Veritas NetBackup™ CloudPoint Install and Upgrade Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (9.1.0.1)
  1. Section I. CloudPoint installation and configuration
    1. Preparing for CloudPoint installation
      1.  
        About the deployment approach
      2.  
        Deciding where to run CloudPoint
      3.  
        About deploying CloudPoint in the cloud
      4.  
        Meeting system requirements
      5. CloudPoint host sizing recommendations
        1.  
          CloudPoint sizing recommendations for cloud platforms
      6.  
        CloudPoint extension sizing recommendations
      7.  
        Creating an instance or preparing the host to install CloudPoint
      8.  
        Installing container platform (Docker, Podman)
      9.  
        Creating and mounting a volume to store CloudPoint data
      10.  
        Verifying that specific ports are open on the instance or physical host
      11.  
        Preparing CloudPoint for backup from snapshot jobs
    2. Deploying CloudPoint using container images
      1.  
        Before you begin installing CloudPoint
      2.  
        Installing CloudPoint in the Docker environment
      3.  
        Installing CloudPoint in the Podman environment
      4.  
        Verifying that CloudPoint is installed successfully
      5.  
        Restarting CloudPoint
    3. Deploying CloudPoint extensions
      1.  
        Before you begin installing CloudPoint extensions
      2.  
        Preparing to install the extension on a VM
      3.  
        Installing the CloudPoint extension on a VM
      4.  
        Preparing to install the extension on a managed Kubernetes cluster
      5.  
        Downloading the CloudPoint extension
      6.  
        Installing the CloudPoint extension on a managed Kubernetes cluster
      7.  
        Managing the extensions
    4. CloudPoint cloud plug-ins
      1.  
        How to configure the CloudPoint cloud plug-ins?
      2. AWS plug-in configuration notes
        1.  
          Prerequisites for configuring the AWS plug-in
        2.  
          Configuring AWS permissions for CloudPoint
        3.  
          AWS permissions required by CloudPoint
        4.  
          Before you create a cross account configuration
      3. Google Cloud Platform plug-in configuration notes
        1.  
          Google Cloud Platform permissions required by CloudPoint
        2.  
          Configuring a GCP service account for CloudPoint
        3.  
          Preparing the GCP service account for plug-in configuration
      4. Microsoft Azure plug-in configuration notes
        1.  
          Configuring permissions on Microsoft Azure
        2.  
          About Azure snapshots
      5. Microsoft Azure Stack Hub plug-in configuration notes
        1.  
          Configuring permissions on Microsoft Azure Stack Hub
        2.  
          Configuring staging location for Azure Stack Hub VMs to restore from backup
    5. CloudPoint storage array plug-ins
      1.  
        How to configure the CloudPoint storage array plug-ins?
      2. NetApp plug-in configuration notes
        1.  
          NetApp plug-in configuration parameters
        2.  
          Configuring a dedicated LIF for NetBackup access
        3.  
          Supported CloudPoint operations on NetApp storage
      3.  
        ACL configuration on NetApp array
      4. Nutanix Files plug-in configuration notes
        1.  
          Nutanix Files plug-in configuration prerequisites
        2.  
          Nutanix Files plug-in considerations and limitations
        3.  
          Supported CloudPoint operations on Nutanix Files File Server
        4. Troubleshooting NetBackup issues for Nutanix Files
          1.  
            Backup jobs for Nutanix Files fail due to snapshot import and export operations failures
          2.  
            Plug-in configuration may fail if the Nutanix Files version is unsupported
      5.  
        Configuring ACL for Nutanix array
      6. Dell EMC Unity array plug-in configuration notes
        1.  
          Dell EMC Unity array plug-in configuration parameters
        2.  
          Supported Dell EMC Unity arrays
        3.  
          Supported CloudPoint operations on Dell EMC Unity arrays
      7. Pure Storage FlashArray plug-in configuration notes
        1.  
          Supported Pure Storage FlashArray models
        2.  
          Supported CloudPoint operations on Pure Storage FlashArray models
      8.  
        HPE XP plug-in configuration parameters
      9. HPE RMC plug-in configuration notes
        1.  
          RMC plug-in configuration parameters
        2.  
          Supported HPE storage systems
        3.  
          Supported CloudPoint operations on HPE storage arrays
      10. HPE XP plug-in configuration notes
        1.  
          HPE XP plug-in configuration parameters
        2.  
          Supported CloudPoint operations on HPE XP storage arrays
      11. Hitachi plug-in configuration notes
        1.  
          Hitachi plug-in configuration parameters
        2.  
          Supported Hitachi storage arrays
        3.  
          Supported CloudPoint operations on Hitachi arrays
      12. Hitachi (HDS VSP 5000) plug-in configuration notes
        1.  
          Hitachi (HDS VSP 5000) plug-in configuration parameters
        2.  
          Supported CloudPoint operations on Hitachi (HDS VSP 5000) array
      13. InfiniBox plug-in configuration notes
        1.  
          InifiniBox plug-in configuration parameters
        2.  
