Search <book_title>...

NetBackup IT Analytics System Administrator Guide

Last Published: 2025-02-03

Product(s): NetBackup IT Analytics (11.4)

Introduction
1. NetBackup IT Analytics Overview
2. Purpose of this document
Preparing for updates
1. About upgrades and updates
2. Determine the data collector version
3. Data collector updates with an aptare.jar file
4. Manual download of the aptare.jar file
5. Portal updates
Backing up and restoring data
1. Best practices for disaster recovery
2. Oracle database backups
3. File system backups
4. Oracle database: Cold backup
5. Oracle database: Export backups
6. Scheduling the oracle database export
7. Oracle database: On demand backup
8. Restoring the NetBackup IT Analytics system
9. Import the Oracle database
10. Manual steps for database import / export using data pump
Monitoring NetBackup IT Analytics
1. Starting and stopping portal server software
2. Starting and stopping the reporting database
3. Starting and stopping data collectors
4. Monitoring tablespaces
Accessing NetBackup IT Analytics reports with the REST API
1. Overview
2. Authentication for REST APIs
3. Extracting data from tabular reports (with pagination)
4. Exporting reports
5. Exporting custom dashboards
Defining NetBackup estimated tape capacity
1. NetBackup estimated tape capacity overview
2. Estimated capacity notes
3. Updating the estimated capacity table
4. Listing volume pool IDs and media types
Automating host group management
1. About automating host group management
2. Task overview: managing host groups in bulk
3. Preparing to use PL/SQL utilities
4. General utilities
5. Categorize host operating systems by platform and version
  1. Use Regular Expressions to Override or Modify Default Host OS Categorization
  2. Host OS Categorization Default Settings
  3. Utility to Update Host OS Categorizations
  4. Categorize Host Operating Systems On Demand
6. Identifying a host group ID
7. Move or copy clients
8. Organize clients by attribute
9. Move host group
10. Delete host group
11. Move hosts and remove host groups
12. Organize clients into groups by backup server
13. Merge duplicate backup clients
14. Bulk load utilities
  1. Load host aliases
  2. Load details of new hosts or update existing hosts
  3. Load relationships between hosts and host group
    1. Sample Audit File (output from load_package.loadGroupMemberFile)
15. Veritas NetBackup utilities
16. Automate NetBackup utilities
  1. Scheduling a NetBackup Utility Job to Run Automatically
17. Organize clients into groups by management server
18. Set up an inactive clients group
19. Set up a host group for clients in inactive policies
20. Set up clients by policy
21. Set up clients by policy type
22. IBM Tivoli storage manager utilities
23. Set up clients by policy domain
24. Set up clients by IBM Tivoli storage manager instance
25. Scheduling utilities to run automatically
  1. Sample .sql file (setup_ora_job.sql) to set up an automatic job
Attribute management
1. Attribute bulk load utilities
2. Attribute naming rules
3. Rename attributes before upgrading
4. Load host attributes and values
5. Load attributes and values and assign to hosts
6. Load array attributes and values and assign to arrays
7. Overview of application attributes and values
8. Load application database attributes and values
9. Load MS Exchange organization attributes and values
10. Load LUN attributes and values
11. Load switch attributes and values
12. Load port attributes and values
13. Load Subscription attributes and values
Importing generic backup data
1. About generic backup data collection
  1. Considerations
2. Configuring generic backup data collection
3. CSV Format Specification
  1. EXAMPLE: genericBackupJobs.csv
4. Manually loading the CSV file
Backup job overrides
1. Overview
2. Configure a backup job override
Managing host data collection
1. Identifying hosts by WWN to avoid duplicates
2. Setting a host's priority
3. Determining host ranking
4. Loading host and WWN relationships
5. Loading the host HBA port data
6. Create a CSV file
7. Execute the script
System configuration in the Portal
1. System configuration in the Portal
2. System configuration: functions
3. Navigation overview
4. System configuration parameter descriptions: Additional info
5. Anomaly detection
6. Data collection: Capacity chargeback
7. Database administration: database
8. Host discovery: EMC Avamar
9. Host discovery: Host
10. Events captured for audit
11. Custom parameters
Performance profile schedule customization
1. Overview
2. Customize the performance profile schedule
LDAP and SSO authentication for Portal access
1. Overview
2. Configure AD/LDAP
3. Configure single sign-on (SSO)
Change Oracle database user passwords
1. Overview
2. Database connection properties
3. Modify the Oracle database user passwords
4. Modify the Oracle database user passwords for split architecture
