NetBackup™ Web UI Security Administrator's Guide
- Introducing the NetBackup web user interface
- Managing role-based access control
- Steps to create an object group
- Adding AD or LDAP domains
- Security events and audit logs
- Managing hosts
- Managing security certificates
- Managing NetBackup security certificates
- Using external security certificates with NetBackup
- Managing user sessions
- Managing master server security settings
- Creating and using API keys
- Configuring smart card authentication
- Troubleshooting access to the web UI
- Unable to add AD or LDAP domains with the vssat command
Select a security level for NetBackup certificate deployment
NetBackup offers several security levels for the NetBackup certificate deployment. The security level determines what security checks the NetBackup certificate authority (CA) performs before it issues a certificate to a NetBackup host. The level also determines how frequently the Certificate Revocation List (CRL) for the NetBackup CA is refreshed on the host.
More details are available for security levels, NetBackup certificate deployment, and the NetBackup CRL:
To select a security level for NetBackup certificate deployment
- At the top, click Settings > Global security.
- Click Secure communication.
- For Security level for NetBackup certificate deployment, select a security level.
If you choose to use NetBackup certificates, they are deployed on hosts during installation, after the host's administrator confirms the master server fingerprint. The security level determines if an authorization token is required or not for a host.
NetBackup requires an authorization token for every new NetBackup certificate request.
NetBackup does not require an authorization token if the host is known to the master server, which means the host appears in a NetBackup configuration file, the EMM database, a backup policy, or the host is a legacy client.
NetBackup issues NetBackup certificates without an authorization token if the master server can resolve the host name to the IP address from which the request was originated.
- Click Save.