Veritas NetBackup™ for Microsoft Azure Stack Administrator's Guide

Last Published:
Product(s): NetBackup (9.0.0.1, 9.0)
  1. Introduction
    1.  
      Protecting Microsoft Azure Stack VMs using NetBackup
    2.  
      Backing up Microsoft Azure Stack VMs
    3.  
      Restoring Microsoft Azure Stack VMs
    4.  
      Managed disk VM
    5.  
      NetBackup for Microsoft Azure Stack terminologies
  2. Pre-requisites for configuring the Microsoft Azure Stack plug-in for NetBackup
    1.  
      Operating system and platform compatibility
    2.  
      License for Microsoft Azure Stack plug-in for NetBackup
    3.  
      Settings for Backup host in IPV6 setup
    4.  
      Time Sync with Azure Stack
    5.  
      About deployment of NetBackup to protect Microsoft Azure Stack
  3. Configuring NetBackup and Microsoft Azure Stack
    1.  
      Overview of configuring NetBackup and Microsoft Azure Stack
    2. Managing backup hosts
      1.  
        Whitelisting a backup host on NetBackup master server
    3.  
      Adding a Microsoft Azure Stack custom role to provide access permissions to NetBackup administrator
    4. Configuring the Microsoft Azure plug-in using the azurestack.conf configuration file
      1.  
        Whitelisting the configuration file path on NetBackup master server
    5. Creating a file that contains Microsoft Azure Stack credentials
      1.  
        Configuring proxy settings for communication with Microsoft Azure Stack AAD authentication
    6.  
      Adding Microsoft Azure Stack credentials in NetBackup
    7.  
      Creating a BigData policy for Microsoft Azure Stack using the NetBackup Policies utility
    8.  
      Stale Snapshot cleanup
  4. Performing backups and restores of Microsoft Azure Stack
    1.  
      About backing up Microsoft Azure virtual machines
    2.  
      About restoring Microsoft Azure Stack virtual machines
    3. About the restore scenarios for Microsoft Azure Stack VMs from the BAR interface
      1.  
        Considerations for Microsoft Azure Stack VM restore and recovery
    4.  
      Using the BAR interface to restore an Microsoft Azure Stack VM at the same location
    5.  
      Using the bprestore command to restore Microsoft Azure Stack VM at the same location
    6.  
      Using the BAR interface to restore an Microsoft Azure Stack VM to different location
    7. Using the BAR interface to restore an Microsoft Azure Stack VM with modified metadata at a different location
      1.  
        Conversion of Unmanaged disk VM to Managed disk VM
      2.  
        Conversion of Unmanaged disk VM backed up using old plugin to Managed disk VM
    8.  
      Using the bprestore command to restore Microsoft Azure VM with modified metadata to an alternate location
    9.  
      Using the bprestore command to restore Microsoft Azure Stack VM with modified metadata to an alternate region
  5. Troubleshooting
    1.  
      About NetBackup for Microsoft Azure debug logging
    2.  
      Known limitations for Microsoft Azure protection using NetBackup
    3.  
      Backup fails with error 6662
    4.  
      Backup fails with error 6661
    5.  
      Backup fails with error 6646
    6.  
      Backup fails with error 6629
    7.  
      Backup fails with error 6626
    8.  
      Backup fails with error 6630
    9.  
      Restore fails with error 2850
    10.  
      Backup fails with error 1
    11.  
      Adding Azure Stack credentials to NetBackup fails with error 9101
    12.  
      Adding Azure Stack credentials to NetBackup fails with error 7610

Creating a file that contains Microsoft Azure Stack credentials

To communicate with Microsoft Azure Stack, the plug-in must have access to the Microsoft Azure Stack credentials. The credentials must be stored in a file on the NetBackup master server. The credentials are stored in an encrypted format and the plug-in securely accesses the information.

To create a file with the Microsoft Azure Stack credentials on the master server:

  • At any location on the master server, created a file with a JSON format.

    For example, you can create a file named azurestack.creds in the /usr/openv/var/global/ directory.

