NetBackup™ Web UI Administrator's Guide

Last Published:
Product(s): NetBackup (9.1)
  1. Introducing the NetBackup web user interface
    1.  
      About the NetBackup web UI
    2.  
      Terminology
    3.  
      First-time sign in to a NetBackup primary server from the NetBackup web UI
    4.  
      Sign in to the NetBackup web UI
    5.  
      Sign out of the NetBackup web UI
  2. Monitoring NetBackup
    1.  
      The NetBackup dashboard
    2.  
      Monitoring jobs
    3.  
      Jobs: canceling, suspending, restarting, resuming, deleting
    4.  
      Filter jobs in the job list
  3. Notifications
    1. About notifications
      1.  
        View notifications
      2.  
        Modify or disable NetBackup event notifications in the web UI
      3.  
        About configuring automatic notification cleanup tasks
    2. About backup anomaly detection
      1.  
        How a backup anomaly is detected
      2.  
        View anomalies
    3. Send email notifications for job failures
      1.  
        Status codes that generate alerts
  4. Section I. Managing role-based access control
    1. About role-based access control in NetBackup
      1.  
        RBAC features
      2.  
        Authorized users
    2. Configuring RBAC roles
      1. Configuring RBAC
        1.  
          Notes for using NetBackup RBAC
        2.  
          Add AD or LDAP domains
        3.  
          Add a custom RBAC role
        4.  
          Edit or remove a role a custom role
        5.  
          View users in RBAC
        6.  
          Add a user to a role (non-SAML)
        7.  
          Add a user to a role (SAML)
        8.  
          Remove a user from a role
      2. Default RBAC roles
        1.  
          Administrator
        2.  
          Default AHV Administrator
        3.  
          Default Cloud Administrator
        4.  
          Default Kubernetes Administrator
        5.  
          Default NetBackup Kubernetes Operator Service
        6.  
          Default RHV Administrator
        7.  
          Default Resiliency Administrator
        8.  
          Default Microsoft SQL Server Administrator
        9.  
          Default Security Administrator
        10.  
          Default Storage Administrator
        11.  
          Default VMware Administrator
    3. RBAC permissions
      1.  
        About role permissions
      2. Global > NetBackup management
        1.  
          NetBackup Web Management Console Administration
        2.  
          Access hosts
        3.  
          Agentless hosts
        4.  
          Anomalies
        5.  
          Data classifications
        6.  
          Email notifications
        7.  
          Event logs
        8.  
          NetBackup hosts
        9.  
          Image sharing
        10.  
          NetBackup backup images
        11.  
          Jobs
        12.  
          Licensing
        13.  
          Media server
        14.  
          Remote primary server certificate authority
        15.  
          Resiliency
        16.  
          Resource limits
        17.  
          Retention levels
        18.  
          Servers > Trusted primary servers
        19.  
          Cloud providers
        20.  
          CloudPoint servers
        21.  
          WebSocket servers
      3.  
        Global > Protection
      4. Global > Security
        1.  
          Access control
        2.  
          Security events
        3.  
          Certificate management
        4.  
          Disaster recovery passphrase
        5.  
          Identity provider and SAML certificate configuration
        6.  
          Key Management Services (KMS)
        7.  
          Passphrase constraints
        8.  
          Global security settings
        9.  
          Trust versions
        10.  
          API keys
        11.  
          User certificates
        12.  
          User sessions and authentication
      5. Global > Storage
        1.  
          Cloud storage
        2.  
          Disk pools
        3.  
          Storage Key Management Services
        4.  
          Storage servers
        5.  
          Storage units
        6.  
          Tape media
        7.  
          Replication-capable target storage servers
      6. Assets
        1.  
          AHV assets
        2.  
          Cloud assets
        3.  
          Kubernetes assets
        4.  
          Microsoft SQL Server assets
        5.  
          OpenStack servers
        6.  
          RHV assets
        7.  
          Universal shares
        8.  
          VMware assets
        9.  
          Windows and Standard client types
      7.  
        Protection plans
      8.  
        Credentials
      9. Manage access
        1.  
          Remove a role that has access to an area of the web UI
        2.  
          View access definitions
  5. Section II. Managing security
    1. Security events and audit logs
      1.  
        View security events and audit logs
      2. About NetBackup auditing
        1.  
          User identity in the audit report
        2.  
          Audit retention period and catalog backups of audit records
        3.  
          Viewing the detailed NetBackup audit report
      3.  
        Send audit events to system logs
    2. Managing security certificates
      1.  
        About security management and certificates in NetBackup
      2.  
        NetBackup host IDs and host ID-based certificates
      3. Managing NetBackup security certificates
        1.  
          Reissue a NetBackup certificate
        2.  
          Managing NetBackup certificate authorization tokens
      4. Using external security certificates with NetBackup
        1.  
          Configure an external certificate for the NetBackup web server
        2.  
          Remove the external certificate configured for the web server
        3.  
          Update or renew the external certificate for the web server
        4.  
          View external certificate information for the NetBackup hosts in the domain