5. Determine if Oracle is using the default login password
Integrate with CyberArk
1. Introduction
2. CyberArk setup prerequisites
3. Setting up the portal to integrate with CyberArk
Tuning NetBackup IT Analytics
1. Before you begin tuning
2. Tuning the portal database
3. Performance recommendations
4. Reclaiming free space from Oracle
5. Portal / Data receiver Java memory settings
Working with log files
1. About debugging NetBackup IT Analytics
2. Turn on debugging
3. Database logging
4. Portal and data collector log files - reduce logging
  1. Portal Log Files
  2. Data Collector Log Files
5. Database SCON logging - reduce logging
6. Refreshing the database SCON log
7. Logging user activity in audit.log
8. Logging only what a user deletes
9. Logging all user activity
10. Data collector log files
11. Data collector log file organization
12. Data collector log file naming conventions
13. General data collector log files
14. Find the event / meta collector ID
15. Portal log files
  1. Managing Apache Log Files
16. Database log files
17. Installation / Upgrade log files
Defining report metrics
1. Changing backup success percentage
2. Changing job status
SNMP trap alerting
1. Overview
2. SNMP configurations
3. Standard OIDs
4. Data in an alerting trap
  1. Example of policy based alert
SSL certificate configuration
1. SSL certificate configuration
2. SSL implementation overview
3. Obtain an SSL certificate
4. Update the web server configuration to enable SSL
5. Configure virtual hosts for portal and / or data collection SSL
6. Enable / Disable SSL for a Data Collector
7. Enable / Disable SSL for emailed reports
8. Test and troubleshoot SSL configurations
9. Create a self-signed SSL certificate
10. Configure the Data Collector to trust the certificate
11. Keystore file locations on the Data Collector server
12. Import a certificate into the Data Collector Java keystore
13. Keystore on the portal server
14. Add a virtual interface to a Linux server
15. Add a virtual / secondary IP address on Windows
Portal properties: Format and portal customizations
1. Introduction
2. Configuring global default inventory object selection
3. Restricting user IDs to single sessions
4. Customizing date format in the report scope selector
5. Customizing the maximum number of lines for exported reports
6. Customizing the total label display in tabular reports
7. Customizing the host management page size
8. Customizing the path and directory for file analytics database
9. Configuring badge expiration
10. Configuring the maximum cache size in memory
11. Configuring the cache time for reports
12. Configuring LDAP to use active directory (AD) for user group privileges
Data retention periods for SDK database objects
1. Data retention periods for SDK database objects
2. Data aggregation
  1. Pre-requisites
  2. Data aggregation and retention levels
3. Find the domain ID and database table names
4. Retention period update for SDK user-defined objects example
5. SDK user-defined database objects
6. Capacity: default retention for basic database tables
7. Capacity: default retention for EMC Symmetrix enhanced performance
8. Capacity: Default retention for EMC XtremIO
9. Capacity: Default retention for Dell EMC Elastic Cloud Storage (ECS)
10. Capacity: Default retention for Windows file server
11. Capacity: Default retention for Pure Storage FlashArray
12. Cloud: Default retention for Amazon Web Services (AWS)
13. Cloud: Default retention for Microsoft Azure
14. Cloud: Default retention for OpenStack Ceilometer
15. Configure multi-tenancy data purging retention periods
Troubleshooting
1. Troubleshooting user login problems
2. Forgotten password procedure
3. Login issues
4. Connectivity issues
5. Data Collector and database issues
6. Portal upgrade performance issues
Appendix A. Kerberos based proxy user's authentication in Oracle
1. Overview
  1. Pre-requisite
2. Exporting service and user principal's to keytab file on KDC
3. Modifications for Oracle
4. Modifications for Portal
Appendix B. Configure TLS-enabled Oracle database on NetBackup IT Analytics Portal and data receiver
1. About Transport Layer Security (TLS)
2. TLS in Oracle environment
3. Configure TLS in Oracle with NetBackup IT Analytics on Linux in split architecture
4. Configure TLS in Oracle with NetBackup IT Analytics on Linux in non-split architecture
5. Configure TLS in Oracle with NetBackup IT Analytics on Windows in split architecture
6. Configure TLS in Oracle with NetBackup IT Analytics on Windows in non-split architecture
7. Configure TLS in user environment
Appendix C. NetBackup IT Analytics for NetBackup on Kubernetes and appliances
1. Configure embedded NetBackup IT Analytics Data collector for NetBackup deployment on appliances (including Flex appliances)
2. Configure NetBackup IT Analytics for NetBackup deployment on Kubernetes

