NetBackup™ Web UI Cloud Administrator's Guide

Last Published:
Product(s): NetBackup (10.5)
  1. Managing and protecting cloud assets
    1.  
      About protecting cloud assets
    2.  
      Limitations and considerations
    3.  
      AWS and Azure government cloud support
    4. Configure Snapshot Manager in NetBackup
      1.  
        Add a Snapshot Manager
      2. Add a cloud provider for a Snapshot Manager
        1.  
          Adding a new region
        2.  
          IAM Role for AWS Configuration
        3.  
          IAM policy for OCI configuration
      3.  
        Associate media servers with a Snapshot Manager
      4.  
        Discover assets on Snapshot Manager
      5.  
        Enable or disable a Snapshot Manager
      6.  
        (Optional) Add the Snapshot Manager extension
    5. Managing intelligent groups for cloud assets
      1.  
        Considerations for cloud intelligent groups
      2.  
        Create an intelligent group for cloud assets
      3.  
        Delete an intelligent group for cloud assets
    6. Protecting cloud assets or intelligent groups for cloud assets
      1.  
        Customize or edit protection for cloud assets or intelligent groups
      2.  
        Remove protection from cloud assets or intelligent groups
    7. Managing policies for cloud assets
      1.  
        Limitations and considerations
      2. Add an SLP and cloud policy
        1.  
          Setting up attributes for IaaS cloud type
        2.  
          Setting up attributes for PaaS cloud type
        3. Creating schedule attributes for PaaS policy type
          1.  
            Configuring the Start window
          2.  
            Configuring the exclude dates
          3.  
            Configuring the include dates
        4.  
          Configuring the cloud assets for IaaS
        5.  
          Configuring the cloud assets for PaaS
        6.  
          Backup options for IaaS
      3.  
        Operations on cloud policy
      4.  
        PaaS and IaaS policy SLP configurations
    8. Scan for malware
      1.  
        Scanning backup images
      2.  
        Assets by workload type
    9. Protecting Microsoft Azure resources using resource groups
      1.  
        Before you begin
      2.  
        Limitations and considerations
      3. About resource group configurations and outcome
        1.  
          Examples of resource group configurations
      4.  
        Troubleshoot resource group permissions
    10. NetBackup Accelerator for cloud workloads
      1.  
        How the NetBackup Accelerator works with virtual machines
      2.  
        Accelerator forced rescan for virtual machines (schedule attribute)
      3.  
        Accelerator backups and the NetBackup catalog
      4.  
        Accelerator messages in the backup job details log
    11.  
      Configuring backup schedules for cloud workloads using protection plan
    12.  
      Backup options for cloud workloads
    13. AWS Snapshot replication
      1.  
        Configure AWS snapshot replication
      2.  
        Using AWS snapshot replication
      3.  
        Support matrix for account replication
    14.  
      Protect applications in-cloud with application-consistent snapshots
    15. Protecting PaaS assets
      1.  
        Prerequisites for protecting PaaS assets
      2. Installing the native client utilities
        1.  
          Installing the MySQL client utility
        2.  
          Installing the sqlpackage client utility
        3.  
          Installing PostgreSQL client utility
        4.  
          Installing MongoDB client utility
        5.  
          Installing the Amazon RDS for Oracle client utility
      3.  
        Configuring the storage server for instant access
      4.  
        Prerequisites for protecting Amazon RDS SQL Server database assets
      5. Configuring storage for different deployments
        1.  
          For MSDP cloud deployments
        2.  
          For Kubernetes deployments
        3.  
          For VM-based BYO deployments
      6.  
        About incremental backup for PaaS workloads
      7.  
        Configuring incremental backups for Azure MySQL server
      8.  
        About archive redo log backup for PaaS workloads
      9.  
        About Auto Image Replication for PaaS workloads
      10.  
        Limitations and considerations
      11.  
        Discovering PaaS assets
      12.  
        Viewing PaaS assets
      13.  
        Managing PaaS credentials
      14.  
        View the credential name that is applied to a database
      15. Add credentials to a database
        1.  
          Creating an IAM database username
        2.  
          Configuring permissions for the database user
        3.  
          Creating a system or user-managed identity username
      16.  
        Add protection to PaaS assets
      17.  
        Perform backup now
    16.  
      Protecting AWS or Azure VMs for recovering to VMware
    17.  
      Cloud asset cleanup
    18.  
      Cloud asset filtering
  2. Recovering cloud assets
    1. Recovering cloud assets
      1.  
        About the pre-recovery check for VMs
      2.  
        Supported parameters for restoring cloud assets
      3.  
        Restoring to a different cloud provider
      4.  
        Recovering virtual machines
      5.  
        Recovering applications and volumes to their original location
      6.  
        Recovering applications and volumes to an alternate location
      7.  
        Additional steps required after restoring an AWS RDS database instance
      8.  
        Recovery scenarios for GCP VMs with read-only volumes
      9.  
        (GCP only) Restoring virtual machines and volumes using the autoDelete disk support
    2.  
      Perform rollback recovery of cloud assets
    3. Restore to a different cloud provider
      1.  
        Prepare the VMs for back up
      2.  
        Post-restore configurations
    4. Recovering AWS or Azure VMs to VMware
      1.  
        Post-recovery considerations for cloud VMs recovered to VMware
      2. Steps to recover images from cloud VMs to VMware
        1.  
          Recovering images from AWS to VMware
        2.  
          Recovering images from Azure to VMware
    5. Recovering PaaS assets
      1.  
        Recovering non-RDS PaaS assets
      2.  
        Recovering Redshift clusters
      3.  
        Recovering RDS-based PaaS asset
      4.  
        Recovering Azure-protected assets
      5.  
        Recovering duplicate images from AdvancedDisk
  3. Performing granular restore
    1.  
      About granular restore
    2.  
      Supported environment list
    3.  
      List of supported file systems
    4.  
      Before you begin
    5.  
      Limitations and considerations
    6.  
      Restoring files and folders from cloud virtual machines
    7.  
      Restoring volumes on cloud virtual machines
    8.  
      Performing steps after volume restore containing LVM
    9.  
      Troubleshooting
  4. Troubleshooting protection and recovery of cloud assets
    1.  
      Troubleshoot cloud workload protection issues
    2.  
      Error Code 9855: Error occurred while exporting snapshot for the asset: <asset_name>
    3.  
      Backup from snapshot jobs take longer time than expected
    4.  
      Backup from snapshot job fails due to connectivity issues when Snapshot Manager is deployed on an Ubuntu host
    5.  
      Error disambiguation in NetBackup UI
    6.  
      Status Code 150: Termination requested by administrator
    7. Troubleshoot PaaS workload protection and recovery issues
      1.  
        Troubleshooting Amazon Redshift issues

