NetBackup™ Snapshot Manager for Cloud Install and Upgrade Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (11.0)
  1. Introduction
    1.  
      About the deployment approach
    2.  
      Deciding where to run NetBackup Snapshot Manager for Cloud
    3.  
      About deploying NetBackup Snapshot Manager in the cloud
  2. Section I. NetBackup Snapshot Manager for Cloud installation and configuration
    1. Preparing for NetBackup Snapshot Manager for Cloud installation
      1.  
        Meeting system requirements
      2.  
        NetBackup Snapshot Manager host sizing recommendations
      3.  
        NetBackup Snapshot Manager extension sizing recommendations
      4.  
        Creating an instance or preparing the host to install NetBackup Snapshot Manager
      5.  
        Installing container platform (Docker, Podman)
      6.  
        Creating and mounting a volume to store NetBackup Snapshot Manager data
      7.  
        Verifying that specific ports are open on the instance or physical host
      8.  
        Preparing NetBackup Snapshot Manager for backup from snapshot jobs
      9.  
        OCI - iptables rules for backup from snapshot jobs
    2. Deploying NetBackup Snapshot Manager for Cloud using container images
      1.  
        Before you begin installing NetBackup Snapshot Manager
      2.  
        Installing NetBackup Snapshot Manager in the Docker/Podman environment
      3.  
        Installing NetBackup Snapshot Manager on CIS Level 2 v2 configured host
      4.  
        Securing the connection to NetBackup Snapshot Manager
      5.  
        Verifying that NetBackup Snapshot Manager is installed successfully
      6.  
        Restarting NetBackup Snapshot Manager
    3. Deploying NetBackup Snapshot Manager for Cloud extensions
      1.  
        Before you begin installing NetBackup Snapshot Manager extensions
      2.  
        Downloading the NetBackup Snapshot Manager extension
      3. Installing the NetBackup Snapshot Manager extension on a VM
        1.  
          Prerequisites to install the extension on VM
        2.  
          Installing the extension on a VM
      4. Installing the NetBackup Snapshot Manager extension on a managed Kubernetes cluster (AKS) in Azure
        1.  
          Prerequisites to install the extension on a managed Kubernetes cluster in Azure
        2.  
          Installing the extension on Azure (AKS)
      5. Installing the NetBackup Snapshot Manager extension on a managed Kubernetes cluster (EKS) in AWS
        1.  
          Prerequisites to install the extension on a managed Kubernetes cluster in AWS
        2. Installing the extension on AWS (EKS)
          1.  
            Install extension using the extension script
      6. Installing the NetBackup Snapshot Manager extension on a managed Kubernetes cluster (GKE) in GCP
        1.  
          Prerequisites to install the extension on a managed Kubernetes cluster in GCP
        2.  
          Installing the extension on GCP (GKE)
      7.  
        Install extension using the Kustomize and CR YAMLs
      8.  
        Managing the extensions
    4. NetBackup Snapshot Manager for cloud providers
      1.  
        Why to configure the NetBackup Snapshot Manager cloud providers?
      2. AWS plug-in configuration notes
        1.  
          Prerequisites for configuring the AWS plug-in
        2.  
          Before you create a cross account configuration
        3.  
          Prerequisites for application consistent snapshots using AWS Systems Service Manager
        4.  
          Prerequisites for configuring AWS plug-in using VPC endpoint
        5.  
          AWS permissions required by NetBackup Snapshot Manager
        6.  
          Configuring AWS permissions for NetBackup Snapshot Manager
      3. Google Cloud Platform plug-in configuration notes
        1. Prerequisites for configuring the GCP plug-in using Credential and Service Account option
          1.  
            Additional prerequisites for configuring the GCP plug-in using Service Account option
        2.  
          Google Cloud Platform permissions required by NetBackup Snapshot Manager
        3.  
          Preparing the GCP service account for plug-in configuration
        4.  
          Configuring a GCP service account for NetBackup Snapshot Manager
        5.  
          GCP cross-project configuration
        6.  
          GCP shared VPC configuration
      4. Microsoft Azure plug-in configuration notes
        1.  
          Configuring permissions on Microsoft Azure
        2.  
          About Azure snapshots
      5. Microsoft Azure Stack Hub plug-in configuration notes
        1.  
          Configuring permissions on Microsoft Azure Stack Hub
        2.  
          Configuring staging location for Azure Stack Hub VMs to restore from backup
        3.  
          About Azure Stack Hub snapshots
      6. OCI plug-in configuration notes
        1.  
          Limitation of NetBackup OCI support
        2.  
          Prerequisite for configuring the OCI plug-in
        3.  
          OCI configuration parameters
        4.  
          Configuring host support for OCI
        5.  
          OCI permissions required by NetBackup Snapshot Manager
      7.  
        Cloud Service Provider endpoints for DBPaaS
    5. Configuration for protecting assets on cloud hosts/VM
      1.  
        Deciding which feature (on-host agent or agentless) of NetBackup Snapshot Manager is to be used for protecting the assets
      2. Protecting assets with NetBackup Snapshot Manager's on-host agent feature
        1. Installing and configuring NetBackup Snapshot Manager agent
          1.  
            Downloading and installing the NetBackup Snapshot Manager agent
          2. Linux-based agent
            1.  
              Preparing to install the Linux-based agent
            2.  
              Registering the Linux-based agent
          3. Windows-based agent
            1.  
              Preparing to install the Windows-based agent
            2.  
              Registering the Windows-based agent
        2. Configuring the NetBackup Snapshot Manager application plug-in
          1.  
            Configuring an application plug-in
          2. Microsoft SQL plug-in
            1.  
              Microsoft SQL plug-in configuration requirements
            2.  
              Restore requirements and limitations for Microsoft SQL Server
            3.  
              Steps required before restoring SQL AG databases
            4.  
              Additional steps required after restoring SQL AG databases
            5. Additional steps required after a SQL Server instance snapshot restore
