NetBackup™ Deduplication Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.4)
  1. Introducing the NetBackup media server deduplication option
    1.  
      About the NetBackup deduplication options
  2. Quick start
    1.  
      About client-side deduplication
    2. About the media server deduplication (MSDP) node cloud tier
      1.  
        Configuring the MSDP node cloud tier
    3.  
      About Auto Image Replication (A.I.R.)
  3. Planning your deployment
    1.  
      Planning your MSDP deployment
    2.  
      NetBackup naming conventions
    3.  
      About MSDP deduplication nodes
    4.  
      About the NetBackup deduplication destinations
    5.  
      About MSDP storage capacity
    6. About MSDP storage and connectivity requirements
      1.  
        Fibre Channel and iSCSI comparison for MSDP
    7. About NetBackup media server deduplication
      1.  
        About MSDP storage servers
      2.  
        About MSDP load balancing servers
      3.  
        About MSDP server requirements
      4.  
        About MSDP unsupported configurations
    8. About NetBackup Client Direct deduplication
      1.  
        About MSDP client deduplication requirements and limitations
    9. About MSDP remote office client deduplication
      1.  
        About MSDP remote client data security
      2.  
        About remote client backup scheduling
    10.  
      About the NetBackup Deduplication Engine credentials
    11.  
      About the network interface for MSDP
    12.  
      About MSDP port usage
    13.  
      About MSDP optimized synthetic backups
    14.  
      About MSDP and SAN Client
    15.  
      About MSDP optimized duplication and replication
    16. About MSDP performance
      1.  
        How file size may affect the MSDP deduplication rate
    17. About MSDP stream handlers
      1.  
        Oracle stream handler
      2.  
        Microsoft SQL Server stream handler
    18. MSDP deployment best practices
      1.  
        Use fully qualified domain names
      2.  
        About scaling MSDP
      3.  
        Send initial full backups to the storage server
      4.  
        Increase the number of MSDP jobs gradually
      5.  
        Introduce MSDP load balancing servers gradually
      6.  
        Implement MSDP client deduplication gradually
      7.  
        Use MSDP compression and encryption
      8.  
        About the optimal number of backup streams for MSDP
      9.  
        About storage unit groups for MSDP
      10.  
        About protecting the MSDP data
      11.  
        Save the MSDP storage server configuration
      12.  
        Plan for disk write caching
  4. Provisioning the storage
    1.  
      About provisioning the storage for MSDP
    2.  
      Do not modify MSDP storage directories and files
    3.  
      About volume management for NetBackup MSDP
  5. Licensing deduplication
    1.  
      About the MSDP license
    2.  
      Licensing NetBackup MSDP
  6. Configuring deduplication
    1.  
      Configuring MSDP server-side deduplication
    2.  
      Configuring MSDP client-side deduplication
    3.  
      About the MSDP Deduplication Multi-Threaded Agent
    4. Configuring the Deduplication Multi-Threaded Agent behavior
      1.  
        MSDP mtstrm.conf file parameters
    5.  
      Configuring deduplication plug-in interaction with the Multi-Threaded Agent
    6.  
      About MSDP fingerprinting
    7.  
      About the MSDP fingerprint cache
    8. Configuring the MSDP fingerprint cache behavior
      1.  
        MSDP fingerprint cache behavior options
    9.  
      About seeding the MSDP fingerprint cache for remote client deduplication
    10.  
      Configuring MSDP fingerprint cache seeding on the client
    11. Configuring MSDP fingerprint cache seeding on the storage server
      1.  
        NetBackup seedutil options
    12.  
      About sampling and predictive cache
    13.  
      Rebuilding the sampling cache
    14.  
      Enabling 400 TB support for MSDP
    15. About MSDP Encryption using NetBackup Key Management Server service
      1.  
        Upgrading KMS for MSDP
      2.  
        Enabled KMS encryption for Local LSU
    16.  
      About MSDP Encryption using external KMS server
    17. Configuring a storage server for a Media Server Deduplication Pool
      1.  
        MSDP storage path properties
      2.  
        MSDP network interface properties
    18.  
      About disk pools for NetBackup deduplication
    19. Configuring a disk pool for deduplication
      1.  
        Media Server Deduplication Pool properties
    20.  
      Creating the data directories for 400 TB MSDP support
    21.  
      Adding volumes to a 400 TB Media Server Deduplication Pool
    22. Configuring a Media Server Deduplication Pool storage unit
      1.  
        Media Server Deduplication Pool storage unit properties
      2.  
