NetBackup™ Deduplication Guide
- Introducing the NetBackup media server deduplication option
- Quick start
- Planning your deployment
- Planning your MSDP deployment
- NetBackup naming conventions
- About MSDP deduplication nodes
- About the NetBackup deduplication destinations
- About MSDP storage capacity
- About MSDP storage and connectivity requirements
- About NetBackup media server deduplication
- About NetBackup Client Direct deduplication
- About MSDP remote office client deduplication
- About the NetBackup Deduplication Engine credentials
- About the network interface for MSDP
- About MSDP port usage
- About MSDP optimized synthetic backups
- About MSDP and SAN Client
- About MSDP optimized duplication and replication
- About MSDP performance
- About MSDP stream handlers
- MSDP deployment best practices
- Use fully qualified domain names
- About scaling MSDP
- Send initial full backups to the storage server
- Increase the number of MSDP jobs gradually
- Introduce MSDP load balancing servers gradually
- Implement MSDP client deduplication gradually
- Use MSDP compression and encryption
- About the optimal number of backup streams for MSDP
- About storage unit groups for MSDP
- About protecting the MSDP data
- Save the MSDP storage server configuration
- Plan for disk write caching
- Provisioning the storage
- Licensing deduplication
- Configuring deduplication
- Configuring MSDP server-side deduplication
- Configuring MSDP client-side deduplication
- About the MSDP Deduplication Multi-Threaded Agent
- Configuring the Deduplication Multi-Threaded Agent behavior
- Configuring deduplication plug-in interaction with the Multi-Threaded Agent
- About MSDP fingerprinting
- About the MSDP fingerprint cache
- Configuring the MSDP fingerprint cache behavior
- About seeding the MSDP fingerprint cache for remote client deduplication
- Configuring MSDP fingerprint cache seeding on the client
- Configuring MSDP fingerprint cache seeding on the storage server
- About sampling and predictive cache
- Rebuilding the sampling cache
- Enabling 400 TB support for MSDP
- About MSDP Encryption using NetBackup Key Management Server service
- About MSDP Encryption using external KMS server
- Configuring a storage server for a Media Server Deduplication Pool
- About disk pools for NetBackup deduplication
- Configuring a disk pool for deduplication
- Creating the data directories for 400 TB MSDP support
- Adding volumes to a 400 TB Media Server Deduplication Pool
- Configuring a Media Server Deduplication Pool storage unit
- Configuring client attributes for MSDP client-side deduplication
- Disabling MSDP client-side deduplication for a client
- Disable client-side deduplication for all clients in a policy
- About MSDP compression
- About MSDP encryption
- Configuring encryption for MSDP local storage volume
- Configuring encryption for MSDP cloud storage volumes
- Configuring MSDP encryption on different platforms
- About the rolling data conversion mechanism for MSDP
- Modes of rolling data conversion
- MSDP encryption behavior and compatibilities
- Configuring optimized synthetic backups for MSDP
- About a separate network path for MSDP duplication and replication
- Configuring a separate network path for MSDP duplication and replication
- About MSDP optimized duplication within the same domain
- Configuring MSDP optimized duplication within the same NetBackup domain
- About MSDP replication to a different domain
- Configuring MSDP replication to a different NetBackup domain
- About NetBackup Auto Image Replication
- About trusted primary servers for Auto Image Replication
- About the certificate to use to add a trusted primary server
- Add a trusted primary server
- Remove a trusted primary server
- Enable inter-node authentication for a NetBackup clustered primary server
- Configuring NetBackup CA and NetBackup host ID-based certificate for secure communication between the source and the target MSDP storage servers
- Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server
- Configuring a target for MSDP replication to a remote domain
- About configuring MSDP optimized duplication and replication bandwidth
- About performance tuning of optimized duplication and replication for MSDP cloud
- About storage lifecycle policies
- About the storage lifecycle policies required for Auto Image Replication
- Creating a storage lifecycle policy
- About MSDP backup policy configuration
- Creating a backup policy
- Resilient network properties
- Adding an MSDP load balancing server
- About variable-length deduplication on NetBackup clients
- Managing the variable-length deduplication using the cacontrol command-line utility
