Veritas NetBackup™ Administrator's Guide, Volume I
- Section I. About NetBackup
- Section II. Configuring hosts- Configuring Host Properties- About the NetBackup Host Properties
- Access Control properties
- Active Directory host properties
- Bandwidth properties
- Busy File Settings properties
- Clean-up properties
- Client Name properties
- Client Attributes properties
- Client Settings properties for UNIX clients
- Client Settings properties for Windows clients
- Cloud Storage properties
- Credential Access properties
- Data Classification properties
- Default Job Priorities properties
- Distributed application restore mapping properties
- Encryption properties
- Enterprise Vault properties
- Enterprise Vault Hosts properties
- Exchange properties
- Exclude Lists properties
- Fibre Transport properties
- Firewall properties
- General Server properties
- Global Attributes properties- About constraints on the number of concurrent jobs
- Setting up email notifications about backups
- Configuring the nbmail.cmd script on Windows
- Sending messages to the global administrator about unsuccessful backups only
- Sending messages to the administrator about successful and unsuccessful backups
- Installing and testing the email utility on Windows
 
- Logging properties
- Login Banner Configuration properties
- Lotus Notes properties
- Media properties
- NDMP Global Credentials properties
- Network properties
- Network Settings properties
- Port Ranges properties
- Preferred Network properties- Add or Change Preferred Network Settings dialog box
- How NetBackup uses the directives to determine which network to use
- Configurations to use IPv6 networks
- Configurations to use IPv4 networks
- Order of directive processing in the Preferred Network properties
- bptestnetconn utility to display Preferred Network information
- Configuration to prohibit using a specified address
- Configuration to prefer a specified address
- Configuration that restricts NetBackup to one set of addresses
- Configuration that limits the addresses, but allows any interfaces
 
- Resilient Network properties
- Resource Limit properties
- Restore Failover properties
- Retention Periods properties
- Scalable Storage properties
- Servers properties
- SharePoint properties
- SLP Parameters properties
- Throttle Bandwidth properties
- Timeouts properties
- Universal Settings properties
- User Account Settings properties
- UNIX Client properties
- UNIX Server properties
- VMware Access Hosts properties
- Windows Client properties
- Configuration options not found in the Host Properties
- About using commands to change the configuration options on UNIX clients and servers
- Configuration options for NetBackup servers- About robust logging
- ALLOW_MEDIA_OVERWRITE option for NetBackup servers
- AUTHENTICATION_DOMAIN option for NetBackup servers and clients
- AUTHORIZATION_SERVICE option for NetBackup servers
- AUTO_ADD_ALL_ALIASES_FOR_CLIENT option for NetBackup servers
- BPBRM_VERBOSE option for NetBackup servers
- BPCD_WHITELIST_PATH option for NetBackup servers and clients
- BPDBJOBS_COLDEFS options for UNIX master servers
- BPDBM_VERBOSE option for NetBackup servers
- BPRD_VERBOSE option for NetBackup servers
- BPTM_VERBOSE option for NetBackup servers
- BPEND_TIMEOUT option for NetBackup servers
- BPSTART_TIMEOUT option for NetBackup servers
- CHECK_RESTORE_CLIENT option for NetBackup servers
- CLIENT_CONNECT_TIMEOUT option for NetBackup servers
- CLIENT_PORT_WINDOW option for NetBackup servers and clients
- CLIENT_READ_TIMEOUT option for NetBackup servers
- CLIENT_RESERVED_PORT_WINDOW option for NetBackup servers and clients
- CONNECT_OPTIONS option for NetBackup servers and clients
- DEFAULT_CONNECT_OPTIONS option for NetBackup servers and clients
- DISABLE_CERT_AUTO_RENEW option for NetBackup servers and clients
- DISABLE_JOB_LOGGING option for NetBackup servers
- DISABLE_STANDALONE_DRIVE_EXTENSIONS option for NetBackup servers
- DISALLOW_BACKUPS_SPANNING_MEDIA option for NetBackup servers
- DISALLOW_CLIENT_LIST_RESTORE option for NetBackup servers
- DISALLOW_CLIENT_RESTORE option for NetBackup servers
- DISALLOW_SERVER_FILE_WRITES option for NetBackup servers and clients
- EAT_VERBOSE option for NetBackup servers and clients
- EMMSERVER option for NetBackup servers
- ENABLE_CRITICAL_PROCESS_LOGGING for NetBackup servers and clients
- FAILOVER_RESTORE_MEDIA_SERVERS option for NetBackup servers
- FORCE_RESTORE_MEDIA_SERVER option for NetBackup servers
- GENERATE_ENGLISH_LOGS option for NetBackup servers and clients
- HOSTDB_RESYNC_INTERVAL option for NetBackup servers and clients
- HYPERV_WMI_CREATE_DISK_TIMEOUT option for NetBackup servers
- INCOMPLETE_JOB_CLEAN_INTERVAL option for NetBackup servers and clients
- INITIAL_BROWSE_SEARCH_LIMIT option for NetBackup servers and clients
- IP_ADDRESS_FAMILY option for NetBackup servers
- JOB_PRIORITY option for NetBackup servers and clients
- KEEP_LOGS_SIZE_GB for NetBackup servers and clients
- LIMIT_BANDWIDTH option for NetBackup servers
- MAX_LOGFILE_SIZE option for NetBackup servers and clients for legacy logging
- MAX_NUM_LOGFILES option for NetBackup servers and clients for legacy logging
- MEDIA_UNMOUNT_DELAY option for NetBackup servers
- MEDIA_REQUEST_DELAY option for NetBackup servers
- MEDIA_SERVER option for NetBackup servers
- MPX_RESTORE_DELAY option for NetBackup servers
- MUST_USE_LOCAL_DRIVE option for NetBackup servers
- NBRNTD_IDLE_TIMEOUT option for NetBackup servers
- OPS_CENTER_SERVER_NAME option for NetBackup servers
- PREFERRED_NETWORK option for NetBackup servers
- RANDOM _PORTS option for NetBackup servers and clients
- RE_READ_INTERVAL option for NetBackup servers
- REQUIRED_NETWORK option for NetBackup servers
- RESILIENT_NETWORK option for NetBackup master servers and clients
- RESUME_ORIG_DUP_ON_OPT_DUP_FAIL option for NetBackup servers
- REVERSE_NAME_LOOKUP option for NetBackup servers and clients
- SECURE_PROXY_CIPHER_LIST option for NetBackup servers and clients
- SERVER option for NetBackup servers
- SERVER_CONNECT_TIMEOUT option for NetBackup servers
- SERVER_PORT_WINDOW option for NetBackup servers
- SERVER_RESERVED_PORT_WINDOW option for NetBackup servers and clients
- SKIP_RESTORE_TO_SYMLINK_DIR option for NetBackup servers
- TELEMETRY_UPLOAD option for NetBackup servers
- THROTTLE_BANDWIDTH option for NetBackup servers
- TRUSTED_MASTER option for NetBackup servers
- ULINK_ON_OVERWRITE option for NetBackup servers
- USE_AUTHENTICATION option for NetBackup servers
- USE_VXSS option for NetBackup servers and clients
- VERBOSE option for NetBackup servers and clients
- VXSS_NETWORK option for NetBackup servers
- WEB_SERVER_TUNNEL_ENABLE option for NetBackup servers
 