        MSDP storage unit recommendations
    23.  
      Configuring client attributes for MSDP client-side deduplication
    24.  
      Disabling MSDP client-side deduplication for a client
    25.  
      Disable client-side deduplication for all clients in a policy
    26.  
      About MSDP compression
    27.  
      About MSDP encryption
    28.  
      Configuring encryption for MSDP local storage volume
    29.  
      Configuring encryption for MSDP cloud storage volumes
    30.  
      Configuring MSDP encryption on different platforms
    31.  
      About the rolling data conversion mechanism for MSDP
    32.  
      Modes of rolling data conversion
    33.  
      MSDP encryption behavior and compatibilities
    34.  
      Configuring optimized synthetic backups for MSDP
    35.  
      About a separate network path for MSDP duplication and replication
    36.  
      Configuring a separate network path for MSDP duplication and replication
    37. About MSDP optimized duplication within the same domain
      1. About the media servers for MSDP optimized duplication within the same domain
        1.  
          About MSDP push duplication within the same domain
        2.  
          About MSDP pull duplication within the same domain
    38. Configuring MSDP optimized duplication within the same NetBackup domain
      1. Configuring NetBackup optimized duplication or replication behavior
        1.  
          Setting NetBackup configuration options by using the command line
    39.  
      About MSDP replication to a different domain
    40. Configuring MSDP replication to a different NetBackup domain
      1. About NetBackup Auto Image Replication
        1.  
          One-to-many Auto Image Replication model
        2.  
          Cascading Auto Image Replication model
        3.  
          About the domain relationship for replication
        4.  
          About the replication topology for Auto Image Replication
        5. Viewing the replication topology for Auto Image Replication
          1.  
            Sample volume properties output for MSDP replication
      2.  
        About trusted primary servers for Auto Image Replication
      3.  
        About the certificate to use to add a trusted primary server
      4.  
        Add a trusted primary server
      5.  
        Remove a trusted primary server
      6.  
        Enable inter-node authentication for a NetBackup clustered primary server
      7.  
        Configuring NetBackup CA and NetBackup host ID-based certificate for secure communication between the source and the target MSDP storage servers
      8.  
        Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server
      9. Configuring a target for MSDP replication to a remote domain
        1.  
          Target options for MSDP replication
        2.  
          Configuring a NetBackup Deduplication Engine user with limited permissions for Auto Image Replication
    41.  
      About configuring MSDP optimized duplication and replication bandwidth
    42.  
      About performance tuning of optimized duplication and replication for MSDP cloud
    43.  
      About storage lifecycle policies
    44.  
      About the storage lifecycle policies required for Auto Image Replication
    45. Creating a storage lifecycle policy
      1.  
        Storage Lifecycle Policy dialog box settings
    46.  
      About MSDP backup policy configuration
    47.  
      Creating a backup policy
    48. Resilient network properties
      1.  
        Resilient connection resource usage
    49.  
    50.  
      Adding an MSDP load balancing server
    51.  
      About variable-length deduplication on NetBackup clients
    52.  
      Managing the variable-length deduplication using the cacontrol command-line utility
    53.  
      About the MSDP pd.conf configuration file
    54. Editing the MSDP pd.conf file
      1.  
        MSDP pd.conf file parameters
    55.  
      About the MSDP contentrouter.cfg file
    56.  
      About saving the MSDP storage server configuration
    57.  
      Saving the MSDP storage server configuration
    58.  
      Editing an MSDP storage server configuration file
    59.  
      Setting the MSDP storage server configuration
    60.  
      About the MSDP host configuration file
    61.  
      Deleting an MSDP host configuration file
    62.  
      Resetting the MSDP registry
    63. About protecting the MSDP catalog
      1.  
        About the MSDP shadow catalog
      2.  
        About the MSDP catalog backup policy
    64.  
      Changing the MSDP shadow catalog path
    65.  
      Changing the MSDP shadow catalog schedule
    66.  
      Changing the number of MSDP catalog shadow copies
    67. Configuring an MSDP catalog backup
      1.  
        MSDP drcontrol options
    68.  
      Updating an MSDP catalog backup policy
    69.  
      About MSDP FIPS compliance
