NetBackup™ 10.1 Application Guide
- Product overview
- Release notes
- Geting started
- Creating NetBackup application instances
- Managing NetBackup application instances- Managing application instances from Flex Appliance and NetBackup
- Accessing NetBackup primary and media server instances for management tasks- Managing users on a primary or a media server instance
- Running NetBackup commands on a primary or a media server application instance
- Monitoring NetBackup services on a NetBackup primary server instance
- Mounting an NFS share on a NetBackup primary server instance
- Setting environment variables on primary and media server instances
- Storing custom data on a primary or a media server instance
- Modifying or disabling the nbdeployutil utility on a primary server instance
- Disabling SMB server signing on a media server instance
- Using a primary server instance for disaster recovery
 
- Accessing NetBackup WORM storage server instances for management tasks- Managing users from the deduplication shell- Adding and removing local users from the deduplication shell
- Adding MSDP users from the deduplication shell
- Connecting an Active Directory domain to a WORM storage server for Universal Shares and Instant Access
- Disconnecting an Active Directory domain from the deduplication shell
- Changing a user password from the deduplication shell
 
- Managing VLAN interfaces from the deduplication shell
- Viewing the lockdown mode on a WORM storage server
- Managing the retention policy on a WORM storage server
- Managing images with a retention lock on a WORM storage server
- Auditing WORM retention changes
- Managing certificates from the deduplication shell
- Managing FIPS mode from the deduplication shell
- Encrypting backups from the deduplication shell
- Configuring an isolated recovery environment on a WORM storage server
- Managing an isolated recovery environment on a WORM storage server
- Tuning the MSDP configuration from the deduplication shell
- Setting the MSDP log level from the deduplication shell
- Managing NetBackup services from the deduplication shell- Managing the cyclic redundancy checking (CRC) service
- Managing the content router queue processing (CRQP) service
- Managing the online checking service
- Managing the compaction service
- Managing the deduplication (MSDP) services
- Managing the Storage Platform Web Service (SPWS)
- Managing the Veritas provisioning file system (VPFS) mounts
- Managing the NGINX service
- Managing the SMB service
 
- Monitoring and troubleshooting NetBackup services from the deduplication shell
 
- Managing users from the deduplication shell
 
Importing certificates from the deduplication shell
Use the following procedures to import NetBackup or external certificates from the deduplication shell.
To import a NetBackup certificate
- Open an SSH session to the server as the msdpadm user.
- Run one of the following commands:- To request the NetBackup CA certificate from the primary server: - setting certificate get-CA-certificate - By default, the command uses the first primary server entry in the NetBackup configuration file. You can specify an alternate primary server with the primary_server parameter. For example: - setting certificate get-CA-certificate primary_server=<alternate primary server hostname> 
- To request a host certificate from the primary server: - setting certificate get-certificate [force=true] - Where [force=true] is an optional parameter that overwrites the existing certificate if it already exists. - By default, the command uses the first primary server entry in the NetBackup configuration file. You can specify an alternate primary server with the primary_server parameter. For example: - setting certificate get-certificate primary_server=<alternate primary server hostname> - Depending on the primary server security level, the host may require an authorization or a reissue token. If the command prompts that a token is required for the request, enter the command again with the token for the host ID-based certificate. For example: - setting certificate get-certificate primary_server=<alternate primary server hostname> token=<certificate token> force=true 
 
To import external certificates
- Open an SSH session to the server as the msdpadm user.
- Run one of the following commands:- To download and install both the external CA certificate and the host certificate: - setting certificate install-external-certificates cacert=<trust store> cert=<host certificate> private_key=<key> [passphrase=<passphrase>] scp_host=<host> scp_port=<port> - Where: - <trust store> is the trust store in PEM format. 
- <host certificate> is the X.509 certificate of the host in PEM format. 
- <key> is the RSA private key in PEM format. 
- [passphrase=<passphrase>] is an optional parameter for the passphrase of the private key. This parameter is required if the key is encrypted. 
- <host> is the hostname of the host that stores the external certificates. 
- <port> is the port to connect to on the remote host. 
 
- To download and install the external CA certificate: - setting certificate get-external-CA-certificate cacert=<trust store> scp_host=<host> scp_port=<port> - Where: - <trust store> is the trust store in PEM format. 
- <host> is the hostname of the host that stores the external certificates. 
- <port> is the port to connect to on the remote host. 
 
- To download and install the external host certificate: - setting certificate get-external-certificates cert=<host certificate> private_key=<key> [passphrase=<passphrase>] scp_host=<host> scp_port=<port> - Where: - <host certificate> is the X.509 certificate of the host in PEM format. 
- <key> is the RSA private key in PEM format. 
- [passphrase=<passphrase>] is an optional parameter for the passphrase of the private key. This parameter is required if the key is encrypted. 
- <host> is the hostname of the host that stores the external certificates. 
- <port> is the port to connect to on the remote host. 
 - Note: - If an external host certificate already exists on the server, it is overwritten. 
 
- (Optional) Run the following command to specify the revocation check level for the external certificates: setting certificate set-CRL-check-level check_level=<DISABLE, LEAF, or CHAIN> The check levels are as follows: - DISABLE: The revocation check is disabled. The revocation status of the certificate is not validated against the CRL during host communication. 
- LEAF: The revocation status of the leaf certificate is validated against the CRL. LEAF is the default value. 
- CHAIN: The revocation status of all certificates from the certificate chain is validated against the CRL.