- Configuration options for NetBackup clients- APP_PROXY_SERVER option for NetBackup clients
- BACKUP_FIFO_FILES option for NetBackup clients
- BPARCHIVE_POLICY option for NetBackup clients
- BPARCHIVE_SCHED option for NetBackup clients
- BPBACKUP_POLICY option for NetBackup clients
- BPBACKUP_SCHED option for NetBackup clients
- BUSY_FILE_ACTION option for NetBackup clients
- BUSY_FILE_DIRECTORY option for NetBackup clients
- BUSY_FILE_NOTIFY_USER option for NetBackup clients
- BUSY_FILE_PROCESSING option for NetBackup clients
- CLIENT_NAME option for NetBackup clients
- COMPRESS_SUFFIX option for NetBackup clients
- CRYPT_CIPHER option for NetBackup clients
- CRYPT_KIND option for NetBackup clients
- CRYPT_OPTION option for NetBackup clients
- CRYPT_STRENGTH option for NetBackup clients
- CRYPT_LIBPATH option for NetBackup clients
- CRYPT_KEYFILE option for NetBackup clients
- DO_NOT_RESET_FILE_ACCESS_TIME option for NetBackup clients
- GET_CERT_ALL_MASTERS option for NetBackup clients
- IGNORE_XATTR option for NetBackup clients
- INFORMIX_HOME option for NetBackup clients
- KEEP_DATABASE_COMM_FILE option for NetBackup clients
- KEEP_LOGS_DAYS option for NetBackup clients
- LIST_FILES_TIMEOUT option for NetBackup clients
- LOCKED_FILE_ACTION option for NetBackup clients
- MEDIA_SERVER option for NetBackup clients
- MEGABYTES_OF_MEMORY option for NetBackup clients
- NFS_ACCESS_TIMEOUT option for NetBackup clients
- OLD_VNETD_CALLBACK option for NetBackup clients
- REPORT_CLIENT_DISCOVERIES option for NetBackup clients
- RESTORE_RETRIES option for NetBackup clients
- RMAN_OUTPUT_DIR for NetBackup clients
- SERVER option for NetBackup clients
- SYBASE_HOME option for NetBackup clients
- USE_CTIME_FOR_INCREMENTALS option for NetBackup clients
- USE_FILE_CHG_LOG option for NetBackup clients
- USEMAIL option for NetBackup clients
- VXSS_NETWORK option for NetBackup clients
- WEB_SERVER_TUNNEL option for NetBackup clients
- WEB_SERVER_TUNNEL_USE option for NetBackup clients
 
