NetBackup™ Web UI Cloud Object Store Administrator's Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.4)
  1. Introduction
    1.  
      Overview of NetBackup protection for Cloud object store
    2.  
      Features of NetBackup Cloud object store workload support
  2. Managing Cloud object store assets
    1.  
      Prerequisites for adding Cloud object store accounts
    2.  
      Permissions required for Amazon S3 cloud provider user
    3.  
      Permissions required for Azure
    4.  
      Limitations and considerations
    5. Adding Cloud object store accounts
      1.  
        Creating cross-account access in AWS
      2.  
        Check certificate for revocation
      3.  
        Managing Certification Authorities (CA) for NetBackup Cloud
      4.  
        Adding a new region
    6.  
      Manage Cloud object store accounts
  3. Protecting Cloud object store assets
    1. About accelerator support
      1.  
        How NetBackup accelerator works with Cloud object store
      2.  
        Accelerator notes and requirements
      3.  
        Accelerator force rescan for Cloud object store (schedule attribute)
      4.  
        Accelerator backup and NetBackup catalog
    2.  
      About incremental backup
    3.  
      About policies for Cloud object store assets
    4.  
      Planning for policies
    5.  
      Prerequisites for Cloud object store policies
    6.  
      Creating a backup policy
    7.  
      Setting up attributes
    8.  
      Creating schedule attributes for policies
    9.  
      Configuring the Start window
    10.  
      Configuring the exclude dates
    11.  
      Configuring the include dates
    12.  
      Configuring the Cloud objects tab
    13.  
      Adding conditions
    14.  
      Adding tag conditions
    15.  
      Examples of conditions and tag conditions
    16. Managing Cloud object store policies
      1.  
        Copy a policy
      2.  
        Deactivating or deleting a policy
      3.  
        Manually backup assets
  4. Recovering Cloud object store assets
    1.  
      Prerequisites for recovering Cloud object store objects
    2.  
      Configuring Cloud object retention properties
    3.  
      Recovering Cloud object store assets
  5. Troubleshooting
    1.  
      Recovery for Cloud object store using web UI for the original bucket recovery option starts, but the job fails with error 3601
    2.  
      Recovery Job does not start
    3.  
      Restore fails: "Error bpbrm (PID=3899) client restore EXIT STATUS 40: network connection broken"
    4.  
      Access tier property not restored after overwriting the existing object in the original location
    5.  
      Reduced accelerator optimization in Azure for OR query with multiple tags
    6.  
      Backup failed and shows a certificate error with Amazon S3 bucket names containing dots (.)
    7.  
      Azure backup jobs fail when space is provided in a tag query for either tag key name or value.
    8.  
      The Cloud object store account has encountered an error
    9.  
      The bucket is list empty during policy selection
    10.  
      Creating a second account on Cloudian fails by selecting an existing region
    11.  
      Restore failed with 2825 incomplete restore operation
    12.  
      Bucket listing of a cloud provider fails when adding a bucket in the Cloud objects tab
    13.  
      A.I.R. import image restore fails on the target domain if the Cloud store account is not added to the target domain
    14.  
      Backup for Azure Data Lake fails when a back-level media server is used with backup host or storage server version 10.3
    15.  
      Backup fails partially in Azure Data Lake: "Error nbpem (pid=16018) backup of client
    16.  
      Recovery for Azure Data Lake fails: "This operation is not permitted as the path is too deep"
    17.  
      Empty directories are not backed up in Azure Data Lake
    18.  
      Recovery error: "Invalid alternate directory location. You must specify a string with length less than 1025 valid characters"
    19.  
      Recovery error: "Invalid parameter specified"
    20.  
      Restore fails: "Cannot perform the COSP operation, skipping the object: [/testdata/FxtZMidEdTK]"
    21.  
      Cloud store account creation fails with incorrect credentials
    22.  
      Discovery failures due to improper permissions
    23.  
      Restore failures due to object lock

Managing Certification Authorities (CA) for NetBackup Cloud

NetBackup supports only X.509 certificates in .PEM (Privacy-enhanced Electronic Mail) format.

You can find the details of the Certification Authorities (CAs) in the cacert.pem bundle at the following location:

  • Windows:

    <installation-path>\NetBackup\var\global\cloud

  • UNIX:

    /usr/openv/var/global/cloud/

Note:

In a cluster deployment, the NetBackup database path points to the shared disk, which is accessible from the active node.

You can add or remove a CA from the cacert.pem bundle.

After you complete the changes, when you upgrade to a new version of NetBackup, the cacert.pem bundle is overwritten by the new bundle. All the entries that you may have added or removed are lost. As a best practice, keep a local copy of the edited cacert.pem file. You can use the local copy to override the upgraded file and restore your changes.

Note:

Ensure that you do not change the file permission and ownership of the cacert.pem file.

To add a CA

You must get a CA certificate from the required cloud provider and update it in the cacert.pem file. The certificate must be in .PEM format.

  1. Open the cacert.pem file.
  2. Append the self-signed CA certificate on a new line and at the beginning or end of the cacert.pem file.

    Add the following information block:

    Certificate Authority Name

    ==========================

    - - - - - BEGIN CERTIFICATE - - - - -

    <Certificate content>

    - - - - - END CERTIFICATE - - - - -

  3. Save the file.

To remove a CA

Before you remove a CA from the cacert.pem file, ensure that none of the cloud jobs are using the related certificate.

  1. Open the cacert.pem file.
  2. Remove the required CA. Remove the following information block:

    Certificate Authority Name

    ==========================

    - - - - - BEGIN CERTIFICATE - - - - -

    <Certificate content>

    - - - - - END CERTIFICATE - - - - -

  3. Save the file.
List of CAs approved by NetBackup

  • AddTrust External Root

  • Baltimore CyberTrust Root

  • Cybertrust Global Root

  • DigiCert Assured ID Root CA

  • DigiCert Assured ID Root G2

  • DigiCert Assured ID Root G3

  • DigiCert Global CA G2

  • DigiCert Global Root CA

  • DigiCert Global Root G2

  • DigiCert Global Root G3

  • DigiCert High Assurance EV Root CA

  • DigiCert Trusted Root G4

  • D-Trust Root Class 3 CA 2 2009

  • GeoTrust Global CA

  • GeoTrust Primary Certification Authority

  • GeoTrust Primary Certification Authority - G2

  • GeoTrust Primary Certification Authority - G3

  • GeoTrust Universal CA

  • GeoTrust Universal CA 2

  • RSA Security 2048 v3

  • Starfield Services Root Certificate Authority - G2

  • Thawte Primary Root CA

  • Thawte Primary Root CA - G2

  • Thawte Primary Root CA - G3

  • VeriSign Class 1 Public Primary Certification Authority - G3

  • VeriSign Class 2 Public Primary Certification Authority - G3

  • Verisign Class 3 Public Primary Certification Authority - G3

  • VeriSign Class 3 Public Primary Certification Authority - G4

  • VeriSign Class 3 Public Primary Certification Authority - G5

  • VeriSign Universal Root Certification Authority