NetBackup™ 10.1.1 Application Guide
- Product overview
- Release notes
- Geting started
- Creating NetBackup application instances
- Managing NetBackup application instances- Managing application instances from Flex Appliance and NetBackup
- Accessing NetBackup primary and media server instances for management tasks- Managing users on a primary or a media server instance
- Running NetBackup commands on a primary or a media server application instance
- Monitoring NetBackup services on a NetBackup primary server instance
- Mounting an NFS share on a NetBackup primary server instance
- Setting environment variables on primary and media server instances
- Storing custom data on a primary or a media server instance
- Modifying or disabling the nbdeployutil utility on a primary server instance
- Disabling SMB server signing on a media server instance
- Enabling extra OS STIG hardening on a primary or a media server instance
- Using a login banner on a primary or a media server instance
- Using a primary server instance for disaster recovery
 
- Accessing NetBackup WORM storage server instances for management tasks- Managing users from the deduplication shell- Adding and removing local users from the deduplication shell
- Adding MSDP users from the deduplication shell
- Connecting an Active Directory domain to a WORM storage server for Universal Shares and Instant Access
- Disconnecting an Active Directory domain from the deduplication shell
- Changing a user password from the deduplication shell
 
- Managing VLAN interfaces from the deduplication shell
- Viewing the lockdown mode on a WORM storage server
- Managing the retention policy on a WORM storage server
- Managing images with a retention lock on a WORM storage server
- Auditing WORM retention changes
- Managing certificates from the deduplication shell
- Managing FIPS mode from the deduplication shell
- Encrypting backups from the deduplication shell
- Configuring an isolated recovery environment on a WORM storage server
- Managing an isolated recovery environment on a WORM storage server
- Tuning the MSDP configuration from the deduplication shell
- Setting the MSDP log level from the deduplication shell
- Managing NetBackup services from the deduplication shell- Managing the cyclic redundancy checking (CRC) service
- Managing the content router queue processing (CRQP) service
- Managing the online checking service
- Managing the compaction service
- Managing the deduplication (MSDP) services
- Managing the Storage Platform Web Service (SPWS)
- Managing the Veritas provisioning file system (VPFS) mounts
- Managing the NGINX service
- Managing the SMB service
 
- Monitoring and troubleshooting NetBackup services from the deduplication shell
 
- Managing users from the deduplication shell
 
Creating a NetBackup WORM storage server instance
NetBackup WORM (Write Once Read Many) storage server instances prevent your data from being encrypted, modified, or deleted. Any data that is saved on these instances is protected with the following security measures:
- Immutability - This protection ensures that the backup image is read-only and cannot be modified, corrupted, or encrypted after backup. 
- Indelibility - This property protects the backup image from being deleted before it expires. The data is protected from malicious deletion. 
See the NetBackup Administrator's Guide, Volume I for more information about WORM storage.
Use the following procedure to create a NetBackup WORM storage server instance on Flex Appliance.
Note:
Your appliance must be in lockdown mode before you can create a WORM storage instance.
See the topic "Changing the lockdown mode" in the Flex Appliance Getting Started and Administration Guide for the steps to enable lockdown mode.
To create a NetBackup WORM storage server instance
- Make sure that the NetBackup WORM storage server application you want to use is located in the repository.
- Perform the following tasks if you have not already:- Configure at least one network interface. You can configure a physical interface, add a VLAN tag, or create a bond. 
- Add at least one tenant. 
- Verify that the appliance is in lockdown mode. You can check or change the lockdown mode from the Lockdown mode page on the Flex Appliance Console. See the topic "Changing the lockdown mode" in the Flex Appliance Getting Started and Administration Guide for details. 
 