AD/LDAP Configuration for authentication and authorization

To configure AD/LDAP for user authentication as well as authorization, Portal Administrator must create at least one User Group in portal which is also present in AD/LDAP as a UserGroup.

Login to Portal as a SuperUser, navigate to Admin > User Groups.
Create a new user group with the same group name present in AD/LDAP. Only members of this user group can access the portal when LDAP Authroization is enabled on the Portal.
Assign appropriate privileges to the newly created user group. See Setting user group privileges section in the User Guide.
Record the domain name where new users will be created.
To find domain name, navigate to Admin > Domains > Domain Name.
You are required to specify this in the LDAP Domain Name field when you enable LDAP authentication.
Go to Admin > Authentication > LDAP.

Enable authentication, authorization, and enter the configuration as suggested in the table below:

Field name	Description
Enabled	Select to enable AD/LDAP authentication
Authorisation	Select to enable AD/LDAP authorisation When selected, Portal authorizes the user against AD groups. At least one AD group of which the new user is a member must be configured as a User Group in the Portal. Note: If the AD group is not mapped with the User Group in the Portal, then authentication fails during login with the error: "No user group mapping present for external LDAP user."
LDAP Domain Name	Enter the Portal domain name where the new user gets created. It is used provided ldap.authorization is set to true. To find domain name in portal, go to Admin > Domains > Domain Name. Example: example.company.com
LDAP URL	Set to the host and port of your AD. Note that this URL value has a prefix `ldap:`. If using SSL, change the prefix to `ldaps`. If you are using Active Directory for your external LDAP configuration, you may want to use the global catalog port of 3268 instead of port 389. If using SSL, you may want to use the secure global catalog port of 3269 or 636 for standard LDAPs. Example: ldap://example.company.com:389 or ldaps://example.company.com:636
Search Base	Set the location from where the search will be performed to locate users in the authentication directory. Often referred to as the Active Directory (AD) Search Base, this is the starting point in the Active Directory tree for searching for LD AP users. This search base, in LDAP distinguished name format, contains a fully qualified domain name. NetBackup IT Analytics supports only one Search Base. Example: example, company, com
DN	Set to the ID of a user who has permission to search the SEARCHBASE. This user must be able to search all LDAP directory servers. NetBackup IT Analytics requires a user that has privileges to search under the Base DN (Distinguished Name) within the Active Directory structure. This must be an account that has administrative privileges, typically an Administrator. It can be the Administrator account that was created when Active Directory was installed, or it can be an account that was created, and either was given administrative privileges or was placed into a group with administrative privileges. If you use Active Directory, specify this setting because Active Directory services do not allow anonymous binds. Microsoft Active Directory requires the username and password of a user that has enough privileges to search the LDAP directory. Example: CN=Admin,CN=Users,DC=example,DC=company,DC=com Note: Special characters #, >, <, ;, (, ), and = are supported, but / and \ are not supported in DN and CN.
DN Password	Set to the password of the user who is used in the DN field.
Certificate	Navigate to the keystore path location and select the AD certificate.
Login Attribute	Enter the login attribute used for authentication. This is the attribute name in Active Directory that specifies the username, such as uid or sAMAccountName. Example: sAMAccountName
New User Domain	Enter the Portal domain name where new user gets created. It is used only if Authorisation is enabled. To find domain name in portal, navigate to Admin > Domains > Domain Name. Example: example.company.com
Disable User Attribute Name	Enter the value of the AD attribute that indicates whether the user is active or inactive. During Portal authentication via AD, the REST API uses the AD attribute assigned to this property to check whether the user is still an active AD user. For example, if `ad.user.active` is the AD attribute that indicates whether a user is active or disabled, then `ad.user.active` must be assigned as the value of this field.
Disable User Attribute Value	Enter the same value as that of the AD attribute (specified in Disable User Attribute Name, which indicates the AD user is disabled. For example: If `ad.user.active` is the attribute for user status in AD, it may have several values such as live, inactive, joined, and so on. If the value inactive indicates the user is disabled in AD, then inactive must be set as value for this field. REST API matches this value with the value of the AD attribute specified in this field. If the values match, the user is disabled on the NetBackup IT Analytics Portal. Note: A Portal super user must explicitly activate the user that was deactivated in both AD and Portal in the past but is again activated only in AD. A Portal administrator with adequate privileges can also activate such a user. Without user activation, Portal access will be restricted.

Click Test Connection. Make the required changes if the test fails.
Click Save.
Enabling LDAP authentication and authorization is complete.
Note:
If you are unable to save the configuration, check if the JDK truststore password was changed before the last upgrade and ensure the updated password is assigned to the portal.jdk.trustStore.password parameter from Admin > System Configuration > Custom page of the Portal. The JDK truststore locations for Windows and Linux are <portal_installation_path>\jdk\lib\security\cacerts and /usr/java/lib/security/cacerts respectively.
To change the existing superuser LDAP_ID to map to the AD username, update the existing record on the Oracle database server.
For example: If the login attribute is user_name and actual value is Admin, update the existing record as below:
```
# sqlplus portal/<portal_password>@scdb
# UPDATE ptl_user SET ldap_id = 'Admin' WHERE user_id = 100000;
# commit;
```
Use this updated username to login to the external directory, instead of aptare. Since the user account aptare (user_id=100), is an internal bootstrap user, it is required to maintain referential integrity among database tables and therefore you must avoid using aptare for external LDAP integration.
Note:
The user_id = 100000 is always the default user_id for the super user account.
Login to the portal using any user present in the Active Directory and part of the group created in step 2.
If the Portal was upgraded from a lower version, you may have to clear the browser cache for the authentication type and SSO options to appear on the login screen.
Note that to automatically create a user in the portal, these attributes must be set for each user in AD/LDAP:
- givenName: Mandatory. It is used as the first name of the user.
- telephoneNumber: Optional
- mobile: Optional
- mail: Mandatory

Note:

If for any reason the LDAP configuration is disabled from the portal, the portal administrator must set the password for all the AD/LDAP users in portal.