- About the MSDP pd.conf configuration file
- Editing the MSDP pd.conf file
- About the MSDP contentrouter.cfg file
- About saving the MSDP storage server configuration
- Saving the MSDP storage server configuration
- Editing an MSDP storage server configuration file
- Setting the MSDP storage server configuration
- About the MSDP host configuration file
- Deleting an MSDP host configuration file
- Resetting the MSDP registry
- About protecting the MSDP catalog
- Changing the MSDP shadow catalog path
- Changing the MSDP shadow catalog schedule
- Changing the number of MSDP catalog shadow copies
- Configuring an MSDP catalog backup
- Updating an MSDP catalog backup policy
- About MSDP FIPS compliance
- Configuring the NetBackup client-side deduplication to support multiple interfaces of MSDP
- About MSDP multi-domain support
- About MSDP application user support
- About MSDP mutli-domain VLAN Support
- About NetBackup WORM storage support for immutable and indelible data
- Running MSDP services with the non-root user
- Running MSDP commands with the non-root user
- MSDP cloud support
- About MSDP cloud support
- Create a Media Server Deduplication Pool (MSDP, MSDP Cloud) storage server in the NetBackup web UI
- Managing credentials for MSDP-C
- Creating a cloud storage unit
- Updating cloud credentials for a cloud LSU
- Updating encryption configurations for a cloud LSU
- Deleting a cloud LSU
- Backup data to cloud by using cloud LSU
- Duplicate data cloud by using cloud LSU
- Configuring AIR to use cloud LSU
- About backward compatibility support
- About the configuration items in cloud.json, contentrouter.cfg, and spa.cfg
- Cloud space reclamation
- About the tool updates for cloud support
- About the disaster recovery for cloud LSU
- About Image Sharing using MSDP cloud
- About restore from a backup in Microsoft Azure Archive
- About Veritas Alta Recovery Vault Azure and Amazon
- Configuring Veritas Alta Recovery Vault Azure and Azure Government
- Configuring Veritas Alta Recovery Vault Azure and Azure Government using the CLI
- Configuring Veritas Alta Recovery Vault Amazon and Amazon Government
- Configuring Veritas Alta Recovery Vault Amazon and Amazon Government using the CLI
- Migrating from standard authentication to token-based authentication for Recovery Vault
- About MSDP cloud immutable (WORM) storage support
- Creating a cloud immutable storage unit using the web UI
- Updating a cloud immutable volume
- About immutable object support for AWS S3
- About immutable object support for AWS S3 compatible platforms
- About immutable storage support for Azure blob storage
- About bucket-level immutable storage support for Google Cloud Storage
- About object-level immutable storage support for Google Cloud Storage
- About using the cloud immutable storage in a cluster environment
- Troubleshooting the errors when disk volume creation using web UI fails
- Deleting the immutable image with the enterprise mode
- Deleting the S3 object permanently
- About MSDP cloud admin tool
- About AWS IAM Role Anywhere support
- About Azure service principal support
- About instant access for object storage in cloud
- About NetBackup support for AWS Snowball Edge
- Upgrading to NetBackup 10.3 and cluster environment
- S3 Interface for MSDP
- About S3 interface for MSDP
- Prerequisites for MSDP build-your-own (BYO) server
- Configuring S3 interface for MSDP on MSDP build-your-own (BYO) server
- Identity and Access Management (IAM) for S3 interface for MSDP
- S3 Object Lock In Flex WORM
- S3 APIs for S3 interface for MSDP
- Creating a protection policy for the MSDP object store
- Recovering the MSDP object store data from the backup images
- Disaster recovery in S3 interface for MSDP
- Limitations in S3 interface for MSDP
- Logging and troubleshooting
- Best practices
- Monitoring deduplication activity
- Monitoring the MSDP deduplication and compression rates
- Viewing MSDP job details
- About MSDP storage capacity and usage reporting
- About MSDP container files
- Viewing storage usage within MSDP container files
- About monitoring MSDP processes
- Reporting on Auto Image Replication jobs
- Checking the image encryption status
- Managing deduplication
- Managing MSDP servers
- Viewing MSDP storage servers
- Determining the MSDP storage server state
- Viewing MSDP storage server attributes
- Setting MSDP storage server attributes
- Changing MSDP storage server properties
- Clearing MSDP storage server attributes
- About changing the MSDP storage server name or storage path
- Changing the MSDP storage server name or storage path
- Removing an MSDP load balancing server
- Deleting an MSDP storage server
