Veritas NetBackup™ for Nutanix Acropolis Hypervisor (AHV) Administrator's Guide
- Introduction to NetBackup for Acropolis Hypervisor (AHV)
- Prerequisites and things to consider before using the plug-in
- Downloading and installing the Nutanix plug-in
- Configuring NetBackup communication with AHV
- Configuring secure communication between the Nutanix Acropolis Hypervisor server and NetBackup host
- Managing SSL certificates through ECA framework
- Adding a backup host to the NetBackup master server
- Configuring NetBackup policies for AHV
- Backup and recovery
- Back up the Nutanix AHV virtual machines
- Overview of the Nutanix AHV virtual machines recovery process
- Recovering a Nutanix AHV VM using the command line for Hypervisor policy
- Troubleshooting issues
- Appendix A. NetBackup commands to backup and restore Nutanix AHV virtual machines
- Appendix B. Protect Nutanix AHV virtual machines with BigData policy
Configuring secure communication between the Nutanix Acropolis Hypervisor server and NetBackup host
NetBackup provides configuration settings through a Nutanix specific configuration file
nb_nutanix-ahv.conf to validate the certificate that the Acropolis Hypervisor server returns during the communication.
NetBackup also supports peer certificate validation for all virtualization servers like VMware, RHV Manager, and Nutanix Acropolis Cluster through a common External Certificate Authority (ECA) framework. This common framework can work with single set of configuration parameters for all virtualization workloads and provides additional validations like certificate revocation lists.
Both these frameworks require a certificate bundle on each backup host that can contain certificates from one or more Certificate Authorities (CAs). In absence of centralized CAs, even self-signed certificates from different servers can be added to this bundle.
From the NetBackup Nutanix AHV plug-in for Hypervisor policy 8.2 release, to enable SSL validation you must configure both the sets of parameters as follows:
Add the required parameters in the Nutanix AHV configuration file.
For more information, see the following sections:
Set the common external CA parameters in NetBackup.
Both the certificate bundle path variables that are specified in
bp.conf respectively can point to same PEM file, or to different PEM files as per user convenience.
Note that when you configure the SSL parameters in NetBackup, you must ensure that the values that you provide for the following options matches with the Acropolis cluster name that is present in the Nutanix SSL certificate:
name while adding the Acropolis Cluster credentials in NetBackup
Application_Server parameter while configuring the backup policy
If you use the default certificates from Nutanix that contain the Common Name field as CN=*.nutanix.local, NetBackup might fail the SSL validations and not let you backup the AHV VMs. In this scenario, skip the SSL validations. If you want to skip certificate validation, set enable_ssl_validations to false in nb_nutanix-ahv.conf. You can then skip rest of this section, and See Adding the Nutanix Acropolis Cluster credentials for NetBackup.