NetBackup™ Web UI Cloud Administrator's Guide

Last Published:
Product(s): NetBackup (9.1)
  1. Introducing the NetBackup web user interface
    1.  
      About the NetBackup web UI
    2.  
      Terminology
    3.  
      Sign in to the NetBackup web UI
    4.  
      Sign out of the NetBackup web UI
  2. Monitoring NetBackup
    1.  
      The NetBackup dashboard
    2.  
      Monitoring jobs
    3.  
      Filter jobs in the job list
  3. Managing and protecting cloud assets
    1.  
      About protecting cloud assets
    2.  
      Limitations and considerations
    3. Configure CloudPoint servers in NetBackup
      1.  
        Configure a third-party CA certificate
      2.  
        Add a CloudPoint server
      3. Add a cloud provider for a CloudPoint server
        1.  
          IAM Role for AWS Configuration
      4.  
        Associate media servers with a CloudPoint server
      5.  
        Discover assets on CloudPoint server
      6.  
        Edit a CloudPoint server
      7.  
        Enable or disable a CloudPoint server
      8.  
        (Optional) Add the CloudPoint extension
    4. Managing intelligent cloud groups
      1.  
        Create an intelligent cloud group
      2.  
        Delete an intelligent cloud group
    5. Protecting cloud assets or intelligent cloud groups
      1.  
        Customize or edit protection for cloud assets or intelligent groups
      2.  
        Remove protection from cloud assets or intelligent groups
    6.  
      AWS and Azure government cloud support
    7. About protecting Microsoft Azure resources using resource groups
      1.  
        Before you begin
      2.  
        Limitations and considerations
      3. About resource group configurations and outcome
        1.  
          Examples of resource group configurations
      4.  
        Troubleshoot resource group permissions
    8.  
      Configuring backup schedule for cloud workloads
    9.  
      Backup options for cloud workloads
    10.  
      Configure snapshot replication
    11.  
      Protect applications in-cloud with application consistent snapshots
  4. Recovering cloud assets
    1.  
      Recovering cloud assets
    2.  
      Perform rollback recovery of cloud assets
  5. Performing granular restore
    1.  
      About granular restore
    2.  
      Supported environment list
    3.  
      List of supported file systems
    4.  
      Before you begin
    5.  
      Limitations and considerations
    6.  
      Restoring files and folders from cloud virtual machines
    7.  
      Restoring volumes on cloud virtual machines
    8.  
      Troubleshooting
  6. Troubleshooting protection and recovery of cloud assets
    1.  
      Troubleshoot cloud workload protection issues

Configure a third-party CA certificate

You can use a self-signed or a third-party certificate to validate your CloudPoint server.

Consider the following points:

  • For Windows, you can give a certificate as a file path or install the third party certificate in the Trusted Root Certificates authorities.

  • To switch from a self-signed certificate to a third-party certificate for an already added CloudPoint server, you can update the tpconfig command or edit the CloudPoint server API or from NetBackup WebUI.

To configure a third-party CA certificate

  1. Generate the third party certificate and private key for your CloudPoint server.
  2. Run the /cloudpoint/scripts/cp_certificate_management.sh script to upload the certificate, key and trust store to the CloudPoint server.
  3. In NetBackup, create a certificate file and append the certificate of root and all intermediate CAs in the pem file.
  4. In the bp.conf file, at /cloudpoint/openv/netbackup/, create the following entries:

    • ECA_TRUST_STORE_PATH = /cloudpoint/eca/trusted/cacerts.pem

    • (Optional) VIRTUALIZATION_CRL_CHECK = CHAIN

    • (Optional) ECA_CRL_PATH =/cloudpoint/eca/crl/

      Note:

      The CA certificates and CRLs should be present under /cloudpoint/eca/trusted/cacerts.pem for trust-store, and /cloudpoint/eca/crl for CRL.

      • The ECA_CRL_PATH option specifies the path to the directory where the Certificate Revocation Lists (CRL) of the external certificate authority (CA) are located. All files in ECA_CRL_PATH must be in DER, PEM, and P7B formats.

      • VIRTUALIZATION_CRL_CHECK option is only required if you want to check the revocation status of the certificate. By default, the VIRTUALIZATION_CRL_CHECK option is disabled.

      • You can disable, LEAF, or CHAIN the value of the VIRTUALIZATION_CRL_CHECK option. For LEAF, revocation status of the leaf certificate is validated against the CRL. For CHAIN, revocation status of all certificates from the certificate chain are validated against the CRL.

    Note:

    Following should be the order in which the certificates are uploaded: Leaf > Intermediate > Root. If the certificates are not uploaded in the correct order, CloudPoint might not work.

  5. Add the CloudPoint server to NetBackup or run the tpconfig command to update the certificate for a CloudPoint server already added to NetBackup.