Veritas NetBackup™ 53xx Appliance Initial Configuration Guide

Last Published:
Product(s): Appliances (3.2)
Platform: NetBackup Appliance OS

Performing the initial configuration on a NetBackup 53xx series appliance from the NetBackup Appliance Shell Menu

This topic describes how to configure a NetBackup 53xx series appliance that is new or has been reset to the factory defaults (factory reset).

This method requires that you connect a laptop directly to appliance port NIC1 (eth0). A NetBackup series 53xx appliance can only be configured as a media server.

NetBackup Appliance release 3.2 introduces support for external certificate authority certificates. This feature provides an alternative to using the NetBackup Certificate Authority for host verification and security. This procedure includes the necessary information to deploy these certificates. For more information about security certificates, see the chapter "External CA support in NetBackup" in the NetBackup Security and Encryption Guide.

For high availability configurations, use this procedure to configure the node that you use for the setup procedure. After this appliance (compute node) is configured, see step 17 for details to continue and complete the high availability configuration.

Before you perform the initial configuration on this media server, verify that you have already performed the following tasks:

Caution:

The appliance comes configured with a known default password for the Maintenance user account. You should change this password either before or immediately after the initial configuration to prevent unauthorized access to the appliance maintenance mode. Note that you must provide the Maintenance user password to Veritas Technical Support in the event that the appliance requires troubleshooting services. Step 16 in the following procedure describes how to change the Maintenance user password.

To perform the initial configuration on a NetBackup 53xx media server appliance from the NetBackup Appliance Shell Menu

  1. Connect a laptop to appliance port NIC1. Next, navigate to the Local Area Connection Properties dialog box.

    On the General tab, select Internet Protocol (TCP/IP) so that it is highlighted, then click Properties.

    Local Area Connection Properties dialog box

    On the Alternate Configuration tab, perform the following tasks:

    Internet Protocol Properties dialog box
    • Click User Configured.

    • For the IP address, enter 192.168.229.nnn, where nnn is any number from 2 through 254 except for 233.

    • For the Subnet mask, enter 255.255.255.0.

    • Click OK.

  2. On the laptop that is connected to the appliance, open an SSH session to 192.168.229.233.
  3. Log on to the appliance with the default credentials as follows:
    • User Name: admin

    • Password: P@ssw0rd

    A welcome message appears in the shell menu and the prompt is at the Main_Menu view.

    Note:

    To continue with the initial configuration, you are not required to change the default password. However, to increase the security of your environment Veritas recommends that you change the password periodically. Make sure to keep a record of the current password in a secure location. To change the password when logged into the NetBackup Appliance Shell Menu, from the Main_Menu view, enter Settings > Password.

  4. Before you begin the initial configuration, check and verify the status of the connected hardware components by entering the following command:

    Support > Test Hardware

    A Warning indicates a problem that can be fixed later and lets you proceed with the initial configuration. However, such problems can prevent access to the affected devices.

    An Error indicates a critical problem that requires immediate resolution before you can proceed with the initial configuration.

    If the command output identifies any problems, check the following items:

    • Verify that all cables are connected correctly and secured.

    • Verify that all disk drives are installed and seated properly.

    • Verify that all units are turned on and have booted up completely.

    • Verify that you have checked all of the items on the hardware check list.

    • After you have verified the previous items, re-run the command. Any warning or error icons that disappear indicate that the problem has been fixed. Veritas recommends that you resolve all problems before you start the initial configuration.

    Note:

    If you cannot resolve any Error problems after verifying all of the previous items and re-running the command, stop here and contact Veritas Technical Support.

  5. From the Main_Menu > Network view, enter the following command to configure the IP address of a single network that you want your appliance to connect to.

    Configure IPAddress Netmask GatewayIPAddress [InterfaceNames]

    Where IPAddress is the new IP address, Netmask is the netmask, and GatewayIPAddress is the default gateway for the interface. The [InterfaceNames] option is optional.

    The IP Address or the Gateway IP Address can be an IPv4 or IPv6 address. Only global-scope and unique-local IPv6 addresses are allowed.

    Remember that you should not use both IPv4 and IPv6 address in the same command. For example, you cannot use Configure 9ffe::9 255.255.255.0 1.1.1.1.. You should use Configure 9ffe::46 64 9ffe::49 eth1

    See About IPv4-IPv6-based network support.

