Veritas NetBackup™ Read This First Guide for Secure Communications
- NetBackup Read This First for Secure Communications
- About secure communications in NetBackup
- How host ID-based certificates are deployed during installation
- How certificates are deployed on hosts during upgrades
- How secure communication works with master server cluster nodes
- When an authorization token is required during certificate deployment
- Why do you need to map host names (or IP addresses) to host IDs
- How to reset host attributes or host communication status
- What has changed for catalog recovery
- What has changed with Auto Image Replication
- How the hosts with revoked certificates work
- How communication happens when a host cannot directly connect to the master server
- Are security certificates backed up
- How communication with legacy media servers happens in the case of cloud configuration
- How NetBackup 8.1 hosts communicate with NetBackup 8.0 and earlier hosts
- Communication failure scenarios
- Secure communication support for other hosts in NetBackup domain
How host ID-based certificates are deployed during installation
The following diagram illustrates how certificates are deployed on hosts during installation:
Host ID-based certificate deployment occurs in the following order:
A host ID-based certificate is automatically deployed on the NetBackup master server during installation. The master server is the CA.
A host ID-based certificate is deployed on Host 1 during installation after confirming the CA fingerprint that is made available by the installation wizard or the script.
An authorization token is not required because the certificate deployment security level on the master server is set to High and Host 1 is known to the master server.
Note:
A fingerprint is used to authenticate the CA of the master server before it is added to the trust store of a host. The master server administrator communicates the CA fingerprint to the host administrators by email or file, or publishes it on a website.
Note:
An authorization token is used as a mechanism to authorize a host's certificate request that is sent to the NetBackup master server. An authorization token is confidential and only the master server administrator can create it. The master server administrator then passes it on to the administrator of the host where you want to deploy a certificate. A reissue token is a special authorization token that is used to redeploy a certificate on a host to which a certificate was previously issued.
If you continued with the NetBackup installation without confirming the master server fingerprint, you need to carry out manual steps before backups and restores can occur.
A host ID-based certificate is deployed on Host 2 during installation after the master server fingerprint is confirmed. An authorization token is required, because the certificate deployment security level on the master server is set to High and Host 2 is not known to the master server.