    70.  
      Configuring the NetBackup client-side deduplication to support multiple interfaces of MSDP
    71.  
      About MSDP multi-domain support
    72.  
      About MSDP application user support
    73.  
      About MSDP mutli-domain VLAN Support
    74. About NetBackup WORM storage support for immutable and indelible data
      1.  
        About the NetBackup command line options to configure immutable and indelible data
    75. Running MSDP services with the non-root user
      1.  
        Changing the service user after installation or upgrade
    76.  
      Running MSDP commands with the non-root user
  7. MSDP cloud support
    1. About MSDP cloud support
      1.  
        Operating system requirement for configuration
      2.  
        Limitations
    2.  
      Create a Media Server Deduplication Pool (MSDP, MSDP Cloud) storage server in the NetBackup web UI
    3.  
      Managing credentials for MSDP-C
    4.  
      Creating a cloud storage unit
    5.  
      Updating cloud credentials for a cloud LSU
    6.  
      Updating encryption configurations for a cloud LSU
    7.  
      Deleting a cloud LSU
    8.  
      Backup data to cloud by using cloud LSU
    9.  
      Duplicate data cloud by using cloud LSU
    10.  
      Configuring AIR to use cloud LSU
    11.  
      About backward compatibility support
    12.  
      About the configuration items in cloud.json, contentrouter.cfg, and spa.cfg
    13. Cloud space reclamation
      1.  
        Configuring the container aging
      2.  
        Configuring the cloud compaction
    14.  
      About the tool updates for cloud support
    15. About the disaster recovery for cloud LSU
      1.  
        Common disaster recovery steps
      2.  
        Disaster recovery for cloud LSU in Flex Scale
      3.  
        Additional steps for Veritas Alta Recovery Vault Azure disaster recovery
    16. About Image Sharing using MSDP cloud
      1.  
        Things to consider before you use image sharing to convert VM image to VHD in Azure
      2. Converting the VM image to VHD in Azure
        1.  
          Converting the Windows VM image to VHD
        2.  
          Converting the RHEL7.6 VM image to VHD
        3.  
          Converting SUSE 12 SP4 VM image to VHD
        4.  
          Converting RHEL 8.6 VM image to VHD
        5.  
          Converting SLES 15 SP4 VM image to VHD
    17.  
      About restore from a backup in Microsoft Azure Archive
    18.  
      About Veritas Alta Recovery Vault Azure and Amazon
    19.  
      Configuring Veritas Alta Recovery Vault Azure and Azure Government
    20.  
      Configuring Veritas Alta Recovery Vault Azure and Azure Government using the CLI
    21.  
      Configuring Veritas Alta Recovery Vault Amazon and Amazon Government
    22.  
      Configuring Veritas Alta Recovery Vault Amazon and Amazon Government using the CLI
    23.  
      Migrating from standard authentication to token-based authentication for Recovery Vault
    24. About MSDP cloud immutable (WORM) storage support
      1.  
        Creating a cloud immutable storage unit using the web UI
      2.  
        Updating a cloud immutable volume
      3. About immutable object support for AWS S3
        1.  
          Extend the cloud immutable volume live duration automatically
        2.  
          Performance tuning
        3.  
          AWS user permissions to create the cloud immutable volume
        4.  
          About bucket policy for immutable storage
      4.  
        About immutable object support for AWS S3 compatible platforms
      5.  
        About immutable storage support for Azure blob storage
      6. About bucket-level immutable storage support for Google Cloud Storage
        1.  
          Creating a Google cloud immutable storage using the Web UI
        2.  
          Managing a Google cloud immutable storage using msdpcldutil tool
      7. About object-level immutable storage support for Google Cloud Storage
        1.  
          Google cloud storage user permissions to create the cloud immutable volume
      8.  
        About using the cloud immutable storage in a cluster environment
      9.  
        Troubleshooting the errors when disk volume creation using web UI fails
      10.  
        Deleting the immutable image with the enterprise mode
      11.  
        Deleting the S3 object permanently
      12.  
        About MSDP cloud admin tool
    25. About AWS IAM Role Anywhere support
      1.  
        Prerequisites for AWS IAM Role Anywhere configuration
      2. Configure IAM Role Anywhere in AWS
        1.  
          Create the required certificates
        2.  
          Create the trust anchor
        3.  
          Create policy
        4.  
          Create role
        5.  
          Create profile
        6.  
          Configure a new disk pool using AWS IAM Anywhere
    26. About Azure service principal support