    3. Managing user sessions
      1.  
        Sign out a NetBackup user session
      2.  
        Unlock a NetBackup user
      3.  
        Configure when idle sessions should time out
      4.  
        Configure the maximum of concurrent user sessions
      5.  
        Configure the maximum of failed sign-in attempts
      6.  
        Display a banner to users when they sign in
    4. Managing master server security settings
      1.  
        Certificate authority for secure communication
      2.  
        Disable communication with NetBackup 8.0 and earlier hosts
      3.  
        Disable automatic mapping of NetBackup host names
      4.  
        About NetBackup certificate deployment security levels
      5.  
        Select a security level for NetBackup certificate deployment
      6.  
        Set a passphrase for disaster recovery
      7. About trusted primary servers
        1.  
          Add a trusted primary server
        2.  
          Remove a trusted primary server
    5. Creating and managing API keys for users (Administrators)
      1.  
        About API keys
      2.  
        Add an API key or view API key details
      3.  
        Edit, reissue, or delete an API key
    6. Adding and managing your API key (Users)
      1.  
        Add an API key or view your API key details
      2.  
        Edit, reissue, or delete your API key
      3.  
        Use an API key with NetBackup REST APIs
    7. Configuring authentication options
      1.  
        Sign-in options for the NetBackup web UI
      2. Configure user authentication with smart cards or digital certificates
        1.  
          Edit the configuration for smart card authentication
        2.  
          Add or delete a CA certificate that is used for smart card authentication
        3.  
          Disable or temporarily disable smart card authentication
      3.  
        About Single Sign-On (SSO) configuration
      4. Configure NetBackup for Single Sign-On (SSO)
        1.  
          Configure the SAML KeyStore
        2.  
          Configure the SAML keystore and add and enable the IDP configuration
        3.  
          Enroll the NetBackup primary server with the IDP
        4.  
          Manage an IDP configuration
        5.  
          Video: Configure Single Sign-On in NetBackup
      5. Troubleshooting SSO
        1.  
          Redirection issues
        2.  
          Unable to sign in due to authorization-related issues
    8. Managing hosts
      1.  
        View NetBackup host information
      2.  
        Approve or add mappings for a host that has multiple host names
      3.  
        Remove mappings for a host that has multiple host names
      4.  
        Reset a host's attributes
  6. Section III. Managing storage and backups
    1. Configuring storage
      1.  
        About storage configuration
      2.  
        Create a Media Server Deduplication Pool (MSDP) storage server
      3.  
        Create a Cloud storage, OpenStorage, or AdvancedDisk storage server
      4.  
        Create a disk pool
      5.  
        Create a storage unit
      6.  
        Create a universal share
      7.  
        Using image sharing from the NetBackup web UI
      8.  
        Troubleshooting storage configuration
      9.  
        Troubleshooting universal share configuration issues
      10.  
        Create a Media Server Deduplication Pool (MSDP) storage server for image sharing
    2. Managing protection plans
      1.  
        Create a protection plan
      2.  
        Edit or delete a protection plan
      3.  
        Subscribe an asset or an asset group to a protection plan
      4.  
        Unsubscribe an asset from a protection plan
      5.  
        View protection plan overrides
      6.  
        About Backup Now
    3. Managing classic policies
      1.  
        About a NetBackup classic policy
      2.  
        About policy management in the NetBackup web UI
    4. Usage reporting and capacity licensing
      1.  
        Track backup data size on your primary servers
      2.  
        Configure the servers list for usage reporting
      3.  
        Scheduling reports for capacity licensing
      4.  
        Other configuration for incremental reporting
      5.  
        Troubleshooting failures for usage reporting and incremental reporting
  7. Section IV. Veritas Resiliency Platform
    1. Managing Resiliency Platforms
      1.  
        About Resiliency Platform in NetBackup
      2.  
        Understanding the terms
      3. Configuring a Resiliency Platform
        1.  
          Add a Resiliency Platform
        2.  
          Configuring a third-party CA certificate
        3.  
          Editing or deleting a Resiliency Platform
        4.  
          Viewing the automated or not-automated VMs
      4.  
        Troubleshooting NetBackup and Resiliency Platform issues
  8. Section V. Credentials
    1. Managing credentials
      1.  
        About credential management in NetBackup
      2.  
        Viewing credentials
      3.  
        Add a credential in NetBackup
      4.  
        Edit a credential
      5.  
        Delete a credential
      6.  
        Add Network Data Management Protocol (NDMP) credentials in NetBackup
      7.  
        Edit or delete Network Data Management Protocol (NDMP) credentials in NetBackup
  9. Troubleshooting the NetBackup Web UI
    1.  
      Tips for accessing the NetBackup web UI
    2.  
      If a user doesn't have the correct permissions or access in the NetBackup web UI
    3. Unable to add AD or LDAP domains with the vssat command
      1.  
        Connection cannot be established with the AD or the LDAP server
      2.  
        User credentials are not valid
      3.  
        An incorrect user base DN or group base DN was provided
      4.  
        Multiple users or groups exist with the same name under user base DN or group base DN
      5.  
        User or group does not exist
    4.  
      Unable to validate the user or group