 
- Configuring server groups
- Configuring host credentials
- Managing media servers
 
- Configuring Host Properties
- Section III. Configuring storage- Configuring disk storage
- Configuring robots and tape drives- NetBackup robot types
- About the device mapping files
- Downloading the device mapping files
- About configuring robots and tape drives in NetBackup
- Configuring robots and tape drives by using the wizard
- Updating the device configuration by using the wizard
- Adding a robot to NetBackup manually
- Managing robots
- Adding a tape drive to NetBackup manually
- Configuring drive name rules
- Adding a tape drive path
- Adding a shared tape drive to a NetBackup environment
- Correlating tape drives and SCSI addresses on Windows hosts
- Correlating tape drives and device files on UNIX hosts
- Managing tape drives- Changing a drive comment
- About downed drives
- Changing a drive operating mode
- Changing a tape drive path
- Changing a drive path operating mode
- Changing tape drive properties
- Changing a tape drive to a shared drive
- Cleaning a tape drive from the Device Monitor
- Deleting a drive
- Resetting a drive
- Resetting the mount time of a drive
- Setting the drive cleaning frequency
- Viewing drive details
 
- Performing device diagnostics
- Verifying the device configuration
- About automatic path correction
- Enabling automatic path correction
- Replacing a device
- Updating device firmware
- About the NetBackup Device Manager
- About external access to NetBackup controlled devices on UNIX
- Stopping and restarting the device manager
 
- Configuring tape media- About NetBackup tape volumes
- About NetBackup volume pools
- About NetBackup volume groups
- NetBackup media types
- About WORM media
- About adding volumes
- About configuring media name and attribute rules
- Adding volumes by using the wizard
- About media settings rules
- Configuring media settings- Media settings options- Media which have been removed from the robot... (existing media setting)
- Media which have been moved into or within the robot... (existing media setting)
- Use the following Media ID prefix (new media setting)
- Use barcode rules (new media setting)
- Media type (new media setting)
- Volume pool (new media setting)
 
 
- Media settings options
- About barcodes
- Configuring barcode rules
- About media ID generation rules
- Configuring media ID generation rules
- About media type mapping rules
- Adding volumes by using the Actions menu
- Configuring media type mappings
- Managing volumes- Changing the group of a volume
- About rules for moving volumes between groups
- Changing the owner of a volume
- Changing volume properties
- About assigning and deassigning volumes
- Deleting a volume
- Erasing a volume
- About exchanging a volume
- About frozen media
- About injecting and ejecting volumes
- About rescanning and updating barcodes
- About labeling NetBackup volumes
- About moving volumes
- About recycling a volume
- Suspending or unsuspending volumes
 
- Managing volume pools
- Managing volume groups
- About media sharing
- Configuring unrestricted media sharing
- Configuring media sharing with a server group
 
- Inventorying robots- About robot inventory
- When to inventory a robot
- About showing a robot's contents
- Showing the media in a robot
- About comparing a robot's contents with the volume configuration
- Comparing media in a robot with the volume configuration
- About previewing volume configuration changes
- Previewing volume configuration changes for a robot
- About updating the NetBackup volume configuration
- Updating the NetBackup volume configuration with a robot's contents
- Robot inventory options
- About the vmphyinv physical inventory utility
- Example volume configuration updates
 
- Configuring storage units- About the Storage utility
- Creating a storage unit
- About storage unit settings- Absolute pathname to directory or absolute pathname to volume setting for storage units
- Density storage unit setting
- Disk type storage unit setting
- Enable block sharing storage unit setting
- Enable multiplexing storage unit setting
- High water mark storage unit setting
- Low water mark storage unit setting
- Maximum concurrent write drives storage unit setting
- Maximum concurrent jobs storage unit setting
- Maximum streams per drive storage unit setting
- Media server storage unit setting
- NDMP host storage unit setting
- On demand only storage unit setting
- Only use the following media servers storage unit setting
- Properties option in the Change Storage Units dialog box
- Reduce fragment size storage unit setting
- Robot number storage unit setting
- Robot type storage unit setting
- Select disk pool storage unit setting
- Staging schedule option in Change Storage Units dialog
- Storage device setting for storage units
- Storage unit name setting
- Storage unit type setting
- Enable temporary staging area storage unit setting
- Use any available media server storage unit setting
 
 
- Staging backups- About staging backups
- About basic disk staging
- Creating a basic disk staging storage unit
- Configuring multiple copies in a relocation schedule
- Disk staging storage unit size and capacity
- Finding potential free space on a BasicDisk disk staging storage unit
- Disk Staging Schedule dialog box
- Initiating a relocation schedule manually
 