              1.  
                Steps required after a SQL Server host-level restore
              2.  
                Steps required after a SQL Server instance disk-level snapshot restore to new location
          3. Oracle plug-in
            1. Oracle plug-in configuration requirements
              1.  
                Optimizing your Oracle database data and metadata files
            2.  
              Restore requirements and limitations for Oracle
            3.  
              Additional steps required after an Oracle snapshot restore
      3. Protecting assets with NetBackup Snapshot Manager's agentless feature
        1.  
          Prerequisites for the agentless configuration
        2.  
          Configuring the agentless feature
        3.  
          Configuring the agentless feature after upgrading NetBackup Snapshot Manager
    6. Snapshot Manager for cloud catalog backup and recovery
      1.  
        About using script
      2.  
        NetBackup Snapshot Manager data backup
      3.  
        NetBackup Snapshot Manager data recovery
    7. NetBackup Snapshot Manager for cloud assets protection
      1. NetBackup protection plan
        1.  
          Creating a NetBackup protection plan for cloud assets
        2.  
          Subscribing cloud assets to a NetBackup protection plan
      2.  
        Assigning tags on snapshots and Restore Point Collection
      3.  
        Configuring VSS to store shadow copies on the originating drive
    8. Volume encryption in NetBackup Snapshot Manager for cloud
      1.  
        About volume encryption support in NetBackup Snapshot Manager
      2.  
        Volume encryption for Azure
      3.  
        Volume encryption for GCP
      4.  
        Volume encryption for AWS
      5.  
        Volume encryption for OCI
    9. NetBackup Snapshot Manager for Cloud security
      1.  
        Configuring security for Azure Stack
      2.  
        Configuring the cloud connector for Azure Stack
      3.  
        CA configuration for Azure Stack
  3. Section II. NetBackup Snapshot Manager for Cloud maintenance
    1. NetBackup Snapshot Manager for Cloud logging
      1.  
        About NetBackup Snapshot Manager logging mechanism
      2. How Fluentd-based NetBackup Snapshot Manager logging works
        1.  
          About the NetBackup Snapshot Manager fluentd configuration file
        2.  
          Modifying the fluentd configuration file
      3.  
        NetBackup Snapshot Manager logs
      4.  
        Agentless logs
      5.  
        Troubleshooting NetBackup Snapshot Manager logging
    2. Upgrading NetBackup Snapshot Manager for Cloud
      1.  
        About NetBackup Snapshot Manager for Cloud upgrades
      2.  
        Supported upgrade path
      3.  
        Upgrade scenarios
      4.  
        Preparing to upgrade NetBackup Snapshot Manager
      5.  
        Upgrading NetBackup Snapshot Manager
      6.  
        Upgrading NetBackup Snapshot Manager using patch or hotfix
      7.  
        Applying operating system patches on NetBackup Snapshot Manager host
      8. Migrating and upgrading NetBackup Snapshot Manager
        1.  
          Before you begin migrating NetBackup Snapshot Manager
        2.  
          Migrate and upgrade NetBackup Snapshot Manager on RHEL 8.x and 9.x
      9.  
        GCP configuration for migration from zone to region
      10. Post-upgrade tasks
        1.  
          Upgrading NetBackup Snapshot Manager extensions
        2.  
          Post upgrade limitations
      11.  
        Post-migration tasks
    3. Uninstalling NetBackup Snapshot Manager for Cloud
      1.  
        Preparing to uninstall NetBackup Snapshot Manager
      2.  
        Backing up NetBackup Snapshot Manager
      3.  
        Unconfiguring NetBackup Snapshot Manager plug-ins
      4.  
        Unconfiguring NetBackup Snapshot Manager agents
      5.  
        Removing the NetBackup Snapshot Manager agents
      6.  
        Removing NetBackup Snapshot Manager from a standalone Docker host environment
      7.  
        Removing NetBackup Snapshot Manager extensions - VM-based or managed Kubernetes cluster-based
      8.  
        Restoring NetBackup Snapshot Manager
    4. Troubleshooting NetBackup Snapshot Manager for Cloud
      1.  
        Troubleshooting NetBackup Snapshot Manager
      2.  
        SQL snapshot or restore and granular restore operations fail if the Windows instance loses connectivity with the NetBackup Snapshot Manager host
      3.  
        Disk-level snapshot restore fails if the original disk is detached from the instance
      4.  
        Discovery is not working even after assigning system managed identity to the control node pool
      5.  
        Performance issue with GCP backup from snapshot
      6.  
        Post migration on host agents fail with an error message
      7.  
        File restore job fails with an error message
      8.  
        Acknowledgment not received for datamover
      9.  
        Google Cloud Platform does display the Snapshot ID of the disk
      10.  
        Application state of the connected/configured cloud VM(s) displays an error after upgrading to NetBackup Snapshot Manager version 11.x
      11.  
        Backup and restore jobs fail with timeout error
      12.  
        GCP restore with encryption key failed with an error message
      13.  
        Amazon Redshift clusters and databases not available after discovery
      14.  
        Shared VPC subnet not visible
      15.  
        Container manager may not spawn the ephemeral registration container timely
      16.  
        GCP restore from VM fails to obtain firewall rules
      17.  
        Parameterised VM restore fails to retrieve encryption keys
      18.  
        Restore from snapshot of a VM with security type Trusted Launch fails
      19.  
        Snapshot Manager failed to retrieve the specified cloud domain(s), against the specified plugin instance
      20.  
        Issues with SELinux configuration
      21.  
        Performance issues with OCI backup from snapshot and restore from backup copy
      22.  
        Connection to Amazon Linux 2023 or Alma Linux machines fail
      23.  
        Single file restore from snapshot copy fails with an error
      24.  
        MS SQL application backup, restore, or SFR job on Windows cloud VM fails with an error
      25.  
        Status 49 error appears
      26.  
        Restore from backup fails with an error
      27.  
        (For AWS) If the specified AMI is not subscribed in the given region an error message appears
      28.  
        Restore of Azure Disk Encrypted VM fails with an error

