NetBackup™ Snapshot Manager for Cloud Install and Upgrade Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (11.0)
  1. Introduction
    1.  
      About the deployment approach
    2.  
      Deciding where to run NetBackup Snapshot Manager for Cloud
    3.  
      About deploying NetBackup Snapshot Manager in the cloud
  2. Section I. NetBackup Snapshot Manager for Cloud installation and configuration
    1. Preparing for NetBackup Snapshot Manager for Cloud installation
      1.  
        Meeting system requirements
      2.  
        NetBackup Snapshot Manager host sizing recommendations
      3.  
        NetBackup Snapshot Manager extension sizing recommendations
      4.  
        Creating an instance or preparing the host to install NetBackup Snapshot Manager
      5.  
        Installing container platform (Docker, Podman)
      6.  
        Creating and mounting a volume to store NetBackup Snapshot Manager data
      7.  
        Verifying that specific ports are open on the instance or physical host
      8.  
        Preparing NetBackup Snapshot Manager for backup from snapshot jobs
      9.  
        OCI - iptables rules for backup from snapshot jobs
    2. Deploying NetBackup Snapshot Manager for Cloud using container images
      1.  
        Before you begin installing NetBackup Snapshot Manager
      2.  
        Installing NetBackup Snapshot Manager in the Docker/Podman environment
      3.  
        Installing NetBackup Snapshot Manager on CIS Level 2 v2 configured host
      4.  
        Securing the connection to NetBackup Snapshot Manager
      5.  
        Verifying that NetBackup Snapshot Manager is installed successfully
      6.  
        Restarting NetBackup Snapshot Manager
    3. Deploying NetBackup Snapshot Manager for Cloud extensions
      1.  
        Before you begin installing NetBackup Snapshot Manager extensions
      2.  
        Downloading the NetBackup Snapshot Manager extension
      3. Installing the NetBackup Snapshot Manager extension on a VM
        1.  
          Prerequisites to install the extension on VM
        2.  
          Installing the extension on a VM
      4. Installing the NetBackup Snapshot Manager extension on a managed Kubernetes cluster (AKS) in Azure
        1.  
          Prerequisites to install the extension on a managed Kubernetes cluster in Azure
        2.  
          Installing the extension on Azure (AKS)
      5. Installing the NetBackup Snapshot Manager extension on a managed Kubernetes cluster (EKS) in AWS
        1.  
          Prerequisites to install the extension on a managed Kubernetes cluster in AWS
        2. Installing the extension on AWS (EKS)
          1.  
            Install extension using the extension script
      6. Installing the NetBackup Snapshot Manager extension on a managed Kubernetes cluster (GKE) in GCP
        1.  
          Prerequisites to install the extension on a managed Kubernetes cluster in GCP
        2.  
          Installing the extension on GCP (GKE)
      7.  
        Install extension using the Kustomize and CR YAMLs
      8.  
        Managing the extensions
    4. NetBackup Snapshot Manager for cloud providers
      1.  
        Why to configure the NetBackup Snapshot Manager cloud providers?
      2. AWS plug-in configuration notes
        1.  
          Prerequisites for configuring the AWS plug-in
        2.  
          Before you create a cross account configuration
        3.  
          Prerequisites for application consistent snapshots using AWS Systems Service Manager
        4.  
          Prerequisites for configuring AWS plug-in using VPC endpoint
        5.  
          AWS permissions required by NetBackup Snapshot Manager
        6.  
          Configuring AWS permissions for NetBackup Snapshot Manager
      3. Google Cloud Platform plug-in configuration notes
        1. Prerequisites for configuring the GCP plug-in using Credential and Service Account option
          1.  
            Additional prerequisites for configuring the GCP plug-in using Service Account option
        2.  
          Google Cloud Platform permissions required by NetBackup Snapshot Manager
        3.  
          Preparing the GCP service account for plug-in configuration
        4.  
          Configuring a GCP service account for NetBackup Snapshot Manager
        5.  
          GCP cross-project configuration
        6.  
          GCP shared VPC configuration
