Search <book_title>...

Veritas NetBackup™ Virtual Appliance Documentation

Last Published: 2023-07-31

Product(s): Appliances (5.1.1)

Platform: NetBackup Virtual Appliance

Getting to know the NetBackup Virtual Appliance
1. NetBackup Virtual Appliance product description
2. NetBackup Virtual Appliance supported features
3. About the NetBackup Virtual Appliance documentation
4. NetBackup Virtual Appliance 5.1.1 new features, enhancements, and changes
5. Known limitations of the NetBackup Virtual Appliance 5.1.1 release
6. Operational Notes for the NetBackup Virtual Appliance 5.1.1 release
Preparing to deploy the appliance
1. NetBackup Virtual Appliance product files (OVF templates)
2. NetBackup Virtual Appliance deployment methods
3. NetBackup Virtual Appliance deployment guidelines
  1. Configuration overview for NetBackup Virtual Appliance MSDP cloud applications
  2. NetBackup Virtual Appliance initial deployment checklist
Deploying and configuring the appliance
1. How to deploy and configure a NetBackup Virtual Appliance combined primary and media server
2. How to deploy and configure a NetBackup Virtual Appliance media server
3. How to deploy and configure a NetBackup Virtual Appliance primary server
Post initial configuration procedures
1. About modifying the NetBackup Virtual Appliance settings
2. Adding a permanent license key if an evaluation license key expires
3. Managing license keys on the NetBackup Virtual Appliance
Appliance common tasks
1. Common tasks in NetBackup Virtual Appliance
Storage management
1. About NetBackup Virtual Appliance storage configuration
2. About OpenStorage plugin installation
  1. Installing the OpenStorage plugin
  2. Uninstalling the OpenStorage plugin
Deduplication pool catalog backup and recovery
1. About the NetBackup Virtual Appliance deduplication pool catalog backup policy
2. Automatic configuration of the NetBackup Virtual Appliance deduplication pool catalog backup policy
3. Manually configuring the NetBackup Virtual Appliance deduplication pool catalog backup policy
4. Manually updating the NetBackup Virtual Appliance deduplication pool catalog backup policy
5. Recovering the NetBackup Virtual Appliance deduplication pool catalog
Network connection management
1. About IPv4-IPv6-based network support
2. Network settings for the NetBackup Virtual Appliance
3. Configuring DNS and host name mapping for the NetBackup Virtual Appliance
4. Setting the date and time on a NetBackup Virtual Appliance
5. Configuring static routes on the NetBackup Virtual Appliance
6. Expanding the bandwidth on the NetBackup Virtual Appliance
Managing users
1. About managing NetBackup Virtual Appliance users
2. About NetBackup Virtual Appliance account types
3. Adding NetBackup Virtual Appliance users
4. Deleting NetBackup Virtual Appliance users
5. Adding NetBackup Virtual Appliance user groups
6. Deleting NetBackup Virtual Appliance user groups
7. Granting roles to NetBackup Virtual Appliance users and user groups
8. Revoking roles from NetBackup Virtual Appliance users and user groups
9. About user name and password specifications
  1. About STIG-compliant password policy rules
10. Changing NetBackup Virtual Appliance user passwords
11. About password management and recovery
12. About authenticating LDAP users
13. About authenticating Active Directory users
  1. Adding an Active Directory server configuration
  2. Unconfiguring Active Directory user authentication on the NetBackup Virtual Appliance
14. About authentication using smart cards and digital certificates
15. Generic user authentication guidelines
16. About user authorization on the NetBackup Virtual Appliance
17. Creating NetBackup administrator user accounts
18. Deleting NetBackup administrator user accounts
Using the appliance
1. About configuring Host parameters for your appliance on the NetBackup Virtual Appliance
2. About Copilot functionality and Share management
3. About NetBackup Virtual Appliance as a VMware backup host
  1. NetBackup Virtual Appliance as backup host: component overview
  2. Notes on NetBackup Virtual Appliance as a VMware backup host
4. About running NetBackup commands from the appliance