      1.  
        Prerequisites for Azure service principal configuration
      2. Configure Azure service principal
        1.  
          Create a new custom role
        2.  
          Create a new service principal
      3.  
        Configure a disk pool using Azure service principal
    27.  
      About instant access for object storage in cloud
    28. About NetBackup support for AWS Snowball Edge
      1.  
        Interfacing with the device
      2.  
        Using Credentials
      3. Configuring NetBackup for AWS Snowball Edge
        1.  
          Configuring SSL for AWS Snowball Edge
        2.  
          Configuring NetBackup for AWS Snowball Edge with SSL Enabled
      4.  
        Shipping the device
      5. Reconfigure NetBackup to work with S3
        1.  
          Bucket is in a default AWS Region
        2.  
          Bucket is in a non-default AWS Region (or storage already exists in the AWS region)
      6.  
        Configuring NetBackup for AWS Snowball Edge using CLI
      7.  
        Using AWS Snowball Edge for large backup restore
      8.  
        Limitations when AWS Snowball Edge is used
    29.  
      Upgrading to NetBackup 10.3 and cluster environment
  8. S3 Interface for MSDP
    1.  
      About S3 interface for MSDP
    2.  
      Prerequisites for MSDP build-your-own (BYO) server
    3. Configuring S3 interface for MSDP on MSDP build-your-own (BYO) server
      1.  
        Changing the certificate in S3 server
      2.  
        Changing the ETAG type of the S3 objects
    4. Identity and Access Management (IAM) for S3 interface for MSDP
      1.  
        Signing IAM and S3 API requests
      2.  
        IAM workflow
      3. IAM APIs for S3 interface for MSDP
        1.  
          Common Parameters
        2.  
          Common Error Codes
        3.  
          CreateUser
        4.  
          GetUser
        5.  
          ListUsers
        6.  
          DeleteUser
        7.  
          CreateAccessKey
        8.  
          ListAccessKeys
        9.  
          DeleteAccessKey
        10.  
          UpdateAccessKey
        11.  
          PutUserPolicy
        12.  
          GetUserPolicy
        13.  
          ListUserPolicies
        14.  
          DeleteUserPolicy
        15.  
          Data Types
      4.  
        IAM policy document syntax
    5.  
      S3 Object Lock In Flex WORM
    6. S3 APIs for S3 interface for MSDP
      1. S3 APIs on Buckets
        1.  
          CreateBucket
        2.  
          DeleteBucket
        3.  
          GetBucketEncryption
        4.  
          GetBucketLocation
        5.  
          GetBucketVersioning
        6.  
          HeadBucket
        7.  
          ListBuckets
        8.  
          ListMultipartUploads
        9.  
          ListObjects
        10.  
          ListObjectsV2
        11.  
          ListObjectVersions
        12.  
          PutBucketVersioning
        13.  
          Put Object Lock Configuration (Flex WORM only)
        14.  
          Get Object Lock Configuration (Flex WORM only)
      2. S3 APIs on Objects
        1.  
          AbortMultipartUpload
        2.  
          CompleteMultipartUpload
        3.  
          CreateMultipartUpload
        4.  
          DeleteObject
        5.  
          DeleteObjects
        6.  
          GetObject
        7.  
          HeadObject
        8.  
          PutObject
        9.  
          Copy Object
        10.  
          UploadPart
        11.  
          PutObject (snowball-auto-extract for small files)
        12.  
          Put Object Retention (Flex WORM only)
        13.  
          Get Object Retention (Flex WORM only)
      3.  
        The naming rules for buckets and objects
    7.  
      Creating a protection policy for the MSDP object store
    8.  
      Recovering the MSDP object store data from the backup images
    9. Disaster recovery in S3 interface for MSDP
      1.  
        Recovering the MSDP S3 IAM configurations from cloud LSU
    10.  
      Limitations in S3 interface for MSDP
    11.  
      Logging and troubleshooting
    12.  
      Best practices
  9. Monitoring deduplication activity
    1.  
      Monitoring the MSDP deduplication and compression rates
    2. Viewing MSDP job details
      1.  
        MSDP job details
    3.  
      About MSDP storage capacity and usage reporting
    4.  
      About MSDP container files
    5.  
      Viewing storage usage within MSDP container files
    6.  
      About monitoring MSDP processes
    7.  
      Reporting on Auto Image Replication jobs
    8.  
      Checking the image encryption status
  10. Managing deduplication
    1. Managing MSDP servers
      1.  
        Viewing MSDP storage servers
      2.  
        Determining the MSDP storage server state
      3.  
        Viewing MSDP storage server attributes
      4.  
        Setting MSDP storage server attributes