- Configuring storage unit groups
 
- Section IV. Configuring storage lifecycle policies (SLPs)- Configuring storage lifecycle policies
- Storage operations- Operation types in a storage lifecycle policy
- Backup operation in an SLP
- Backup From Snapshot operation in an SLP
- Duplication operation in an SLP
- Import operation in an SLP
- Index From Snapshot operation in an SLP
- Replication operation in an SLP
- Snapshot operation in an SLP- About configuring storage lifecycle policies for snapshots and snapshot replication
- Primary snapshot storage unit
- Primary + Replication source snapshot storage unit
- Replication source + Replication target snapshot storage unit
- Replication target snapshot storage unit
- Replication source + Replication target + Mirror snapshot storage unit
- Replication target + Mirror snapshot storage unit
 
- Creating a hierarchy of storage operations in a storage lifecycle policy
 
- Retention types for SLP operations- Retention types for storage lifecycle policy operations
- Capacity managed retention type for SLP operations
- Expire after copy retention type for SLP operations
- Fixed retention type for SLP operations
- Maximum snapshot limit retention type for SLP operations
- Mirror retention type for SLP operations
- Target retention type for SLP operations
 
- Storage lifecycle policy options
- Using a storage lifecycle policy to create multiple copies
- Storage lifecycle policy versions
 
- Section V. Configuring backups- Creating backup policies- About the Policies utility
- Planning for policies
- Creating a backup policy
- Adding or changing schedules in a policy
- Changing multiple policies at one time
- Copying or moving policy items to another policy
- Copying a policy to create a new policy
- Copying a schedule into the same policy or different policy
- Deleting schedules, backup selections, or clients from a policy
- Policy Attributes tab- Policy type (policy attribute)
- Data classifications (policy attribute)
- Policy storage (policy attribute)
- Policy volume pool (policy attribute)
- Take checkpoints every __ minutes (policy attribute)
- Limit jobs per policy (policy attribute)
- Job priority (policy attribute)
- Media Owner (policy attribute)
- Go into effect at (policy attribute)
- Follow NFS (policy attribute)
- Backup Network Drives (policy attribute)
- Cross mount points (policy attribute)
- Compression (policy attribute)
- Encryption (policy attribute)
- Collect disaster recovery information for Bare Metal Restore (policy attribute)
- Collect true image restore information (policy attribute) with and without move detection
- Allow multiple data streams (policy attribute)
- Disable client-side deduplication (policy attribute)
- Enable granular recovery (policy attribute)
- Use Accelerator (policy attribute)- How the NetBackup Accelerator works
- Accelerator and the Windows change journal
- Accelerator notes and requirements
- Accelerator backups and the NetBackup catalog
- Configuring Accelerator
- Accelerator messages in the backup job details log
- NetBackup logs for Accelerator
- Log messages about the Use Change Journal option and Accelerator
- About reporting the amount of Accelerator backup data that was transferred over the network
- Replacing the Accelerator image size with the network-transferred data in NetBackup command output
 
- Enable optimized backup of Windows deduplicated volumes
- Keyword phrase (policy attribute)
- Snapshot Client and Replication Director (policy attributes)
- Perform block level incremental backups (policy attributes)
- Use Replication Director (policy attributes)
- Perform snapshot backups (policy attributes)
- Microsoft Exchange Attributes (policy attributes)
 
- Schedules tab
- Schedule Attributes tab- Name (schedule attribute)
- Type of backup (schedule attribute)
- Synthetic backup (schedule attribute)
- Accelerator forced rescan option (schedule attribute)
- Calendar (schedule attribute)
- Frequency (schedule attribute)
- Instant Recovery (schedule attribute)
- Multiple copies (schedule attribute)
- Override policy storage (schedule attribute)
- Override policy volume pool (schedule attribute)
- Override media owner (schedule attribute)
- Retention (schedule attribute)
- Media multiplexing (schedule attribute)
 
- Start Window tab
- Excluding days from a schedule
- Include Dates tab
- How NetBackup determines which schedule to run next
- About schedule windows that span midnight
- How open schedules affect calendar-based and frequency-based schedules
- About the Clients tab
- Backup Selections tab- Adding backup selections to a policy
- Verifying the Backup Selections list
- How to reduce backup time
- Pathname rules for Windows client backups
- Pathname rules for Windows disk image (raw) backups
- Pathname rules for Windows registry backups
- About hard links to files and directories
- Pathname rules for UNIX client backups
- Pathname rules for the clients that run extension products
- About the directives on the Backup Selections list- ALL_FILESYSTEMS and VOLUME_EXCLUDE_LIST directives
- ALL_LOCAL_DRIVES directive
- System State:\ directive
- Shadow Copy Components:\ directive
- Directives for specific policy types
- NEW_STREAM directive
- About the administrator-defined streaming mode
- About the auto-discovery streaming mode
- About setting the preprocess interval for auto-discovery
- UNSET and UNSET_ALL directives
 
