NetBackup™ Snapshot Manager for Cloud Install and Upgrade Guide
- Introduction
- Section I. NetBackup Snapshot Manager for Cloud installation and configuration
- Preparing for NetBackup Snapshot Manager for Cloud installation
- Meeting system requirements
- NetBackup Snapshot Manager host sizing recommendations
- NetBackup Snapshot Manager extension sizing recommendations
- Creating an instance or preparing the host to install NetBackup Snapshot Manager
- Installing container platform (Docker, Podman)
- Creating and mounting a volume to store NetBackup Snapshot Manager data
- Verifying that specific ports are open on the instance or physical host
- Preparing NetBackup Snapshot Manager for backup from snapshot jobs
- OCI - iptables rules for backup from snapshot jobs
- Deploying NetBackup Snapshot Manager for Cloud using container images
- Before you begin installing NetBackup Snapshot Manager
- Installing NetBackup Snapshot Manager in the Docker/Podman environment
- Installing NetBackup Snapshot Manager on CIS Level 2 v2 configured host
- Securing the connection to NetBackup Snapshot Manager
- Verifying that NetBackup Snapshot Manager is installed successfully
- Restarting NetBackup Snapshot Manager
- Deploying NetBackup Snapshot Manager for Cloud extensions
- Before you begin installing NetBackup Snapshot Manager extensions
- Downloading the NetBackup Snapshot Manager extension
- Installing the NetBackup Snapshot Manager extension on a VM
- Installing the NetBackup Snapshot Manager extension on a managed Kubernetes cluster (AKS) in Azure
- Installing the NetBackup Snapshot Manager extension on a managed Kubernetes cluster (EKS) in AWS
- Installing the NetBackup Snapshot Manager extension on a managed Kubernetes cluster (GKE) in GCP
- Install extension using the Kustomize and CR YAMLs
- Managing the extensions
- NetBackup Snapshot Manager for cloud providers
- Why to configure the NetBackup Snapshot Manager cloud providers?
- AWS plug-in configuration notes
- Prerequisites for configuring the AWS plug-in
- Before you create a cross account configuration
- Prerequisites for application consistent snapshots using AWS Systems Service Manager
- Prerequisites for configuring AWS plug-in using VPC endpoint
- AWS permissions required by NetBackup Snapshot Manager
- Configuring AWS permissions for NetBackup Snapshot Manager
- Google Cloud Platform plug-in configuration notes
- Prerequisites for configuring the GCP plug-in using Credential and Service Account option
- Google Cloud Platform permissions required by NetBackup Snapshot Manager
- Preparing the GCP service account for plug-in configuration
- Configuring a GCP service account for NetBackup Snapshot Manager
- GCP cross-project configuration
- GCP shared VPC configuration
- Microsoft Azure plug-in configuration notes
- Microsoft Azure Stack Hub plug-in configuration notes
- OCI plug-in configuration notes
- Cloud Service Provider endpoints for DBPaaS
- Configuration for protecting assets on cloud hosts/VM
- Deciding which feature (on-host agent or agentless) of NetBackup Snapshot Manager is to be used for protecting the assets
- Protecting assets with NetBackup Snapshot Manager's on-host agent feature
- Installing and configuring NetBackup Snapshot Manager agent
- Configuring the NetBackup Snapshot Manager application plug-in
- Configuring an application plug-in
- Microsoft SQL plug-in
- Oracle plug-in
- Protecting assets with NetBackup Snapshot Manager's agentless feature
- Snapshot Manager for cloud catalog backup and recovery
- NetBackup Snapshot Manager for cloud assets protection
- Volume encryption in NetBackup Snapshot Manager for cloud
- NetBackup Snapshot Manager for Cloud security
- Preparing for NetBackup Snapshot Manager for Cloud installation
- Section II. NetBackup Snapshot Manager for Cloud maintenance
- NetBackup Snapshot Manager for Cloud logging
- Upgrading NetBackup Snapshot Manager for Cloud
- About NetBackup Snapshot Manager for Cloud upgrades
- Supported upgrade path
- Upgrade scenarios
- Preparing to upgrade NetBackup Snapshot Manager
- Upgrading NetBackup Snapshot Manager
- Upgrading NetBackup Snapshot Manager using patch or hotfix
- Applying operating system patches on NetBackup Snapshot Manager host
- Migrating and upgrading NetBackup Snapshot Manager
- GCP configuration for migration from zone to region
- Post-upgrade tasks
- Post-migration tasks
- Uninstalling NetBackup Snapshot Manager for Cloud
- Preparing to uninstall NetBackup Snapshot Manager
- Backing up NetBackup Snapshot Manager
- Unconfiguring NetBackup Snapshot Manager plug-ins
- Unconfiguring NetBackup Snapshot Manager agents
- Removing the NetBackup Snapshot Manager agents
- Removing NetBackup Snapshot Manager from a standalone Docker host environment
- Removing NetBackup Snapshot Manager extensions - VM-based or managed Kubernetes cluster-based
- Restoring NetBackup Snapshot Manager
- Troubleshooting NetBackup Snapshot Manager for Cloud
