Veritas NetBackup™ for Nutanix Acropolis Hypervisor (AHV) Administrator's Guide
- Introduction to NetBackup for Acropolis Hypervisor (AHV)
- Prerequisites, notes, and restrictions
- Configuring NetBackup communication with AHV
- Adding a backup host to the NetBackup master server
- Managing SSL certificates
- Configuring NetBackup policies for AHV
- Backup and recovery
- Back up the Nutanix AHV virtual machines
- Overview of the Nutanix AHV virtual machines recovery process
- Recovering a Nutanix AHV VM using the Backup, Archive, and Restore console
- Recovering a Nutanix AHV VM using the command line
- Troubleshooting issues
- Appendix A. NetBackup commands to backup and restore Nutanix AHV virtual machines
Managing SSL certificates
This section describes the various ways to manage SSL certificates with NetBackup for AHV.
The Nutanix Acropolis cluster comes with its default certificate. For detailed information about Nutanix certificates, refer to the Nutanix documentation.
You may use the default Nutanix certificate or you may choose to install one of the following certificates on the Nutanix Acropolis cluster:
Self-signed certificates in the Nutanix Cluster.
Certificates that are signed from a known Certificate Authority (CA)
When the backup host connects to the Nutanix Acropolis cluster, NetBackup validates the SSL certificates that are installed on your system.
As part of SSL validations, NetBackup conducts peer and host validations. NetBackup tries to locate the public certificates that may be placed in the certificate bundle of the operating system. It is likely that the certificate bundle of the operating system is not updated or that the certificates signed from a CA might have expired. To address such issues, you can download the latest certificate bundle for your operating system.
You may also create a certificate bundle for your self-signed certificate.
You may disable the SSL validations depending upon the type of certificate that you have installed. You can disable SSL validations using the
nb_nutanix-ahv.conf file. This configuration file is bundled with NetBackup and it is located in the
usr/openv/netbackup directory on the backup host.
To let NetBackup access the latest SSL certificates, specify the path to the certificate file in the
nb_nutanix-ahv.conf file using the cert_authority_file parameter.
The following topics discuss the implications of using various forms of SSL certificate with NetBackup.
If you use the default certificates from Nutanix, NetBackup may fail SSL validations and not let you backup AHV virtual machines. To disable SSL validations, edit the
nb_nutanix-ahv.conf file and set the enable_ssl_validations to false.
If you use self-signed certificates, ensure that the following are met:
When you create a Application_Server parameter matches the Acropolis cluster name that is present in the SSL certificate.policy, the value that you provide in the
Self-signed public certificates are present in the backup host. Use the cert_authority_file parameter in the
nb_nutanix-ahv.confto specify the path to the local certificate bundle.
If you use certificates signed from a known certificate authority, ensure that the following is met:
When you create a Application_Server parameter matches the Acropolis cluster name present in the SSL certificate.policy, the value that you provide in the
The SSL root certificates along with intermediate Certificate Authority (if any) are present on the backup host. NetBackup uses these certificates to validate the SSL connection with the Nutanix Acropolis cluster.
The certificate bundle on your operating system may expire. This can also fail backups. Therefore, update the default certificate paths on your operating system with the latest certificate bundles.
You may have chosen to download and install certificate bundles from different sources. In such case, you can use the cert_authority_file parameter in the
nb_nutanix-ahv.confto specify the file name (along with the path) to your certificate bundle.
See About the nb_nutanix-ahv configuration file.