NetBackup™ Web UI Cloud Administrator's Guide

Last Published:
Product(s): NetBackup (10.0)
  1. Introducing the NetBackup web user interface
    1.  
      About the NetBackup web UI
    2.  
      Terminology
    3.  
      Sign in to the NetBackup web UI
    4.  
      Sign out of the NetBackup web UI
  2. Monitoring NetBackup
    1.  
      The NetBackup dashboard
    2.  
      Job monitoring
    3.  
      Search for or filter jobs in the jobs list
  3. Managing and protecting cloud assets
    1.  
      About protecting cloud assets
    2.  
      Limitations and considerations
    3. Configure CloudPoint servers in NetBackup
      1.  
        Configure a third-party CA certificate
      2.  
        Add a CloudPoint server
      3. Add a cloud provider for a CloudPoint server
        1.  
          IAM Role for AWS Configuration
      4.  
        Associate media servers with a CloudPoint server
      5.  
        Discover assets on CloudPoint server
      6.  
        Edit a CloudPoint server
      7.  
        Enable or disable a CloudPoint server
      8.  
        (Optional) Add the CloudPoint extension
    4. Managing intelligent cloud groups
      1.  
        Create an intelligent cloud group
      2.  
        Delete an intelligent cloud group
    5. Protecting cloud assets or intelligent cloud groups
      1.  
        Customize or edit protection for cloud assets or intelligent groups
      2.  
        Remove protection from cloud assets or intelligent groups
    6.  
      Cloud asset cleanup
    7.  
      AWS and Azure government cloud support
    8. About protecting Microsoft Azure resources using resource groups
      1.  
        Before you begin
      2.  
        Limitations and considerations
      3. About resource group configurations and outcome
        1.  
          Examples of resource group configurations
      4.  
        Troubleshoot resource group permissions
    9. About the NetBackup Accelerator for cloud workloads
      1.  
        How the NetBackup Accelerator works with virtual machines
      2.  
        Accelerator forced rescan for virtual machines (schedule attribute)
      3.  
        Accelerator backups and the NetBackup catalog
      4.  
        Accelerator messages in the backup job details log
    10.  
      Configuring backup schedule for cloud workloads
    11.  
      Backup options for cloud workloads
    12.  
      Snapshot replication
    13.  
      Configure AWS snapshot replication
    14.  
      Using AWS snapshot replication
    15.  
      Support matrix for account replication
    16.  
      Protect applications in-cloud with application consistent snapshots
    17.  
      Discovering PaaS assets
  4. Recovering cloud assets
    1.  
      Recovering cloud assets
    2.  
      Perform rollback recovery of cloud assets
    3.  
      Recovering PaaS assets
  5. Performing granular restore
    1.  
      About granular restore
    2.  
      Supported environment list
    3.  
      List of supported file systems
    4.  
      Before you begin
    5.  
      Limitations and considerations
    6.  
      Restoring files and folders from cloud virtual machines
    7.  
      Restoring volumes on cloud virtual machines
    8.  
      Performing steps after volume restore containing LVM
    9.  
      Troubleshooting
  6. Troubleshooting protection and recovery of cloud assets
    1.  
      Troubleshoot cloud workload protection issues
    2.  
      Troubleshoot PaaS workload recovery issues

Configure AWS snapshot replication

Requirements for replicating snapshots

  • Replicating unencrypted snapshots

    Ensure that the source and target accounts/regions are configured using the AWS cloud provider from NetBackup CloudPoint. There are no additional requirements for replicating unencrypted snapshots.

  • Replicating encrypted snapshots using AWS KMS

    Ensure that the source and target accounts/regions are configured using the AWS cloud provider from NetBackup CloudPoint.

    Additionally, to replicate encrypted snapshots to a cross account, the encryption CMK key from the original location needs to be shared to the target account. (This shared KMS key is implicitly used while copying the snapshot in the target account, and the copied snapshot can be replicated by a different key).

    Both the source and target locations should have encryption key (KMS key) with same name; that is, they should have the same key alias (in terms of AWS).

    If encryption key with the same name is not present at the target, then the replicated snapshot is encrypted using the default KMS key in the target location.

  • Permissions for cross account replication

    For cross-account replication, the AWS IAM user or role associated with the snapshot source region's AWS account (source AWS account) must have the following permissions:

    • ModifySnapshotAttribute and CopySnapshot on the EC2 instance.

    • DescribeKey and ReEncrypt on the KMS key that is used to encrypt the original snapshot.

    For cross-account replication, the AWS IAM user or role associated with the snapshot replication target region's AWS account (target AWS account) must have the following permissions:

    • CreateGrant, DescribeKey, and Decrypt on the KMS key that is used to encrypt the original snapshot.

    • CreateGrant, Encrypt, Decrypt, DescribeKey, and GenerateDataKeyWithoutPlainText on the KMS encryption key used while performing the CopySnapshot operation on the original snapshot.

You can choose to replicate snapshots for AWS cloud assets from the primary location to a remote or a secondary location. The CloudPoint servers support cross-region and cross account replication. With snapshot replication you can achieve the following:

  • Maintain a copy of cloud assets at a different destination for long-term retention and auditing requirements.

  • Recover cloud assets from the replicated copies from another region in case there is a region outage.

  • Recover cloud assets from the replicated copies from another account in case the user account is compromised.

Configuration

Review the following information to configure snapshot replication:

  • You can configure snapshot replication when you create a protection plan. See the NetBackup™ Web UI Administrator's Guide.

  • For cross account replication, you need to establish a trust relationship between the source and the target account. For more details, refer to the Across AWS Accounts Using IAM Roles related information in the Amazon Web Services documentation.

Considerations

Consider the following when you configure cloud snapshot replication:

  • Even if multiple schedules are configured, the replication destination region that is configured is applied to all the schedules.

  • Cloud snapshot replication is supported only for Amazon cloud providers.

Asset protection criteria

Consider the following before adding cloud assets to a protection plan that is configured for cloud snapshot replication:

  • Assets must be added to a protection plan that replicates snapshots to a different region.

    For example, assets residing in region 'aws_account_1-us-east-1' cannot be subscribed to a protection plan replicating to the same region 'aws_account_1-us-east-1'.

  • Assets can be replicated to a different account in the same region.

    For example, assets residing in region 'aws_account_1-us-east-1' can be subscribed to a protection plan replicating to the same region but different account 'aws_account_2-us-east-1'.

  • Assets that are discovered by a CloudPoint server must be replicated to the region that is discovered by the same CloudPoint server.

    For example, assets that are discovered by CloudPoint server 'CP1' cannot be subscribed to a protection plan replicating to a region that is discovered by CloudPoint server 'CP2'.

  • Only Amazon assets can be subscribed to a protection plan that is configured for cloud snapshot replication.

Manage concurrent snapshots replications

For better performance, you can tune the number of concurrent snapshot replications. Amazon has different limits for each asset type to do concurrent snapshot replications to a single destination region. For example, RDS has a limit for 5, EBS has a limit for 5, and EC2 has a limit for 50. For more details refer to Copy Snapshot related information in the Amazon Web Services documentation.

In NetBackup this limit is defined using the following parameter in the bp.conf file:

MAX_CLOUD_SNAPSHOT_REPLICATION_JOBS_PER_DESTINATION

The default value is 5.