NetBackup™ Web UI Cloud Administrator's Guide

NetBackup Snapshot Manager deployment in RHEL 7.x is not supported for DBPaaS assets protection.

NetBackup deployments in Flex Appliance and Flex Scale do not support PaaS workloads.

Backup and restore are not supported for the databases, which makes it mandatory to use client certificates for their connection to NetBackup.

Except for the AWS RDS workload instances, all other workload instances support only default ports; any custom ports are not supported.

Database names containing the characters '#' and '/' are not supported for backup and restore operations. Also, the database name should adhere to the naming conventions suggested by the cloud vendors.

";" is not supported in server or database passwords.

Backup and restore of a database with non-7-bit ASCII characters are not supported for a primary server running Windows or having a media server version prior to 10.1.1.

You can duplicate the PaaS backup image to a supported storage server. But before you start a restore, you need to duplicate the image back to an MSDP server with universal share enabled. See Recovering duplicate images from AdvancedDisk.

With NetBackup 10.3, you can perform backup and restore of supported Azure PaaS databases with Managed Identity database authentication. This is not supported for the Azure Database for MariaDB server. This feature requires at least one media server with version 10.2 or higher.

For authentication of Azure databases, it is recommended to use User Assigned managed identity to work across all media servers. A database user with a system-assigned managed identity, which is associated with the media server or vm-scale-set (AKS/EKS), does not work with any other media server or media in any other vm-scale set (AKS/EKS).

Azure Managed Identity is not supported across subscriptions of different and same tenants.

For PaaS assets, the recovery logs are not available under Recovery > JobID > Logs. You can view the recovery logs either from the activity monitor or from the Restore activity tab, under asset details.

Restore operation of the PaaS assets requires view permission for the storage server. If the storage server version is older than 10.2, additional view and create permissions for Ushare are required, along with view permissions of the storage server.

If the logged-on user does not have view permissions for the storage server, then NetBackup tries to fetch the existing UShares during a restore. If no Ushares exist, NetBackup creates a new one named dbpaasrestore during the restore. NetBackup starts the recovery job subsequently.

Restoring security privileges is not supported.

During restore, you can use the - no-owner and - no-privileges options. After restore, the metadata captured at the time of backup is shown as the owner/ACL in the progress log restore activity on the web UI.

Restore does not fail if the owner or role does not exist on the destination.

Post restore, the database has the role associated with it, according to the credentials provided in NetBackup against the destination instance.

Users need to modify the ownership of databases post-restore.

Azure Postgres database restore from a single to a flexible server or vice versa is not supported because of the cloud provider's limitations.

The following characters are not supported in the database name in the restore workflow: `, @, \, [, ], !, #, %, ^, ., ,, &, *, (, ), <, >, ?, /, |, }, {, ~, :, ', ", ;, +, = and -.

Uppercase username is not supported for new users added after PostgreSQL server creation.

(RDS and Azure PostgreSQL only) SCRAM authentication configured on a database instance is not supported.

Backup and restore need a media server with NetBackup version 10.4 or above and a local LSU.

If a backup image contains a materialized view, after the restore, you need to manually refresh the materialized view. See this article to refresh materialized views:

https://www.veritas.com/support/en_US/article.100062910

If the user credentials used to restore are those of an IAM user, then the database object gets restored with the same ownership as in the source database.

Ownership and privileges on an object are not restored. The user that you use for the restore, becomes the owner of all the restored database objects in the following scenarios:

Alternate restores for regions and accounts are not supported.

Restoring from imported images from a different primary server is only supported using the NetBackup REST API.

The import from S3 feature during restore is supported with media version 10.3.1 or higher. This feature allows faster restores without consuming the write capacity of the tables.

The import from S3 feature does not support the restoration of the local secondary index. This feature is enabled by default.

To restore the local secondary index, select the option Include local secondary indexes. This consumes the write capacity of the tables, and the restore may a take longer time.

Only the Express and Web editions for AWS RDS SQL are supported.

For credential validation, IAM is not supported for AWS RDS SQL. You can use the username and password method.

Only the Amazon RDS data management type is supported. The data management type RDS Custom is not supported for AWS RDS SQL instance editions.

Databases using Transparent Data Encryption (TDE) are backed up without TDE, but using MSDP encryption. This allows for restoring your database in more scenarios, like the loss of the TDE encryption key, a cloud region outage, disaster recovery to another cloud, and so on.

The restore operation requires superuser privileges if the dump file contains the CREATE DEFINER statement for backups taken on a version lower than 10.2.

Backups taken on version 10.3 or higher cannot be restored using a version lower than 10.2.

Backup and restore are not supported if the only SSL connection is enforced at the server-level for the GCP MySQL workload.

You can restore a MySQL database to an alternate instance with another MySQL version than the backup instance, depending on MySQL's version compatibility.

Backup and restore of read-only databases are not supported.

Provider credentials are validated for full backup and restore and not as database credentials.

Backup and restore of single-user-mode databases are not supported.

If one operation is in progress, the subsequent jobs wait in the queue. If the job in progress takes time to complete, the jobs in the queue may get timed out, and fail.

Incremental backups after any DML changes, might fail when a table is renamed after CDC is enabled on the table. As a workaround, you must manually modify any objects that reference the renamed table. For example, if you rename a table that is referenced in a trigger, you must modify the trigger to contain the new table name. Refer to this Azure documentation link to list dependencies on the table before renaming it.

Backup and restore of databases with binary or image data are not supported. Bulk inserts on the Cloud SQL Server requires sysadmin permission that GCP does not allow.

