Veritas NetBackup™ 52xx Appliance Initial Configuration Guide

Last Published:
Product(s): Appliances (3.1.1)
Platform: 5220,5230,5240

Performing the initial configuration on a NetBackup 5240 CloudCatalyst Appliance

Review the following information before configuring the NetBackup 5240 CloudCatalyst Appliance:

  • Check the following tech note to ensure that your cloud provider is supported and install any necessary provider compatibility updates on the appliance:

    https://www.veritas.com/support/en_US/doc/58500769-127471507-0/v95640454-127471507

  • A NetBackup 5240 CloudCatalyst Appliance supports a single cloud storage bucket of up to 1 Petabyte in size.

  • When configured for CloudCatalyst, the NetBackup 5240 Appliance does not support attached storage shelves. All of the appliance's internal storage is allocated as MSDP cache space.

  • The NetBackup 5240 CloudCatalyst Appliance does not support the NetBackup Appliance Web Console. Once the appliance is configured, the NetBackup Appliance Web Console is disabled.

  • NetBackup CloudCatalyst does not support IPv6. Ensure that you have an IPv4 network set up to support the appliance before you configure it.

After you have installed, connected, and turned on all appliance system components, you are ready to configure the server.

You must complete the following tasks on the master server before you start the initial configuration. The following link provides specific instructions about how to accomplish the necessary tasks:

See Configuring a master server to communicate with an appliance media server.

  • Make sure that the master server and this media server have compatible software versions.

  • Add the name of this media server to the SERVERS list on the master server that you plan to use with it.

  • If a firewall exists between the master server and this media server, open the appropriate ports as described in the link above.

  • Make sure that the date and time of this media server matches the date and time on the master server.

Warning:

NetBackup appliances do not support configuring two IP addresses that belong to the same subnet. The appliance runs on the Linux operating system and this type of networking is a current limitation. Each bond that you create must use an IP address that belongs to a different subnet.

Note:

You cannot remove an IP address if the appliance host name resolves to that IP address.

Caution:

The appliance comes configured with a known default password for the Maintenance user account. You should change this password either before or immediately after the initial configuration to prevent unauthorized access to the appliance maintenance mode. Note that you must provide the Maintenance user password to Veritas Technical Support in the event that the appliance requires troubleshooting services. Step 19 in the following procedure describes how to change the Maintenance user password.

To perform the initial configuration on a NetBackup 5240 CloudCatalyst Appliance

  1. On the laptop that is connected to the NIC1 appliance port, navigate to the Local Area Connection Properties dialog box.

    On the General tab, select Internet Protocol (TCP/IP) so that it is highlighted, then click Properties.

    Local Area Connection Properties dialog box

    On the Alternate Configuration tab, perform the following tasks:

    Internet Protocol Properties dialog box

    • Click User Configured.

    • For the IP address, enter 192.168.229.nnn, where nnn is any number from 2 through 254 except for 233.

    • For the Subnet mask, enter 255.255.255.0.

    • Click OK.

  2. On the laptop that is connected to the appliance, open an SSH session to 192.168.229.233 and log on to your appliance.

    The logon is admin and the default password is P@ssw0rd.

    After you log on, the welcome message appears in the shell menu and the prompt is at the Main_Menu view.

  3. From the Main_Menu > Network view, enter the following command to configure the IP address of a single network that you want your appliance to connect to.

    Configure IPAddress Netmask GatewayIPAddress [InterfaceNames]

    Where IPAddress is the new IP address, Netmask is the netmask, and GatewayIPAddress is the default gateway for the interface. The [InterfaceNames] option is optional.

    The IP Address or the Gateway IP Address must be an IPv4 address. NetBackup CloudCatalyst does not currently support IPv6.

    If you want to configure multiple networks you must first configure the IP address of each network that you want to add. Then you configure the Gateway address for each network you added. You must make sure that you add the default Gateway address first. Use the following two commands:

    Configure the IP address of each network

    To configure the IPv4 address of a network interface:

    IPv4 IPAddress Netmask [InterfaceName]

    Where IPAddress is the new IP address, Netmask is the netmask, and [InterfaceName] is optional. Repeat this command for each IP address that you want to add.

