Veritas NetBackup™ Flex Scale Administrator's Guide

Last Published:
Product(s): Appliances (1.3)
Platform: NetBackup Flex Scale OS
  1. Product overview
    1.  
      About Veritas NetBackup™ Flex Scale
  2. Viewing information about the NetBackup Flex Scale cluster environment
    1.  
      About the NetBackup Flex Scale management console
    2.  
      About the Dashboard view
    3.  
      Accessing the NetBackup web user interface on the appliance
    4.  
      Working with NetBackup Flex Scale APIs
  3. NetBackup Flex Scale infrastructure management
    1. User management
      1.  
        Considerations for managing NetBackup Flex Scale users
      2.  
        Adding users
      3.  
        Removing users
    2.  
      Directory services and certificate management
    3.  
      Region settings management
    4.  
      About NetBackup Flex Scale storage
    5. Node and disk management
      1.  
        NetBackup Flex Scale network cabling
      2. Adding a node to the cluster using the NetBackup Flex Scale web interface
        1.  
          Considerations for adding a node when disaster recovery is configured
      3.  
        Adding a node using the REST APIs
      4.  
        Replacing a node in a cluster
      5.  
        Starting and stopping nodes
      6.  
        Replacing a disk
      7.  
        Viewing disk details
      8.  
        Viewing node details
    6. License management
      1.  
        Adding or removing storage licenses
      2.  
        Adding NetBackup licenses
  4. NetBackup Flex Scale network management
    1.  
      About network management
    2.  
      Modifying DNS settings
    3.  
      About bonding Ethernet interfaces
    4. Bonding operations
      1.  
        Creating a bond
      2.  
        Modifying a bond
      3.  
        Removing a bond
    5. Data network configurations
      1. Network configuration on plain device (eth5)
        1.  
          Adding a data network
        2.  
          Modifying a data network
        3.  
          Deleting a data network
      2.  
        Network configuration on VLAN (eth5)
      3. Network configuration on bonded interfaces (bond0 on eth5 and eth7)
        1.  
          Adding a data network
      4.  
        VLAN on bond of eth5 and eth7 (bond0)
      5.  
        Support for multiple VLAN when disaster recovery is configured
  5. NetBackup Flex Scale infrastructure monitoring
    1. About alert management
      1.  
        Viewing information about alerts
      2.  
        Managing alerts
    2. About event notification
      1.  
        Purging events
    3. About AutoSupport and Call Home
      1.  
        Setting up email alerts
      2.  
        Setting up SNMP alerts
      3.  
        Configuring Call Home settings
    4.  
      Monitoring hardware components
  6. Resiliency in NetBackup Flex Scale
    1.  
      Erasure coding in NetBackup Flex Scale
    2.  
      High availability of the NetBackup master service
    3.  
      NetBackup catalog protection
    4.  
      NetBackup master service catalog protection using checkpoints
  7. Site-based disaster recovery in NetBackup Flex Scale
    1.  
      About site-based disaster recovery in NetBackup Flex Scale
    2.  
      Establishing trust and setting up authentication
    3.  
      Configuring disaster recovery
    4.  
      Managing disaster recovery
    5.  
      Clearing the host cache
    6.  
      NetBackup optimized duplication using Storage Lifecycle Policies
  8. NetBackup Flex Scale security
    1.  
      STIG overview for NetBackup Flex Scale
    2.  
      STIG-compliant password policy rules
    3.  
      Enabling STIG for NetBackup Flex Scale
    4.  
      Viewing the NetBackup Flex Scale STIG status
    5.  
      FIPS overview for NetBackup Flex Scale
    6.  
      Viewing the NetBackup Flex Scale FIPS status
  9. Troubleshooting
    1.  
      Services management
    2. Collecting logs for cluster nodes
      1.  
        Uploading logs to Veritas Support
      2.  
        Downloading logs
    3. Troubleshooting NetBackup Flex Scale issues
      1.  
        If cluster configuration fails (for example because an IP address that was already in use is specified) and you try to reconfigure the cluster, the UI displays an error but the configuration process continues to run
    4.  
      Validation error while adding VMware credentials to NetBackup
    5.  
      NetBackup Web UI incorrectly displays some NetBackup Flex Scale processes as failed
  10. Appendix A. Configuring NetBackup optimized duplication
    1. Configuring a Storage Lifecycle Policy for optimized duplication
      1.  
        Creating a Storage Lifecycle Policy for optimized duplication
      2.  
        Configuring a policy to use an SLP
      3.  
        Updating the policy to reverse the replication direction
  11. Appendix B. Disaster recovery terminologies
    1.  
      VVR technology in disaster recovery
    2.  
      About response fields in the GET disaster recovery API

