NetBackup™ 10.1 Application Guide

Last Published:
Product(s): Appliances (3.3, 3.2, 3.1, 3.0)
Platform: Flex Appliance OS
  1. Product overview
    1.  
      Introduction to NetBackup applications for Flex Appliance
    2.  
      About the Flex Appliance documentation
  2. Release notes
    1.  
      NetBackup 10.1 application new features, enhancements, and changes
    2.  
      Supported upgrade paths to this release
    3.  
      Operational notes
  3. Geting started
    1.  
      Prerequisites before you can create NetBackup application instances
    2.  
      Installing the NetBackup Administration Console and client packages
  4. Creating NetBackup application instances
    1. Creating application instances
      1.  
        Creating a NetBackup primary server instance
      2.  
        Creating a NetBackup media server instance
      3.  
        Creating a NetBackup WORM storage server instance
  5. Managing NetBackup application instances
    1.  
      Managing application instances from Flex Appliance and NetBackup
    2. Accessing NetBackup primary and media server instances for management tasks
      1. Managing users on a primary or a media server instance
        1.  
          Adding and removing local users on a primary or a media server instance
        2.  
          Connecting an Active Directory user domain to a primary or a media server instance
        3.  
          Connecting an LDAP user domain to a primary or a media server instance
        4.  
          Changing a user password on a primary or a media server instance
      2. Running NetBackup commands on a primary or a media server application instance
        1.  
          Creating a NetBackup touch file on a primary or a media server application instance
        2.  
          Installing NetBackup notify scripts on a primary or a media server application instance
      3.  
        Monitoring NetBackup services on a NetBackup primary server instance
      4.  
        Mounting an NFS share on a NetBackup primary server instance
      5.  
        Setting environment variables on primary and media server instances
      6.  
        Storing custom data on a primary or a media server instance
      7.  
        Modifying or disabling the nbdeployutil utility on a primary server instance
      8.  
        Disabling SMB server signing on a media server instance
      9.  
        Using a primary server instance for disaster recovery
    3. Accessing NetBackup WORM storage server instances for management tasks
      1. Managing users from the deduplication shell
        1.  
          Adding and removing local users from the deduplication shell
        2.  
          Adding MSDP users from the deduplication shell
        3.  
          Connecting an Active Directory domain to a WORM storage server for Universal Shares and Instant Access
        4.  
          Disconnecting an Active Directory domain from the deduplication shell
        5.  
          Changing a user password from the deduplication shell
      2.  
        Managing VLAN interfaces from the deduplication shell
      3.  
        Viewing the lockdown mode on a WORM storage server
      4.  
        Managing the retention policy on a WORM storage server
      5.  
        Managing images with a retention lock on a WORM storage server
      6.  
        Auditing WORM retention changes
      7. Managing certificates from the deduplication shell
        1.  
          Viewing the certificate details from the deduplication shell
        2.  
          Importing certificates from the deduplication shell
        3.  
          Removing certificates from the deduplication shell
      8.  
        Managing FIPS mode from the deduplication shell
      9.  
        Encrypting backups from the deduplication shell
      10. Configuring an isolated recovery environment on a WORM storage server
        1.  
          Configuring data transmission between a production environment and an IRE WORM storage server
      11.  
        Managing an isolated recovery environment on a WORM storage server
      12.  
        Tuning the MSDP configuration from the deduplication shell
      13.  
        Setting the MSDP log level from the deduplication shell
      14. Managing NetBackup services from the deduplication shell
        1.  
          Managing the cyclic redundancy checking (CRC) service
        2.  
          Managing the content router queue processing (CRQP) service
        3.  
          Managing the online checking service
        4.  
          Managing the compaction service
        5.  
          Managing the deduplication (MSDP) services
        6.  
          Managing the Storage Platform Web Service (SPWS)
        7.  
          Managing the Veritas provisioning file system (VPFS) mounts
        8.  
          Managing the NGINX service
        9.  
          Managing the SMB service
      15. Monitoring and troubleshooting NetBackup services from the deduplication shell
        1.  
          About the support command

Creating a NetBackup media server instance

Use the following procedure to create a NetBackup media server instance on Flex Appliance.