    Configure the gateway address for each network that you added

    Gateway Add GatewayIPAddress [TargetNetworkIPAddress] [Netmask] [InterfaceName]

    Where GatewayIPAddress is the gateway for the interface and TargetNetworkIPAddress, Netmask, and InterfaceName are optional. Repeat this command to add the gateway to all of the destination networks.

  4. From the Main_Menu > Network view, use the following command to set the appliance DNS domain name.

    Note:

    If you do not use DNS, then you can proceed to Step 7.

    DNS Domain Name

    Where Name is the new domain name for the appliance.

  5. From the Main_Menu > Network view, use the following command to add the DNS name server to your appliance configuration.

    DNS Add NameServer IPAddress

    Where IPAddress is the IP address of the DNS server.

    To add multiple IP addresses, use a comma to separate each address and no space.

  6. From the Main_Menu > Network view, use the following command to add a DNS search domain to your appliance configuration so the appliance can resolve the host names that are in different domains:

    DNS Add SearchDomain SearchDomain

    Where SearchDomain is the target domain to add for searching.

  7. This step is optional. It lets you add the IP addresses of other hosts in the appliance hosts file.

    From the Main_Menu > Network view, use the following command to add host entries to the hosts file on your appliance.

    Hosts Add IPAddress FQHN ShortName

    Where IPAddress is the IPv4 address, FQHN is the fully qualified host name, and ShortName is the short host name.

  8. From the Main_Menu > Network view, use the following command to set the host name for your appliance.

    Note:

    If you plan to configure Active Directory (AD) authentication on this appliance, the host name must be 15 characters or less. Otherwise, AD configuration can fail.

    Hostname Set Name

    Where Name is the short host name or the fully qualified domain name (FQDN) of this appliance.

    The host name is applied to the entire appliance configuration with a few exceptions. The short name always appears in the following places:

    • NetBackup Appliance Shell Menu prompts

    • Deduplication pool catalog backup policy

    • Default storage unit and disk pool names

    If this appliance has been factory reset and you want to import any of its previous backup images, the appliance host name must meet one of the following rules:

    • The host name must be exactly the same as the one used before the factory reset.

    • If you want to change the host name to an FQDN, it must include the short name that was used before the factory reset. For example, if "myhost" was used before the factory reset, use "myhost.domainname.com" as the new FQDN.

    • If you want to change the host name to a short host name, it must be derived from the FQDN that was used before the factory reset. For example, if "myhost.domainname.com" was used before the factory reset, use "myhost" as the new short host name.

    Note:

    The host name can only be set during an initial configuration session. After the initial configuration has completed successfully, you can re-enter initial configuration by performing a factory reset on the appliance. See the NetBackup appliance Administrator's Guide for more information.

    With this step, NetBackup is re-configured to operate with the new host name. This process may take a while to complete.

    For the command Hostname set to work, at least one IPv4 address is required. For example, you may want to set the host name of a specific host to v46. To do that, first ensure that the specific host has at least an IPv4 address and then run the following command.

    Main_Menu > Network > Hostname Set v46

  9. (Optional) In addition to the above network configuration settings, you may also use the Main_Menu > Network view to create a bond and to tag a VLAN during the initial configuration of your appliance

    • Use the Network > LinkAggregation Create command to create a bond between two or more network interfaces.

    • Use the Network > VLAN Tag command to tag a VLAN to a physical interface or bond interface.

    For detailed information about the LinkAggregation and the VLAN command options, refer to the NetBackup Appliance Command Reference Guide.

  10. (Optional) Configure the appliance to use a proxy server for cloud access.

    If your environment requires a proxy server to connect to cloud services, you can use the following procedure:

    • From the Main_Menu > Settings > Alerts view, type the following command:

      CallHome Proxy Add <server> <port>

      Where <server> is the fully qualified host name or IP address of the proxy server, and <port> is port number used by the proxy server.

      From the Main_Menu > Settings > Alerts view, type the following command:

      CallHome Proxy Enable

    Note:

    The Call Home functionality is not turned on when you configure the proxy settings.

  11. From the Main_Menu > Network view, use the following commands to set the time zone, the date, and the time for this appliance:

    • Set the time zone by entering the following command:

      TimeZone Set

      Select the appropriate time zone from the displayed list.