Enabling STIG for NetBackup Flex Scale

With NetBackup Flex Scale version 1.3, you can enable STIG hardening rules for increased security. These rules are based on the following profile from the Defense Information Systems Agency (DISA):

STIG for Red Hat Enterprise Linux 7 Server - Version 0.1.43

After the STIG option is enabled:

  • A STIG-compliant password policy is automatically enforced. All current user passwords that were created under the default password policy remain valid. Once a password expires, you must follow the STIG-compliant policy rules when you change the password.

    See STIG-compliant password policy rules.

Review the following guidelines before enabling STIG:

  • When you enable STIG, the STIG option is configured for all the nodes in a cluster. The cluster must be configured before you enable the STIG option.

  • The STIG option does not allow individual rule control.

  • Before you enable STIG, it is recommended that you complete the following prerequisites. However, not completing the prerequisites does not prevent you from enabling STIG. You can complete these requirements after you enable the STIG option.

    • Configure two NTP servers to synchronize the time across cluster nodes.

    • Configure two DNS servers for the cluster.

    • Configure an SMTP server to enable notifications.

  • After the STIG option is enabled, a factory reset is required to disable the associated rules. You cannot disable the option using the UI or the REST APIs.

  • Veritas recommends that you do not perform any other tasks while the STIG operation is in progress.

  • If site-based disaster recovery is configured, ensure that both the primary and the secondary clusters have similar STIG configuration. If STIG is enabled for the primary cluster, the STIG option must be enabled for the secondary cluster. Similarly, if STIG is not enabled for the primary cluster, do not enable STIG for the secondary cluster.

Enabling STIG using the NetBackup Flex Scale web interface

To enable the STIG hardening rules, complete the following steps:

  1. Use any one of the following options to log in using the user account that you created when you configured the cluster:
    • Using an user account with an Appliance Administrator and NetBackup Administrator role, log in to the NetBackup web interface https://ManagementServerIPorFQDN where ManagementServerIPorFQDN is the public IP address that you specified for the NetBackup Flex Scale management server and API gateway during the cluster configuration, and then in the left pane click Appliance management.

    • Using an user account with an Appliance Administrator role, log in to the NetBackup Flex Scale web interface https://ManagementServerIPorFQDN:14161 where ManagementServerIPorFQDN is the public IP address that you specified for the NetBackup Flex Scale management server and API gateway during the cluster configuration.

  2. In the navigation pane, click Settings.
  3. Click Security.
  4. On the STIG tab, click Enable STIG.

    If the prerequisites are not met, you are prompted to resolve the errors. However you can choose to ignore these errors and proceed by clicking Continue. You can complete the prerequisites later after you enable the STIG option. If the requirements are met, review the displayed guidelines and click Enable.

    Note:

    Do not perform any other tasks until the STIG enable operation is complete.

  5. To monitor the progress, click View details on the Security page. The ongoing and completed tasks for the operation are also displayed in Recent activity.

    After the operation is complete, you can view the STIG status for all the cluster nodes. If STIG is enabled for a node, the status is displayed as Enabled. If the STIG option cannot be enabled for a node the status is displayed as Not Enabled and if the node status cannot be retrieved because the node is stopped, shut down, or not reachable, the status is displayed as Unknown.

    For nodes that display Unknown status, you can enable the STIG option again or wait for the node to automatically synchronize its status with the cluster after the node is up.

You can use the following API to enable STIG:

PATCH /api/appliance/v1.0/security/stig

You can find the RESTl APIs at https://ManagementServerIPorFQDN:14161/swagger/infra/v1.0/ where ManagementServerIPorFQDN is the public IP address or FQDN that you specified for the management server and API gateway during the cluster configuration. For more details about the APIs, see the NetBackup Flex Scale APIs on SORT.