      5.  
        Changing MSDP storage server properties
      6.  
        Clearing MSDP storage server attributes
      7.  
        About changing the MSDP storage server name or storage path
      8.  
        Changing the MSDP storage server name or storage path
      9.  
        Removing an MSDP load balancing server
      10.  
        Deleting an MSDP storage server
      11.  
        Deleting the MSDP storage server configuration
    2. Managing NetBackup Deduplication Engine credentials
      1.  
        Determining which media servers have deduplication credentials
      2.  
        Adding NetBackup Deduplication Engine credentials
      3.  
        Changing NetBackup Deduplication Engine credentials
      4.  
        Deleting credentials from a load balancing server
    3. Managing Media Server Deduplication Pools
      1.  
        Viewing Media Server Deduplication Pools
      2.  
        Determining the Media Server Deduplication Pool state
      3.  
        Viewing Media Server Deduplication Pool attributes
      4.  
        Setting a Media Server Deduplication Pool attribute
      5. Changing a Media Server Deduplication Pool properties
        1.  
          How to resolve volume changes for Auto Image Replication
      6.  
        Clearing a Media Server Deduplication Pool attribute
      7.  
        Determining the MSDP disk volume state
      8.  
        Changing the MSDP disk volume state
      9.  
        Deleting a Media Server Deduplication Pool
    4.  
      Analyzing the disc space consumption of the backup images
    5.  
      Deleting backup images
    6.  
      About MSDP queue processing
    7.  
      Processing the MSDP transaction queue manually
    8.  
      About MSDP data integrity checking
    9. Configuring MSDP data integrity checking behavior
      1.  
        MSDP data integrity checking configuration parameters
    10.  
      About managing MSDP storage read performance
    11. About MSDP storage rebasing
      1.  
        MSDP server-side rebasing parameters
    12.  
      About the MSDP data removal process
    13.  
      Resizing the MSDP storage partition
    14.  
      How MSDP restores work
    15.  
      Configuring MSDP restores directly to a client
    16.  
      About restoring files at a remote site
    17.  
      About restoring from a backup at a target primary domain
    18.  
      Specifying the restore server
    19.  
      Enabling extra OS STIG hardening on WORM storage server instance
  11. Recovering MSDP
    1.  
      About recovering the MSDP catalog
    2.  
      Restoring the MSDP catalog from a shadow copy
    3.  
      Recovering from an MSDP storage server disk failure
    4.  
      Recovering from an MSDP storage server failure
    5.  
      Recovering the MSDP storage server after NetBackup catalog recovery
  12. Replacing MSDP hosts
    1.  
      Replacing the MSDP storage server host computer
  13. Uninstalling MSDP
    1.  
      About uninstalling MSDP
    2.  
      Deactivating MSDP
  14. Deduplication architecture
    1.  
      MSDP server components
    2.  
      Media server deduplication backup process
    3.  
      MSDP client components
    4.  
      MSDP client - side deduplication backup process
  15. Configuring and using universal shares
    1.  
      About universal shares
    2.  
      Advantages of universal shares
    3.  
      Configuring and using an MSDP build-your-own (BYO) server for universal shares
    4.  
      MSDP build-your-own (BYO) server prerequisites and hardware requirements to configure universal shares
    5.  
      About the deduplication web service user and the user group for MSDP BYO server
    6. Configuring universal share user authentication
      1.  
        Active Directory-based authentication
      2.  
        Local user-based authentication
      3. Kerberos-based authentication
        1.  
          Creating Active Directory users for Kerberos authentication
        2.  
          Registering the Kerberos principals to the KDC database
        3.  
          Configuring the Kerberos-based authentication on the servers and the clients
        4.  
          Troubleshooting the universal share mount operation issue
    7.  
      Mounting a universal share created from the NetBackup web UI
    8.  
      About universal share self-service recovery
    9.  
      Performing a universal share self-service recovery
    10. Using the ingest mode
      1.  
        Using the ingest mode to take a snapshot over NFS or SMB
      2.  
        Using the ingest mode to run a policy using NFS or SMB
    11.  
      About universal shares with object store
    12. Enabling a universal share with object store
      1.  
        Enabling instant access with object storage
    13.  
      Universal share with disabled MSDP data volumes
    14.  
      About the vpfs_stats utility