    If you want to configure multiple networks you must first configure the IP address of each network that you want to add. Then you configure the Gateway address for each network you added. You must make sure that you add the default Gateway address first. Use the following two commands:

    Configure the IP address of each network

    Use either of the following commands depending on whether you want to configure an IPv4 or an IPv6 address for the network interface:

    To configure the IPv4 address of a network interface:

    IPv4 IPAddress Netmask [InterfaceName]

    Where IPAddress is the new IP address, Netmask is the netmask, and [InterfaceName] is optional. Repeat this command for each IP address that you want to add.

    To configure the IPv6 address of a network interface:

    IPv6 <IP Address> <Prefix> [InterfaceNames]

    Where IPAddress is the IPv6 address, Prefix is the prefix length, and [InterfaceName] is optional.

    Configure the gateway address for each network that you added

    Gateway Add GatewayIPAddress [TargetNetworkIPAddress] [Netmask] [InterfaceName]

    Where GatewayIPAddress is the gateway for the interface and TargetNetworkIPAddress, Netmask, and InterfaceName are optional. Repeat this command to add the gateway to all of the destination networks.

    The Gateway IP Address or the TargetNetworkIPAddress can be an IPv4 or an IPv6 address.

    Remember that you should not use both IPv4 and IPv6 address in the same command. For example, you cannot use Gateway Add 9ffe::3 255.255.255.0 eth1. You should use Gateway Add 9ffe::3 6ffe:: 64 eth1.

  6. From the Main_Menu > Network view, use the following command to set the appliance DNS domain name.

    Note:

    If you do not use DNS, you can proceed to Step 9.

    DNS Domain Name

    Where Name is the new domain name for the appliance.

  7. From the Main_Menu > Network view, use the following command to add the DNS name server to your appliance configuration.

    DNS Add NameServer IPAddress

    Where IPAddress is the IP address of the DNS server.

    The address can be either IPv4 or IPv6. Only global-scope and unique-local IPv6 addresses are allowed.

    See About IPv4-IPv6-based network support.

    To add multiple IP addresses, use a comma to separate each address and no space.

  8. From the Main_Menu > Network view, use the following command to add a DNS search domain to your appliance configuration so the appliance can resolve the host names that are in different domains:

    DNS Add SearchDomain SearchDomain

    Where SearchDomain is the target domain to add for searching.

  9. This step is optional. It lets you add the IP addresses of other hosts in the appliance hosts file.

    From the Main_Menu > Network view, use the following command to add host entries to the hosts file on your appliance.

    Hosts Add IPAddress FQHN ShortName

    Where IPAddress is the IPv4 or IPv6 address, FQHN is the fully qualified host name, and ShortName is the short host name.

    See About IPv4-IPv6-based network support.

  10. From the Main_Menu > Network view, use the following command to set the host name for your appliance.

    Hostname Set Name

    Where Name is the short host name or the fully qualified domain name (FQDN) of this appliance.

    The host name is applied to the entire appliance configuration with a few exceptions. The short name always appears in the following places:

    • NetBackup Appliance Shell Menu prompts

    • Deduplication pool catalog backup policy

    • Default storage unit and disk pool names

    If this appliance has been factory reset and you want to import any of its previous backup images, the appliance host name must meet one of the following rules:

    • The host name must be exactly the same as the one used before the factory reset.

    • If you want to change the host name to an FQDN, it must include the short name that was used before the factory reset. For example, if "myhost" was used before the factory reset, use "myhost.domainname.com" as the new FQDN.

    • If you want to change the host name to a short host name, it must be derived from the FQDN that was used before the factory reset. For example, if "myhost.domainname.com" was used before the factory reset, use "myhost" as the new short host name.

    Note:

    The Domain Name Suffix is appended to the host name and cannot be changed after the initial configuration is completed. If you need to change the suffix or move the appliance to a different domain at a later time, you must perform a factory reset first, and then perform the initial configuration again.

    With this step, NetBackup is re-configured to operate with the new host name. This process may take a while to complete.

    For the command Hostname set to work, at least one IPv4 address is required. For example, you may want to set the host name of a specific host to v46. To do that, first ensure that the specific host has at least an IPv4 address and then run the following command.

    Main_Menu > Network > Hostname set v46

  11. In addition to the above network configuration settings, you may also use the Main_Menu > Network view to create a bond and to tag a VLAN during the initial configuration of your appliance.
    • To create a bond between two or more network interfaces, use the following command:

      Network > LinkAggregation Create

    • To tag a VLAN to a physical interface or bond interface, enter the following command:

      Network > VLAN Tag

    For detailed information about the LinkAggregation and the VLAN command options, refer to the NetBackup Appliance Command Reference Guide.