- Troubleshooting NetBackup Snapshot Manager
- SQL snapshot or restore and granular restore operations fail if the Windows instance loses connectivity with the NetBackup Snapshot Manager host
- Disk-level snapshot restore fails if the original disk is detached from the instance
- Discovery is not working even after assigning system managed identity to the control node pool
- Performance issue with GCP backup from snapshot
- Post migration on host agents fail with an error message
- File restore job fails with an error message
- Acknowledgment not received for datamover
- Google Cloud Platform does display the Snapshot ID of the disk
- Application state of the connected/configured cloud VM(s) displays an error after upgrading to NetBackup Snapshot Manager version 11.x
- Backup and restore jobs fail with timeout error
- GCP restore with encryption key failed with an error message
- Amazon Redshift clusters and databases not available after discovery
- Shared VPC subnet not visible
- Container manager may not spawn the ephemeral registration container timely
- GCP restore from VM fails to obtain firewall rules
- Parameterised VM restore fails to retrieve encryption keys
- Restore from snapshot of a VM with security type Trusted Launch fails
- Snapshot Manager failed to retrieve the specified cloud domain(s), against the specified plugin instance
- Issues with SELinux configuration
- Performance issues with OCI backup from snapshot and restore from backup copy
- Connection to Amazon Linux 2023 or Alma Linux machines fail
- Single file restore from snapshot copy fails with an error
- MS SQL application backup, restore, or SFR job on Windows cloud VM fails with an error
- Status 49 error appears
- Restore from backup fails with an error
- (For AWS) If the specified AMI is not subscribed in the given region an error message appears
- Restore of Azure Disk Encrypted VM fails with an error
Prerequisites for configuring the AWS plug-in
If the NetBackup Snapshot Manager instance is deployed in the AWS cloud, perform the following before you configure the plug-in:
Create an AWS IAM role and assign permissions that are required by NetBackup Snapshot Manager.
See Configuring AWS permissions for NetBackup Snapshot Manager.
For more information on how to create an IAM role, see AWS Identity and Access Management Documentation.
Attach the IAM role to the NetBackup Snapshot Manager instance.
For more information on how to attach an IAM role, see AWS Identity and Access Management Documentation.
Note:
If you have deployed NetBackup Snapshot Manager using the CloudFormation Template (CFT), then the IAM role is automatically assigned to the instance when the NetBackup Snapshot Manager stack is launched.
For DynamoDB, user must create an s3 bucket with the name,
netbackup_<accountId>. This bucket is used as a staging location and creates the required directory hierarchy within it for each backup operation.For cross account configuration, from the AWS IAM console (IAM Console > Roles), edit the IAM roles such that:
A new IAM role is created and assigned to the other AWS account (target account). Also, assign that role a policy that has the required permissions to access the assets in the target AWS account.
The IAM role of the other AWS account should trust the Source Account IAM role (Roles > Trust relationships tab).
The Source Account IAM role is assigned an inline policy (Roles > Permissions tab) that allows the source role to assume the role (
"sts:AssumeRole") of the other AWS account.The validity of the temporary security credentials that the Source Account IAM role gets when it assumes the Cross Account IAM role is set to 1 hour, at a minimum (Maximum CLI/API session duration field).
If the assets in the AWS cloud are encrypted using AWS KMS Customer Managed Keys (CMK), then you must ensure the following:
When selecting an IAM user to configure NetBackup Snapshot Manager plug-in configuration, ensure that the IAM user is added as a key user of the CMK.
For source account configuration, ensure that the IAM role that is attached to the NetBackup Snapshot Manager instance is added as a key user of the CMK.
For cross account configuration, ensure that the IAM role that is assigned to the other AWS account (cross account) is added as a key user of the CMK.
Adding these IAM roles and users as the CMK key users allows them to use the AWS KMS CMK key directly for cryptographic operations on the assets. For more details, refer to the AWS documentation.
If the NetBackup Snapshot Manager instance has instance metadata service (IMDsv2) enabled, then ensure that the HttpPutResponseHopLimit parameter is set to 2 for the VM.
If the value of HttpPutResponseHopLimit parameter is not set to 2, then the AWS calls to fetch the metadata from the NetBackup Snapshot Manager containers created on the machine fails.
For more information on the IMDsv2 service, refer to Use IMDSv2.