    • Set the date and the time by entering the following command:

      Date Set Month Day HHMMSS Year

      Where Month is the name of the month.

      Where Day is the day of the month from 0 to 31.

      Where HHMMSS is the hour, minute, and seconds in a 24-hour format. The fields are separated by semi-colons, for example, HH:MM:SS.

      Where Year is the calendar year from 1970 through 2037.

  12. From the Main_Menu > Settings > Alerts > Email view, use the following commands to enter the SMTP server name and the email addresses for appliance failure alerts.

    Enter the SMTP server name

    Email SMTP Add Server [Account] [Password]

    The Server variable is the host name of the target SMTP server that is used to send emails. The [Account] option identifies the name of the account that was used or the authentication to the SMTP server. The [Password] option is the password for authentication to the SMTP server.

    Enter email addresses

    Email Software Add Addresses

    Where Addresses is the user's email address. To define multiple emails, separate them with a semi-colon.

  13. (Optional) Configure and start the NetBackup Key Management Service (KMS) on the master server.

    To encrypt backups, use the following command to configure KMS:

    /usr/openv/netbackup/bin/nbkms -createemptydb

    As part of the setup, enter:

    • A pass phrase and an ID for the host master key (HMK).

    • A pass phrase and ID for the key protection key (KPK).

    To start KMS, run the following command on the master server:

    /usr/openv/netbackup/bin/nbkms

  14. On the master server, run the following command to generate a set of credentials for the appliance:

    /usr/openv/netbackup/bin/bpnbat -addmachine<mediaservername> <password>

    Where <mediaservername> is the host name of the appliance, and <password> is an arbitrary password that you will use to verify the host name-based certificate later in the configuration process.

  15. Set the role for the appliance to a media server.

    Note:

    Before you configure this appliance as a media server, you must add the name of this appliance to the master server that must work with this appliance. See Configuring a master server to communicate with an appliance media server.

    From the Main_Menu > Appliance view, run the following command:

    Media MasterServer

    Where MasterServer is either a standalone master server, a multihomed master server, or a clustered master server. The following defines each of these scenarios:

    Standalone master server

    This scenario shows one master server host name. This name does not need to be a fully qualified name as long as your appliance recognizes the master server on your network. The following is an example of how the command would appear.

    Media MasterServerName

    Multihomed master server

    In this scenario, the master server has more than one host name that is associated with it. You must use a comma as a delimiter between the host names. The following is an example of how the command would appear.

    Media MasterNet1Name,MasterNet2Name

    Clustered master server

    In this scenario, the master server is in a cluster. Veritas recommends that you list the cluster name first, followed by the active node, and then the passive nodes in the cluster. This list requires you to separate the node names with a comma. The following is an example of how the command would appear.

    Media MasterClusterName,ActiveNodeName,PassiveNodeName

    Multihomed clustered master server

    In this scenario, the master server is in a cluster and has more than one host name that is associated with it. Veritas recommends that you list the cluster name first, followed by the active node, and then the passive nodes in the cluster. This list requires you to separate the node names with a comma. The following is an example of how the command would appear.

    Media MasterClusterName,ActiveNodeName,

    PassiveNodeName,MasterNet1Name,MasterNet2Name

    To prevent any future issues, when you perform the appliance role configuration, Veritas recommends that you provide all of the associated master server names.

    When the CA certificate detail appears, confirm the detail, enter yes, and then respond to the following prompts:

    >> Do you trust the CA certificate? [yes, no] yes

    Enter a token when it is required to deploy the host ID-based certificate, see the following prompts:

    >> Enter token:

    For more information about security certificates, refer to the chapter Security certificates in NetBackup in the NetBackup Security and Encryption Guide.

    Note:

    If the host name of the master server is an FQDN, Veritas recommends that you use the FQDN to specify the master server for the media server.

  16. The following prompt appears:

    >> Do you want to configure the appliance as a dedicated media server for NetBackup CloudCatalyst? [yes, no] (yes):

    Type yes.

  17. The following prompt appears:

    >> Enter the password for the host name-based certificate:

    Type the password that you created in Step 14

  18. Complete the NetBackup CloudCatalyst Appliance Configuration Wizard for your desired cloud provider.

    A NetBackup 5240 CloudCatalyst Appliance can only be configured with one cloud storage provider. For example, the appliance cannot be used with Amazon S3 and Amazon GovCloud at the same time.