- Files that are excluded from backups by default
- About excluding files from automatic backups
- Files that are excluded by Microsoft Windows Backup
 
- VMware Policy tab
- Hyper-V Policies tab
- Exclude Disks tab
- Disaster Recovery tab
- Creating a Vault policy
- Creating a BigData policy
- Performing manual backups
- Active Directory granular backups and recovery
 
- Synthetic backups- About synthetic backups
- Recommendations for synthetic backups and restores
- Synthetic full backups
- Synthetic cumulative incremental backups
- Schedules that must appear in a policy for synthetic backups
- Adding clients to a policy for synthetic backups
- Change journal and synthesized backups
- True image restore and synthesized backups
- Displaying synthetic backups in the Activity Monitor
- Logs produced during synthetic backups
- Synthetic backups and directory and file attributes
- Using the multiple copy synthetic backups method
- Optimized synthetic backups
- Optimized synthetic backups for deduplication
 
- Protecting the NetBackup catalog- About the NetBackup catalog
- Parts of the NetBackup catalog
- Protecting the NetBackup catalog- About catalog backups
- Using the Catalog Backup Wizard to configure a catalog backup
- Using the Policy Configuration Wizard to configure a catalog backup
- Configuring a catalog backup manually
- Backing up NetBackup catalogs manually
- Concurrently running catalog backups with other backups
- About catalog policy schedules
- How catalog incrementals and standard backups interact on UNIX
- Determining whether or not a catalog backup succeeded
- Strategies that ensure successful NetBackup catalog backups
 
- Recovering the catalog
- Disaster recovery emails and the disaster recovery files
- Disaster recovery packages
- About disaster recovery settings
- Setting a passphrase to encrypt disaster recovery packages
- Archiving the catalog and restoring from the catalog archive
- Estimating catalog space requirements
 
- About the NetBackup relational database- About the NetBackup relational database (NBDB) installation
- Using the NetBackup Database Administration utility on Windows
- Using the NetBackup Database Administration utility on UNIX- About the Select/Restart Database and Change Password menu options
- About the Database Space and Memory Management menu options
- About the Database Validation Check and Rebuild menu options
- About the Move Database menu options
- About the Unload Database menu options
- About the Backup and Restore Database menu options
 
- Post-installation tasks
- About backup and recovery procedures
- Unloading the NetBackup database
- Terminating database connections
 
- Managing backup images
 
- Creating backup policies
- Section VI. Configuring replication- About NetBackup replication- About NetBackup replication
- About NetBackup Auto Image Replication- One-to-many Auto Image Replication model
- Cascading Auto Image Replication model
- About the domain relationship for replication
- About the replication topology for Auto Image Replication
- Viewing the replication topology for Auto Image Replication
- About trusted master servers for Auto Image Replication
- About the storage lifecycle policies required for Auto Image Replication
- About Auto Image Replication import confirmation
- Using NetBackup Access Control (NBAC) with Auto Image Replication
- Auto Image Replication setup overview
- How to resolve volume changes for Auto Image Replication
- Removing or replacing replication relationships in an Auto Image Replication configuration- Adding or removing a replication relationship between two storage servers
- Removing all replication relationships between a domain and a storage server
- Replacing all replication relationships between a domain and a storage server
- Removing or replacing all replication relationships involving a storage server
- Example: Replacing a storage server in a non-targeted Auto Image Replication configuration
- Example: Replacing a storage server in a cascading, targeted Auto Image Replication configuration
 
- About restoring from a backup at a target master domain
- Reporting on Auto Image Replication jobs
 
- About NetBackup Replication Director
 
 
- About NetBackup replication
- Section VII. Monitoring and reporting- Monitoring NetBackup activity- About the Activity Monitor
- Setting Activity Monitor options
- About the Jobs tab- Viewing job details in the Activity Monitor
- Showing or hiding column heads in the Activity Monitor
- Monitoring the detailed status of a selected job in the Activity Monitor
- Deleting completed jobs in the Activity Monitor
- Canceling a job that has not completed in the Activity Monitor
- Restarting a failed (completed) job in the Activity Monitor
- Suspending and resuming jobs in the Activity Monitor
- Printing job list information in the Activity Monitor
- Exporting Activity Monitor data to a text file
- Copying Activity Monitor text to a file
- Changing the Job Priority dynamically from the Activity Monitor
 
- About the Daemons tab
- About the Processes tab
- About the Drives tab
- About the Error Logs tab
- About the jobs database
- About the Device Monitor
- About media mount errors
- About pending requests and actions
 