    15.  
      Disaster recovery for a universal share
    16.  
      Changing the number of vpfsd instances
    17.  
      Enabling variable-length deduplication (VLD) algorithm for universal shares
    18.  
      Upgrading to NetBackup 10.4
    19.  
      About universal share accelerator
    20.  
      Preparing NetBackup for the universal share accelerator
    21.  
      Installing the universal share accelerator
    22. Configure a universal share accelerator
      1.  
        Creating a universal share accelerator
      2.  
        Mounting a Universal share accelerator
      3.  
        Deleting a universal share accelerator
      4.  
        Unconfiguring a universal share accelerator
      5.  
        Managing the universal share accelerator services
      6.  
        Adding additional storage paths for universal share accelerator
    23.  
      Creating a protection policy for the universal share accelerator
    24. About the universal share accelerator quota
      1.  
        Enabling or changing the quota
      2.  
        Reviewing the quota usage
      3.  
        Repairing the quota of the universal share
    25.  
      Recovering a point in time for the universal share accelerator
    26.  
      Deleting a recovered universal share accelerator
    27.  
      Logging for universal share accelerator
    28.  
      Logging and reporting for universal share VPFS instance
    29.  
      Vpfsd logs for file system operations in universal shares
    30.  
      Using the marker file interface for universal share operations
  16. Configuring isolated recovery environment (IRE)
    1.  
      Requirements
    2.  
      Configuring the network isolation
    3. Configuring an isolated recovery environment using the web UI
      1.  
        Configuring the allowed subnets
      2.  
        Configuring the reverse connections
      3.  
        Configuring the reverse replication schedule
      4.  
        Adding a replication operation to SLP at the production primary server
    4. Configuring an isolated recovery environment using the command line
      1.  
        Configuring an isolated recovery environment on a NetBackup BYO media server
      2.  
        Managing an isolated recovery environment on a NetBackup BYO media server
      3.  
        Configuring A.I.R. for replicating backup images from production environment to IRE BYO environment
      4.  
        Configuring an isolated recovery environment on a WORM storage server
      5.  
        Managing an isolated recovery environment on a WORM storage server
      6.  
        Configuring data transmission between a production environment and an IRE WORM storage server
  17. Using the NetBackup Deduplication Shell
    1.  
      About the NetBackup Deduplication Shell
    2. Managing users from the deduplication shell
      1.  
        Adding and removing local users from the deduplication shell
      2.  
        Adding MSDP users from the deduplication shell
      3.  
        Connecting an Active Directory domain to a WORM or an MSDP storage server for Universal Shares and Instant Access
      4.  
        Disconnecting an Active Directory domain from the deduplication shell
      5.  
        Changing a user password from the deduplication shell
    3.  
      Managing VLAN interfaces from the deduplication shell
    4.  
      Managing the retention policy on a WORM storage server
    5.  
      Managing images with a retention lock on a WORM storage server
    6.  
      Auditing WORM retention changes
    7.  
      Protecting the NetBackup catalog from the deduplication shell
    8. About the external MSDP catalog backup
      1.  
        Configuring an external MSDP catalog backup from the deduplication shell
      2.  
        Restoring from the external MSDP catalog backup
      3.  
        Troubleshooting the external MSDP catalog backup
    9. Managing certificates from the deduplication shell
      1.  
        Viewing the certificate details from the deduplication shell
      2.  
        Importing certificates from the deduplication shell
      3.  
        Removing certificates from the deduplication shell
    10.  
      Managing FIPS mode from the deduplication shell
    11.  
      Encrypting backups from the deduplication shell
    12.  
      Tuning the MSDP configuration from the deduplication shell
    13.  
      Setting the MSDP log level from the deduplication shell
    14. Managing NetBackup services from the deduplication shell
      1.  
        Managing the cyclic redundancy checking (CRC) service
      2.  
        Managing the content router queue processing (CRQP) service
      3.  
        Managing the online checking service
      4.  
        Managing the compaction service
      5.  
        Managing the deduplication (MSDP) services
      6.  
        Managing the MSDP services across the cluster
      7.  