      4. Microsoft Azure plug-in configuration notes
        1.  
          Configuring permissions on Microsoft Azure
        2.  
          About Azure snapshots
      5. Microsoft Azure Stack Hub plug-in configuration notes
        1.  
          Configuring permissions on Microsoft Azure Stack Hub
        2.  
          Configuring staging location for Azure Stack Hub VMs to restore from backup
        3.  
          About Azure Stack Hub snapshots
      6. OCI plug-in configuration notes
        1.  
          Limitation of NetBackup OCI support
        2.  
          Prerequisite for configuring the OCI plug-in
        3.  
          OCI configuration parameters
        4.  
          Configuring host support for OCI
        5.  
          OCI permissions required by NetBackup Snapshot Manager
      7.  
        Cloud Service Provider endpoints for DBPaaS
    5. Configuration for protecting assets on cloud hosts/VM
      1.  
        Deciding which feature (on-host agent or agentless) of NetBackup Snapshot Manager is to be used for protecting the assets
      2. Protecting assets with NetBackup Snapshot Manager's on-host agent feature
        1. Installing and configuring NetBackup Snapshot Manager agent
          1.  
            Downloading and installing the NetBackup Snapshot Manager agent
          2. Linux-based agent
            1.  
              Preparing to install the Linux-based agent
            2.  
              Registering the Linux-based agent
          3. Windows-based agent
            1.  
              Preparing to install the Windows-based agent
            2.  
              Registering the Windows-based agent
        2. Configuring the NetBackup Snapshot Manager application plug-in
          1.  
            Configuring an application plug-in
          2. Microsoft SQL plug-in
            1.  
              Microsoft SQL plug-in configuration requirements
            2.  
              Restore requirements and limitations for Microsoft SQL Server
            3.  
              Steps required before restoring SQL AG databases
            4.  
              Additional steps required after restoring SQL AG databases
            5. Additional steps required after a SQL Server instance snapshot restore
              1.  
                Steps required after a SQL Server host-level restore
              2.  
                Steps required after a SQL Server instance disk-level snapshot restore to new location
          3. Oracle plug-in
            1. Oracle plug-in configuration requirements
              1.  
                Optimizing your Oracle database data and metadata files
            2.  
              Restore requirements and limitations for Oracle
            3.  
              Additional steps required after an Oracle snapshot restore
      3. Protecting assets with NetBackup Snapshot Manager's agentless feature
        1.  
          Prerequisites for the agentless configuration
        2.  
          Configuring the agentless feature
        3.  
          Configuring the agentless feature after upgrading NetBackup Snapshot Manager
    6. Snapshot Manager for cloud catalog backup and recovery
      1.  
        About using script
      2.  
        NetBackup Snapshot Manager data backup
      3.  
        NetBackup Snapshot Manager data recovery
    7. NetBackup Snapshot Manager for cloud assets protection
      1. NetBackup protection plan
        1.  
          Creating a NetBackup protection plan for cloud assets
        2.  
          Subscribing cloud assets to a NetBackup protection plan
      2.  
        Assigning tags on snapshots and Restore Point Collection
      3.  
        Configuring VSS to store shadow copies on the originating drive
    8. Volume encryption in NetBackup Snapshot Manager for cloud
      1.  
        About volume encryption support in NetBackup Snapshot Manager
      2.  
        Volume encryption for Azure
      3.  
        Volume encryption for GCP
      4.  
        Volume encryption for AWS
      5.  
        Volume encryption for OCI
    9. NetBackup Snapshot Manager for Cloud security
      1.  
        Configuring security for Azure Stack
      2.  
        Configuring the cloud connector for Azure Stack
      3.  
        CA configuration for Azure Stack
  3. Section II. NetBackup Snapshot Manager for Cloud maintenance
    1. NetBackup Snapshot Manager for Cloud logging
      1.  
        About NetBackup Snapshot Manager logging mechanism