- Reporting in NetBackup
- Using the Logging Assistant- About the Logging Assistant
- Logging Assistant sequence of operation
- Viewing the Logging Assistant records
- Viewing the details of a Logging Assistant record
- Adding or deleting a Logging Assistant record
- Setting up debug logging
- Set minimum debug logging
- Disabling debug logging
- Collecting debug logs
- Collecting nbsu output
 
 
- Monitoring NetBackup activity
- Section VIII. Administering NetBackup- Management topics
- Accessing a remote server
- Using the NetBackup Remote Administration Console- About the NetBackup Remote Administration Console
- About authorizing NetBackup users
- Authorization file (auth.conf) characteristics
- About authorizing nonroot users for specific applications
- About authorizing specific tasks in the Backup, Archive, and Restore user interface
- About authorizing users on a Windows NetBackup server
- Restricting access to the NetBackup Administration Console on Windows
- Run-time configuration options for the NetBackup Administration Console
- About improving NetBackup performance
- About adjusting time zones in the NetBackup Administration console
 
- Alternate server restores- About alternate server restores
- About supported configurations for alternate server restores
- About performing alternate server restores
 
- Managing client backups and restores- About server-directed restores
- About client-redirected restores
- About restoring the files that have Access Control Lists (ACLs)
- About setting the original atime for files during restores on UNIX
- Restoring the System State
- About the backup and restore of compressed files on VxFS file systems
- About backups and restores on ReFS
 
- Powering down and rebooting NetBackup servers
- About Granular Recovery Technology- About installing and configuring Network File System (NFS) for Active Directory Granular Recovery
- About configuring Services for Network File System (NFS) on Windows 2012, 2012 R2, or 2016
- About configuring Services for Network File System (NFS) on Windows 2008 and 2008 R2
- Configuring a UNIX media server and Windows clients for backups and restores that use Granular Recovery Technology (GRT)
- Configuring a different network port for NBFSD
 
