Veritas Solution Guide for Sheltered Harbor
- About Veritas Sheltered Harbor solutions
- Prerequisites to configure Sheltered Harbor solutions
- Veritas Sheltered Harbor solution workflow
- Glossary
System requirements
Review the following system requirements for the NetBackup Sheltered Harbor solution:
NetBackup primary server: Version 10.2
NetBackup media server: Version 10.2
NetBackup client: Version 10.2
Note:
NetBackup version 10.2 is highly recommended for NetBackup primary, media server, and client roles. Limited NetBackup deployment types for BYO and Flex Appliance are supported using version 10.1
KMS: Use either of the following KMS services:
Cloud KMS (CKMS): Azure key vault based external KMS solutions is supported.
On-premises KMS (EKMS): See External KMS - Considerations in the Encryption and Security Solutions section for more information.
Note:
NetBackup KMS cannot be used for the Sheltered Harbor solution configuration.
Note:
The solution validates the CRL of the KMS user certificate before performing cryptographic operations. To download the CRL, you should update the ECA_TRUSTSTORE_PATH configuration option.
See ECA_TRUST_STORE_PATH for NetBackup servers and clients.
If the NetBackup host is already configured with external CA, you should append the external CA certificate to the existing path.
The service user must have the read permissions on the CA certificate file.
Immutable cloud storage: An immutable cloud storage provider is required to support Sheltered Harbor specific standards. See cloud storage vendor compatibility list with either of these two designations.
S3 Object Lock: Yes
Object Lock (Immutable storage): Yes
Operating system: For information on the operating system requirements for the NetBackup primary server, media server and client, see Veritas NetBackup Compatibility List.