        Managing the Storage Platform Web Service (SPWS)
      8.  
        Managing Open Cloud Storage Daemon
      9.  
        Managing the Veritas provisioning file system (VPFS) configuration parameters
      10.  
        Managing the Veritas provisioning file system (VPFS) mounts
      11.  
        Managing the NGINX service
      12.  
        Managing the SMB service
    15. Monitoring and troubleshooting NetBackup services from the deduplication shell
      1.  
        Managing the health monitor
      2.  
        Viewing information about the system
      3.  
        Viewing the deduplication (MSDP) history or configuration files
      4.  
        Viewing process information in the pseudo-file system
      5.  
        Viewing the deduplication rate of a Veritas provisioning file service (VPFS) share
      6.  
        Viewing the log files
      7.  
        Collecting and transferring troubleshooting files
    16. Managing S3 service from the deduplication shell
      1.  
        Configuring the S3 service
      2.  
        Creating or resetting root credentials
      3.  
        Changing the S3 service certificates
      4.  
        Managing the S3 service
      5.  
        Changing S3 service log level
    17.  
      Multi-person authorization for deduplication shell commands
    18.  
      Managing cloud LSU in Flex Scale and Cloud Scale
  18. Troubleshooting
    1. About unified logging
      1.  
        About using the vxlogview command to view unified logs
      2.  
        Examples of using vxlogview to view unified logs
    2. About legacy logging
      1.  
        Creating NetBackup log file directories for MSDP
    3.  
      NetBackup MSDP log files
    4. Troubleshooting MSDP configuration issues
      1.  
        MSDP storage server configuration fails
      2.  
        MSDP database system error (220)
      3.  
        MSDP server not found error
      4.  
        License information failure during MSDP configuration
      5.  
        The disk pool wizard does not display an MSDP volume
    5. Troubleshooting MSDP operational issues
      1.  
        Verify that the MSDP server has sufficient memory
      2.  
        MSDP backup or duplication job fails
      3.  
        MSDP client deduplication fails
      4.  
        MSDP volume state changes to DOWN when volume is unmounted
      5.  
        MSDP errors, delayed response, hangs
      6.  
        Cannot delete an MSDP disk pool
      7.  
        MSDP media open error (83)
      8.  
        MSDP media write error (84)
      9.  
        MSDP no images successfully processed (191)
      10.  
        MSDP storage full conditions
      11.  
        Troubleshooting MSDP catalog backup
      12.  
        Storage Platform Web Service (spws) does not start
      13.  
        Disk volume API or command line option does not work
    6.  
      Viewing MSDP disk errors and events
    7.  
      MSDP event codes and messages
    8.  
      Unable to obtain the administrator password to use an AWS EC2 instance that has a Windows OS
    9. Trouble shooting multi-domain issues
      1.  
        Unable to configure OpenStorage server from another domain
      2.  
        MSDP storage server is down when you configure an OpenStorage server
      3.  
        MSDP server is overloaded when it is used by multiple NetBackup domains
    10.  
      Troubleshooting the cloud compaction error messages
  19. Appendix A. Migrating to MSDP storage
    1.  
      Migrating from another storage type to MSDP
  20. Appendix B. Migrating from Cloud Catalyst to MSDP direct cloud tiering
    1.  
      About migration from Cloud Catalyst to MSDP direct cloud tiering
    2.  
      About Cloud Catalyst migration strategies
    3. About direct migration from Cloud Catalyst to MSDP direct cloud tiering
      1.  
        About requirements for a new MSDP direct cloud tier storage server
      2.  
        About beginning the direct migration
      3.  
        Placing the Cloud Catalyst server in a consistent state
      4.  
        About installing and configuring the new MSDP direct cloud tier server
      5.  
        Running the migration to the new MSDP direct cloud tier server
    4.  
      About postmigration configuration and cleanup
    5.  
      About the Cloud Catalyst migration -dryrun option
    6.  
      About Cloud Catalyst migration cacontrol options
    7.  
      Reverting back to Cloud Catalyst from a successful migration
    8.  
      Reverting back to Cloud Catalyst from a failed migration
  21. Appendix C. Encryption Crawler
    1.  
      About the Encryption Crawler
    2.  
      About the two modes of the Encryption Crawler
    3.  
      Managing the Encryption Crawler
    4.  
      Advanced options
    5.  
      Tuning options
    6.  
      Encrypting the data
    7.  
      Command usage example outputs
  22.  
    Index