          Supported CloudPoint operations on InfiniBox arrays
      14. Dell EMC PowerScale (Isilon) plug-in configuration notes
        1.  
          Dell EMC PowerScale (Isilon) plug-in configuration prerequisites
        2.  
          Supported CloudPoint operations on Dell EMC PowerScale (Isilon) plug-in
      15. Dell EMC PowerMax and VMax plug-in configuration notes
        1.  
          Dell EMC PowerMax and VMax plug-in configuration prerequisites
        2.  
          Supported CloudPoint operations on Dell EMC PowerMax and VMax
      16. Qumulo plug-in configuration notes
        1.  
          Qumulo plug-in configuration prerequisites
        2.  
          Qumulo plug-in considerations and limitations
        3.  
          Supported CloudPoint operations on Qumulo plug-in
    6. CloudPoint application agents and plug-ins
      1.  
        Microsoft SQL plug-in configuration notes
      2. Oracle plug-in configuration notes
        1.  
          Optimizing your Oracle database data and metadata files
      3.  
        MongoDB plug-in configuration notes
      4.  
        About the installation and configuration process
      5.  
        Preparing to install the Linux-based agent
      6.  
        Preparing to install the Windows-based agent
      7.  
        Downloading and installing the CloudPoint agent
      8.  
        Registering the Linux-based agent
      9.  
        Registering the Windows-based agent
      10.  
        Configuring the CloudPoint application plug-in
      11.  
        Configuring VSS to store shadow copies on the originating drive
      12.  
        Creating a NetBackup protection plan for cloud assets
      13.  
        Subscribing cloud assets to a NetBackup protection plan
      14. About snapshot restore
        1.  
          Process for restoring SQL AG databases
      15.  
        Restore requirements and limitations for Microsoft SQL Server
      16.  
        Restore requirements and limitations for Oracle
      17.  
        Additional steps required after an Oracle snapshot restore
      18.  
        Restore requirements and limitations for MongoDB
      19.  
        Additional steps required after a MongoDB snapshot restore
      20.  
        Steps required before restoring SQL AG databases
      21.  
        Recovering a SQL database to the same location
      22.  
        Recovering a SQL database to an alternate location
      23. Additional steps required after a SQL Server snapshot restore
        1.  
          Steps required after a SQL Server disk-level snapshot restore to new location
      24.  
        Additional steps required after restoring SQL AG databases
      25.  
        SQL snapshot or restore and granular restore operations fail if the Windows instance loses connectivity with the CloudPoint host
      26.  
        Disk-level snapshot restore fails if the original disk is detached from the instance
      27.  
        Additional steps required after restoring an AWS RDS database instance
    7. Protecting assets with CloudPoint's agentless feature
      1.  
        About the agentless feature
      2. Prerequisites for the agentless configuration
        1.  
          Configuring SMB for Windows (Optional)
        2.  
          Configuring WMI security for Windows (optional)
      3.  
        Configuring the agentless feature
      4.  
        Configuring the agentless feature after upgrading CloudPoint
    8. Volume Encryption in NetBackup CloudPoint
      1.  
        About volume encryption support in CloudPoint
      2.  
        Volume encryption for Azure
      3.  
        Volume encryption for GCP
      4.  
        Volume encryption for AWS
    9. CloudPoint security
      1.  
        Configuring security for Azure and Azure Stack
      2.  
        Configuring the cloud connector for Azure and Azure Stack
      3.  
        CA configuration for Azure Stack
      4.  
        Securing the connection to CloudPoint
  2. Section II. CloudPoint maintenance
    1. CloudPoint logging
      1.  
        About CloudPoint logging mechanism
      2. How Fluentd-based CloudPoint logging works
        1.  
          About the CloudPoint fluentd configuration file
        2.  
          Modifying the fluentd configuration file
      3.  
        CloudPoint logs
      4.  
        Agentless logs
      5.  
        Troubleshooting CloudPoint logging
    2. Upgrading CloudPoint
      1.  
        About CloudPoint upgrades
      2.  
        Supported upgrade path
      3.  
        Upgrade scenarios
      4.  
        Preparing to upgrade CloudPoint
      5. Upgrading CloudPoint
        1.  
          Upgrade in Docker environment
        2.  
          Upgrade in Podman environment
      6.  
        Upgrading CloudPoint using patch or hotfix
      7. Migrating and upgrading CloudPoint
        1.  
          Before you begin migrating CloudPoint
        2.  
          Migrate and upgrade CloudPoint on RHEL 8.3 or 8.4
      8.  
        Post-upgrade tasks
    3. Uninstalling CloudPoint
      1.  
        Preparing to uninstall CloudPoint
      2.  
        Backing up CloudPoint
      3.  
        Unconfiguring CloudPoint plug-ins
      4.  
        Unconfiguring CloudPoint agents
      5.  
        Removing the CloudPoint agents
      6.  
        Removing CloudPoint from a standalone Docker host environment
      7.  
        Removing CloudPoint extensions - VM-based or managed Kubernetes cluster-based
      8.  
        Restoring CloudPoint
    4. Troubleshooting CloudPoint
      1.  
        Troubleshooting CloudPoint