  12. From the Main_Menu > Network view, use the following commands to set the time zone, the date, and the time for this appliance:
    • Set the time zone by entering the following command:

      TimeZone Set

      Select the appropriate time zone from the displayed list.

    • Set the date and the time by entering the following command:

      Date Set Month Day HHMMSS Year

      Where Month is the name of the month.

      Where Day is the day of the month from 0 to 31.

      Where HHMMSS is the hour, minute, and seconds in a 24-hour format. The fields are separated by semi-colons (HH:MM:SS).

      Where Year is the calendar year from 1970 through 2037.

  13. From the Main_Menu > Settings view, use the following commands to enter the SMTP server name and the email addresses for appliance failure alerts.

    Enter the SMTP server name

    Email SMTP Add smtp [acct] [pass]

    Where smtp is the host name of the target SMTP server, acct is the account name for authentication to the SMTP server, and pass is the password for authentication to the SMTP server.

    Enter email addresses

    Email Software Add eaddr

    Where eaddr is the Email address where you want to receive failure alerts from the appliance.

    To enter multiple addresses, separate each address with a semi-colon.

  14. Identify the master server that you want to use with this media server.

    Note:

    Before you continue, make sure that you have added this media server name to the master server. See Configuring a master server to communicate with an appliance media server.

    From the Main_Menu > Appliance view, run the following command:

    Media MasterServer

    Where MasterServer is either a standalone master server, a multihomed master server, or a clustered master server. The following defines each of these scenarios:

    Standalone master server

    This scenario shows one master server host name. This name does not need to be a fully qualified name as long as your appliance recognizes the master server on your network. The following is an example of how the command would appear.

    Media MasterServerName

    Multihomed master server

    In this scenario, the master server has more than one host name that is associated with it. You must use a comma as a delimiter between the host names. The following is an example of how the command would appear.

    Media MasterNet1Name,MasterNet2Name

    Clustered master server

    In this scenario, the master server is in a cluster. Veritas recommends that you list the cluster name first, followed by the active node, and then the passive nodes in the cluster. This list requires you to separate the node names with a comma. The following is an example of how the command would appear.

    Media MasterClusterName,ActiveNodeName,PassiveNodeName

    Multihomed clustered master server

    In this scenario, the master server is in a cluster and has more than one host name that is associated with it. Veritas recommends that you list the cluster name first, followed by the active node, and then the passive nodes in the cluster. This list requires you to separate the node names with a comma. The following is an example of how the command would appear.

    Media MasterClusterName,ActiveNodeName,

    PassiveNodeName,MasterNet1Name,MasterNet2Name

    To prevent any future issues, when you perform the appliance role configuration, Veritas recommends that you provide all of the associated master server names.

    Certificate provisioning

    Certificate revocation list (CRL)

    After you have entered the master server name, the appliance pings the master server for the Certificate Authority (CA) status and shows the result. Each of the following bullet statements describes the possible status results. Follow the instructions that appear below the applicable status result to complete the certificate configuration.

    • The master server <master_server_name> has an enabled External CA-signed certificate. Do you want to import the External CA-signed certificate for this Media server now [yes,no](yes):

      Press Enter to continue. The following message appears:

      The following shares have been opened on the appliance for you to upload certificate files:

      NFS share <media_server_name>:/inst/share

      CIFS share \\<media_server_name>\general_share

      Enter the following details for external certificate configuration:

      Enter the certificate file path:

      Enter the trust store file path:

      Enter the private key path:

      Enter the password for the passphrase file path or skip security configuration (default: NONE):

      Enter the following details for CRL usage:

      Should a CRL be honored for the external certificate?

      1) Use the CRL defined in the certificate.

      2) Use the specific CRL directory.

      3) Do not use a CRL.

      q) Skip security configuration.

      CRL option: Enter 1, 2, 3, or q.

      Verify the External CA details that you entered:

      Certificate file name:

      Trust store file name:

      Private key file name:

      CRL check level: (Shows the selected CRL option.)

      Do you want to use the above certificate files? [yes, no](yes):

      After verifying that the entered information is correct, press Enter to continue and answer the following prompt:

      Is this correct? [yes, no](yes):

      If all of the information is correct, press Enter to continue.

