Search <book_title>...

NetBackup™ Commands Reference Guide

Last Published: 2024-03-27

Product(s): NetBackup & Alta Data Protection (10.4)

Introduction
Appendix A. NetBackup Commands
1. acsd
2. backupdbtrace
3. backuptrace
4. bmrc
5. bmrconfig
6. bmrepadm
7. bmrprep
8. bmrs
9. bmrsrtadm
10. bp
11. bparchive
12. bpbackup
13. bpbackupdb
14. bpcatarc
15. bpcatlist
16. bpcatres
17. bpcatrm
18. bpcd
19. bpchangeprimary
20. bpcleanrestore
21. bpclient
22. bpclimagelist
23. bpclntcmd
24. bpclusterutil
25. bpcompatd
26. bpconfig
27. bpdbjobs
28. bpdbm
29. bpdgclone
30. bpdown
31. bpduplicate
32. bperror
33. bpexpdate
34. bpfis
35. bpflist
36. bpgetconfig
37. bpgetdebuglog
38. bpimage
39. bpimagelist
40. bpimmedia
41. bpimport
42. bpinst
43. bpkeyfile
44. bpkeyutil
45. bplabel
46. bplist
47. bpmedia
48. bpmedialist
49. bpminlicense
50. bpnbat
51. bpnbaz
52. bppficorr
53. bpplcatdrinfo
54. bpplclients
55. bppldelete
56. bpplinclude
57. bpplinfo
58. bppllist
59. bpplsched
60. bpplschedrep
61. bpplschedwin
62. bppolicynew
63. bpps
64. bprd
65. bprecover
66. bprestore
67. bpretlevel
68. bpschedule
69. bpschedulerep
70. bpsetconfig
71. bpstsinfo
72. bpstuadd
73. bpstudel
74. bpstulist
75. bpsturep
76. bptestbpcd
77. bptestnetconn
78. bpup
79. bpverify
80. cat_convert
81. cat_export
82. cat_import
83. configureCerts
84. configureMQ
85. configureWebServerCerts
86. create_nbdb
87. csconfig cldinstance
88. csconfig cldprovider
89. csconfig meter
90. csconfig reinitialize
91. csconfig throttle
92. duplicatetrace
93. importtrace
94. jbpSA
95. jnbSA
96. ltid
97. mklogdir
98. msdpcldutil
99. nbauditreport
100. nbcallhomeproxyconfig
101. nbcatsync
102. NBCC
103. NBCCR
104. nbcertcmd
105. nbcertupdater
106. nbcldutil
107. nbcmdrun
108. nbcomponentupdate
109. nbcplogs
110. nbcredkeyutil
111. nbdb_admin
112. nbdb_backup
113. nbdb_move
114. nbdb_ping
115. nbdb_restore
116. nbdb_unload
117. nbdb2adutl
118. nbdbms_start_server
119. nbdbms_start_stop
120. nbdc
121. nbdecommission
122. nbdelete
123. nbdeployutil
124. nbdevconfig
125. nbdevquery
126. nbdiscover
127. nbdna
128. nbemm
129. nbemmcmd
130. nbepicfile
131. nbfindfile
132. nbfirescan
133. nbfp
134. nbftadm
135. nbftconfig
136. nbgetconfig
137. nbhba
138. nbholdutil
139. nbhostidentity
140. nbhostmgmt
141. nbhypervtool
142. nbidpcmd
143. nbimageshare
144. nbinstallcmd
145. nbjm
146. nbkmiputil
147. nbkmscmd
148. nbkmsutil
149. nboraadm
150. nborair
151. nboracmd
152. nbpem
153. nbpemreq
154. nbmariadb
155. nbmlb
156. nbperfchk
157. nbplupgrade
158. nbrb
159. nbrbutil
160. nbreplicate
161. nbrepo
162. nbrestorevm
163. nbseccmd
164. nbserviceusercmd
165. nbsetconfig
166. nbshvault
167. nbsmartdiag
168. nbsnapimport
169. nbsnapreplicate
170. nbsqladm
171. nbsqlite
172. nbstl
173. nbstlutil
174. nbstop
175. nbsu
176. nbsvrgrp
177. netbackup_deployment_insights
178. resilient_clients
179. restoretrace
180. stopltid
181. tldd
182. tldcd
183. tpautoconf
184. tpclean
185. tpconfig
186. tpext
187. tpreq
188. tpunmount
189. verifytrace
190. vltadm
191. vltcontainers
192. vlteject
193. vltinject
194. vltoffsitemedia
195. vltopmenu
196. vltrun
197. vmadd
198. vmchange
199. vmcheckxxx
200. vmd
201. vmdelete
202. vmoprcmd
203. vmphyinv
204. vmpool
205. vmquery
206. vmrule
207. vmupdate
208. vnetd
209. vssat
210. vwcp_manage
211. vxlogcfg
212. vxlogmgr
213. vxlogview
214. W2KOption