Troubleshooting CloudPoint

Refer to the following troubleshooting scenarios:

  • CloudPoint agent fails to connect to the CloudPoint server if the agent host is restarted abruptly.

    This issue may occur if the host where the CloudPoint agent is installed is shut down abruptly. Even after the host restarts successfully, the agent fails to establish a connection with the CloudPoint server and goes into an offline state.

    The agent log file contains the following error:

    flexsnap-agent-onhost[4972] MainThread flexsnap.connectors.rabbitmq:
ERROR - Channel 1 closed unexpectedly: 
(405) RESOURCE_LOCKED - cannot obtain exclusive access to locked queue '
flexsnap-agent.a1f2ac945cd844e393c9876f347bd817' in vhost '/'

    This issue occurs because the RabbitMQ connection between the agent and the CloudPoint server does not close even in case of an abrupt shutdown of the agent host. The CloudPoint server cannot detect the unavailability of the agent until the agent host misses the heartbeat poll. The RabbitMQ connection remains open until the next heartbeat cycle. If the agent host reboots before the next heartbeat poll is triggered, the agent tries to establish a new connection with the CloudPoint server. However, as the earlier RabbitMQ connection already exists, the new connection attempt fails with a resource locked error.

    As a result of this connection failure, the agent goes offline and leads to a failure of all snapshot and restore operations performed on the host.

    Workaround:

    Restart the Veritas CloudPoint Agent service on the agent host.

    • On a Linux hosts, run the following command:

      # sudo systemctl restart flexsnap-agent.service

    • On Windows hosts:

      Restart the Veritas CloudPoint™ Agent service from the Windows Services console.

  • CloudPoint agent registration on Windows hosts may time out or fail.

    For protecting applications on Windows, you need to install and then register the CloudPoint agent on the Windows host. The agent registration may sometimes take longer than usual and may either time out or fail.

    Workaround:

    To resolve this issue, try the following steps:

    • Re-register the agent on the Windows host using a fresh token.

    • If the registration process fails again, restart the CloudPoint services on the CloudPoint server and then try registering the agent again.

    Refer to the following for more information:

    See Registering the Windows-based agent.

    See Restarting CloudPoint.

  • Disaster recovery when DR package is lost or passphrase is lost.

    This issue may occur if the DR package is lost or the passphrase is lost.

    In case of Catalog backup, 2 backup packages are created:

    • DR package which contains all the certs

    • Catalog package which contains the data base

    The DR package contains the NetBackup UUID certs and Catalog DB also has the UUID. When you perform disaster recovery using the DR package followed by catalog recovery, both the UUID cert and the UUID are restored. This allows NetBackup to communicate with CloudPoint since the UUID is not changed.

    However if the DR package is lost or the Passphrase is lost the DR operation cannot be completed. You can only recover the catalog without DR package after you reinstall NetBackup. In this case, a new UUID is created for NetBackup which is not recognised by CloudPoint. The one-to-one mapping of NetBackup and CloudPoint is lost.

