NetBackup™ Web UI Cloud Object Store Administrator's Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.3.0.1, 10.3)
  1. Introduction
    1.  
      Overview of NetBackup protection for Cloud object store
    2.  
      Features of NetBackup Cloud object store workload support
  2. Managing Cloud object store assets
    1.  
      Prerequisites for adding Cloud object store accounts
    2.  
      Permissions required for Amazon S3 cloud provider user
    3.  
      Permissions required for Azure
    4.  
      Limitations and considerations
    5. Adding Cloud object store accounts
      1.  
        Creating cross-account access in AWS
      2.  
        Check certificate for revocation
      3.  
        Managing Certification Authorities (CA) for NetBackup Cloud
      4.  
        Adding a new region
    6.  
      Manage Cloud object store accounts
  3. Protecting Cloud object store assets
    1. About accelerator support
      1.  
        How NetBackup accelerator works with Cloud object store
      2.  
        Accelerator notes and requirements
      3.  
        Accelerator force rescan for Cloud object store (schedule attribute)
      4.  
        Accelerator backup and NetBackup catalog
    2.  
      About incremental backup
    3.  
      About policies for Cloud object store assets
    4.  
      Planning for policies
    5.  
      Prerequisites for Cloud object store policies
    6.  
      Creating a backup policy
    7.  
      Setting up attributes
    8.  
      Creating schedule attributes for policies
    9.  
      Configuring the Start window
    10.  
      Configuring exclude dates
    11.  
      Configuring include dates
    12.  
      Configuring the Cloud objects tab
    13.  
      Adding conditions
    14.  
      Adding tag conditions
    15.  
      Example of conditions and tag conditions
    16. Managing Cloud object store policies
      1.  
        Copy a policy
      2.  
        Deactivating or deleting a policy
      3.  
        Manually backup assets
  4. Recovering Cloud object store assets
    1.  
      Prerequisites for recovering Cloud object store objects
    2.  
      Configuring Cloud object retention properties
    3.  
      Recovering Cloud object store assets
  5. Troubleshooting
    1.  
      Recovery for Cloud object store using web UI for original bucket recovery option starts but job fails with error 3601
    2.  
      Recovery Job does not start
    3.  
      Restore fails: "Error bpbrm (PID=3899) client restore EXIT STATUS 40: network connection broken"
    4.  
      Access tier property not restored after overwrite existing to original location
    5.  
      Reduced accelerator optimization in Azure for OR query with multiple tags
    6.  
      Backup is failed and shows a certificate error with Amazon S3 bucket names containing dots (.)
    7.  
      Azure backup job fails when space is provided in a tag query for either tag key name or value.
    8.  
      The Cloud object store account has encountered an error
    9.  
      Bucket list empty when selecting it in policy selection
    10.  
      Creating second account on Cloudian fails by selecting existing region
    11.  
      Restore failed with 2825 incomplete restore operation
    12.  
      Bucket listing of cloud provider fails when adding bucket in Cloud objects tab
    13.  
      AIR import image restore fails on the target domain if the Cloud store account is not added in the target domain.
    14.  
      Backup for Azure Data Lake fails when a back-level media server is used with backup host or storage server version 10.3
    15.  
      Backup fails partially in Azure Data Lake: "Error nbpem (pid=16018) backup of client
    16.  
      Recovery for Azure Data Lake fails: "This operation is not permitted as the path is too deep"
    17.  
      Empty directories are not backed up in Azure Data Lake
    18.  
      Recovery error: "Invalid alternate directory location. You must specify a string with length less than 1025 valid characters"
    19.  
      Recovery error: "Invalid parameter specified"
    20.  
      Restore fails: "Cannot perform the COSP operation, skipping the object: [/testdata/FxtZMidEdTK]"
    21.  
      Cloud store account creation fails with incorrect credentials
    22.  
      Discovery failures due to improper permissions
    23.  
      Restore failures due to object lock

Features of NetBackup Cloud object store workload support

Table: Salient features

Feature

Description

Integration with NetBackup role-based access control (RBAC)

The NetBackup web UI provides the Default cloud object store Administrator RBAC role to control which NetBackup users can manage Cloud object store operations in NetBackup. The user does not need to be a NetBackup administrator to manage Cloud object store operations.

Management of Cloud object store accounts

You can configure a single NetBackup primary server for multiple Cloud object store accounts, across different cloud vendors as required.

Authentication and credentials

Wide emphasis for security. For protecting a single Azure Blob Storage account, Storage account, and Access Key must be specified. To protect Azure blob storage account, the supported authentication mechanisms are Access key, Service Principal, and Managed Identity. For all S3 API-compliant cloud vendors, Access key and Secret Key are supported. For Amazon S3, in addition to Access Key, IAM role, and Assume role (For cross-AWS account) mechanism of authentication are also supported.

Backup policy

A single backup policy can protect multiple S3 buckets or Azure blob containers from one Cloud object store account.

Intelligent selection of cloud objects

Within a single policy, NetBackup provides flexibility to configure different queries for different buckets or containers. Some buckets or containers can be configured to backup all objects in them. You can also configure some buckets and containers with intelligent queries to identify objects based on:

  • Object name prefix

  • Entire object name

  • Object tags

  • Files and directories in Azure Data Lake

Scalable solution

In addition to full backup, NetBackup also supports different types of incremental schedules for faster backups. Accelerator feature is also supported for Cloud object store policy.

Enable checkpoint restart in the policy to be able to restart a failed or suspended job, right from the point that it stopped. We do not need to repeat the entire data transfer from the start of the job.

Granular restore

NetBackup supports an easy way to restore all objects in a bucket/container, as well as provides prefix, folder and object-based views to restore only a selected subset of the objects.

You can narrow down a selection of backup images for restore in NetBackup by providing a date and time range.

Restore options

NetBackup supports adding an arbitrary prefix to all objects when restoring. Thereby, restores the objects with a different name when you do not want the restored objects to interfere with the original objects. For Azure Data Lake files and directories, however, does not require a prefix. Instead, the files and directories are restored to a specified alternate location.

By default, NetBackup skips overwriting objects that already exist in the cloud object store to conserve on bandwidth and cloud costs. You can change this default behavior using the Overwrite option, so that restored copies can overwrite the cloud object store copies.

Alternate location restores

Objects selected for restore can be restored:

  • To the same bucket or container

  • To a different bucket or container in the same account

  • To an altogether different cloud account of the same cloud vendor.

Scale-out support

NetBackup Cloud object store protection supports configuring NetBackup Snapshot Manager (NBSM) as a backup host in addition to a media server as backup host.

With the scale-out server option, you can manage large number of buckets in their Cloud object store. You do not need to configure multiple backup hosts, and creating multiple policies to distribute the load across these backup hosts. NetBackup Snapshot Manager can scale out as many data mover containers as needed at run time, and then scale them down when the data protection jobs are completed.

Object lock

This feature lets you retain the original object lock properties and also provides an option to customize the object lock properties. When you apply object lock properties on restored objects, the restored objects cannot be deleted until the retention period is over, or the legal holds are removed. No configuration is needed during policy creation and backup to use the object lock and retention properties backup.