Name

msdpcldutil — the immutable cloud storage utility

SYNOPSIS

msdpcldutil create --bucket bucket_name --volume volume_name --mode retention_mode --min min_time --max max_time --live live_untildate [--storageclass storage_class] [--credfile cred_file] [--enable_sas] [--enable_sp] [--enable_iama] [--enable_sts]

msdpcldutil list [--bucket bucket_name | --filter bucket_name_filter] [--volume volume_name] [--credfile cred_file] [--enable_sas] [--enable_sp] [--enable_iama] [--enable_sts]

msdpcldutil update mode --bucket bucket_name --volume volume_name --mode COMPLIANCE --live live_untildate [--credfile cred_file] [--enable_sas] [--enable_sp] [--enable_iama]

msdpcldutil update range --bucket bucket_name --volume volume_name --min min_time --max max_time [--credfile cred_file] [--enable_sas] [--enable_sp] [--enable_iama] [--enable_sts]

msdpcldutil update live --bucket bucket_name --volume volume_name --live live_untildate [--credfile cred_file] [--enable_sas] [--enable_sp] [--enable_iama] [--enable_sts]

msdpcldutil update inherit --bucket bucket_name --volume volume_name --inherit inherit_value [--credfile cred_file] [--enable_sas] [--enable_sp] [--enable_iama] [--enable_sts]

msdpcldutil update bucket-policy --bucket bucket_name [--credfile cred_file] [--enable_sas] [--userid userid] [--enable_sp] [--enable_iama]

msdpcldutil bucket create --bucket bucket_name --mode retention_mode - period period_time

msdpcldutil bucket info --bucket bucket_name

msdpcldutil bucket sync --bucket bucket_name

msdpcldutil bucket update --bucket bucket_name --mode retention_mode - period period_time

msdpcldutil platform list

msdpcldutil platform checkperm [ - bucket bucket-name] [--role role_name]

msdpcldutil history list --bucket bucket_name --volume volume_name

msdpcldutil history download --bucket bucket_name --volume volume_name --filepath path_name --starttime start_time --endtime end_time --output output_path

msdpcldutil --help

msdpcldutil create --help

msdpcldutil list --help

msdpcldutil update mode --help

msdpcldutil update range --help

msdpcldutil update live --help

msdpcldutil update bucket-policy --help

msdpcldutil bucket create --help

msdpcldutil bucket info --help

msdpcldutil bucket sync - help

msdpcldutil bucket list - help

msdpcldutil bucket update --help

msdpcldutil --version

On UNIX systems, the directory path to this command is /usr/openv/pdde/pdcr/bin/

DESCRIPTION

Use the msdpcldutil command to create, update, and list cloud immutable volume for AWS S3 storage, S3-compatible cloud storage, and Azure blob storage.

This utility is only supported on Red Hat Linux.

Set the following environment variables before you use msdpcldutil for AWS S3 immutable storage:

export MSDPC_ACCESS_KEY=your_access_key_id
export MSDPC_SECRET_KEY=your_secret_key
export MSDPC_REGION=your_region
export MSDPC_PROVIDER=amazon

MSDPC_ACCESS_KEY is the AWS access key associated with an IAM user. MSDPC_SECRET_KEY is the secret key associated with the access key. MSDPC_REGION is the AWS region where the bucket is created or accessed. MSDPC_PROVIDER is the name of the S3-compatible cloud storage provider.

Set the following environment variables before you use msdpcldutil for S3-compatible cloud storage:

export MSDPC_ACCESS_KEY=your_access_key_id
export MSDPC_SECRET_KEY=your_secret_key
export MSDPC_REGION=your_region
export MSDPC_PROVIDER=s3-compatible
export MSDPC_ENDPOINT=your_s3_endpoint_url

In addition to the parameters shown, you can now provide MSDPC_CMS_CRED_NAME to run the msdpcldutil commands for AWS as shown:

export MSDPC_PROVIDER=vamazon
export MSDPC_REGION=your_region
export MSDPC_CMS_CRED_NAME=your_credential_name
export MSDPC_MASTER_SERVER=your_primary server_name
export MSDPC_ALIAS=your_storage_server_name_your_alias_name

MSDPC_CMS_CRED_NAME is the credential name provided that stores the credentials.