 
PREFERRED_NETWORK examples
Table: Basic examples
| Description | Entry | 
|---|---|
| Allows connectivity to the host names that resolve to 12.34.0.0 through 12.34.255.255. It does not affect outbound interface selection: | PREFERRED_NETWORK = 12.34.0.0/16 MATCH | 
| Allows connectivity to the host name that resolves to 12.34.56.78, and requests that the operating system use 98.76.54.32 as the outbound interface. | PREFERRED_NETWORK = 12.34.56.78 MATCH 98.76.54.32 | 
| Instructs the host to use the interface IPs of Host_A for all IPv4 and IPv6 addresses. | PREFERRED_NETWORK = 0/0 MATCH Host_A | 
| Prevents NetBackup from connecting to any destination address outside the range of 12.34.56.0 through 12.34.56.255. The source interface will be ANY unless one or more are PROHIBITED. | PREFERRED_NETWORK = 12.34.56.78/24 ONLY | 
| Prevents NetBackup from connecting to any destination address outside the range of 12.34.56.0 through 12.34.56.255. Requests that the operating system use 98.76.54.32 as the outbound interface. | PREFERRED_NETWORK = 12.34.56.78/24 ONLY 98.76.54.32 | 
| Prevents NetBackup from connecting to any destination addresses outside of the indicated IPv6 subnet. The source interface will be ANY unless one or more are PROHIBITED. | PREFERRED_NETWORK = 2001:1234:1efc::/48 ONLY | 
| Prevents NetBackup from using any address between 12.34.0.0 and 12.34.255.255 as the source or destination for a connection. If it matches a local interface, NetBackup will provide an ordered list of the remaining interfaces as the source binding list for the outbound interface when other entries do not specify a source. Using PROHIBITED with local interfaces is discouraged. See the details in the following topic: See directive. | PREFERRED_NETWORK = 12.34.56.78/16 PROHIBITED | 
| Prevents the host from using IPv4 addresses. | PREFERRED_NETWORK = 0.0.0.0 PROHIBITED | 
| Prevents the host from using IPv6 addresses. | PREFERRED_NETWORK = 0::0 PROHIBITED | 
| Prevents the host from using the address of the production_server. | PREFERRED_NETWORK = production_server PROHIBITED | 
Use the bplocaladdrs command to observe the local interfaces that are provided to NetBackup by the operating system and the order in which they are provided.
bplocaladdrs returns the following output for the host (bob) in the examples in the following topics.
$ bplocaladdrs 10.82.105.11 10.82.105.8 10.82.10.10
Use the bptestnetconn command to observe the order in which entries are evaluated and the evaluation results. The TGT or SRC indicates whether the destination is permitted and which source binding list NetBackup provides to the operating system. A value of ANY indicates that the outbound interface is not constrained by NetBackup.
$ bptestnetconn -asp -v6 ... FL: mymaster -> 10.82.105.14 : 5 ms FAST (< 5 sec) TGT PROHIBITED FL: mymedia -> 10.81.40.61 : 6 ms FAST (< 5 sec) SRC: 10.82.10.10 ...
PREFERRED_NETWORK rules are applied in this order:
[0] PREFERRED_NETWORK = 10.82.105.14 PROHIBITED [1] PREFERRED_NETWORK = 10.81.40.0/24 MATCH 10.82.10.10 $ bptestnetconn -asp -v6 -H myclient ... FL: myclient -> 10.81.40.127 : 6 ms FAST (< 5 sec) SRC: ANY
PREFERRED_NETWORK rules are applied in this order:
[0] PREFERRED_NETWORK = 10.82.105.15/32 MATCH 10.82.105.0/24 [1] PREFERRED_NETWORK = 10.82.105.0/29 PROHIBITED [2] PREFERRED_NETWORK = 10.82.104.0/24 MATCH 10.82.105.5
The following examples are more complex and use a NetBackup server (bob), that uses the following network interfaces:
eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 10.82.105.11 netmask fffff800 broadcast 10.82.111.255 eri0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 10.82.105.8 netmask fffff800 broadcast 10.255.255.255 eri1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 10.82.10.10 netmask fffff800 broadcast 10.82.15.255
Normal outbound connectivity to the following four hosts (billcat, muzzy, beetle, lilo), uses the first interface. Internal connections use the destination interface as the source interface.
$ bptestbpcd -host billcat 10.82.105.11:54129 -> 10.82.105.15:13724 $ bptestbpcd -host muzzy 10.82.105.11:54152 -> 10.82.105.14:13724 $ bptestbpcd -host beetle 10.82.105.11:54135 -> 10.82.104.249:13724 $ bptestbpcd -host lilo 10.82.105.11:54139 -> 10.82.56.79:1556 $ bptestbpcd -host 10.82.105.11 10.82.105.11:54144 -> 10.82.105.11:1556 $ bptestbpcd -host 10.82.105.8 10.82.105.8:52148 -> 10.82.105.8:1556
Using a local interface as the target for MATCH entries has no affect. In this example, the source interface is unaffected by the local MATCH entry.
PREFERRED_NETWORK = 10.82.105.8/32 MATCH $ bptestbpcd -host billcat 10.82.105.11:54202 -> 10.82.105.15:13724 $ bptestbpcd -host muzzy 10.82.105.11:54206 -> 10.82.105.14:13724 $ bptestbpcd -host beetle 10.82.105.11:54300 -> 10.82.104.249:13724 $ bptestbpcd -host lilo 10.82.105.11:54302 -> 10.82.56.79:1556 $ bptestbpcd -host 10.82.105.11 10.82.105.11:54306 -> 10.82.105.11:1556 $ bptestbpcd -host 10.82.105.8 10.82.105.8:54309 -> 10.82.105.8:1556
Similar to Example 1, using a local interface as the target for ONLY entries has no affect on source binding. It does, however, prevent connections to destination addresses (in the absence of other directives that more closely MATCH the destinations). Connections internal to the host are not affected.