- Deleting the MSDP storage server configuration
- Managing NetBackup Deduplication Engine credentials
- Managing Media Server Deduplication Pools
- Viewing Media Server Deduplication Pools
- Determining the Media Server Deduplication Pool state
- Viewing Media Server Deduplication Pool attributes
- Setting a Media Server Deduplication Pool attribute
- Changing a Media Server Deduplication Pool properties
- Clearing a Media Server Deduplication Pool attribute
- Determining the MSDP disk volume state
- Changing the MSDP disk volume state
- Deleting a Media Server Deduplication Pool
- Analyzing the disc space consumption of the backup images
- Deleting backup images
- About MSDP queue processing
- Processing the MSDP transaction queue manually
- About MSDP data integrity checking
- Configuring MSDP data integrity checking behavior
- About managing MSDP storage read performance
- About MSDP storage rebasing
- About the MSDP data removal process
- Resizing the MSDP storage partition
- How MSDP restores work
- Configuring MSDP restores directly to a client
- About restoring files at a remote site
- About restoring from a backup at a target primary domain
- Specifying the restore server
- Enabling extra OS STIG hardening on WORM storage server instance
- Managing MSDP servers
- Recovering MSDP
- Replacing MSDP hosts
- Uninstalling MSDP
- Deduplication architecture
- Configuring and using universal shares
- About universal shares
- Advantages of universal shares
- Configuring and using an MSDP build-your-own (BYO) server for universal shares
- MSDP build-your-own (BYO) server prerequisites and hardware requirements to configure universal shares
- About the deduplication web service user and the user group for MSDP BYO server
- Configuring universal share user authentication
- Mounting a universal share created from the NetBackup web UI
- About universal share self-service recovery
- Performing a universal share self-service recovery
- Using the ingest mode
- About universal shares with object store
- Enabling a universal share with object store
- Universal share with disabled MSDP data volumes
- About the vpfs_stats utility
- Disaster recovery for a universal share
- Changing the number of vpfsd instances
- Enabling variable-length deduplication (VLD) algorithm for universal shares
- Upgrading to NetBackup 10.4
- About universal share accelerator
- Preparing NetBackup for the universal share accelerator
- Installing the universal share accelerator
- Configure a universal share accelerator
- Creating a protection policy for the universal share accelerator
- About the universal share accelerator quota
- Recovering a point in time for the universal share accelerator
- Deleting a recovered universal share accelerator
- Logging for universal share accelerator
- Logging and reporting for universal share VPFS instance
- Vpfsd logs for file system operations in universal shares
- Using the marker file interface for universal share operations
- Configuring isolated recovery environment (IRE)
- Requirements
- Configuring the network isolation
- Configuring an isolated recovery environment using the web UI
- Configuring an isolated recovery environment using the command line
- Configuring an isolated recovery environment on a NetBackup BYO media server
- Managing an isolated recovery environment on a NetBackup BYO media server
- Configuring A.I.R. for replicating backup images from production environment to IRE BYO environment
- Configuring an isolated recovery environment on a WORM storage server
- Managing an isolated recovery environment on a WORM storage server
- Configuring data transmission between a production environment and an IRE WORM storage server
- Using the NetBackup Deduplication Shell
- About the NetBackup Deduplication Shell
- Managing users from the deduplication shell
- Adding and removing local users from the deduplication shell
- Adding MSDP users from the deduplication shell
- Connecting an Active Directory domain to a WORM or an MSDP storage server for Universal Shares and Instant Access
- Disconnecting an Active Directory domain from the deduplication shell
- Changing a user password from the deduplication shell
- Managing VLAN interfaces from the deduplication shell
- Managing the retention policy on a WORM storage server
- Managing images with a retention lock on a WORM storage server
- Auditing WORM retention changes
- Protecting the NetBackup catalog from the deduplication shell
- About the external MSDP catalog backup
- Managing certificates from the deduplication shell
- Managing FIPS mode from the deduplication shell
- Encrypting backups from the deduplication shell
