Veritas Access Appliance 8.2 Solutions Guide for NetBackup
- Access Appliance integration with NetBackup
- System requirements
- Configuring Veritas Data Deduplication with Access Appliance
- About Veritas Data Deduplication
- Benefits of using Veritas Data Deduplication with Access Appliance
- Supported features with different versions of Veritas Data Deduplication
- Configuring Veritas Data Deduplication without WORM
- Configuring Veritas Data Deduplication with WORM
- Managing Veritas Data Deduplication using the Access CLISH
- Managing Veritas Data Deduplication using GUI
- Viewing information about Veritas Data Deduplication
- Starting or stopping the Veritas Data Deduplication service
- Increasing storage for Veritas Data Deduplication
- Unconfiguring Veritas Data Deduplication
- Adding secondary IP for Veritas Data Deduplication
- Deleting secondary IP for Veritas Data Deduplication
- Changing the primary IP for Veritas Data Deduplication
- Upgrade the deduplication version for Veritas Data Deduplication
- Setting affinity node for Veritas Data Deduplication
- Accessing Access Appliance storage shell for management tasks
- Support for multiple domains across networks for Veritas Data Deduplication
- Veritas Data Deduplication storage layout
- Configuring a Veritas Data Deduplication storage unit on NetBackup
- Configuring global deduplication using the Veritas Data Deduplication storage server across the domain
- Enabling Veritas Data Deduplication encryption
- Support for bandwidth throttling during duplication
- Setting up secure communication between Veritas Data Deduplication on Access Appliance and the NetBackup primary server
- About MSDP encryption using NetBackup KMS service
- Support for NetBackup Auto Image Replication
- Setting up Auto Image Replication (AIR) between two Access Appliances which have secure communication enabled
- NetBackup Dedupe Direct for Oracle
- Configuring MSDP-C with Access Appliance
- Migrating the NetBackup images from existing storage to Veritas Access storage
- Configuring Access Appliance with the NetBackup client
- Configuring Access Appliance for NetBackup client
- Installing the NetBackup client add-on packages
- Prerequisites for configuring the NetBackup client
- Configuring the NetBackup client
- Adding an optional media server
- Adding multiple primary servers
- Adding file systems to the backup configuration
- Removing file systems from backup configuration
- Changing the virtual IP address used by the NetBackup client
- Upgrade the NetBackup client
- Unconfiguring the NetBackup client
- Enabling Veritas Data Deduplication catalog backup with NetBackup client
- Disabling Veritas Data Deduplication catalog backup from NetBackup client
- Displaying the status of NetBackup services
- Configuring backup operations using NetBackup or other third-party backup applications
- Restoring filesystems backed up with NetBackup client
- Configuring isolated recovery environment (IRE)
- Requirements
- Configuring the network isolation
- Configuring an isolated recovery environment using the command line
- Configuring an isolated recovery environment on a storage server
- Managing an isolated recovery environment on a storage server
- Configuring data transmission between a production environment and an IRE storage server
- Troubleshooting
- Index
Configuring the network isolation
To support the AIR for IRE, network communication from the IRE MSDP storage server to the production MSDP storage server is required. IRE MSDP storage server initiates the network connection. IRE with AIR works even when the production MSDP server does not have network access to the IRE MSDP server.
Configure the firewall at the IRE domain to deny all the inbound and the outbound connections. It helps to protect all the hosts in IRE domain from the cyber attacks. You must allow the IRE MSDP server outbound connection. For IRE replication, the IRE MSDP server must have network access to the production MSDP server through the ports 10082 and 10102. The IRE MSDP server also must have network access to the production primary server using the port 1556.
If you cannot allow unidirectional network access (allow only outbound connection) on the firewall, you can allow bidirectional network for the IRE MSDP server. IRE air gap in the IRE MSDP server still denies all the inbound connections.
Pre-requisites:
Set up secure communication between Access Appliance and the primary server in its respective domain.
This establishes secure communication between the production Access Appliance Veritas Data Deduplication and the production primary. This also establishes secure communication between IRE Access Appliance Veritas Data Deduplication and IRE primary.
Set up Auto Image Replication between two Access Appliances with secure communication enabled.
Note:
Cloud tiering is not supported on the target cluster when IRE is configured.
Air gap in IRE MSDP server does the following:
Allows the network connections from servers in IRE domain. Connectivity between MSDP server and NetBackup primary or media servers is required to make the MSDP server functional.
Add the subnets or IP addresses of the IRE domain to the allowed subnet list. The IP addresses in the subnet list have direct network access to the MSDP server.
For example:
setting ire-network-control allow-subnets subnets=<subnet1>,<subnet2>,<ip address>
Note the following:
The list must have at least the primary server, the media servers, and the DNS server in IRE domain.
Do not add subnets or IP addresses from the domains outside the IRE domain.
After adding the allowed subnets and schedule, you may have to wait for couple of minutes for the rules to take effect.
Be cautious while adding the IPs and subnets to avoid cluster wide inaccessibility.
All the existing connections that are not in allowed subnets are disconnected.
Enables a unidirectional network access (allow outbound connection from IRE MSDP server to the other domains) in IRE air gap window. By default, the window is 24 hours per day.
All the inbound connections that are not in the allowed subnet list are denied.