About NetBackup auditing

Auditing is enabled by default in new installations. NetBackup auditing can be configured directly on a NetBackup master server.

Auditing of NetBackup operations provides the following benefits:

  • Customers can gain insight from audit trails while they investigate unexpected changes in a NetBackup environment.

  • Regulatory compliance.

    The record complies with guidelines such as those required by the Sarbanes-Oxley Act (SOX).

  • A method for customers to adhere to internal change management policies.

  • Help for NetBackup Support in troubleshooting problems for customers.

About the NetBackup Audit Manager

The NetBackup Audit Manager (nbaudit) runs on the master server and audit records are maintained in the Enterprise Media Manager (EMM) database.

An administrator can search specifically for:

  • When an action occurred

  • Failed actions in certain situations

  • The actions that a specific user performed

  • The actions that were performed in a specific content area

  • Changes to the audit configuration

Note the following:

  • The audit record truncates any entries greater than 4096 characters. (For example, policy name.)

  • The audit record truncates any restore image IDs greater than 1024 characters.

Actions that NetBackup audits

NetBackup records the following user-initiated actions.

Activity monitor actions

Canceling, suspending, resuming, restarting, or deleting any type of job creates an audit record.

Alerts and email notifications

If an alert cannot be generated or an email notification cannot be sent for NetBackup configuration settings. For example, SMTP server configuration and the list of excluded status codes for alerts.

Anomalies

When a user reports an anomaly as false positive, the action is audited and logged for that user.

Asset actions

Deleting an asset, such as a vCenter server, as part of the asset cleanup process with the Asset Database API is audited and logged.