- Tuning the MSDP configuration from the deduplication shell
- Setting the MSDP log level from the deduplication shell
- Managing NetBackup services from the deduplication shell
- Managing the cyclic redundancy checking (CRC) service
- Managing the content router queue processing (CRQP) service
- Managing the online checking service
- Managing the compaction service
- Managing the deduplication (MSDP) services
- Managing the MSDP services across the cluster
- Managing the Storage Platform Web Service (SPWS)
- Managing Open Cloud Storage Daemon
- Managing the Veritas provisioning file system (VPFS) configuration parameters
- Managing the Veritas provisioning file system (VPFS) mounts
- Managing the NGINX service
- Managing the SMB service
- Monitoring and troubleshooting NetBackup services from the deduplication shell
- Managing the health monitor
- Viewing information about the system
- Viewing the deduplication (MSDP) history or configuration files
- Viewing process information in the pseudo-file system
- Viewing the deduplication rate of a Veritas provisioning file service (VPFS) share
- Viewing the log files
- Collecting and transferring troubleshooting files
- Managing S3 service from the deduplication shell
- Multi-person authorization for deduplication shell commands
- Managing cloud LSU in Flex Scale and Cloud Scale
- Troubleshooting
- About unified logging
- About legacy logging
- NetBackup MSDP log files
- Troubleshooting MSDP configuration issues
- Troubleshooting MSDP operational issues
- Verify that the MSDP server has sufficient memory
- MSDP backup or duplication job fails
- MSDP client deduplication fails
- MSDP volume state changes to DOWN when volume is unmounted
- MSDP errors, delayed response, hangs
- Cannot delete an MSDP disk pool
- MSDP media open error (83)
- MSDP media write error (84)
- MSDP no images successfully processed (191)
- MSDP storage full conditions
- Troubleshooting MSDP catalog backup
- Storage Platform Web Service (spws) does not start
- Disk volume API or command line option does not work
- Viewing MSDP disk errors and events
- MSDP event codes and messages
- Unable to obtain the administrator password to use an AWS EC2 instance that has a Windows OS
- Trouble shooting multi-domain issues
- Troubleshooting the cloud compaction error messages
- Appendix A. Migrating to MSDP storage
- Appendix B. Migrating from Cloud Catalyst to MSDP direct cloud tiering
- About migration from Cloud Catalyst to MSDP direct cloud tiering
- About Cloud Catalyst migration strategies
- About direct migration from Cloud Catalyst to MSDP direct cloud tiering
- About postmigration configuration and cleanup
- About the Cloud Catalyst migration -dryrun option
- About Cloud Catalyst migration cacontrol options
- Reverting back to Cloud Catalyst from a successful migration
- Reverting back to Cloud Catalyst from a failed migration
- Appendix C. Encryption Crawler
- Index
About Image Sharing using MSDP cloud
Use image sharing to share the images from your on-premises NetBackup server to another NetBackup server. The NetBackup server that is configured for image sharing is called Cloud Recovery Server (CRS). Image sharing also provides the ability to convert backed up VMs as AWS instances or Azure VHD in certain scenarios.
MSDP with image sharing is a self-describing storage server. When you configure image sharing, NetBackup stores all the data and metadata that is required to recover the images in the cloud.
Note:
The Cloud Recovery Server version must be the same or later than the on-premises NetBackup version.
The following table describes the image sharing feature workflow.
Table: Image sharing workflow
Task | Description |
|---|---|
Prepare a cloud recovery server. | You must have a virtual machine in your cloud environment and have NetBackup installed on it. You can deploy the virtual machine using one of the following ways.
|
Configure the NetBackup KMS server. | If KMS encryption is enabled, perform the following tasks. |
Configure image sharing on the cloud recovery server. | The NetBackup virtual machine in the cloud that is configured for image sharing is called a cloud recovery server. Perform the following steps to configure the image sharing: |
Use the image sharing. | After you configure this NetBackup virtual machine for image sharing, you can import the images from your on-premises environment to the cloud and recover them when required. You can also convert VMs to VHD in Azure or AMI in AWS. |
Read additional information about image sharing. |
In a situation where MSDP cloud backed up the deduplicated data to cloud, the NetBackup catalog was available on the on-premises NetBackup server.