MSDPC_ALIAS is the cloud alias created using csconfig.

Set the following environment variables before you use msdpcldutil for Azure blob immutable storage:

export MSDPC_ACCESS_KEY=your_storage_account
export MSDPC_SECRET_KEY=your_access_key
export MSDPC_REGION=your_region
export MSDPC_PROVIDER=azure
export MSDPC_ENDPOINT=https://your_storage_account.blob.core.windows.net/

Similar to Amazon, for Azure storage, you can use MSDPC_CMS_CRED_NAME.

export MSDPC_CMS_CRED_NAME=your_credential_name

Set the following environment variables before you use msdpcldutil for Google Cloud Platform bucket retention storage:

export MSDPC_ACCESS_KEY=your_storage_account
export MSDPC_SECRET_KEY=your_access_key
export MSDPC_REGION=your_region
export MSDPC_PROVIDER=google
export MSDPC_ENDPOINT=your_gcp_endpoint_url
export MSDPC_GCP_SAKEY=gcp_service_account_key_file_path

Set the following environment variables to configure the proxy settings. The settings include HTTP, HTTPS, SOCKS, and NTLM authentication:

MSDPC_PROXY_URL=[http/https/socks/socks4/socks5/socks4a]://ProxyHost:
ProxyPort
MSDPC_PROXY_AUTH=NTLM or none
MSDPC_PROXY_DOMAIN=$NTLM domain name
MSDPC_PROXY_USER=$proxy_user
MSDPC_PROXY_PASSWD=$proxy_password

You are not required to set the environment variables if the NetBackup media server is deployed on Amazon EC2 instance. You can use IAM role-based authentication. An access key, secret key, region, endpoint, and the provider are set automatically.

export MSDPC_ACCESS_KEY=
export MSDPC_SECRET_KEY=
export MSDPC_REGION=
export MSDPC_ENDPOINT=
export MSDPC_PROVIDER=

Use the - enable_sas option with Recovery Vault Azure and AzureGov storage. When you provide this option, the environment variables are used as follows:

Use the -enable_sts option with Recovery Vault Amazon and Amazon Gov storage.

MSDPC_ACCESS_KEY is the credential name, not the account name.

MSDPC_ALIAS is the alias of the storage volume that is associated with the credential. MSDPC_MASTER_SERVER is the master server. When you provide these two environment variables, they are used to query the NetBackup CMS for the credentials. In this case, MSDPC_SECRET_KEY is ignored.

If you do not provide MSDPC_ALIAS and MSDPC_MASTER_SERVER, provide MSDPC_ACCESS_TOKEN. It is used to query Recovery Vault directly for the credentials. You can optionally provide MSDPC_RVLT_SERVICE_URI to specify Recovery Vault service endpoint. It is nrv.veritas.com by default.

If MSDPC_ALIAS, MSDPC_MASTER_SERVER, and MSDPC_ACCESS_TOKEN environment variables are not provided for Recovery Vault that results in an error.

Besides these parameters, you can provide MSDPC_CMS_CRED_NAME directly, which is the credential name.

If you do not set the environment variables and IAM role-based authentication does not exist, msdpcldutil enters interactive mode. You can enter the parameters at the command-line prompt as follows:

Enter Provider id: amazon
Enter region: us-east-2
Enter Access key: xxxxxxxxx
Enter secret key:
Enter Credential Name: primary_server_name
Enter alias: primary_server_name_cloud-lsu

Ensure that you previously created the alias with the csconfig command, otherwise this action fails.

Use the -enable_sp option for Service Principal with Azure blob and AzureGov storage. When you provide this option, the environment variables are used as follows:

export MSDPC_CMS_CRED_NAME=your_cms_credential_name
export MSDPC_ALIAS=your_alias_name
export MSDPC_REGION=your_region
export MSDPC_PROVIDER=azure
export MSDPC_ENDPOINT=https://your_storage_account.blob.core.windows.net/

MSDPC_CMS_CRED_NAME is the Service Principal credential NetBackup stores in the Credential Management Service.

MSDPC_ALIAS is the name of the alias in the CloudStore. The alias must have the authorization type CREDS_SERVICE_PRINCIPAL. You can view or add aliases using csconfig -instance where the authorization type shows up under creds_broker.

