NetBackup™ 10.1.1 Application Guide

Last Published:
Product(s): Appliances (3.3, 3.2, 3.1, 3.0)
Platform: Flex Appliance OS
  1. Product overview
    1.  
      Introduction to NetBackup applications for Flex Appliance
    2.  
      About the Flex Appliance documentation
  2. Release notes
    1.  
      NetBackup 10.1.1 application new features, enhancements, and changes
    2.  
      Supported upgrade paths to this release
    3.  
      Operational notes
  3. Geting started
    1.  
      Prerequisites before you can create NetBackup application instances
    2.  
      Installing the NetBackup Administration Console and client packages
  4. Creating NetBackup application instances
    1. Creating application instances
      1.  
        Creating a NetBackup primary server instance
      2.  
        Creating a NetBackup media server instance
      3.  
        Creating a NetBackup WORM storage server instance
  5. Managing NetBackup application instances
    1.  
      Managing application instances from Flex Appliance and NetBackup
    2. Accessing NetBackup primary and media server instances for management tasks
      1. Managing users on a primary or a media server instance
        1.  
          Adding and removing local users on a primary or a media server instance
        2.  
          Connecting an Active Directory user domain to a primary or a media server instance
        3.  
          Connecting an LDAP user domain to a primary or a media server instance
        4.  
          Changing a user password on a primary or a media server instance
      2. Running NetBackup commands on a primary or a media server application instance
        1.  
          Creating a NetBackup touch file on a primary or a media server application instance
        2.  
          Installing NetBackup notify scripts on a primary or a media server application instance
      3.  
        Monitoring NetBackup services on a NetBackup primary server instance
      4.  
        Mounting an NFS share on a NetBackup primary server instance
      5.  
        Setting environment variables on primary and media server instances
      6.  
        Storing custom data on a primary or a media server instance
      7.  
        Modifying or disabling the nbdeployutil utility on a primary server instance
      8.  
        Disabling SMB server signing on a media server instance
      9.  
        Enabling extra OS STIG hardening on a primary or a media server instance
      10.  
        Using a login banner on a primary or a media server instance
      11.  
        Using a primary server instance for disaster recovery
    3. Accessing NetBackup WORM storage server instances for management tasks
      1. Managing users from the deduplication shell
        1.  
          Adding and removing local users from the deduplication shell
        2.  
          Adding MSDP users from the deduplication shell
        3.  
          Connecting an Active Directory domain to a WORM storage server for Universal Shares and Instant Access
        4.  
          Disconnecting an Active Directory domain from the deduplication shell
        5.  
          Changing a user password from the deduplication shell
      2.  
        Managing VLAN interfaces from the deduplication shell
      3.  
        Viewing the lockdown mode on a WORM storage server
      4.  
        Managing the retention policy on a WORM storage server
      5.  
        Managing images with a retention lock on a WORM storage server
      6.  
        Auditing WORM retention changes
      7. Managing certificates from the deduplication shell
        1.  
          Viewing the certificate details from the deduplication shell
        2.  
          Importing certificates from the deduplication shell
        3.  
          Removing certificates from the deduplication shell
      8.  
        Managing FIPS mode from the deduplication shell
      9.  
        Encrypting backups from the deduplication shell
      10. Configuring an isolated recovery environment on a WORM storage server
        1.  
          Configuring data transmission between a production environment and an IRE WORM storage server
      11.  
        Managing an isolated recovery environment on a WORM storage server
      12.  
        Tuning the MSDP configuration from the deduplication shell
      13.  
        Setting the MSDP log level from the deduplication shell
      14. Managing NetBackup services from the deduplication shell
        1.  
          Managing the cyclic redundancy checking (CRC) service
        2.  
          Managing the content router queue processing (CRQP) service
        3.  
          Managing the online checking service
        4.  
          Managing the compaction service
        5.  
          Managing the deduplication (MSDP) services
        6.  
          Managing the Storage Platform Web Service (SPWS)
        7.  
          Managing the Veritas provisioning file system (VPFS) mounts
        8.  
          Managing the NGINX service
        9.  
          Managing the SMB service
      15. Monitoring and troubleshooting NetBackup services from the deduplication shell
        1.  
          About the support command

Importing certificates from the deduplication shell

Use the following procedures to import NetBackup or external certificates from the deduplication shell.

Importing a NetBackup certificate

To import a NetBackup certificate

  1. Open an SSH session to the server as the msdpadm user.
  2. Run one of the following commands:

    • To request the NetBackup CA certificate from the primary server:

      setting certificate get-CA-certificate

      By default, the command uses the first primary server entry in the NetBackup configuration file. You can specify an alternate primary server with the primary_server parameter. For example:

      setting certificate get-CA-certificate primary_server=<alternate primary server hostname>

    • To request a host certificate from the primary server:

      setting certificate get-certificate [force=true]

      Where [force=true] is an optional parameter that overwrites the existing certificate if it already exists.

      By default, the command uses the first primary server entry in the NetBackup configuration file. You can specify an alternate primary server with the primary_server parameter. For example:

      setting certificate get-certificate primary_server=<alternate primary server hostname>

      Depending on the primary server security level, the host may require an authorization or a reissue token. If the command prompts that a token is required for the request, enter the command again with the token for the host ID-based certificate. For example:

      setting certificate get-certificate primary_server=<alternate primary server hostname> token=<certificate token> force=true

Importing external certificates

To import external certificates

  1. Open an SSH session to the server as the msdpadm user.
  2. Run one of the following commands:

    • To download and install both the external CA certificate and the host certificate:

      setting certificate install-external-certificates cacert=<trust store> cert=<host certificate> private_key=<key> [passphrase=<passphrase>] scp_host=<host> scp_port=<port>

      Where:

      • <trust store> is the trust store in PEM format.

      • <host certificate> is the X.509 certificate of the host in PEM format.

      • <key> is the RSA private key in PEM format.

      • [passphrase=<passphrase>] is an optional parameter for the passphrase of the private key. This parameter is required if the key is encrypted.

      • <host> is the hostname of the host that stores the external certificates.

      • <port> is the port to connect to on the remote host.

    • To download and install the external CA certificate:

      setting certificate get-external-CA-certificate cacert=<trust store> scp_host=<host> scp_port=<port>

      Where:

      • <trust store> is the trust store in PEM format.

      • <host> is the hostname of the host that stores the external certificates.

      • <port> is the port to connect to on the remote host.

    • To download and install the external host certificate:

      setting certificate get-external-certificates cert=<host certificate> private_key=<key> [passphrase=<passphrase>] scp_host=<host> scp_port=<port>

      Where:

      • <host certificate> is the X.509 certificate of the host in PEM format.

      • <key> is the RSA private key in PEM format.

      • [passphrase=<passphrase>] is an optional parameter for the passphrase of the private key. This parameter is required if the key is encrypted.

      • <host> is the hostname of the host that stores the external certificates.

      • <port> is the port to connect to on the remote host.

      Note:

      If an external host certificate already exists on the server, it is overwritten.

  3. (Optional) Run the following command to specify the revocation check level for the external certificates:

    setting certificate set-CRL-check-level check_level=<DISABLE, LEAF, or CHAIN>

    The check levels are as follows:

    • DISABLE: The revocation check is disabled. The revocation status of the certificate is not validated against the CRL during host communication.

    • LEAF: The revocation status of the leaf certificate is validated against the CRL. LEAF is the default value.

    • CHAIN: The revocation status of all certificates from the certificate chain is validated against the CRL.