Installing the Amazon RDS for Oracle client utility

Amazon RDS for Oracle client utility recommended version is 21.11.0.0.0-1.el8.

Download locations

instantclient-basic

https://download.oracle.com/otn_software/linux/instantclient/2111000/oracle-instantclient-basic-21.11.0.0.0-1.el8.x86_64.rpm

instantclient-odbc

https://download.oracle.com/otn_software/linux/instantclient/2111000/oracle-instantclient-odbc-21.11.0.0.0-1.el8.x86_64.rpm

To install, run the following commands in the terminal:

  1. c. yum install unixODBC
  2. rpm -ivh oracle-instantclient-basic-21.10.0.0.0-1.el8.x86_64.rpm
  3. d. rpm -ivh oracle-instantclient-odbc-21.10.0.0.0-1.el8.x86_64.rpm
Installing the EFS utility and configuring permissions

To install the EFS utility

  1. Visit this page in AWS documentation:

    https://docs.aws.amazon.com/efs/latest/ug/installing-amazon-efs-utils.html

  2. Refer to the section: To build and install amazon-efs-utils as an RPM package for Amazon Linux, Amazon Linux 2, and Linux distributions other than OpenSUSE or SLES.
  3. Install stunnel version 5.
  4. Modify region from /etc/amazon/efs/efs-utils.conf to your RDS instance region.
Configuring EFS and the restore mount path on AWS

You need to configure the Amazon Elastic File System (EFS) before you can perform any backup.

Configuring AWS permissions for NetBackup

NetBackup required permissions in AWS to perform backup and restore. To configure the permissions, create an AWS IAM role and assign the permissions required by NetBackup to the role. For more information on how to create an IAM role, see this link in AWS documentation:

https://docs.aws.amazon.com/iam/index.html

Required permissions: 

efsdescribemounttarget:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "elasticfilesystem:DescribeMountTargets",
                "elasticfilesystem:DescribeFileSystems",
            ],
            "Resource": [
                "arn:aws:elasticfilesystem:*:*:access-point/*",
                "arn:aws:elasticfilesystem:*:*:file-system/*"
            ]
        }
    ]
}

rdsdescribeoptiongroup
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "rds:CreateOptionGroup",
                "rds:ModifyDBInstance",
                "rds:ModifyOptionGroup",
                "s3:*"
            ],
            "Resource": "*"
        }
    ]
}

AmazonRDSReadOnlyAccess:(AWS Managed)
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "rds:Describe*",
                "rds:ListTagsForResource",
                "ec2:DescribeAccountAttributes",
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeInternetGateways",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpcAttribute",
                "ec2:DescribeVpcs"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:ListMetrics",
                "cloudwatch:GetMetricData",
                "logs:DescribeLogStreams",
                "logs:GetLogEvents",
                "devops-guru:GetResourceCollection"
            ],
            "Resource": "*"
        },
        {
            "Action": [
                "devops-guru:SearchInsights",
                "devops-guru:ListAnomaliesForInsight"
            ],
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "ForAllValues:StringEquals": {
                    "devops-guru:ServiceNames": [
                        "RDS"
                    ]
                },
                "Null": {
                    "devops-guru:ServiceNames": "false"
                }
            }
        }
    ]
}

The following permissions are required for Redshift snapshot and trust relationships:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "redshift:ListDatabases",
                "redshift:DescribeClusters",
                "redshift:CreateTags",
                "redshift:CreateClusterSnapshot",
                "redshift:DescribeClusterSnapshots",
                "redshift:DeleteClusterSnapshot",
                "redshift:DescribeClusterSubnetGroups",
                "redshift:RestoreFromClusterSnapshot",
                "ec2:DescribeInternetGateways",
                "ec2:DescribeAddresses",
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeVpcs",
                "ec2:DescribeAccountAttributes",
                "ec2:DescribeSubnets",
                "ec2:DescribeSecurityGroups",
                "iam:GetRole"
            ],
            "Resource": "*"
        }
    ]
}

Minimum trust relationship entities:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "redshift.amazonaws.com",
                    "ec2.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}