      2. How Fluentd-based NetBackup Snapshot Manager logging works
        1.  
          About the NetBackup Snapshot Manager fluentd configuration file
        2.  
          Modifying the fluentd configuration file
      3.  
        NetBackup Snapshot Manager logs
      4.  
        Agentless logs
      5.  
        Troubleshooting NetBackup Snapshot Manager logging
    2. Upgrading NetBackup Snapshot Manager for Cloud
      1.  
        About NetBackup Snapshot Manager for Cloud upgrades
      2.  
        Supported upgrade path
      3.  
        Upgrade scenarios
      4.  
        Preparing to upgrade NetBackup Snapshot Manager
      5.  
        Upgrading NetBackup Snapshot Manager
      6.  
        Upgrading NetBackup Snapshot Manager using patch or hotfix
      7.  
        Applying operating system patches on NetBackup Snapshot Manager host
      8. Migrating and upgrading NetBackup Snapshot Manager
        1.  
          Before you begin migrating NetBackup Snapshot Manager
        2.  
          Migrate and upgrade NetBackup Snapshot Manager on RHEL 8.x and 9.x
      9.  
        GCP configuration for migration from zone to region
      10. Post-upgrade tasks
        1.  
          Upgrading NetBackup Snapshot Manager extensions
        2.  
          Post upgrade limitations
      11.  
        Post-migration tasks
    3. Uninstalling NetBackup Snapshot Manager for Cloud
      1.  
        Preparing to uninstall NetBackup Snapshot Manager
      2.  
        Backing up NetBackup Snapshot Manager
      3.  
        Unconfiguring NetBackup Snapshot Manager plug-ins
      4.  
        Unconfiguring NetBackup Snapshot Manager agents
      5.  
        Removing the NetBackup Snapshot Manager agents
      6.  
        Removing NetBackup Snapshot Manager from a standalone Docker host environment
      7.  
        Removing NetBackup Snapshot Manager extensions - VM-based or managed Kubernetes cluster-based
      8.  
        Restoring NetBackup Snapshot Manager
    4. Troubleshooting NetBackup Snapshot Manager for Cloud
      1.  
        Troubleshooting NetBackup Snapshot Manager
      2.  
        SQL snapshot or restore and granular restore operations fail if the Windows instance loses connectivity with the NetBackup Snapshot Manager host
      3.  
        Disk-level snapshot restore fails if the original disk is detached from the instance
      4.  
        Discovery is not working even after assigning system managed identity to the control node pool
      5.  
        Performance issue with GCP backup from snapshot
      6.  
        Post migration on host agents fail with an error message
      7.  
        File restore job fails with an error message
      8.  
        Acknowledgment not received for datamover
      9.  
        Google Cloud Platform does display the Snapshot ID of the disk
      10.  
        Application state of the connected/configured cloud VM(s) displays an error after upgrading to NetBackup Snapshot Manager version 11.x
      11.  
        Backup and restore jobs fail with timeout error
      12.  
        GCP restore with encryption key failed with an error message
      13.  
        Amazon Redshift clusters and databases not available after discovery
      14.  
        Shared VPC subnet not visible
      15.  
        Container manager may not spawn the ephemeral registration container timely
      16.  
        GCP restore from VM fails to obtain firewall rules
      17.  
        Parameterised VM restore fails to retrieve encryption keys
      18.  
        Restore from snapshot of a VM with security type Trusted Launch fails
      19.  
        Snapshot Manager failed to retrieve the specified cloud domain(s), against the specified plugin instance
      20.  
        Issues with SELinux configuration
      21.  
        Performance issues with OCI backup from snapshot and restore from backup copy
      22.  
        Connection to Amazon Linux 2023 or Alma Linux machines fail
      23.  
        Single file restore from snapshot copy fails with an error
      24.  
        MS SQL application backup, restore, or SFR job on Windows cloud VM fails with an error
      25.  
        Status 49 error appears
      26.  
        Restore from backup fails with an error
      27.  
        (For AWS) If the specified AMI is not subscribed in the given region an error message appears
      28.  
        Restore of Azure Disk Encrypted VM fails with an error