Creating, modifying, or deleting an asset group as well any action on an asset group for which a user is not authorized is audited and logged.

Authorization failure

Authorization failure is audited when you use the NetBackup web UI, the NetBackup APIs, or Enhanced Auditing.

Catalog information

This information includes:

  • Verifying and expiring images.

  • Read the requests that are sent for the front-end usage data.

Certificate management

Creating, revoking, renewing, and deploying of NetBackup certificates and specific NetBackup certificate failures.

Certificate Verification Failures (CVFs)

Any failed connection attempts that involve SSL handshake errors, revoked certificates, or host name validation failures.

For certificate verification failures (CVFs) that involve SSL handshakes and revoked certificates, the timestamp indicates when the audit record is posted to the master server. (Rather than when an individual certificate verification fails.) A CVF audit record represents a group of CVF events over a time period. The record details provide the start and the end times of the time period as well as the total number of CVFs that occurred in that period.

Disk pools and Volume pools actions

Adding, deleting, or updating disk or volume pools.

Hold operations

Creating, modifying, and deleting hold operations.

Host database

NetBackup operations that are related to the host database.

Logon attempts

Any successful or any failed logon attempts for the NetBackup Administration Console, the NetBackup web UI or the NetBackup APIs.

Policies actions

Adding, deleting, or updating policy attributes, clients, schedules, and backup selections lists.

Restore and browse image user actions

All the restore and browse image content (bplist) operations that a user performs are audited with the user identity.

Security configuration

Information that is related to changes that are made to the security configuration settings.

Starting a restore job

NetBackup does not audit when other types of jobs begin. For example, NetBackup does not audit when a backup job begins.

Starting and stopping the NetBackup Audit Manager (nbaudit).

Starting and stopping of the nbaudit manager is always audited, even if auditing is disabled.

Storage lifecycle policy actions

Attempts to create, modify, or delete a storage lifecycle policy (SLP) are audited and logged. However, activating and suspending an SLP using the command nbstlutil are not audited. These operations are audited only when they are initiated from a NetBackup graphical user interface or API.

Storage servers actions

Adding, deleting, or updating storage servers.

Storage units actions

Adding, deleting, or updating storage units.

Note:

Actions that are related to storage lifecycle policies are not audited.

Token management

Creating, deleting, and cleanup of tokens and specific token issuing failures.

User management

Adding and deleting Enhanced Auditing users in the Enhanced Auditing mode.

User action that fails to create an audit record

If auditing is enabled but a user action fails to create an audit record, the audit failure is captured in the nbaudit log. NetBackup status code 108 is returned (Action succeeded but auditing failed). The NetBackup Administration Console does not return an exit status code 108 when auditing fails.

Actions that NetBackup does not audit

The following actions are not audited and do not display in the audit report:

Any failed actions.

NetBackup logs failed actions in NetBackup error logs. Failed actions do not display in audit reports because a failed attempt does not bring about a change in the NetBackup system state.

The effect of a configuration change

The results of a change to the NetBackup configuration are not audited. For example, the creation of a policy is audited, but the jobs that result from its creation are not.

The completion status of a manually initiated restore job

While the act of initiating a restore job is audited, the completion status of the job is not audited. Nor is the completion status of any other job type, whether initiated manually or not. The completion status is displayed in the Activity Monitor (Administration Console) and in the Jobs (web UI).

Internally initiated actions

NetBackup-initiated internal actions are not audited. For example, the scheduled deletion of expired images, scheduled backups, or periodic image database cleanup is not audited.

Rollback operations

Some operations are carried out as multiple steps. For example, creating an MSDP-based storage server consists of multiple steps. Every successful step is audited. Failure in any of the steps results in a rollback, or rather, the successful steps may need to be undone. The audit record does not contain details about rollback operations.

Host properties actions

Changes made using the bpsetconfig or the nbsetconfig commands, or the equivalent property in the Host Properties utility, are not audited. Changes that are made directly to the bp.conf file or to the registry are not audited.