Image sharing in the cloud uploads the NetBackup catalog along with the backup images and lets you restore data from the cloud without the on-premises NetBackup server.
You can launch an all-in-one NetBackup on demand that is called the cloud recovery server, and recover the backup images from the cloud.
Image sharing discovers the backup images that are stored in cloud storage through the REST APIs, command line, or web UI, recovers the NetBackup catalog, and restores the images.
You can use command line options or NetBackup web UI that have the function as REST APIs.
For the imported Standard, MS Windows, and Universal share backup images, you can instantly access them with NetBackup Instant Access APIs as the exported share is in a read-only mode. For the imported VMware images, you can instantly scan them with the VMware Malware Scan APIs as the exported share is in a read-only mode.
For Veritas Alta Recovery Vault, in the VM conversion procedure, a temporary bucket or blob container is created automatically. Region and the security options of the bucket are the same as the Veritas Alta Recovery Vault account on the image sharing server.
The temporary bucket or blob container name format is vrtsonvert-<timestamp>/VRTSConvert-<timestamp>.
For Veritas Alta Recovery Vault Amazon, MSDP-C credentials with AWS account with IAM and EC2 related permissions must be created before the VM conversion. For Veritas Alta Recovery Vault Azure, MSDP-C credentials with Azure general-purpose storage accounts must be created before the VM conversion.
Before you install NetBackup, create an instance based on SUSE Linux Enterprise or RHEL 7.3 or later. You can also set up a computer based on SUSE Linux Enterprise or RHEL 7.3 or later. The recommendation is that the instance has more than 64 GB of memory, 8 CPUs.
The HTTPS port 443 is enabled.
Change the host name to the server's FQDN.
In Azure virtual machine, you must change the internal host name, which is created automatically for you and you cannot get an internal host name from an IP address.
Add the following items in the
/etc/hostsfile:"External IP" "Server's FQDN"
"Internal IP" "Server's FQDN"
For a computer, add the following items in the
/etc/hostsfile:"IP address" "Server's FQDN"
(Optional) For an instance, change the search domain order in the
/etc/resolv.conffile to search external domains before internal domains.NetBackup should be an all-in-one setup.
Refer to the NetBackup Installation Guide for more information.
You can access NetBackup web UI to use image sharing. For more information, refer to the Create a Media Server Deduplication Pool (MSDP) storage server for image sharing topic in the NetBackup Web UI Administrator's Guide.
After installing NetBackup, you can run the ims_system_config.py script to configure image sharing.
The path to access the command is: /usr/openv/pdde/pdag/scripts/.
Amazon Web Service cloud provider:
ims_system_config.py -t PureDisk -k <AWS_access_key> -s <AWS_secret_access_key> -b <name_S3_bucket> -bs <bucket_sub_name> [-r <bucket_region>] [-p <mount_point>]
If you have configured IAM role in the EC2 instance, use the following command:
ims_system_config.py -t PureDisk -k dummy -s dummy <bucket_name> -bs <bucket_sub_name> [-r <bucket_region>] [-p <mount_point>]
Microsoft Azure cloud provider:
ims_system_config.py -cp 2 -k <key_id> -s <secret_key> -b <container_name> -bs <bucket_sub_name> [-p <_mount_point_>]
Other S3 compatible cloud providers (For example, Hitachi HCP):
If Cloud Instance has been existed in NetBackup, use the following command:
ims_system_config.py -cp 3 -t PureDisk -k <key_id> -s <secret_key> -b <bucket_name> -bs <bucket_sub_name> -c <Cloud_instance_name> [-p <mount_point>]
Or use the following command:
ims_system_config.py -cp 3 -t PureDisk -k <key_id> -s <secret_key> -b <bucket_name> -pt <cloud_provider_type> -sh <s3_hostname> -sp <s3_http_port> -sps <s3_https_port> -ssl <ssl_usage> [-p <mount_point>]
Example for HCP provider:
ims_system_config.py -cp 3 -t PureDisk -k xxx -s xxx -b emma -bs subtest -pt hitachicp -sh yyy.veritas.com -sp 80 -sps 443 -ssl 0
Description: (Specify the following options to use HCP cloud)
-cp 3: Specify the third-party S3 cloud provider that is used.
