NetBackup™ Web UI Cloud Administrator's Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.4)
  1. Managing and protecting cloud assets
    1.  
      About protecting cloud assets
    2.  
      Limitations and considerations
    3. Configure Snapshot Manager in NetBackup
      1.  
        Add a Snapshot Manager
      2. Add a cloud provider for a Snapshot Manager
        1.  
          IAM Role for AWS Configuration
        2.  
          IAM Role for OCI Configuration
      3.  
        Associate media servers with a Snapshot Manager
      4.  
        Discover assets on Snapshot Manager
      5.  
        Enable or disable a Snapshot Manager
      6.  
        (Optional) Add the Snapshot Manager extension
    4. Managing intelligent groups for cloud assets
      1.  
        Considerations for cloud intelligent groups
      2.  
        Create an intelligent group for cloud assets
      3.  
        Delete an intelligent group for cloud assets
    5. Protecting cloud assets or intelligent groups for cloud assets
      1.  
        Customize or edit protection for cloud assets or intelligent groups
      2.  
        Remove protection from cloud assets or intelligent groups
    6.  
      Cloud asset cleanup
    7.  
      Cloud asset filtering
    8.  
      AWS and Azure government cloud support
    9. About protecting Microsoft Azure resources using resource groups
      1.  
        Before you begin
      2.  
        Limitations and considerations
      3. About resource group configurations and outcome
        1.  
          Examples of resource group configurations
      4.  
        Troubleshoot resource group permissions
    10. About the NetBackup Accelerator for cloud workloads
      1.  
        How the NetBackup Accelerator works with virtual machines
      2.  
        Accelerator forced rescan for virtual machines (schedule attribute)
      3.  
        Accelerator backups and the NetBackup catalog
      4.  
        Accelerator messages in the backup job details log
    11.  
      Configuring backup schedules for cloud workloads
    12.  
      Backup options for cloud workloads
    13.  
      Snapshot replication
    14.  
      Configure AWS snapshot replication
    15.  
      Using AWS snapshot replication
    16.  
      Support matrix for account replication
    17.  
      Protect applications in-cloud with application-consistent snapshots
    18.  
      Protecting AWS or Azure VMs for recovering to VMware
    19. Protecting PaaS assets
      1.  
        Prerequisites for protecting PaaS assets
      2. Installing the native client utilities
        1.  
          Installing the MySQL client utility
        2.  
          Installing the sqlpackage client utility
        3.  
          Installing PostgreSQL client utility
        4.  
          Installing MongoDB client utility
        5.  
          Installing the Amazon RDS for Oracle client utility
      3.  
        Configuring the storage server for instant access
      4.  
        Prerequisites for protecting Amazon RDS SQL Server database assets
      5. Configuring storage for different deployments
        1.  
          For MSDP cloud deployments
        2.  
          For Kubernetes deployments
        3.  
          For VM-based BYO deployments
      6.  
        About incremental backup for PaaS workloads
      7.  
        About archive redo log backup for PaaS workloads
      8.  
        Limitations and considerations
      9.  
        Discovering PaaS assets
      10.  
        Viewing PaaS assets
      11.  
        Managing PaaS credentials
      12.  
        View the credential name that is applied to a database
      13. Add credentials to a database
        1.  
          Creating an IAM database username
        2.  
          Configuring permissions for the database user
        3.  
          Creating a system or user-managed identity username
      14.  
        Add protection to PaaS assets
      15.  
        Perform backup now
  2. Recovering cloud assets
    1.  
      Recovering cloud assets
    2.  
      Perform rollback recovery of cloud assets
    3. Recovering AWS or Azure VMs to VMware
      1.  
        Post-recovery considerations for cloud VMs recovered to VMware
      2. Steps to recover images from cloud VMs to VMware
        1.  
          Recovering images from AWS to VMware
        2.  
          Recovering images from Azure to VMware
    4. Recovering PaaS assets
      1.  
        Recovering non-RDS PaaS assets
      2.  
        Recovering RDS-based PaaS asset
      3.  
        Recovering Azure-protected assets
      4.  
        Recovering duplicate images from AdvancedDisk
  3. Performing granular restore
    1.  
      About granular restore
    2.  
      Supported environment list
    3.  
      List of supported file systems
    4.  
      Before you begin
    5.  
      Limitations and considerations
    6.  
      Restoring files and folders from cloud virtual machines
    7.  
      Restoring volumes on cloud virtual machines
    8.  
      Performing steps after volume restore containing LVM
    9.  
      Troubleshooting
  4. Troubleshooting protection and recovery of cloud assets
    1.  
      Troubleshoot cloud workload protection issues
    2.  
      Error Code 9855: Error occurred while exporting snapshot for the asset: <asset_name>
    3.  
      Backup from snapshot jobs take longer time than expected
    4.  
      Backup from snapshot job fails due to connectivity issues when Snapshot Manager is deployed on an Ubuntu host
    5.  
      Error disambiguation in NetBackup UI
    6. Troubleshoot PaaS workload protection and recovery issues
      1.  
        Troubleshooting Amazon Redshift issues

