NetBackup™ Web UI Cloud Administrator's Guide

Last Published:
Product(s): NetBackup (10.2)
  1. Managing and protecting cloud assets
    1.  
      About protecting cloud assets
    2.  
      Limitations and considerations
    3. Configure Snapshot Manager's in NetBackup
      1.  
        Configure a third-party CA certificate
      2.  
        Add a Snapshot Manager
      3. Add a cloud provider for a Snapshot Manager
        1.  
          IAM Role for AWS Configuration
      4.  
        Associate media servers with a Snapshot Manager
      5.  
        Discover assets on Snapshot Manager
      6.  
        Edit a Snapshot Manager
      7.  
        Enable or disable a Snapshot Manager
      8.  
        (Optional) Add the Snapshot Manager extension
    4. Managing intelligent cloud groups
      1.  
        Create an intelligent cloud group
      2.  
        Delete an intelligent cloud group
    5. Protecting cloud assets or intelligent cloud groups
      1.  
        Customize or edit protection for cloud assets or intelligent groups
      2.  
        Remove protection from cloud assets or intelligent groups
    6.  
      Cloud asset cleanup
    7.  
      Cloud asset filtering
    8.  
      AWS and Azure government cloud support
    9. About protecting Microsoft Azure resources using resource groups
      1.  
        Before you begin
      2.  
        Limitations and considerations
      3. About resource group configurations and outcome
        1.  
          Examples of resource group configurations
      4.  
        Troubleshoot resource group permissions
    10. About the NetBackup Accelerator for cloud workloads
      1.  
        How the NetBackup Accelerator works with virtual machines
      2.  
        Accelerator forced rescan for virtual machines (schedule attribute)
      3.  
        Accelerator backups and the NetBackup catalog
      4.  
        Accelerator messages in the backup job details log
    11.  
      Configuring backup schedule for cloud workloads
    12.  
      Backup options for cloud workloads
    13.  
      Snapshot replication
    14.  
      Configure AWS snapshot replication
    15.  
      Using AWS snapshot replication
    16.  
      Support matrix for account replication
    17.  
      Protect applications in-cloud with application consistent snapshots
    18. Protecting PaaS assets
      1.  
        Prerequisites for protecting PaaS assets
      2. Installing the native client utilities
        1.  
          Installing the MySQL client utility
        2.  
          Installing sqlpackage client utility
        3.  
          Installing Postgres client utility
      3.  
        Configuring the storage server for instant access
      4.  
        About incremental backup for PaaS workloads
      5.  
        Limitations and considerations
      6.  
        Discovering PaaS assets
      7.  
        Viewing PaaS assets
      8.  
        Managing PaaS credentials
      9.  
        View the credential name that is applied to a database
      10. Add credentials to a database
        1.  
          Creating an IAM database username
        2.  
          Creating a system or user managed identity username
      11.  
        Add protection to PaaS assets
      12.  
        Perform backup now
  2. Recovering cloud assets
    1.  
      Recovering cloud assets
    2.  
      Perform rollback recovery of cloud assets
    3. Recovering PaaS assets
      1.  
        Recovering non-RDS PaaS assets
      2.  
        Recovering RDS-based PaaS asset
      3.  
        Recovering Azure protected assets
      4.  
        Recovering duplicate images from AdvancedDisk
  3. Performing granular restore
    1.  
      About granular restore
    2.  
      Supported environment list
    3.  
      List of supported file systems
    4.  
      Before you begin
    5.  
      Limitations and considerations
    6.  
      Restoring files and folders from cloud virtual machines
    7.  
      Restoring volumes on cloud virtual machines
    8.  
      Troubleshooting
  4. Troubleshooting protection and recovery of cloud assets
    1.  
      Troubleshoot cloud workload protection issues
    2.  
      Troubleshoot PaaS workload protection and recovery issues

Limitations and considerations

Consider the following when protecting cloud workloads.

For all databases

  • NetBackup deployments in Flex Appliance and Flex Scale do not support PaaS workloads.

  • Supports only default the ports for all the databases across providers. Workload instances configured with the custom ports are not supported.

  • Database names containing the characters '#' and '/' are not supported for backup and restore operations. Also, the database name should adhere to naming conventions suggested by the cloud vendors.

  • Backup and restore of a database with multi-byte or non-English characters are not supported for a primary server running Windows and having back-level media server with a version less than 10.1.1.