-pt hitachicp: Specify the cloud provider type as hitachicp (HCP LAN)
-t PureDisk_hitachicp_rawd: Specify the storage server type as PureDisk_hitachicp_rawd
-sh <s3_hostname>: Specify an HCP storage server host name.
-sp <s3_http_port>: Specify an HCP storage server HTTP port (Default is 80).
-sps <s3_https_port>: Specify an HCP storage server HTTP port (Default is 443).
-ssl <ssl_usage>: Specify whether to use SSL. (0- Disable SSL. 1- Enable SSL. Default is 1.) If SSL is disabled, it uses <s3_http_port> to make a connection to <s3_hostname>. Otherwise, it uses <s3_https_port>.
Note:
Configuring image sharing using MSDP cloud with the ims_system_config.py script is not supported for SUSE Linux Enterprise. Use NetBackup web UI to configure image sharing using MSDP cloud for SUSE Linux Enterprise.
You can access NetBackup web UI to use image sharing. For more information, refer to the Using image sharing from the NetBackup Web UI topic in the NetBackup Web UI Administrator's Guide.
You can use the nbimageshare command to configure image sharing.
Run the nbimageshare command to list and import the virtual machine and standard images and then recover the virtual machines.
The path to access the command is: /usr/openv/netbackup/bin/admincmd/
For more information about the nbimageshare command, refer to the NetBackup Commands Reference Guide.
The following table lists the steps for image sharing and the command options:
Table: Steps for image sharing and the command options
Step | Command |
|---|---|
|
Log on to NetBackup. |
nbimageshare --login <username> <password> nbimageshare --login -interact |
|
List all the backup images that are in the cloud. |
nbimageshare --listimage Note: In the list of images, the increment schedule type might be differential incremental or cumulative incremental. |
|
Import the backup images to NetBackup. |
Import a single image: nbimageshare --singleimport <client> <policy> <backupID> Import multiple images: nbimageshare --batchimport <image_list_file_path> Note: The format of the image_list_file_path is same as the output of "list images". The multiple images number must be equal to or less than 64. You can import an already imported image. This action does not affect the NetBackup image catalog. |
|
Recover the VM as an AWS EC2 AMI or VHD in Azure. |
nbimageshare --recovervm <client> <policy> <backupID>
|
When KMS encryption is enabled, you can share the images in the cloud storage to the cloud recovery server with manual KMS key transfer.
On-premises side:
Storage server: Find the key group name for the given Storage server.
Find contentrouter.cfg in /etc/pdregistry.cfg
Find the key group name is in contentrouter.cfg under [KMSOptions]
(Example KMSKeyGroupName=amazon.com:test1)
NetBackup primary server: Exports the key group with a passphrase to a file:
/usr/openv/netbackup/bin/admincmd/nbkmsutil -export -key_groups <key-group-name> -path <key file path>
cloud recovery server (cloud side):
Copy the exported key to the cloud recovery server.
Configure the KMS server.
/usr/openv/netbackup/bin/nbkms -createemptydb /usr/openv/netbackup/bin/nbkms /usr/openv/netbackup/bin/nbkmscmd -discovernbkms -autodiscover
Import keys to KMS service.
/usr/openv/netbackup/bin/admincmd/nbkmsutil -import -path <key file path> -preserve_kgname
Configure the cloud recovery server using NetBackup web UI or with ims_system_config.py
On-premises KMS key changes:
In the case of KMS key changes for the given group for on-premises storage server after the cloud recovery server is set up, you must export the key file from the on-premises KMS server and import that key file on the cloud recovery server.
On-premises NetBackup primary server:
Exports the key group with a passphrase to a file:
/usr/openv/netbackup/bin/admincmd/nbkmsutil -export -key_groups <key-group-name> -path <key file path>
Cloud recovery server:
/usr/openv/netbackup/bin/admincmd/nbkmsutil -deletekg -kgname <key-group-name> -force
/usr/openv/netbackup/bin/admincmd/nbkmsutil -import -path <key file path> -preserve_kgname
If an on-premises storage server is configured to use keys from an external KMS server, then make sure that the same KMS server is configured on the cloud recovery server before running ims_system_config.py. To know more about configuring an external KMS server in NetBackup, refer to NetBackup Security and Encryption Guide.
