Images duplicated to WORM storage have unlock time calculated from duplication date not backup date

Article: 100054351
Last Published: 2023-03-13
Ratings: 0 0
Product(s): NetBackup

Problem

When a NetBackup backup image is manually duplicated to WORM (Write Once Read Many) storage the "Copy WORM Unlock Time" is by default calculated based on the duplication date and time, not the original backup time, 

This is especially noticeable if the duplication to WORM storage is done significantly after the initial backup.

Error Message

No specific error but can cause excessive usage on the WORM storage device. Below is output from bpimagelist showing the different times for expiration and unlock on the copy stored on a WORM Storage device:

# bpimagelist -L -backupid client1_1667903391
Backup ID:         client1_1667903391
Expiration Time:   Tue 15 Nov 2022 10:29:51 AM GM (1668508191)

Copy number:       1
 Expiration Time:  Tue 15 Nov 2022 10:29:51 AM GM (1668508191)

Copy number:       2
 Expiration Time:  Tue 15 Nov 2022 10:29:51 AM GM (1668508191)
 Copy Creation Time:  Tue 08 Nov 2022 10:34:05 AM GM (1667903645)
 Copy WORM Unlock Time: Tue 15 Nov 2022 10:34:06 AM GM (1668508446)

 

Cause

Copy Worm Unlock Time of the duplicated image is set as "duplication ctime + retention" instead of "backup ctime + retention" intentionally in the product to prevent clock vulnerability where an attacker changes the time of the primary server.

 

Solution

If this behavior is not as required and the desire is to base the unlock time to the original backup time then there are hotfixes available for 9.1.0.1 and 10.0.0.1 to allow this behavior of setting "CONF_WORM_USE_CLOCK = 1" in the bp.conf file on the media servers communicating with the worm storage. 

Please contact Veritas Technical Support to obtain these hotfixes.

Here is an example with the Hotfix applied and the CONF_WORM_USE_CLOCK setting configured where the times are aligned:

# bpimagelist -L -backupid client1_1667904142
Backup ID:         client1_1667904142
Expiration Time:   Tue 15 Nov 2022 10:42:22 AM GM (1668508942)

Copy number:       1
 Expiration Time:  Tue 15 Nov 2022 10:42:22 AM GM (1668508942)

Copy number:       2
 Expiration Time:  Tue 15 Nov 2022 10:42:22 AM GM (1668508942)
 Copy Creation Time:  Tue 08 Nov 2022 10:54:05 AM GM (1667904845)
 Copy WORM Unlock Time: Tue 15 Nov 2022 10:42:22 AM GM (1668508942)

 

NOTE: CONF_WORM_USE_CLOCK affects all image creation operations including backup, duplication, and import, and results in expiration and WORM unlock time being aligned.

The CONF_WORM_USE_CLOCK setting is not present in the NetBackup 10.0 GA, 10.1 GA, or 10.1.1 GA releases so the use of the setting will be lost if upgrading to these versions from a previous release that had an EEB installed (ET4060536 for 9.1.0.1/ET4086750 for 10.0.0.1). The CONF_WORM_USE_CLOCK setting is present in NetBackup 10.2 GA and later versions of NetBackup.

References

Etrack : 4086750 Etrack : 4060536

Was this content helpful?