Creating a system or user-managed identity username

For Azure SQL Server and Managed Instance

Do any of the following configurations:

Configure the managed identity user as an AAD admin:

  • Set the AAD admin on the SQL server or the Managed instance.

  • Go to Settings > Azure Active Directory > Set admin. Search and set the system-assigned or user-assigned managed identity, and save.

    Note:

    Only media servers configured with both system-assigned managed identity and AAD administrator permissions can perform backup and restore.

Create a managed identity user on the database using the SSMS client:

  • To set AAD admin for SQL server, create users, go to Settings > Active Directory admin > Set admin. Pick active directory for the user, and save.

  • Login to the SQL database or Managed database to create a user under that database.

        CREATE USER [<managed_identity>] FROM EXTERNAL PROVIDER;
    ALTER ROLE db_owner ADD MEMBER [<managed_identity>];

  • Provide login permission for that user on the SQL Server, run 

       # CREATE USER [<managed_identity>] FROM EXTERNAL PROVIDER;
   # ALTER ROLE loginmanager ADD MEMBER [<managed_identity>];

    Note:

    You must create users for all media servers communicating with the database using the system-assigned managed identity.

    Note:

    To restore a database, you must configure the managed identity user as an AAD admin on the target server.

For MySQL

  • To configure the AAD admin for the MySQL server, create a user. Go to Settings > Active Directory admin > Set admin. Pick the active directory user, and save.

  • Get the client ID for managed identity using Azure CLI, run 

    # az ad sp list --display-name <managed_identity> --query [*].appId --out tsv

  • Generate an access token to log on, using Azure CLI, run:

    # az account get-access-token --resource-type oss-rdbms

  • Log on using the AAD admin user and access token, run:

    # mysql -h <server name> --user <user name> --enable-cleartext-plugin --password=<token>

  • Create the manage identity user and grant the permissions, run:

    # SET aad_auth_validate_oids_in_tenant = OFF;
  # CREATE AADUSER '<db_user>' IDENTIFIED BY '<Generated_client_id>';
  # GRANT USAGE, DROP, SELECT, CREATE, SHOW VIEW, EVENT, LOCK TABLES , ALTER, CREATE VIEW, INSERT, REFERENCES, ALTER ROUTINE, PROCESS ON *.* TO '<db_user>'@'%'
For PostgreSQL

  • To configure the AAD admin for the PostgreSQL server, create a user. Go to Settings > Active Directory admin > Set admin. Pick the active directory user, and save.

  • Get the client ID for the managed identity:

     # az ad sp list --display-name <managed_identity>  --query [*].appId --out tsv

  • Generate the access token required to login, run:

    # az account get-access-token --resource-type oss-rdbms

  • Export the password for the generated token, run:

    # export PGPASSWORD=<token>

  • Login using the AAD admin user and the access token, run:

     # psql "host=<host name> port=5432 dbname=<dbname> user=<user name> sslmode=require"

  • To create a user and grant permissions, run:

    # SET aad_auth_validate_oids_in_tenant = OFF;
  # CREATE ROLE <db_user> WITH LOGIN PASSWORD '<client_id>' IN ROLE azure_ad_user;
  # GRANT azure_pg_admin TO <db_user>;
  # ALTER USER smipguser CREATEDB;
  # ALTER USER smipguser Replication;

Note:

Only user-managed identity is supported for MySQL Flexible Server. Managed Identity support is not available for PostgreSQL Flexible Server.

For Azure Cosmos DB for NoSQL

  1. Log on to your Azure portal.

  2. To assign the Cosmos DB Built-in Data Contributor role to the managed identity, run the command:

    # az cosmosdb sql role assignment create -a <Account_Name> -g <Resource_Group_Name> -s "/" -p <Object_ID/Principle_ID> -d 00000000-0000-0000-0000-000000000002

    Where:

    • Account_Name is the Azure Cosmos account name.

    • Resource_Group_Name is the Resource group name of the account.

    • Object_ID/Principle_ID is the Managed identity object or principle ID.

    • 00000000-0000-0000-0000-000000000002 is the Cosmos DB Built-in Data Contributor role ID.