      The appliance performs an ECA health check and shows the result of each validation check. When the health check has completed successfully, the following messages appear:

      ECA health check was successful.

      The external certificate has been registered successfully.

    • The master server <master_server_name> currently uses an external CA issued certificate and its own internal certificate. Would you like to proceed with the external CA issued certificate? [yes,no](yes):

      If you select no, the following message appears:

      This appliance will use a NetBackup issued certificate for secure communication.

      If you select yes, enter the following details for external certificate configuration:

      Enter the certificate file path:

      Enter the trust store file path:

      Enter the private key path:

      Enter the password for the passphrase file path or skip security configuration (default: NONE):

      Enter the following details for CRL usage:

      Should a CRL be honored for the external certificate?

      1) Use the CRL defined in the certificate.

      2) Use the specific CRL directory.

      3) Do not use a CRL.

      q) Skip security configuration.

      CRL option: Enter 1, 2, 3, or q.

      Verify the External CA details that you entered:

      Certificate file name:

      Trust store file name:

      Private key file name:

      CRL check level: (Shows the selected CRL option.)

      Do you want to use the above certificate files? [yes, no](yes):

      After verifying that the entered information is correct, press Enter to continue and answer the following prompt:

      Is this correct? [yes, no](yes):

      If all of the information is correct, press Enter to continue.

      The appliance performs an ECA health check and shows the result of each validation check. When the health check has completed successfully, the following messages appear:

      ECA health check was successful.

      The external certificate has been registered successfully.

    • This appliance will use a NetBackup issued certificate for secure communication.

      No further certificate configuration is required. Click Next to continue.

    For more information about security certificates, refer to the chapter Security certificates in NetBackup in the NetBackup Security and Encryption Guide.

    Note:

    If the host name of the master server is an FQDN, Veritas recommends that you use the FQDN to specify the master server for the media server.

    Note:

    After the role configuration completes, the storage initialization process begins. Depending on the number of disk drives in the system, storage initialization can take up to 46 hours to complete. As a result, appliance backup and restore performance is degraded until the storage initialization process has completed.

  15. When the storage initialization process begins, the disk storage prompts appear for the AdvancedDisk and the Deduplication (MSDP) partitions.

    To configure storage partitions, you must do the following:

    • Enter a storage pool size in GB or TB.

      To skip the storage pool size configuration for any partition, enter 0 when prompted to enter a size. To keep the storage pool at its current size, press Enter.

    • Enter a disk pool name.

      The default names are dp_adv_<hostname> for AdvancedDisk and dp_disk_<hostname> for Deduplication (MSDP). To keep the default names, press Enter.

    • Enter a storage pool name.

      The default names are stu_adv_<hostname> for AdvancedDisk and stu_disk_<hostname> for Deduplication (MSDP). To keep the default names, press Enter.

    The storage prompts appear in the following order:

    AdvancedDisk storage pool size in GB/TB [default size]:
    AdvancedDisk diskpool name:
    AdvancedDisk storage unit name:
    MSDP storage pool size in GB/TB [default size]:
    MSDP diskpool name:
    MSDP storage unit name:

    After you configure the storage partitions, a summary of the storage configuration appears with the following prompt:

    Do you want to edit the storage configuration? [yes, no]

    Type yes to make any changes, or type no to keep the current configuration.

  16. Change the default Maintenance user password as follows:
    • Enter the Main_Menu > Support > Maintenance command.

    • At the password prompt, enter the default Maintenance user password (P@ssw0rd).

    • At the Maintenance shell prompt, enter the passwd command to change the password.

    • Type Exit to return to the NetBackup Appliance Shell Menu.

    For complete information about using the Support > Maintenance command, see the NetBackup Appliance Commands Reference Guide.

  17. For high availability solutions, you must set up a high availability configuration on this configured appliance (compute node) before you perform the initial configuration on the partner node. To continue and complete the high availability configuration, perform the following tasks in the order as shown:

    See Configuring a NetBackup 53xx high availability setup.

    See Performing the initial configuration on the partner node for a NetBackup 53xx high availability configuration.

    See Adding the partner node to the NetBackup 53xx high availability configuration.

  18. After all appliances are configured and operational, you are ready to install client software on the computers that you want to back up.

    See Downloading NetBackup client packages to a client from a NetBackup appliance.

    See Installing NetBackup client software through an NFS share.