- Gather the following information for the new instance: Note: The hostname and IP address must not be in use anywhere else in your domain. - Tenant that you want to assign it to 
- Hostname (maximum of 63 characters including the domain name) 
- IP address 
- Network interface 
- Domain name 
- Name servers 
- Search domains 
- Primary server hostname (must be version 8.3.0.1 or later) 
- Media server hostname if applicable (must be version 8.3.0.1 or later) 
- Username for storage - NetBackup requires this username to connect to the deduplication storage. The username must be between 4 and 30 characters and can include uppercase letters, lowercase letters, and numbers. 
- Password for storage - NetBackup requires this password to connect to the deduplication storage. The password must be between 15 and 32 characters and must include at least one uppercase letter, one lowercase letter, one number, and one special character (_.+~={}?!). - Note: - For this release, the Flex Appliance Console lets you enter other characters, but they are not supported. 
- KMS key group 
- KMS passphrase 
- Certificate Authority (CA) information for one of the following: - For a NetBackup CA: - CA SHA-1 or SHA-256 certificate fingerprint - If the primary server is a Flex instance, you can locate this information from the instance details page of the primary server instance. Click on the instance name under Application instances on the System topology page. - If the primary server is not a Flex instance, see the NetBackup Security and Encryption Guide for the steps to locate this information from NetBackup. 
- (Optional) Token for host ID-based certificate - Depending on the primary server security level, the host may require an authorization or a reissue token. If you do not specify a token when you create the instance, the wizard attempts to automatically obtain the certificate. 
 - For an external CA: - Trust store, in PEM format 
- Host certificate, in PEM format 
- Private key, in PEM format 
- (Optional) Passphrase of the private key - A passphrase is required if the key is encrypted. 
 
- (Optional) Password for host name-based certificate - A host name-based certificate is mandatory if Enhanced Auditing is enabled on the primary server. You can specify the password when you create the instance, or you can deploy the certificate from the primary server later. 
 
- On the primary server, use the nbsetconfig command or manually edit the NetBackup backup configuration file (bp.confon Linux and UNIX, or the Windows registry) to add the following entry:MSDP_SERVER=<MSDP hostname> Where <MSDP hostname> is the hostname of the new WORM storage server instance. 
- If a firewall exists between the primary server and the new instance, open the following ports on the primary server to allow communication:- vnetd: 13724 
- bprd: 13720 
- PBX: 1556 
- If the primary server is a NetBackup appliance that uses TCP, open the following ports: - 443, 5900, and 7578. 
 
- From the System topology page of the Flex Appliance Console, navigate to the Application instances section.
- Click Create instance.
- Select the appropriate storage server application from the repository list that appears, making sure to verify the version number. Click Next.
- Follow the prompts to create the instance. When you are done, you can view the progress in the Activity Monitor, which is accessible from the left pane of the Flex Appliance Console. Note: If you use DNS and the DNS server includes both IPv4 and IPv6 addresses, the instance must be configured with both as well. If you do not want to use DNS or want to bypass DNS for certain hosts, verify that the hostname resolution information is included in the Hosts file entries field. You must include entries for the primary server and any other NetBackup hosts that you want to communicate with the instance. 
- Once the instance has been created successfully, you must change the password from the known default password. To change the password, open an SSH session to the instance and log in with the following credentials:- Username: msdpadm 
- Password: P@ssw0rd 
 Follow the prompt to enter a new password. When the password change is complete, you are logged out. You can log back in with the new password. 
- If you plan to create or already have multiple instances with deduplication storage, Veritas recommends that you tune the MaxCacheSize according to the following guidelines:- On each instance, allocate .75 GB to 1 GB of RAM for each TiB of storage that is allocated to deduplication on the instance. For example, if the storage pool has 80 TiB allocated, the MaxCacheSize should be 60 GB to 80 GB of RAM. 
- The sum of the MaxCacheSize for all instances with deduplication storage should not exceed 70% of the physical RAM on the appliance. 
 To tune the deduplication MaxCacheSize on this instance: - From the SSH session, run the following command on the instance: - setting set-MSDP-param max-fp-cache-size value=<percent%> - Where <percent%> is the percentage of the appliance RAM to use for the cache on the instance. 
- Restart the dedupe process with the following commands: - dedupe MSDP stop - dedupe MSDP start 
 
- The appliance automatically creates a PureDisk storage server for the WORM storage instance that has the same name as the instance. Do one of the following to create a disk pool on that storage server:- From the NetBackup Administration Console, select either NetBackup Management or Media and Device Management, then click Configure Disk Pool in the right pane. Follow the prompts to configure the disk pool. 
- From the NetBackup web UI, click Storage, click the Disk pools tab, and then click Add. Follow the prompts to configure the disk pool. 
 
- Do one of the following to  create a deduplication storage unit for your instance:- From the NetBackup Administration Console, expand NetBackup Management > Storage > Storage Units, then click New > Storage Unit. Complete the fields and select the Use WORM check box. 
- From the NetBackup web UI, click Storage, navigate to the Storage Units tab, and then click Add. Follow the prompts and make sure that the Enable WORM option is activated. 
 
You are ready to create a backup policy and start using your WORM storage instance. See the NetBackup documentation for more information.
More Information
Managing application instances from Flex Appliance and NetBackup