To create a NetBackup media server instance

  1. Make sure that the NetBackup media server application you want to use is located in the repository on the Flex Appliance Console.
  2. Perform the following tasks if you have not already:

    • Configure at least one network interface. You can configure a physical interface, add a VLAN tag, or create a bond.

    • Add at least one tenant.

  3. Gather the following information for the new instance:

    Note:

    The hostname and IP address must not be in use anywhere else in your domain.

    • Tenant that you want to assign it to

    • Hostname (maximum of 63 characters including the domain name)

    • IP address

    • Network interface

    • Domain name

    • Name servers

    • Search domains

    • Primary server hostname

      Note:

      The Flex Appliance Console does not prevent entering the same hostname in both the Hostname for NetBackup Media Server and the Primary server hostname fields, but that configuration is not supported. You must have a preexisting primary server with a different hostname.

    • Certificate Authority (CA) information for one of the following:

      For a NetBackup CA:

      • CA SHA-1 or SHA-256 certificate fingerprint

        If the primary server is a Flex instance, you can locate this information from the instance details page of the primary server instance. Click on the instance name under Application instances on the System topology page.

        If the primary server is not a Flex instance, see the NetBackup Security and Encryption Guide for the steps to locate this information from NetBackup.

      • (Optional) Token for host ID-based certificate

        Depending on the primary server security level, the host may require an authorization or a reissue token. If you do not specify a token when you create the instance, the wizard attempts to automatically obtain the certificate.

      For an external CA:

      • Trust store, in PEM format

      • Host certificate, in PEM format

      • Private key, in PEM format

      • (Optional) Passphrase of the private key

        A passphrase is required if the key is encrypted.

      • (Optional) Custom CRL files

    • (Optional) Password for host name-based certificate

      A host name-based certificate is mandatory if Enhanced Auditing is enabled on the primary server. You can specify the password when you create the instance, or you can deploy the certificate from the primary server later.

  4. Add the hostname for the new instance to the Media Servers list or the Additional Servers list on the primary server, as follows:

    • Log on to the NetBackup Administration Console as the administrator.

    • In the main console window, in the left pane, click NetBackup Management > Host Properties > Primary Servers.

    • In the right pane, double click on the primary server hostname.

    • In the Primary Server Properties window, click one of the following:

      • If you want MSDP storage on the instance, click Servers > Additional Servers.

      • If you want AdvancedDisk storage on the instance, click Servers > Media Servers.

    • Click Add and enter the hostname for the new instance. The hostname should appear in the list.

    • Click OK.

  5. If a firewall exists between the primary server and the new instance, open the following ports on the primary server to allow communication:

    • vnetd: 13724

    • bprd: 13720

    • PBX: 1556

    • If the primary server is a NetBackup appliance that uses TCP, open the following ports:

      443, 5900, and 7578.

  6. From the System topology page of the Flex Appliance Console, navigate to the Application instances section.
    Application instances page
  7. Click Create instance.
  8. Select the appropriate media server application from the repository list that appears, making sure to verify the version number. Click Next.
  9. Follow the prompts to create the instance. When you are done, you can view the progress in the Activity Monitor, which is accessible from the left pane of the Flex Appliance Console.

    Note:

    If you use DNS and the DNS server includes both IPv4 and IPv6 addresses, the instance must be configured with both as well.

    If you do not want to use DNS or want to bypass DNS for certain hosts, verify that the hostname resolution information is included in the Hosts file entries field. You must include entries for the primary server and any other NetBackup hosts that you want to communicate with the instance.

  10. Once the instance has been created successfully, you must change the password from the known default password. To change the password, open an SSH session to the instance and log in with the following credentials:

    • Username: appadmin

    • Password: P@ssw0rd

    Follow the prompt to enter a new password. When the password change is complete, you are logged out. You can log back in with the new password.