Installing NetBackup Snapshot Manager on CIS Level 2 v2 configured host

The Center for Internet Security (CIS) provides a set of benchmarks for different software system. These benchmarks are used to harden software and systems. CIS lists Level 1, 2 and 3 benchmarks.

NetBackup Snapshot Manager deployment is now supported on CIS Level 2 v2 benchmark for Red Hat Enterprise Linux 8 machines.

To install NetBackup Snapshot Manager on CIS Level 2 v2 configured host

  1. Prepare Red Hat Enterprise Linux 8 with CIS Level 2 v2 benchmarks.
  2. For CIS host, iptables firewall is supported.
  3. Ensure that you meet all the 'NetBackup Snapshot Manager host requirements' provided in the following section:

  4. Ensure that IPv4 and IPv6 forwarding are enabled.
  5. Use OpenScap tool to remediate the machine with the following set of rules skipped for NetBackup Snapshot Manager:
    xccdf_org.ssgproject.content_rule_package_iptables-services_removed
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_forwarding
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_ip_forward
xccdf_org.ssgproject.content_rule_accounts_tmout  
xccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action  
xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action  
xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action  
xccdf_org.ssgproject.content_rule_banner_etc_issue  
xccdf_org.ssgproject.content_rule_banner_etc_issue_net  
xccdf_org.ssgproject.content_rule_grub2_uefi_password  
xccdf_org.ssgproject.content_rule_mount_option_var_noexec
xccdf_org.ssgproject.content_rule_package_bind_removed  
xccdf_org.ssgproject.content_rule_package_cups_removed  
xccdf_org.ssgproject.content_rule_package_dhcp_removed  
xccdf_org.ssgproject.content_rule_package_dovecot_removed  
xccdf_org.ssgproject.content_rule_package_httpd_removed  
xccdf_org.ssgproject.content_rule_package_mcstrans_removed  
xccdf_org.ssgproject.content_rule_package_net-snmp_removed  
xccdf_org.ssgproject.content_rule_package_openldap-clients_removed  
xccdf_org.ssgproject.content_rule_package_rsync_removed  
xccdf_org.ssgproject.content_rule_package_samba_removed  
xccdf_org.ssgproject.content_rule_package_setroubleshoot_removed  
xccdf_org.ssgproject.content_rule_package_squid_removed  
xccdf_org.ssgproject.content_rule_package_talk_removed  
xccdf_org.ssgproject.content_rule_package_telnet-server_removed  
xccdf_org.ssgproject.content_rule_package_tftp-server_removed  
xccdf_org.ssgproject.content_rule_package_vsftpd_removed  
xccdf_org.ssgproject.content_rule_package_xinetd_removed  
xccdf_org.ssgproject.content_rule_package_xorg-x11-server-common_removed  
xccdf_org.ssgproject.content_rule_package_ypserv_removed  
xccdf_org.ssgproject.content_rule_rsyslog_files_permissions  
xccdf_org.ssgproject.content_rule_selinux_state  
xccdf_org.ssgproject.content_rule_service_firewalld_enabled  
xccdf_org.ssgproject.content_rule_set_firewalld_default_zone  
xccdf_org.ssgproject.content_rule_sudo_require_authentication  
xccdf_org.ssgproject.content_rule_sudo_require_reauthentication

    Following is an example for using the oscap command with the remediate option:

    # oscap xccdf eval --skip-rule <x> --skip-rule <y> --skip-rule <z> --results demo-remediate2.xml --profile xccdf_org.ssgproject.content_profile_cis --remediate /usr/share/xml/scap/ssg/content/ssg-rhel8-ds-1.2.xml

    Add all the above rules to the --skip-rule option as provided in the above example. This would skip the specified rules and would generate a report.

    For more information, refer to Red Hat System Design Guide.

  6. Install NetBackup Snapshot Manager and register with NetBackup primary server.
  7. Ensure that Podman communication is working properly. Refer to Red Hat knowledge base article.
  8. When performing the agentless configuration for protecting CIS Level 2 v2 VM workload, ensure that you meet the requirements mentioned in the following section and delete the noexec permission from the /tmp folder on the agentless VM workload:

After successful NetBackup Snapshot Manager deployment, an openscap CIS score of 97% could be achieved.

More Information

Meeting system requirements

Prerequisites for the agentless configuration