While duplicating incremental backups on the different storage servers, NetBackup generates different copy numbers for the same recovery point. If you try to restore an incremental copy where no earlier full and other incremental backups are present, the restore may fail.

If you have multiple media servers, the incremental backups can run only on version 10.3 or later. 

System databases and CDC schema are backed up and restored on the target database.

You must set the CDC retention period greater than the period used to schedule incremental backup frequency.

Incremental backups for databases with multiple tables can take longer to back up, as CDC enablement for multiple tables takes longer time.

Incremental backups are not supported for database editions: Web and Express.

Any attempts to enable CDC fail if a custom schema or a user named CDC already exists in the database.

To ensure application consistency, NetBackup relies on the previous full backup and all the subsequent incremental backups. If a random backup image is expired, it may cause application inconsistency due to data loss.

CDC requires SQL Server Standard or Enterprise editions. If a database is attached or restored with the KEEP_CDC option to any edition other than Standard or Enterprise, backup fails. The error message 932 is displayed.

An Azure VM, which is used as a media server, should be in the same Vnet as that of the Azure-managed instance. Alternatively, if the media server and SQL-managed instance are in different Vnet, then both the Vnets must peer to access the database instance.

Backup fails when Readlock is placed on the database or resource group.

Backup is partially successful when the Delete lock is placed on the database or resource group. The tempdb stale entry does not get deleted from the Azure cloud portal. You need to manually delete it.

To restore a database on an Azure SQL server or Azure Managed Instance, you must assign AAD admin privilege on the target server. Before the restore, assign the rights to any of these:

You can enable Change Data Capture (CDC) only on databases tiers S3 and above. Sub-core (Basic, S0, S1, S2) Azure SQL Server and SQL Managed Instance databases are not supported for CDC.

You may encounter backup or restore issues for databases with encrypted columns in the table. As a workaround, Microsoft suggests using the Publish/Extract commands to tackle this issue.

Restoration may fail for a database with blob data in the table.

To duplicate incremental backups on different storage servers, NetBackup generates different copy numbers for the same recovery point. If you try to restore an incremental copy where no earlier reference of a full or other incremental backup is present, the restore fails.

The user ID used for the cloud service must have permission to enable and disable CDC. Without this permission, you can see errors as follows:

3842: "Failed to enable CDC" 
and
3844: "Failed to disable CDC"

Any attempt to enable CDC fails if a custom schema or a user with the name cdc exists in the database. The term cdc is reserved for system use.

In a database with the CDC schema created before taking the first full backup, the schema does not get backed up or restored.

If you restore to any edition other than Standard or Enterprise, the operation is blocked because CDC requires SQL Server Standard or Enterprise editions. Error message 932 is displayed.

Avoid backing up databases with BLOB data tables. If a table contains BLOB data, then the backup might be successful, but the restore fails.

Encryption setting of an Azure SQL Server or Azure SQL Managed Instance database may not be preserved (Is_encryption=0) during a restore.

Discovery, protection, and restore are not supported if the account is configured using the vCore cluster.

Backup and restore are not supported if the account is configured with a customized key.

NetBackup does not support Azure Cosmos DB for MongoDB version 3.2.

The Overwrite existing database option is not supported.

Rules for naming databases:

Backup and restore are not supported if the account is configured with a customized key.

Protection of Azure Cosmos DB for MongoDB version 3.2 is not supported.

The Overwrite existing database option is not supported.

Rules for naming databases:

Backup and restore support for full, differential incremental, and archive redo log type protection.

Oracle 21c and 19c CDB are supported. The 19c non-CDB version is also supported.

CDB databases with multi-tenant and single-tenant container databases, and non-CDB databases are supported.

Oracle Enterprise and Standard Editions are supported.

Backup and restore are both supported for S3 as the staging path.

Backup and restore are not supported for TDE-enabled RDS Oracle instances or read replicas.

For credential validation, IAM is not supported for AWS RDS Oracle. You can use the username and password method.

The option group attached to RDS Oracle must have the same database engine version and the same database engine name.

Restore is supported using the S3 staging path only, including manual recovery from the Instant access database tab.

Only the Amazon RDS data management type is supported. The data management type RDS Custom is not supported.

If the S3 integration is not configured or the S3 configuration fails, a backup falls back to EFS in the 19c version only, provided EFS is configured.

Ensure that you remove the EFS ID entry from the option group before deleting that EFS.

Before running the archive log backup, set the retention period in the protection plan. See the Knowledge-base article: https://www.veritas.com/support/en_US/article.100059038

Do not take external backups using the RDS rman APIs on the instance to maintain data consistency.

The recovery script supports EC2 or on-premises VMs.

NetBackup enforces full backups in these three cases:

Restores to alternate regions or alternate accounts are not supported.

NetBackup protects the individual AWS Redshift cluster databases. Protection of the entire AWS Redshift cluster is not supported.

Only user databases are protected. System databases are not displayed or protected.

Restore from imported images from a different primary server is supported only using the NetBackup REST API.

Only Redshift clusters are supported. Serverless Redshift is not supported.

All clusters whose databases you are taking backup must be in the available state.

Table names with double quotes and case-sensitive names are not restored.

File count during the restore may show one file less than the total number of backed-up files.

It is not recommended to take backups of databases with empty tables.

NetBackup provides crash-consistent Redshift data protection. Consider the type of activity and application requirements before taking backups to determine if an application needs to checkpoint or quiesce for backup operations.