Make sure that the external KMS server is reachable from the cloud recovery server on a specific port.
It is recommended that you launch a cloud recovery server on demand and do not upgrade it.
Do not use nbdevconfig to modify cloud LSU or add new cloud LSU in the image sharing server as it might cause an issue in the image sharing server (cloud recovery server). If KMS encryption is enabled in the on-premises side after image sharing server is configured, the encrypted image cannot be imported by this image sharing server.
Cloud LSU requires free disk space. When you configure image sharing server using the ims_system_config.py script, ensure that you have enough disk space in the default mount point or storage, or you can use -p parameter of ims_system_config.py to specify a different mount point to meet the requirement of free disk spaces.
After the image is imported in the image sharing server, the image catalog exists in the image sharing server. If the image is expired on the on-premises NetBackup domain, then restoring the image to the image sharing server fails even though the image catalog exists in the image sharing server.
The imported image expiration time is the time for which the imported image catalog exists in the image sharing server. If the image expires in the image sharing server, the image catalog in the image sharing server is removed but the image data in the cloud storage is not removed.
You can restore any image that you import in the image sharing server. Only VM images in AWS and Azure can be recovered because they can be converted into EC2 instances in AWS or VHD in Azure. VM images in other cloud storages cannot be converted, and can only be restored. You can recover only the VM images that are full backup images or accelerator-enabled incremental backup images.
Image sharing supports many policy types.
See the NetBackup compatibility list for the latest information on the supported policy types.
After the image sharing is configured, the storage server is in a read-only mode. Some MSDP commands are not supported.
For information on the VM recovery limitations in AWS, refer to the AWS VM import information in AWS help.
You can configure the maximum active jobs when the images are imported to cloud storage.
Modify the file path
/usr/openv/var/global/wsl/config/web.confto add the configuration item as imageshare.maxActiveJobLimit.For example, imageshare.maxActiveJobLimit=16.
The default value is 16 and the configurable range is 1 to 100.
If the import request is made and the active job count exceeds the configured limit, the following message is displayed:
"Current active job count exceeded active job count limitation".
The images in cloud storage can be shared. If Amazon Glacier, Deep Archive or Azure Archive is enabled, you cannot use image sharing.
Regarding the errors about role policy size limitation in AWS:
Errors that occur when the role policy size exceeds the maximum size is an AWS limitation. You can find the following error in a failed restore job:
"error occurred (LimitExceeded) when calling the PutRolePolicy operation: Maximum policy size of 10240 bytes exceeded for role vmimport"
Workaround:
You can change the maximum policy size limit for the vmimport role.
You can list and delete the existing policies using the following commands:
aws iam list-role-policies --role-name vmimport aws iam delete-role-policy --role-name vmimport --policy-name <bucketname> -vmimport
The recover operation with AWS provider includes the AWS import process. Therefore, a vmdk image cannot be recovered concurrently in two restore jobs at the same time.
In AWS, the image sharing feature can recover the virtual machines that satisfy the Amazon Web Services VM import prerequisites.
For more information about the prerequisites, refer to the following article:
https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html
If you cannot obtain the administrator password to use an AWS EC2 instance that has a Windows OS, the following error is displayed:
Password is not available. This instance was launched from a custom AMI, or the default password has changed. A password cannot be retrieved for this instance. If you have forgotten your password, you can reset it using the Amazon EC2 configuration service. For more information, see Passwords for a Windows Server Instance.This error occurs after the instance is launched from an AMI that is converted using image sharing.
For more information, refer to the following articles:
You cannot cancel an import job on the cloud recovery server.
If there is data optimization done on the on-premises image, you might not be able to restore the image that you have imported on the cloud recovery server. You can expire this image, import it again on the image-sharing server, and then restore the image.
After the backup job, duplication job, or AIR import job completes, you can import the images on a cloud recovery server. The images that are created by User-Archive job cannot be imported.
If you want to convert a VM image again, you must delete the VHD from the Azure blob.