  • Open the file and add the following content:

    {
    "IdentityProvider":"ADFS",
    "TenantId":"tenant.domain.com",
    "ClientId":"1950a258-227b-4e31-a9cf-717495945fc2",
    "ClientSecret":"client_secret",
    "AuthResource":
    "https://management.adfs.azurestack.local/metadata/a6ad92e4-5b80-4c88-b84f-a7f25c12ba27",
    "teststorageac1":
    "9ghIt35bQeSvjZxXUPj8LinMs6aXPb2tMFjXVIG6N2v2FO6LRg+HzLz2LX1xR/qRkQYwNPIaE/v+QnUovzaKpQ==",
    "rg1disks540":
    "R6Lu3buXZ4HVtRTrNEHzzJqo2gShjQytfjX1hRkvfqMVWnvKWmEt2CUfmhlbxI7JCE0Gh5TKA9r3I88eit2FdA==",
    "StorageAccount3":"asasdlfkjaasdfasdfasdfasdf09sd8fhaopisdfbanpsdf98asdfpusadf====",
    "StorageAccount11":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==",
    "StorageAccount19":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==",
    "StorageAccount121":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==",
    "StorageAccount13":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==",
    "StorageAccount14":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd==",
    "StorageAccount12":"90asdfasdfasdfasd-98fha-sdf98asdb-fau9bsdf-auy8svfasd=="
    ...
    }
    

    Note:

    The StorageAccount details are required if FETCH_STORAGE_KEYS = false in the azurestack.conf file.

    Option

    Identity Provider

    Description

    IdentityProvider

    AAD and ADFS

    Values can be either ADFS (Active Directory Federation Services) or AAD (Azure Active Directory).

    TenantId

    AAD

    Value is the tenant domain. For example, "tenant.onmicrosoft.com".

    See Obtaining the TenantId value for AAD.

    ClientId

    ADFS

    Value is 1950a258-227b-4e31-a9cf-717495945fc2.

    AAD

    Value is the application ID of the service principal that has the NetBackup backup and recovery role for the subscriptions that NetBackup must protect.

    See Obtaining the ClientId value for AAD.

    ClientSecret

    AAD

    Value is the client secret of the service principal that has the NetBackup backup and recovery role for the subscriptions that NetBackup must protect.

    See Obtaining the ClientSecret value for AAD.

    AuthResource

    AAD and ADFS

    Value of the key audiences that is obtained by opening the following URL in a web browser:

    https://managment.{region}.{azurestackFQDN}/metadata/endpoints?api-version=2015-01-01

    For example:

    https://management.eng.azurestack.veritas.com/metadata/endpoints?api-version=2015-01-01

    The URL returns a JSON value that is the value of the key audiences.

    StorageAccount

    AAD and ADFS

    The storage account with the access key.

    If the value of fetchStorageKeys in the azurestack.conf file is false, then you must add this option.

Obtaining the TenantId value for AAD
  1. Sign in to https://portal.azure.com.

  2. Open Azure Active Directory > Properties and locate the Directory ID that is the TenantId.

Obtaining the ClientId value for AAD

To obtain the ClientId value, you must create a new service principal or use an existing service principal.

  1. Sign in to https://portal.azure.com.

  2. Open Azure Active Directory > App registrations.

  3. In the Search by name or AppID field, search for NBU-ASTK-1 and click the service principal Display Name in the results.

  4. Use any of the following steps to get the ClientID:

    • Open Settings and locate and copy Application ID that is the ClientId.

    • Open Properties and locate and copy Application ID that is the ClientId.

Obtaining the ClientSecret value for AAD

To obtain the ClientSecret value, you must create a new service principal or use an existing service principal.

  1. Sign in to https://portal.azure.com.

  2. Open Azure Active Directory > App registrations > New application registration.

  3. Create an application with the Name as NBU-ASTK-1.

    Select the Application Type as Web App / API.

    Enter the Sign-on URL as https://astk.nbu.com.

    Click Create.

  4. Open Azure Active Directory > App registrations.

  5. In the Search by name or AppID field, search for NBU-ASTK-1 and click the service principal Display Name in the results.

  6. Open Settings > Keys and add a new password information as follows and then save:

    Description: Credential_1

    Expires: Never

    Value: seedvalue_1

  7. Value displayed is the ClientSecret. The value is displayed only once. If you close the window, the value is not displayed again.