Configuring permissions on Microsoft Azure Stack Hub

Before NetBackup Snapshot Manager can protect your Microsoft Azure Stack assets, it must have access to them. You must associate a custom role that NetBackup Snapshot Manager users can use to work with Azure Stack assets.

The following is a custom role definition (in JSON format) that gives NetBackup Snapshot Manager the ability to:

  • Configure Azure Stack Hub plug-in and discover assets.

  • Create host and disk snapshots.

  • Restore snapshots to the original location or to a new location.

  • Delete snapshots.

Table: NetBackup Snapshot Manager feature versus permissions for Microsoft Azure Stack Hub cloud provider

Feature

Task/Operation

Required permission

VM based

Backup from snapshot

To create shared access signature URI for backup from snapshot.

Microsoft.Storage/*/read

To generate shared access signature URI for backup from snapshot.

Microsoft.Compute/restorePointCollections/restorePoints/retrieveSasUris/action

To get access to read from disk restore point for creating backup copy in backup from snapshot.

Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/beginGetAccess/action

To obtain end access to restore points, after successful backup from snapshot.

Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/endGetAccess/action

Creating backup from snapshot

To get access to the snapshot data.

Microsoft.Compute/snapshots/beginGetAccess/action

For ending the URI after data from snapshot copied into the backup.

Microsoft.Compute/snapshots/endGetAccess/action

Restore from backup from snapshot

To create shared access signature URI for the managed disk.

Microsoft.Compute/disks/beginGetAccess/action

To delete shared access signature URI, after backup from snapshot.

Microsoft.Compute/disks/endGetAccess/action

Protection of Virtual Machines

To list VMs, VM scale set and attached disks.

Microsoft.Compute/*/read

Protection of SQL databases

To list Azure SQL databases to be protected.

Microsoft.Sql/*/read

Restore disks from snapshots/restore points

To create disk for restore.

Microsoft.Compute/disks/write

Rollback restore/ Cleanup in restore

To restore VM in rollback restore.

Or

To cleanup in case of failure in restore workflow.