Use the -enable_iama option for IAM Role Anywhere with Amazon and AmazonGov storage. When you provide this option, the environment variables are used as follows:

export MSDPC_CMS_CRED_NAME=your_cms_credential_name
export MSDPC_ALIAS=your_alias_name
export MSDPC_REGION=your_region
export MSDPC_PROVIDER=amazon

MSDPC_CMS_CRED_NAME is the Iam Role Anywhere credential NetBackup stores in the Credential Management Service.

MSDPC_ALIAS is the name of the alias in the CloudStore. The alias must have the authorization type CREDS_IAM_ROLE_ANYWHERE. You can view or add aliases using csconfig -instance where the authorization type shows up under creds_broker.

OPTIONS

--bucket bucket_name, -b bucket_name

The bucket name in AWS S3 and S3 compatible storage or the container name in Azure blob.

--credfile credfile_path

The credential file that contains the environment variables in the following format:

MSDPC_ACCESS_KEY=your_storage_account
MSDPC_SECRET_KEY=your_access_key
MSDPC_REGION=your_region
MSDPC_PROVIDER=your_provider

--debug

Provides a more detailed log for debugging.

--enable_sas

Shared access signatures (SAS) authentication method on Azure blob storage. The default value is false.

--enable_sp

Service Principal authentication method using Credential Management Service on Azure blob storage. The default value is false.

--enable_sts

Security Token Service (STS) authentication method on Amazon storage. The default value is false.

--enable_iama

IAM Role Anywhere authentication method on Amazon storage. The default value is false.

--inherit enable|disable, -i enable|disable

When you switch retention mode from ENTERPRISE mode to COMPLIANCE mode, use the inherit option to specify retention time behavior. You can either inherit the retention time from the ENTERPRISE mode or overwrite it with the new retention time for the COMPLIANCE mode. If you want to inherit the retention time, specify enable. If you want to overwrite the retention time, specify disable.

--live live_utildate, -l live_utildate

The cloud immutable volume live duration. This value is set as YYYY-MM-DD hh:mm:ss timezone. For a value of noon on August 18, 2025 in UTC, use 2025-08-18 12:00:00 UTC.

--max max_duration, -M max_duration

The maximum object locking duration: number plus D or Y. The value of 12Y means 12 years.

--min min_duration, -N min_duration

The minimum object locking duration: number plus D or Y. The value of 12D means 12 days.

--mode retention_mode, -m retention_mode

The retention mode for the immutable cloud storage. The option has two possible values:

COMPLIANCE mode:
Users cannot overwrite or delete the data that is protected using the compliance mode for the defined retention period. Once you set a retention period for the data storage, you can extend it but cannot shorten it.
ENTERPRISE mode:
Users require special permissions to disable the retention lock and then delete the image. Only the cloud administrator user can disable the retention lock and then the delete the image if required. You can use the enterprise mode to test the retention period behavior before you use compliance mode.

--storageclass storage_class, -s storage_class

Amazon S3 storage class, such as STANDARD_IA or GLACIER_IR. The default is STANDARD.

For Amazon Recovery Vault, only STANDARD_IA and GLACIER_IR are applicable.

--userid user_id, -u user_id

The AWS user ID in aws sts get-caller-identity. The default is null. This option is only available for AWS S3 immutable storage.

--volume volume_name, -v volume_name

The volume name is the directory name under the S3 bucket or the Azure blob container.

EXAMPLES

Example 1: Create a cloud immutable volume.

/usr/openv/pdde/pdcr/bin/msdpcldutil create -b bucketname -v volumename --mode ENTERPRISE --min 1D --max 30D --live 2021-12-31

Example 2: Update the cloud immutable volume mode.

/usr/openv/pdde/pdcr/bin/msdpcldutil update mode -b bucketname -v volumename --mode COMPLIANCE --live 2021-12-31 --inherit enable

Example 3: Update the cloud immutable volume minimum and maximum retention periods.

/usr/openv/pdde/pdcr/bin/msdpcldutil update range -b bucketname -v volumename --min 1D --max 90D

Example 4: Update the cloud immutable volume live duration.

/usr/openv/pdde/pdcr/bin/msdpcldutil update live -b bucketname -v volumename -l 2022-01-31

Example 5: Create GCP bucket with the bucket level retention.

/usr/openv/pdde/pdcr/bin/msdpcldutil bucket create -b bucketname -m ENTERPRISE -p 100D

Example 6: Check Amazon permissions of the current user.

/usr/openv/pdde/pdcr/bin/msdpcldutil platform checkperm --role 
backup-admin --bucket bucketname

/usr/openv/pdde/pdcr/bin/msdpcldutil platform checkperm --role 
cloud_admin