    For detailed information about the required parameters in NetBackup CloudCatalyst Appliance Configuration Wizard, refer to the NetBackup Cloud Administrator's Guide.

    • Amazon S3

      Step 1: Cloud storage provider

      Select Amazon.

      Step 2a: Cloud storage region

      Select or create a storage region.

      Step 2b: NetBackup KMS encryption

      Type yes if you enabled NetBackup KMS on the master server in Step 13.

      Step 2c: SSL

      Authentication only: Select this option, if you want to use SSL only at the time of authenticating users while they access the cloud storage.

      Data Transfer: Select this option, if you want to use SSL to authenticate users and transfer the data from NetBackup to the cloud storage.

      Step 2d: Storage class

      Select a storage class for Amazon cloud storage, such as STANDARD or STANDARD - Infrequent Access.

      Step 3: Access details

      Enter the access key ID and secret access key for your Amazon account.

      Step 4: Configure storage bucket

      Select or create a storage bucket.

      Step 5a: MSDP cache diskpool

      Enter a name for the MSDP cache diskpool.

      Step 5b: MSDP cache storage unit

      Enter a name for the MSDP cache storage unit.

    • Amazon GovCloud

      Step 1: Cloud storage provider

      Select Amazon GovCloud

      Step 2a: Cloud storage region

      Select or create a storage region.

      Step 2b: NetBackup KMS encryption

      Type yes if you enabled NetBackup KMS on the master server in Step 13.

      Step 2c: SSL

      Authentication only: Select this option, if you want to use SSL only at the time of authenticating users while they access the cloud storage.

      Data Transfer: Select this option, if you want to use SSL to authenticate users and transfer the data from NetBackup to the cloud storage.

      Step 3a: Credentials broker

      Select whether to use a credentials broker or standard access details.

      Step 3b: Credentials broker information

      Enter the credentials broker details.

      Ensure that the necessary Certificate and Private key files reside at the db/cloud location on the NetBackup master server.

      Step 3b: Access details

      Enter the access key ID and secret access key for your Amazon account.

      Step 4: Configure storage bucket

      Select or create a storage bucket.

      Step 5a: MSDP cache diskpool

      Enter a name for the MSDP cache diskpool.

      Step 5b: MSDP cache storage unit

      Enter a name for the MSDP cache storage unit.

    • Microsoft Azure and Azure Government

      Step 1: Cloud storage provider

      Select Microsoft Azure.

      Step 2a: Blob service endpoint

      Select a blob service endpoint.

      Step 2b: NetBackup KMS encryption

      Type yes if you enabled NetBackup KMS on the master server in Step 13.

      Step 2c: SSL

      Authentication only: Select this option, if you want to use SSL only at the time of authenticating users while they access the cloud storage.

      Data Transfer: Select this option, if you want to use SSL to authenticate users and transfer the data from NetBackup to the cloud storage.

      Step 3: Access details

      Enter the storage account and access key ID for your Azure account.

      Step 4: Configure container

      Select or create a container.

      Step 5a: MSDP cache diskpool

      Enter a name for the MSDP cache diskpool.

      Step 5b: MSDP cache storage unit

      Enter a name for the MSDP cache storage unit.

  19. Change the default Maintenance user password as follows:

    • Enter the Main_Menu > Support > Maintenance command.

    • At the password prompt, enter the default Maintenance user password (P@ssw0rd).

    • At the Maintenance shell prompt, enter the passwd command to change the password.

    • Type Exit to return to the NetBackup Appliance Shell Menu.

    For complete information about using the Support > Maintenance command, see the NetBackup Appliance Commands Reference Guide.

  20. Disconnect the laptop from the NIC1 appliance port.

    Note:

    If your network uses the 192.168.x.x IP address range, refer to the following topic for important information:

    See About NIC1 (eth0) port usage on NetBackup appliances.

  21. After all appliances are configured and operational, you are ready to install client software on the computers that you want to back up.

    See Downloading NetBackup client packages to a client from a NetBackup appliance.

    See Installing NetBackup client software through CIFS and NFS shares.