  • You can duplicate the PaaS backup image to a supported storage server. But before you start a restore, you need to duplicate the image, back to an MSDP server with universal share enabled. See Recovering duplicate images from AdvancedDisk.

  • With NetBackup 10.2, you can perform backup and restore of supported Azure PaaS databases with Managed Identity based database authentication. This is not supported for Azure Database for MariaDB server. This feature requires at least one media server of version 10.2 or higher.

  • For authentication of Azure database, It is recommended to use User Assigned managed identity to work across all media servers. Using a database user created with a system-assigned managed identity, associated with the media server or vm-scale-set (AKS/EKS), does not work with any other media server or media in any other vm-scale set (AKS/EKS).

For PostgreSQL

  • Restore of security privileges is not supported.

  • During restore you can use - no-owner and - no-privileges option. After restore, the metadata captured at the time of backup, are shown as owner/ACL in the progress log restore activity on web UI.

  • Restore does not fail, if the owner/role does not exist on the destination.

  • Post restore, the database has the role associated according to the credentials provided in NetBackup against the destination instance.

  • Users need to modify the ownership of databases post restore.

  • Backup and restore are not supported if the only SSL (Secure Sockets Layer) connection is enforced at the server level for GCP PostgreSQL workload.

  • Azure Postgres database restore from single to flexible server or vice versa is not supported because of the cloud provider limitations.

  • Following characters are not supported in database name in restore workflow: &, (, ), <, >, \, |, /, ;, `, ', and ".

  • Uppercase username is not supported for new users added after PostgreSQL server creation.

For AWS DynamoDB

  • Alternates restore for region and account is not supported.

  • Restore from imported images from a different primary server is only supported using NetBackup REST API.

For AWS RDS SQL

  • Only Express and Web editions for AWS RDS SQL are supported.

  • For credential validation, IAM is not supported for AWS RDS SQL. You can use the username and password method.

  • Only Amazon RDS data management type is supported. The data management type RDS Custom is not supported for AWS RDS SQL instance editions.

For MySQL

  • Restore operation require superuser privileges if the dump file contains CREATE DEFINER statement for backups taken on version lower than 10.2.

  • Backup taken on version 10.2 or higher cannot be restored using version lower than 10.2.

  • Backup and restore are not supported if the only SSL connection is enforced at the server level for GCP MySQL workload.

  • You can restore MySQL database to an alternate instance with another MySQL version than the backup instance, depending on MySQL's version compatibility.

For Azure SQL and SQL Managed Instance

  • The Azure VM which is used as a media server, should be in the same Vnet as that of an Azure-managed instance. Alternatively, if the media server and SQL managed instance are in different Vnet, then both the Vnets must be peered to access the database instance.

  • Backup fails when Readlock is placed on the database or resource group.

  • Backup is partially successful when Deletelock is placed on the database or resource group. The tempdb stale entry does not get deleted from the Azure cloud portal. You need to manually delete it.

  • To restore a database on an Azure SQL server or Azure Managed Instance, you must assign AAD admin privilege on the target server, before beginning the restore, to the following, as required:

    • The system or the user-managed identity of the media servers.

    • The vm-scale-set in which NetBackup media is deployed (in case of AKS or EKS deployment).

For Azure SQL incremental backup

  • You can enable Change Data Capture (CDC) only on databases tiers S3 and above. Sub-core (Basic, S0, S1, S2) Azure SQL Databases are not supported for CDC.

  • You may encounter backup or restore issues for databases having encrypted columns in table. As a workaround, Microsoft suggests using Publish/Extract commands to tackle this issue.

  • Restore may fail for database having blob data in table.

  • To duplicate incremental backups on different storage servers; NetBackup generates different copy numbers for the same recovery point. If you try to restore an incremental copy where no earlier reference of full and other incremental backup is present, the restore fails.

  • Note that incremental backup can run only on NetBackup version 10.2 and above media server.

  • The user ID used for the cloud service must have permission to enable and disable CDC. Without this permission, you can see errors like: 3842: "Failed to enable CDC" and 3844: "Failed to disable CDC".

  • Any attempt to enable CDC fails if a custom schema or user named cdc exists in the database. The term cdc is reserved for system use.

  • If you restore to any edition other than Standard or Enterprise, the operation is blocked because CDC requires SQL Server Standard or Enterprise editions. Error message 932 is displayed.

  • Avoid backing up databases with BLOB data tables. If a table contains BLOB data, then the backup might be successful, but the restore fails.