    Workaround:

    To resolve this issue, you must update the new NBU UUID and Version Number after NetBackup primary is created.

    • The NetBackup administrator must be logged on to the NetBackup Web Management Service to perform this task. Use the following command to log on:

      /usr/openv/netbackup/bin/bpnbat -login -loginType WEB

    • Execute the following command on the primary server to get the NBU UUID:

      /usr/openv/netbackup/bin/admincmd/nbhostmgmt -list -host <primary server host name> | grep "Host ID"

    • Execute the following command to get the Version Number:

      /usr/openv/netbackup/bin/admincmd/bpgetconfig -g <primary Ssrver host name> -L

    After you get the NBU UUID and Version number, execute the following command on the CloudPoint host to update the mapping:

    /cloudpoint/scripts/cp_update_nbuuid.sh -i <NBU UUID> -v <Version Number>

  • The snapshot job is successful but the backup from snapshot job fails with the error "Certificate verification failed" if CloudPoint server's certificate is revoked

    In backup from snapshot operations, while taking snapshot NetBackup communicates with CloudPoint server.

    In backup operations, communication happens between the datamover container on CloudPoint server and NetBackup media/primary server. Following flags should be used to enforce the revocation status check of certificates of respective servers.

    • ECA_CRL_CHECK: By default enabled and validated during backup operation, whereas VIRTUALIZATION_CRL_CHECK is by default disabled and is validated during snapshot and cloud vendor operations.

    • VIRTUALIZATION_CRL_CHECK: If this flag is enabled and CloudPoint machines certificate is revoked, then snapshot job fails.

    See Configuring security for Azure and Azure Stack .

  • CloudPoint fails to establish connection using agentless to the Windows cloud instance

    Error 1: <Instance_name>: network connection timed out.

    Case 1: CloudPoint server log message:

    WARNING - Cannot connect to the remote host. SMB Connection timeout
 <IP address> <user>

…

flexsnap.OperationFailed: Could not connect to the remote server 
<IP address>

    Workaround

    To resolve this issue, try the following steps:

    • Verify if the SMB port 445 is added in the Network security group and is accessible from the CloudPoint server.

    • Verify if the SMB port 445 is allowed through cloud instance firewall.

    Case 2: CloudPoint Server log message:

    WARNING - Cannot connect to the remote host. WMI Connection 
timeout <IP address> <user>

…

flexsnap.OperationFailed: Could not connect to the remote 
server <IP address>

    Workaround:

    To resolve this issue, try the following steps:

    • Verify and add DCOM port (135) in the Network security group and is accessible from CloudPoint server.

    • Verify if the port 135 is allowed through cloud instance firewall.

    Case 3: CloudPoint Server log message:

    Exception while opening SMB connection, [Errno Connection error 
(<IP address>:445)] [Errno 113] No route to host.

    Workaround: Verify if the cloud instance is up and running or not in inconsistent state.

    Case 4: CloudPoint Server log message:

    Error when closing dcom connection: 'Thread-xxxx'"

    Where, xxxx is the thread number.

    Workaround:

    To resolve this issue, try the following steps:

    • Verify if the WMI-IN dynamic port range or the fixed port as configured is added in the Network security group.

    • Verify and enable WMI-IN port from the cloud instance firewall.

    Error 2: <Instance_name>: Could not connect to the virtual machine.

    CloudPoint server log message:

    Error: Cannot connect to the remote host. <IP address> Access denied.

    Workaround:

    To resolve this issue, try the following steps:

    • Verify if the user is having administrative rights.

    • Verify if the UAC is disabled for the user.

  • CloudPoint cloud operations fail on a RHEL system if a firewall is disabled

    The CloudPoint operations fail for all the supported cloud plugins on a RHEL system, if a firewall is disabled on that system when the CloudPoint services are running. This is a network configuration issue that prevents the CloudPoint from accessing the cloud provider REST API endpoints.

    Workaround

    • Stop CloudPoint

      # docker run --rm -it

      -v /var/run/docker.sock:/var/run/docker.sock

      -v /cloudpoint:/cloudpoint veritas/flexsnap-cloudpoint:<version> stop

    • Restart Docker

      # systemctl restart docker

    • Restart CloudPoint

      # docker run --rm -it

      -v /var/run/docker.sock:/var/run/docker.sock

      -v /cloudpoint:/cloudpoint veritas/flexsnap-cloudpoint:<version> start