Microsoft.Compute/virtualMachines/delete

Restore disk

To identify the available disk attachment points, for restoring disks/ files.

Microsoft.Compute/virtualMachines/vmSizes/read

Cleanup

To delete public IP, in case of cleanup in restore workflow failure. When the original VM has public IP and the alternate location restore fails.

Microsoft.Network/publicIPAddresses/delete

To delete RPC, if create snapshot workflow fails, and therefore rollback.

Microsoft.Compute/restorePointCollections/delete

List Resources (Discovery)

To get resource group and location information.

Microsoft.Resources/*/read

Discovery

To list subscriptions which can be used to list out the assets to be protected.

Microsoft.Subscription/*/read

Snapshots and Restores

To add tags to snapshots for indicating that the tags are created by Snapshot Manager

To add tags which are originally present in the VM to the restored VM.

Microsoft.Resources/subscriptions/tagNames/tagValues/write

Microsoft.Resources/subscriptions/tagNames/write

Snapshot

To protect disk snapshots from accidental deletion.

Microsoft.Authorization/locks/*

List restore points

To list snapshots (restore point), for restores.

Microsoft.Compute/restorePointCollections/read

List snapshots

To list and map restore point for the VMs.

Microsoft.Compute/restorePointCollections/restorePoints/read

List disk snapshots

To list disk restore points, for application consistency.

Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/read

Write snapshots

For incremental snapshots as restore points (Application consistent).

Microsoft.Compute/restorePointCollections/restorePoints/write

Snapshot cleanup

For cleanup in case of restore failures.

Microsoft.Compute/restorePointCollections/restorePoints/delete

Create restore point collections

To create RPC, 1 per VM in case a snapshot is triggered for the VM.

Microsoft.Compute/restorePointCollections/write

Restore VM

For creating VM in restore.

Microsoft.Compute/virtualMachines/write

For power on restored VM, as mentioned in protection plan.

Microsoft.Compute/virtualMachines/start/action

To change the state of VM. Stopping the VM for rollback restore.

Microsoft.Compute/virtualMachines/powerOff/action

To list the networks for restores into the same network as original resource, or to a network selected by user.

Microsoft.Network/*/read

To rollback restore, cleanup in case of failure in workflow.

Microsoft.Network/networkInterfaces/delete

To attach network interface card to restored VM.

Microsoft.Network/networkInterfaces/join/action

To create network interface card for VM restore.

Microsoft.Network/networkInterfaces/write

To attach network security group to VM during restore.

Microsoft.Network/networkSecurityGroups/join/action

To create network security group for VM restore, if original VM has one.

Microsoft.Network/networkSecurityGroups/write

To attach public IP, in restore when original VM has public IP.

Microsoft.Network/publicIPAddresses/join/action

To create public IP, in restore when original VM has public IP.

Microsoft.Network/publicIPAddresses/write

To create VM in a subnet, that is, join a subnet.

Microsoft.Network/virtualNetworks/subnets/join/action

Kubernetes cluster based

Get cluster information

To obtain the cluster information.

Microsoft.ContainerService/managedClusters/agentPools/read

Scale-in/Scale-out

To obtain the capability of the cluster.

Microsoft.ContainerService/managedClusters/read

Scale-in

To maintain the state of VM scale set.

Microsoft.Compute/virtualMachineScaleSets/delete/action

Scale-out

To maintain the state of VM scale set.

Microsoft.Compute/virtualMachineScaleSets/write

Marketplace deployment

High availability

To attach Snapshot Manager data disk to VM scale set instance.

Microsoft.Compute/virtualMachineScaleSets/write

(Scale-in) To maintain the state of the VM scale set.

Microsoft.Compute/virtualMachineScaleSets/delete/action

To create a custom role using Powershell, follow the steps mentioned in the Azure Stack documentation.

For example:

  • New-AzRoleDefinition

    New-AzRoleDefinition -InputFile "C:\CustomRoles\registrationrole.json"

  • New-AzureRmRoleDefinition

    New-AzureRmRoleDefinition -InputFile C:\tools\customRoleDef.json

To create a custom role using Azure CLI, follow the steps mentioned in the Azure documentation.

For example:

az role definition create --role-definition "~/CustomRoles/
registrationrole.json"

Note:

Before creating a role, you must copy the role definition (text in JSON format) in a .json file and then use that file as the input file. In the sample command displayed earlier, registrationrole.json is used as the input file that contains the role definition text.

To use this role, perform the following:

  • Assign the role to an application running in the Azure Stack environment.

  • In NetBackup Snapshot Manager, configure the Azure Stack off-host plug-in with the application's credentials.

More Information

Microsoft Azure Stack Hub plug-in configuration notes