Please enter search query.
Search <book_title>...
Important Update: Cohesity Products Documentation
All Cohesity product documentation are now managed via the Cohesity Docs Portal: https://docs.cohesity.com/HomePage/Content/home.htm. Some documentation available here may not reflect the latest information or may no longer be accessible.
NetBackup™ Snapshot Manager 安装和升级指南
Last Published:
2023-04-28
Product(s):
NetBackup (10.2)
- 简介
- 第 I 部分. NetBackup Snapshot Manager 安装和配置
- 准备 NetBackup Snapshot Manager 安装
- 使用容器映像部署 NetBackup Snapshot Manager
- 部署 NetBackup Snapshot Manager 扩展
- 开始安装 NetBackup Snapshot Manager 扩展前
- 下载 NetBackup Snapshot Manager 扩展
- 在 VM 上安装 NetBackup Snapshot Manager 扩展
- 在 Azure 中的托管 Kubernetes 群集 (AKS) 上安装 NetBackup Snapshot Manager 扩展
- 在 AWS 中的托管 Kubernetes 群集 (EKS) 上安装 NetBackup Snapshot Manager 扩展
- 在 GCP 中的托管 Kubernetes 群集 (GKE) 上安装 NetBackup Snapshot Manager 扩展
- 使用 Kustomize 和 CR YAML 安装扩展
- 管理扩展
- NetBackup Snapshot Manager 云提供商
- 用于保护云主机/VM 上资产的配置
- NetBackup Snapshot Manager 资产保护
- NetBackup Snapshot Manager 中的卷加密
- NetBackup Snapshot Manager 安全性
- 第 II 部分. NetBackup Snapshot Manager 维护
- NetBackup Snapshot Manager 日志记录
- 升级 NetBackup Snapshot Manager
- 卸载 NetBackup Snapshot Manager
- 准备卸载 NetBackup Snapshot Manager
- 备份 NetBackup Snapshot Manager
- 取消配置 NetBackup Snapshot Manager 插件
- 取消配置 NetBackup Snapshot Manager 代理
- 删除 NetBackup Snapshot Manager 代理
- 从独立 Docker 主机环境中删除 NetBackup Snapshot Manager
- 删除 NetBackup Snapshot Manager 扩展 - 基于 VM 或基于托管 Kubernetes 群集
- 还原 NetBackup Snapshot Manager
- 对 NetBackup Snapshot Manager 进行故障排除
在 Microsoft Azure 上配置权限
NetBackup Snapshot Manager 必须有权访问 Microsoft Azure 资产,然后才能保护这些资产。您必须关联 NetBackup Snapshot Manager 用户可用于处理 Azure 资产的自定义角色。
以下是自定义角色定义(JSON 格式),它使 NetBackup Snapshot Manager 能够执行以下操作:
配置 Azure 插件和发现资产。
创建主机和磁盘快照。
将快照还原到原始位置或新位置。
删除快照。
{
"properties": {
"roleName": "snapshot-manager-role",
"description": "Necessary permissions for Azure plug-in operations in CloudPoint",
"assignableScopes": [
"/subscriptions/<SusbcriptionName>"
],
"permissions": [
{
"actions": [
"Microsoft.Storage/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Sql/*/read",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/delete",
"Microsoft.Compute/disks/beginGetAccess/action",
"Microsoft.Compute/disks/endGetAccess/action",
"Microsoft.Compute/snapshots/delete",
"Microsoft.Compute/snapshots/write",
"Microsoft.Compute/snapshots/beginGetAccess/action",
"Microsoft.Compute/snapshots/endGetAccess/action",
"Microsoft.Compute/virtualMachines/write",
"Microsoft.Compute/virtualMachines/delete",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/vmSizes/read",
"Microsoft.Compute/virtualMachines/powerOff/action",
"Microsoft.Network/*/read",
"Microsoft.Network/networkInterfaces/delete",
"Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/write",
"Microsoft.Network/publicIPAddresses/delete",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/write",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Resources/*/read",
"Microsoft.Resources/subscriptions/tagNames/tagValues/write",
"Microsoft.Resources/subscriptions/tagNames/write",
"Microsoft.Subscription/*/read",
"Microsoft.Authorization/locks/*",
"Microsoft.Authorization/*/read",
"Microsoft.ContainerService/managedClusters/agentPools/read",
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.Compute/virtualMachineScaleSets/write",
