NetBackup™ Web UI Cloud Object Store Administrator's Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.2)
  1. Introduction
    1.  
      Overview of NetBackup protection for Cloud object store
    2.  
      Features of NetBackup Cloud object store workload support
  2. Managing Cloud object store assets
    1.  
      Prerequisites for adding Cloud object store accounts
    2.  
      Permissions required for Amazon S3 cloud provider user
    3. Adding Cloud object store accounts
      1.  
        Creating cross account access in AWS
      2.  
        Check certificate for revocation
      3.  
        Managing Certification Authorities (CA) for NetBackup Cloud
      4.  
        Adding a new region
    4.  
      Manage Cloud object store accounts
  3. Protecting Cloud object store assets
    1. About accelerator support
      1.  
        How NetBackup accelerator works with Cloud object store
      2.  
        Accelerator notes and requirements
      3.  
        Accelerator force rescan for Cloud object store (schedule attribute)
      4.  
        Accelerator backup and NetBackup catalog
    2.  
      About incremental backup
    3.  
      About policies for Cloud object store assets
    4.  
      Planning for policies
    5.  
      Prerequisites for Cloud object store policies
    6.  
      Creating a backup policy
    7.  
      Setting up attributes
    8.  
      Creating schedule attributes for policies
    9.  
      Configuring the Start window
    10.  
      Configuring exclude dates
    11.  
      Configuring include dates
    12.  
      Configuring the Cloud objects tab
    13.  
      Adding conditions
    14.  
      Adding tag conditions
    15.  
      Example of conditions and tag conditions
    16. Managing Cloud object store policies
      1.  
        Copy a policy
      2.  
        Deactivating or deleting a policy
      3.  
        Manually backup assets
  4. Recovering Cloud object store assets
    1.  
      Prerequisites for recovering Cloud object store objects
    2.  
      Recovering Cloud object store assets
  5. Troubleshooting
    1.  
      Recovery for Cloud object store using web UI for original bucket recovery option starts but job fails with error 3601
    2.  
      Recovery Job does not start
    3.  
      Restore fails: "Error bpbrm (PID=3899) client restore EXIT STATUS 40: network connection broken"
    4.  
      Access tier property not restored after overwrite existing to original location
    5.  
      Reduced accelerator optimization in Azure for OR query with multiple tags
    6.  
      Backup is failed and shows a certificate error with Amazon S3 bucket names containing dots (.)
    7.  
      Azure backup job fails when space is provided in tag query for either tag key name or value.
    8.  
      The Cloud object store account has encountered an error
    9.  
      Bucket list empty when selecting it in policy selection
    10.  
      Creating second account on Cloudian fails by selecting existing region
    11.  
      Restore failed with 2825 incomplete restore operation
    12.  
      Bucket listing of cloud provider fails when adding bucket in Cloud objects tab
    13.  
      AIR import image restore fails on the target domain if the Cloud store account is not added in target domain.

Creating cross account access in AWS

If you have multiple AWS accounts in your environment, and NetBackup deployed in one account, can protect data in other accounts as well. You need to configure cross account data access in AWS portal, before selecting Assume role as your access method. NetBackup only needs the access key, secret key, and role ARN.

Follow the guidelines in AWS documentation for creating cross account access. Briefly, you need to perform the following steps.

To configure AWS cross accounts:

  1. Log on to the AWS provider portal.
  2. Create a new IAM role in the target AWS account, which you want to protect.
  3. Create a new policy for the IAM role and ensure that it has required permissions to access the bucket and objects in that target AWS account. See Permissions required for Amazon S3 cloud provider user.
  4. Establish a trust relationship between the source and the target AWS accounts.
  5. In the source AWS account, create a policy that allows the IAM role in the source AWS account, to assume the IAM role in the target AWS account.
  6. Attach the policy to the source account user, whose access key and secret access key you use for the assume role.