certificate is validated against the user provided CA certificate bundle. If only one of the items is provided, it is validated against deployed artifacts.

  • Only NetBackup Certificate Authority (NBCA) + ECA deployment is supported in this release.

  • You cannot revert to NBCA deployment once NBCA + ECA deployment is done.

  • You do not get any alert for NBCA expiry or renewal. An event is raised when NBCA is about to expire and renewed in the background. 

  • NBCA is auto renewed 60 days before expiration.

    If NBCA renewal fails, a critical alert is raised.

  • You are notified 60 days before the expiration of the ECA certificates. An alert appears on the appliance GUI and an email is also sent.

  • You can deploy external certificate only if all NetBackup Flex Scale components are up and running. These include NetBackup primary and media services, storage engines, management gateway, and NetBackup Flex Scale management web services.

  • You cannot deploy security artifacts, if upgrade, add node or VLAN operation is in progress and vice versa.

  • If the ECA's subject alternative names have information on new nodes (FQDNs) to be added, add node operation succeeds seamlessly and all services come up after the add node operation. If subject alternative names are not updated, add node operation fails.

  • For Nutanix, HBase workloads using SSL certificates, append the respective SSL certificates to the CA bundle after ECA certificates are renewed. If you do not append the SSL certificates to the CA bundle during ECA renewal, backup and restore operations for the workloads may fail.

  • If you want to deploy ECA on a cluster on which disaster recovery is already configured, ensure that you configure ECA on the primary cluster.

  • If ECA is deployed on the primary cluster before adding the secondary cluster, then you must redeploy ECA from the primary cluster after disaster recovery configuration is complete. This is to ensure proper connectivity between the primary server, media server, and storage services.

  • If CRL mode is selected as CRL URL during ECA deployment, ensure that the CRL URL host name is resolvable by the existing DNS servers. If there are no DNS servers or if the DNS server cannot resolve the CRL URL host name, you must add the CRL URL as a custom host entry for the NetBackup container and the cluster nodes. This is also applicable if a DNS server is present during ECA deployment but is removed later.