"Microsoft.Compute/virtualMachineScaleSets/delete/action",
"Microsoft.Compute/restorePointCollections/read",
"Microsoft.Compute/restorePointCollections/write",
"Microsoft.Compute/restorePointCollections/delete",
"Microsoft.Compute/restorePointCollections/restorePoints/read",
"Microsoft.Compute/restorePointCollections/restorePoints/write",
"Microsoft.Compute/restorePointCollections/restorePoints/delete",
"Microsoft.Compute/restorePointCollections/restorePoints/retrieveSasUris/action",
"Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/read",
"Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/beginGetAccess/action",
"Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/endGetAccess/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}对于受支持的 PaaS 数据库,要使用托管标识执行发现、创建、删除、数据库身份验证和时间点还原操作(仅适用于 Azure SQL 和 Managed Instance 数据库),需要以下一组权限:
actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Subscription/*/read",
"Microsoft.Resources/*/read",
"Microsoft.ManagedIdentity/*/read",
"Microsoft.Sql/*/read",
"Microsoft.Sql/servers/databases/write",
"Microsoft.Sql/servers/databases/delete",
"Microsoft.Sql/managedInstances/databases/write",
"Microsoft.Sql/managedInstances/databases/delete",
"Microsoft.DBforMySQL/servers/read",
"Microsoft.DBforMySQL/servers/databases/read",
"Microsoft.DBforMySQL/flexibleServers/read",
"Microsoft.DBforMySQL/flexibleServers/databases/read",
"Microsoft.DBforMySQL/servers/databases/write",
"Microsoft.DBforMySQL/flexibleServers/databases/write",
"Microsoft.DBforMySQL/servers/databases/delete",
"Microsoft.DBforMySQL/flexibleServers/databases/delete",
"Microsoft.DBforPostgreSQL/servers/databases/delete",
"Microsoft.DBforPostgreSQL/flexibleServers/databases/delete",
"Microsoft.DBforPostgreSQL/servers/databases/write",
"Microsoft.DBforPostgreSQL/flexibleServers/databases/write",
"Microsoft.DBforPostgreSQL/servers/read",
"Microsoft.DBforPostgreSQL/servers/databases/read",
"Microsoft.DBforPostgreSQL/flexibleServers/read",
"Microsoft.DBforPostgreSQL/flexibleServers/databases/read"
],如果 NetBackup Snapshot Manager 扩展安装在 Azure 中的托管 Kubernetes 群集上,则还可以在配置插件之前添加以下权限:
"Microsoft.ContainerService/managedClusters/agentPools/read", "Microsoft.ContainerService/managedClusters/read", "Microsoft.Compute/virtualMachineScaleSets/write", "Microsoft.Compute/virtualMachineScaleSets/delete/action"
PaaS 工作负载所需的其他权限:
"Microsoft.DBforMySQL/servers/read", "Microsoft.DBforMySQL/servers/databases/read", "Microsoft.DBforMySQL/flexibleServers/read", "Microsoft.DBforMySQL/flexibleServers/databases/read", "Microsoft.DBforPostgreSQL/servers/read", "Microsoft.DBforPostgreSQL/servers/databases/read", "Microsoft.DBforPostgreSQL/flexibleServers/read", "Microsoft.DBforPostgreSQL/flexibleServers/databases/read", "Microsoft.Sql/*/write", "Microsoft.Sql/*/delete"
如果对 PaaS Azure SQL 和 Managed Instance 使用系统托管标识,请将同一组权限/规则应用于介质服务器和 Snapshot Manager。如果使用用户托管标识,请将同一用户托管标识挂接到介质服务器和 Snapshot Manager。
要使用 powershell 创建自定义角色,请执行 Azure 文档中提及的步骤。
例如:
New-AzureRmRoleDefinition -InputFile "C:\CustomRoles\ReaderSupportRole.json"
要使用 Azure CLI 创建自定义角色,请执行 Azure 文档中提及的步骤。
例如:
az role definition create --role-definition "~/CustomRoles/ ReaderSupportRole.json"
注意:
在创建角色之前,必须先将之前提供的角色定义(JSON 格式的文本)复制到 .json 文件,然后将该文件用作输入文件。在前面显示的示例命令中,ReaderSupportRole.json 将用作包含角色定义文本的输入文件。
要使用此角色,请执行以下操作:
将此角色分配给在 Azure 环境中运行的应用程序。
在 NetBackup Snapshot Manager 中,使用应用程序的凭据配置 Azure 脱离主机插件。