Configuring the Kerberos-based authentication on the servers and the clients

You can configure the Kerberos-based authentication for NetBackup BYO, Flex media server, Flex WORM, and Flex Scale.

You must configure Kerberos-based authentication both on the servers and the clients.

For NetBackup BYO environment, before you configure Kerberos authentication on NetBackup servers and clients, check if the necessary krb5 package is installed on the system. Run the following commands to check if these packages are installed or not:

yum info krb5-workstation

yum info pam_krb5

To configure Kerberos-based authentication on the servers

  • On the NetBackup server, run the vpfs_nfs_krb.sh script to create keytab entries for Kerberos principals.

    /usr/openv/pdde/vpfs/bin/vpfs_nfs_krb.sh

    For NetBackup BYO, run the script in the command window. For Flex media server, you must log in to the Flex host and then enter the media container to run the script.

    • Add the key entries.

      ./vpfs_nfs_krb.sh add --user nfs/storage-server.mydomain.com

    • Delete the key entries.

      ./vpfs_nfs_krb.sh delete --user nfs/storage-server.mydomain.com

    • Verify Kerberos principal login.

      ./vpfs_nfs_krb.sh verify --user nfs/storage-server.mydomain.com

    • Update the password for Kerberos principals.

      ./vpfs_nfs_krb.sh update --user nfs/storage-server.mydomain.com

    • Display the key entries.

      ./vpfs_nfs_krb.sh list

    • Display the configurations related to Kerberos authentication.

      ./vpfs_nfs_krb.sh status

    For Flex WORM and Flex Scale, you must log in to the WORM or MSDP engine shell to run these commands.

    • Add the key entries.

      setting SecureNfs add-krb-user krbuser=nfs/storage-server.mydomain.com

    • Delete the key entries.

      setting SecureNfs delete-krb-user krbuser=nfs/storage-server.mydomain.com

    • Verify Kerberos principal login.

      setting SecureNfs verify-krb-user krbuser=nfs/storage-server.mydomain.com

    • Update the password for Kerberos principals.

      setting SecureNfs update-krb-user krbuser=nfs/storage-server.mydomain.com

    • Display the key entries.

      setting SecureNfs list-krb-users

    • Display the configurations related to Kerberos authentication.

      setting SecureNfs nfs-secure-status

    Both nfs/storage-server.mydomain.com and host/storage-server.mydomain.com principals must be added to the /etc/krb5.keytab in the storage servers.

    For Flex Scale, you must create both nfs/storage-server.mydomain.com and host/storage-server.mydomain.com principals for every MSDP engine. Here, the storage-server is the MSDP engine host name configured in Flex Scale web UI. You can find these names in Monitor > NetBackup > Storage servers list on the NetBackup web UI. All these principals must be added to the krb5.keytab file by running the MSDP shell command. In every engine, the /etc/krb5.keytab file contains key entries of all principals that are created for all engines in the cluster.

    For multi-VLAN environments, storage servers may have more than one IPs. If you need to mount the universal shares from the clients that are in the secondary VLAN, ensure that other FQDNs of the storage servers and clients are added in DNS, and corresponding Active Directory users are created and registered as Kerberos principals. The key entries also need to be added to the /etc/krb5.keytab file.

To configure Kerberos-based authentication on the universal share clients

  1. Create /etc/krb5.conf file for the Kerberos authentication.

    You can copy the /etc/krb5.conf file from a storage server where universal share is configured.

    Note:

    If there is kdc section defined in krb5.conf file. Copy kdc.conf file along with /etc/krb5.conf file.

  2. Enable SECURE_NFS in the /etc/sysconfig/nfs file.

    Add the line SECURE_NFS=yes in the /etc/sysconfig/nfs configuration file.

    Then, run the following command to restart the service:

    systemctl restart nfs-secure

    Note:

    This configuration is required only on Red Hat 7 or earlier versions. On Red Hat 8 and 9, this step is not required.

  3. Create keytab entries for Kerberos principals.

    You can configure the keytab file by using one of the following two methods:

    • Copy vpfs_nfs_krb.sh script from a storage server, then run the script to configure the keytab file.

    • After the Active Directory user for a universal share client is created, run ktpass utility to generate the keytab for the Kerberos principal.

      Then, copy the keytab file to the NFS client /etc folder and rename it to /etc/krb5.keytab.

    Note:

    If the universal share client has the existing /etc/krb5.keytab file, use the vpfs_nfs_krb.sh script to add the key entries.

    The script vpfs_nfs_krb.sh can write logs about universal share configuration-related operations. The logs are available only for universal share servers.

    You can find the logs at the following location: /<storage path>/log/vpfs/yymmdd_*_vpfs_nfs_krb.log