5. About mounting a remote NFS
  1. Mounting a remote NFS drive
  2. Unmounting an NFS drive
6. About Auto Image Replication from a NetBackup Virtual Appliance
7. Generating certificates
Monitoring the appliance
1. About NetBackup Virtual Appliance alerts
2. Setting up email notifications for a NetBackup Virtual Appliance
3. Setting up SNMP notifications for a NetBackup Virtual Appliance
4. Enabling and disabling Call Home from the appliance shell menu
5. Configuring a Call Home proxy server from the NetBackup Virtual Appliance Shell Menu
6. About SNMP
  1. About the Management Information Base (MIB)
7. About Call Home
  1. Understanding the Call Home workflow
  2. About the Product Improvement Program
8. About AutoSupport
9. About storage email alerts
Appliance security
1. About Symantec Data Center Security on the NetBackup Virtual Appliance
2. About data security
3. About data integrity
4. About data classification
5. About data encryption
  1. KMS support
6. About SSL usage
7. About implementing external certificates
8. About the NetBackup Virtual Appliance intrusion detection system
9. About the NetBackup Virtual Appliance intrusion prevention system
10. Major components of the NetBackup Virtual Appliance OS
11. OS STIG hardening for NetBackup Virtual Appliance
12. FIPS 140-2 conformance for NetBackup Virtual Appliance
13. Disable user access to the NetBackup appliance operating system
14. Manage support access to the maintenance shell
15. About the appliance login banner
16. Setting the appliance login banner
  1. Creating the appliance login banner
  2. Removing the appliance login banner
17. Log Forwarding feature overview
Upgrading the appliance
1. About upgrading to NetBackup Virtual Appliance software version 5.1.1
2. Requirements and best practices for upgrading NetBackup appliances
  1. Upgrade time estimation
3. Pre-upgrade tasks for appliance upgrades
4. Methods for downloading appliance software release updates
  1. Downloading software updates directly to a NetBackup appliance
  2. Downloading software updates to a NetBackup appliance using a client share
5. Installing a NetBackup Virtual Appliance software update using the NetBackup Virtual Appliance Shell Menu
6. Troubleshooting upgrade issues
NetBackup client upgrades with VxUpdate
1. About VxUpdate
2. VxUpdate repository management
3. Deployment policy management
4. Manually initiating upgrades from the primary server using VxUpdate
5. Manually initiating upgrades from the client using VxUpdate
6. Deployment job status
Appliance restore
1. About appliance restore
2. Creating an appliance checkpoint from the appliance shell menu
3. Rollback to an appliance checkpoint from the appliance shell menu
4. About NetBackup Virtual Appliance factory reset
5. Factory reset best practices
6. How to factory reset the NetBackup Virtual Appliance
Decommissioning and Reconfiguring
1. About decommissioning a NetBackup Virtual Appliance
2. Decommissioning a NetBackup Virtual Appliance with the media server role
3. Migrating from NetBackup Cloud Catalyst Appliance to MSDP direct cloud tiering
Troubleshooting
1. About troubleshooting the NetBackup Virtual Appliance
2. About contacting Technical Support
3. Determining the NetBackup Virtual Appliance serial number
4. About disaster recovery
  1. Recovering a NetBackup appliance primary server using NetBackup catalog restore
5. About NetBackup support utilities
  1. NetBackup Domain Network Analyzer (NBDNA)
  2. NetBackup Support Utility (NBSU)
6. Troubleshooting NetBackup Virtual Appliance deployment or initial configuration issues
7. Error messages displayed on the NetBackup Virtual Appliance Shell Menu
8. NetBackup status codes applicable for NetBackup Virtual Appliance
9. Installing an EEB
10. Rolling back an EEB using the NetBackup Virtual Appliance Shell Menu
Appliance logging
1. About NetBackup Virtual Appliance log files
2. Viewing log files using the Support command
3. Where to find NetBackup Virtual Appliance log files using the Browse command
4. Enabling and disabling VxMS logging
5. Gathering device logs on a NetBackup virtual appliance
6. Moving the log data