  11. Create the storage servers for your selected storage, as follows:

    • Log on to the NetBackup Administration Console and select either NetBackup Management or Media and Device Management.

    • Click Configure Disk Storage Servers and follow the prompts to create the storage servers. Enter the following storage information for AdvancedDisk and MSDP:

      • AdvancedDisk storage volume: /mnt/advanceddisk/vol*

      • MSDP storage path: /mnt/msdp/vol0

        Note:

        If the MSDP disk pool spans multiple volumes, only select vol0. Also note that the wizard shows only a portion of the storage, but the remaining storage displays after the storage server is configured.

    See the following guides for more information on NetBackup storage configuration:

    • The NetBackup AdvancedDisk Storage Solutions Guide

    • The NetBackup Deduplication Guide

  12. (Optional) If you need to upload custom CRL files for an external CA, perform the following steps:

    • Run the following command on the instance to create a directory for the files:

      sudo mkdir -p /mnt/nbdata/hostcert/crl/

    • Use an SCP tool to copy the files to the new /mnt/nbdata/hostcert/crl/ directory.

    • Run the following commands on the instance to enable the CRL check using the custom files:

      sudo nbsetconfig ECA_CRL_CHECK = CHAIN

      sudo nbsetconfig ECA_CRL_PATH = /mnt/nbdata/hostcert/crl/

    See the NetBackup Security and Encryption Guide for more information on the CRL configuration options.

  13. If you plan to create or already have multiple instances with deduplication storage, Veritas recommends that you tune the MaxCacheSize according to the following guidelines:

    • On each instance, allocate .75 GB to 1 GB of RAM for each TiB of storage that is allocated to deduplication. For example, if the storage pool has 80 TiB allocated, the MaxCacheSize should be 60 GB to 80 GB of RAM.

    • The sum of the MaxCacheSize for all instances with deduplication storage should not exceed 70% of the physical RAM on the appliance.

    To tune the MSDP MaxCacheSize on this instance:

    • Run the following command on the instance:

      sudo /usr/openv/pdde/pdag/bin/pdcfg --write /mnt/msdp/vol0/etc/puredisk/contentrouter.cfg --section CACHE --option MaxCacheSize --value <percent%>

      Where <percent%> is the percentage of the appliance RAM to use for the cache on the instance.

    • Restart the pdde-storage process with the following commands:

      sudo /etc/init.d/pdde-storage force-stop

      sudo /etc/init.d/pdde-storage start

  14. If you selected MSDP storage for the instance, log in to the instance. Run the following command to create a backup policy to protect the MSDP catalog:

    sudo /usr/openv/pdde/pdcr/bin/drcontrol --new_policy --residence <storage unit> [--policy <policy name>] [--client<instance hostname>]

    Where <storage unit> is the name of the storage unit on which to store the MSDP catalog backups, and [--policy <policy name>] and [--client <instance hostname>] are optional.

    See the NetBackup Deduplication Guide for the other options that are available with the drcontrol utility.

  15. (5250 appliances only) If you selected MSDP storage for the instance, use the following procedure to tune the MSDP parameters. Tuning the parameters increases backup and restore performance on the 5250 hardware.

    To tune the parameters on a Veritas 5250 Appliance:

    • Log in to the instance as the appadmin user and run the following commands:

      • sudo /usr/openv/pdde/pdag/bin/pdcfg --write /mnt/msdp/vol0/etc/puredisk/contentrouter.cfg --section CRDataStore --option MaxFileSize --value 256Mib

      • sudo /usr/openv/pdde/pdag/bin/pdcfg --write /mnt/msdp/vol0/etc/puredisk/contentrouter.cfg --section CRDataStore --option WriteBufferSize --value 65536

    • From the home or tmp directory, restart the pdde-storage and mtstrmd processes with the following commands:

      • sudo /etc/init.d/pdde-storage force-stop

      • sudo /etc/init.d/pdde-storage start

More Information

Managing application instances from Flex Appliance and NetBackup