7. About forwarding logs to an external server
Commands overview
1. About the NetBackup Virtual Appliance Shell Menu
2. Logging in to the NetBackup Virtual Appliance Shell Menu
3. Using the NetBackup Virtual Appliance Shell Menu
4. About the NetBackup Virtual Appliance Shell Menu command views
Appendix A. Appliance commands
1. Appliance > Primary
2. Appliance > Media
3. Appliance > ShowDedupPassword
4. Appliance > Status
5. Appliance > Configure
Appendix B. Manage commands
1. Manage > Software > Delete
2. Manage > Software > Download
3. Manage > Software > List
4. Manage > Software > Install
5. Manage > Software > Share
6. Manage > Software > Readme
7. Manage > Software > Rollback
8. Manage > Software > Cancel
9. Manage > Software > DownloadAnalyzer
10. Manage > Software > DownloadProgress
11. Manage > Software > UpgradeStatus
12. Manage > Software > VxUpdate
13. Manage > Storage > Show
14. Manage > Storage > Add
15. Manage > Storage > Create
16. Manage > Storage > Delete
17. Manage > Storage > Edit
18. Manage > Storage > Monitor
19. Manage > Storage > Move
20. Manage > Storage > Remove
21. Manage > Storage > Resize
22. Manage > Storage > Scan
23. Manage > OpenStorage > Install
24. Manage > OpenStorage > List
25. Manage > OpenStorage > Readme
26. Manage > OpenStorage > Share
27. Manage > OpenStorage > Uninstall
28. Manage > MountPoints > List
29. Manage > MountPoints > Mount
30. Manage > MountPoints > Unmount
31. Manage > License
32. Manage > Certificates > Generate
33. Manage > Certificates > Delete
34. Manage > NetBackupCLI > Create
35. Manage > NetBackupCLI > Delete
36. Manage > NetBackupCLI > List
Appendix C. Monitor commands
1. Monitor > Uptime
2. Monitor > Who
3. Monitor > NetworkStatus
4. Monitor > Top
5. Monitor > MemoryStatus
6. Monitor > SDCS
7. Monitor > NetBackup
8. Monitor > Hardware
Appendix D. Network commands
1. Network > Configure
2. Network > Date
3. Network > DNS
4. Network > Gateway
5. Network > Hostname
6. Network > Hosts
7. Network > IPv4
8. Network > IPv6
9. Network > LinkAggregation
10. Network > NetStat
11. Network > NTPServer
12. Network > Ping
13. Network > SetProperty
14. Network > Show
15. Network > TimeZone
16. Network > TraceRoute
17. Network > Unconfigure
18. Network > WANOptimization
Appendix E. Reports commands
1. Reports > Deduplication
2. Reports > Process
Appendix F. Settings commands
1. Settings > Deduplication
2. Settings > LifeCycle
3. Settings > LogForwarding
4. Settings > NetBackup
5. Settings > NetBackup DNAT
6. Settings > NetBackup NATServers
7. Settings > Password
8. Settings > SystemLocale
9. Settings > Share
10. Settings > Sysctl
11. Settings > Notifications > LoginBanner
12. Settings > Security > Authentication > AccountStatus
13. Settings > Security > Authentication > LDAP
14. Settings > Security > Authentication > ActiveDirectory
15. Settings > Security > Authentication > LocalUser
16. Main > Settings > Security > Authentication > CIFSShare
17. Settings > Security > Authorization
18. Main > Settings > Security > Certificate
19. Main > Settings > Security > Certificate > CertificateSigningRequest
20. Main > Settings > Security > STIG
21. Main > Settings > Security > FIPS
22. Main > Settings > Security > SecurityLevel
23. Main > Settings > Security > Sessions
24. Settings > Alerts > CallHome
25. Settings > Alerts > SNMP
26. Settings > Alerts > Email
27. Settings > Alerts > Hardware
Appendix G. Support commands
1. Support > Checkpoint
2. Support > Cleanup > CleanMonInvData
3. Support > DataCollect
4. Support > Disk
5. Support > Errors
6. Support > FactoryReset
7. Support > InfraServices
8. Support > InstantAccess
9. Support > iostat
10. Support > LogBrowser
11. Support > Logs
12. Support > Maintenance
13. Support > Messages
14. Support > NBDNA
15. Support > Nbperfchk
16. Support > NBSU
17. Support > Processes
18. Support > Reboot
19. Support > Service
20. Support > Shutdown
21. Support > Storage Create LogPartition
22. Support > Storage Create NDMPLogPartition
23. Support > Storage SanityCheck
24. Support > Storage Reset
25. Support > System
26. Support > Test
Appendix H. Available commands for a NetBackupCLI user
1. Command
2. Password

KMS support

NetBackup Virtual Appliance supports encryption that is managed by NetBackup Key Management Service (KMS) which is integrated with NetBackup Enterprise Server 7.1. KMS is supported on primary and media server appliances. Regenerating the data encryption key is the only supported method of recovering KMS on an appliance primary server.

The following describes the KMS key features:

Does not require an additional license.
Is a primary server-based symmetric key management service.
Can be administered as a primary server with tape devices connected to it or to another NetBackup Virtual Appliance.
Manages symmetric cryptography keys for tape drives that conform to the T10 standard (such as LTO4 or LTO5).
Designed to use volume pool-based tape encryption.
Can be used with tape hardware that has built-in hardware encryption capability.
Can be managed by a NetBackup CLI administrator using the NetBackup Virtual Appliance Shell Menu or the KMS Command Line Interface (CLI).

About the keys used under KMS

The KMS generates keys from passcodes or auto-generates keys. Table: KMS files lists the associated KMS files that hold the information about the keys.

Table: KMS files

KMS files	Description
Keystore file	The keystore file (`KMS_DATA`) contains all of the key group and key records, along with some metadata.
KPK file	The KPK file (`KMS_KPKF`) contains the KPK that is used to encrypt the ciphertext portions of the key records that are stored in the keystore file.
HMK file	The HMK file (`KMS_HMKF`) contains the HMK that is used to encrypt the entire contents of the keystore file. The keystore file header is an exception. It contains some metadata like the KPK ID and the HMK ID, which is not encrypted.

Configuring KMS

To configure KMS on an appliance primary server, you must log in as a NetBackupCLI user.

Before you proceed, ensure that the NetBackupCLI user is assigned the required RBAC permissions to configure and enable KMS. Use a NetBackup administrator account such as nbasecadmin to log in to the NetBackup Web UI and assign the Default Security Administrator role to the NetBackupCLI user.

For steps on managing role-based access control, see the NetBackup Web UI Administrator's Guide.

Note:

If required, you can create a new NetBackupCLI user for configuring and enabling KMS. For more information about the NetBackupCLI user, See About the NetBackupCLI user role.

The following describes how to configure and enable KMS on an appliance.

To configure and enable KMS on an appliance

Log in to the appliance primary server as a NetBackupCLI user.
Enter into a restricted shell environment by using the Command command as follows:
[nb-appliance.NBCLIUSER>]# Command
Authenticate your CLI access using the following steps:
- Generate an access code by running the following command:
  #bpnbat -login -logintype webui -requestApproval
  Make a note of the access code that is displayed in the command window.
- Sign in to the NetBackup web UI as a NetBackup Command Line (CLI) Admin user and approve the CLI access request by entering the access code that you generated earlier.
  Once the request is approved, you will see a confirmation message in the restricted shell command window.
For more information about access key and approval requests, refer to the NetBackup Security and Encryption Guide.
Create an empty database using the nbkms command, as follows:
[nbucliuser-!>]# nbkms -createemptydb
Start nbkms. For example:
[nbucliuser-!>]# nbkms
Create a Key group. For example:
[nbucliuser-!>]# nbkmsutil -createkg -kgname KMSKeyGroupName
Create an active key. For example:
[nbucliuser-!>]# nbkmsutil -createkey -kgname KMSKeyGroupName -keyname KMS KeyName

Enabling KMS encryption for MSDP

Verify that KMS is configured and running on the primary server. You can then enable KMS encryption for MSDP on all of the media servers that are associated with the primary server.

For steps on how to manage role-based access control, see the NetBackup Web UI Administrator's guide.

Note:

If required, you can create a new NetBackupCLI user for configuring and enabling KMS. For more information about the NetBackupCLI user, See About the NetBackupCLI user role.

The following describes how to enable KMS encryption for MSDP on an appliance.

To enable KMS encryption for MSDP

Log in to the appliance media server as a NetBackupCLI user.
Change the following options in the order as shown:
- nbucliuser-!> pdcfg --write=/msdp/data/dp1/pdvol/etc/puredisk/contentrouter.cfg --section=KMSOptions --option=KMSType --value=0
- nbucliuser-!> pdcfg --write=/msdp/data/dp1/pdvol/etc/puredisk/contentrouter.cfg --section=KMSOptions --option=KMSServerName --value=<primary server hostname
- nbucliuser-!> pdcfg --write=/msdp/data/dp1/pdvol/etc/puredisk/contentrouter.cfg --section=KMSOptions --option=KMSKeyGroupName --value=msdp
- nbucliuser-!> pdcfg --write=/msdp/data/dp1/pdvol/etc/puredisk/contentrouter.cfg --section=KMSOptions --option=KeyName --value=<KMS KeyName>
- nbucliuser-!> pdcfg --write=/msdp/data/dp1/pdvol/etc/puredisk/contentrouter.cfg --section=KMSOptions --option=KMSEnable --value=true
- nbucliuser-!> pdcfg --write= /msdp/data/dp1/pdvol/etc/puredisk/contentrouter.cfg --section=ContentRouter --option=ServerOptions --value=verify_so_references,fast,encrypt
  Repeat this step on all media servers that are associated with the primary server.
Identify yourself to the system by logging on to the NetBackup web application. Run the following command:
sudo /usr/openv/netbackup/bin/bpnbat -login -loginType WEB
Authentication Broker: ApplianceHostname
Authentication Port: 0
Authentication Type: unixpwd
LoginName: Username
Password: Password
Ensure that the KMS is registered with NetBackup Web Service.
sudo /usr/openv/netbackup/bin/nbkmscmd -discoverNbkms
Stop and restart the NetBackup services with the following commands:
- bp.kill_all
- bp.start_all
To verify that KMS encryption for MSDP is enabled on the media server, run a backup job on the server, then run the following command:
crcontrol --getmode