PREFERRED_NETWORK = 10.82.105.8/32 ONLY
$ bptestbpcd -host billcat <16> bptestbpcd main: ConnectToBPCD(billcat) failed: 25 cannot connect on socket $ bptestbpcd -host muzzy <16> bptestbpcd main: ConnectToBPCD(muzzy) failed: 25 cannot connect on socket $ bptestbpcd -host beetle <16> bptestbpcd main: ConnectToBPCD(beetle) failed: 25 cannot connect on socket $ bptestbpcd -host lilo <16> bptestbpcd main: ConnectToBPCD(lilo) failed: 25 cannot connect on socket $ bptestbpcd -host 10.82.105.11 10.82.105.11:54306 -> 10.82.105.11:1556 $ bptestbpcd -host 10.82.105.8 10.82.105.8:54309 -> 10.82.105.8:1556
Using MATCH entries, the outbound connections to a specific host or network can be preferred over the defaults. In this example, connections to a specific host and a separate network are requested to use the second outbound network interface.
PREFERRED_NETWORK = 10.82.105.15/32 MATCH 10.82.105.8 PREFERRED_NETWORK = 10.82.104.0/24 MATCH 10.82.105.8
$ bptestbpcd -host billcat (Preferred by the first entry)
10.82.105.8:54192 -> 10.82.105.15:13724
$ bptestbpcd -host muzzy (Implicitly permitted using defaults)
10.82.105.11:54196 -> 10.82.105.14:13724
$ bptestbpcd -host beetle (Preferred by the second entry)
10.82.105.8:54200 -> 10.82.104.249:13724
$ bptestbpcd -host lilo (Implicitly permitted using defaults)
10.82.105.11:54202 -> 10.82.56.79:1556
Adding an ONLY entry prevents connections to any other hosts that are not on the specified network, or matched by prior entries.
PREFERRED_NETWORK = 10.82.105.15/32 MATCH 10.82.105.8 PREFERRED_NETWORK = 10.82.104.0/24 MATCH 10.82.105.8 PREFERRED_NETWORK = 10.82.56.0/24 ONLY
$ bptestbpcd -host billcat (Preferred by first entry)
10.82.105.8:54209 -> 10.82.105.15:13724
<16> bptestbpcd -host 10.82.105.14 (Does not match 1 or 2, excluded by 3)
<16> bptestbpcd main: ConnectToBPCD(muzzy) failed: 25 cannot connect on socket
$ bptestbpcd -host beetle (Preferred by second entry)
10.82.105.8:54214 -> 10.82.104.249:13724 (Required by third entry)
10.82.105.11:54216 -> 10.82.56.79:1556
Changing the ONLY to PROHIBITED explicitly excludes connections with those destination hosts and implicitly allows connections to unspecified hosts. The PROHIBITED network is non-local and does not affect source binding.
PREFERRED_NETWORK = 10.82.105.15/32 MATCH 10.82.105.8 PREFERRED_NETWORK = 10.82.104.249/32 MATCH 10.82.105.8 PREFERRED_NETWORK = 10.82.56.0/24 PROHIBITED
$ bptestbpcd -host billcat (Preferred by the first entry)
10.82.105.8:54224 -> 10.82.105.15:13724
$ bptestbpcd -host muzzy (Implicitly permitted)
10.82.105.11:54228 -> 10.82.105.14:13724
$ bptestbpcd -host beetle (Preferred by the second entry)
10.82.105.8:54232 -> 10.82.104.249:13724
$ bptestbpcd -host 10.82.56.79 (Does not match 1 or 2, prohibited by 3)
<16> bptestbpcd main: ConnectToBPCD(lilo) failed: 25 cannot connect on socket
Conversely, moving the ONLY to the top of the list does not prevent the MATCH entries from being evaluated because the ONLY is for a less restrictive IP range than the MATCH entries. The latter are evaluated first for those hosts.
PREFERRED_NETWORK = 10.82.104.0/24 ONLY PREFERRED_NETWORK = 10.82.105.15/32 MATCH 10.82.105.11 PREFERRED_NETWORK = 10.82.104.249/32 MATCH 10.82.105.8
$ bptestbpcd -host billcat (Preferred by the second entry)
10.82.105.11:54392 -> 10.82.105.15:13724
$ bptestbpcd -host 10.82.105.14 (Does not match 2 or 3, excluded by 1)
<16> bptestbpcd main: ConnectToBPCD(muzzy) failed: 25 cannot connect on socket
$ bptestbpcd -host beetle (Preferred by 3 before required by 1)
10.82.105.8:54396 -> 10.82.104.249:13724
$ bptestbpcd -host 10.82.56.79 (Does not match 2 or 3, excluded by 1)
<16> bptestbpcd main: ConnectToBPCD(lilo) failed: 25 cannot connect on socket
The subnet on this ONLY entry matches both billcat and muzzy, but does not affect the outbound interface confirming that ONLY is used for destination address filtering and not source address filtering. Otherwise, all connections would fail because both local interfaces, 10.82.105.11 and 10.82.105.8, are not in that subnet.
PREFERRED_NETWORK = 10.82.105.14/31 ONLY PREFERRED_NETWORK = 10.82.105.15/32 MATCH 10.82.105.8
$ bptestbpcd -host billcat (Preferred by second entry)
10.82.105.8:54209 -> 10.82.105.15:13724
$ bptestbpcd -host muzzy (Preferred by first entry)
10.82.105.11:45662 -> 10.82.105.14:13724
$ bptestbpcd -host 10.82.104.249 (Excluded by first entry)
<16> bptestbpcd main: ConnectToBPCD(beetle) failed: 25 cannot connect on socket
Here, all three remote hosts are reachable, but notice that the source interface is the one remaining after 10.82.105.11 is PROHIBITED. This includes the apparent target MATCH for billcat, which actually failed to match because the source was previously PROHIBITED. Notice that internal connections are not affected by PROHIBITED.
PREFERRED_NETWORK = 10.82.105.11/32 PROHIBITED PREFERRED_NETWORK = 10.82.105.15/32 MATCH 10.82.105.11
$ bptestbpcd -host billcat (Matched second, but first prohibited that source)
10.82.105.8:54202 -> 10.82.105.15:13724
$ bptestbpcd -host muzzy (Implicit match and pruned source)
10.82.105.8:54206 -> 10.82.105.14:13724
$ bptestbpcd -host beetle (Implicit match and pruned source)
10.82.105.8:54300 -> 10.82.104.249:13724
$ bptestbpcd -host 10.82.105.11 (Not affected by first entry)
10.82.105.11:54306 -> 10.82.105.11:1556 $ bptestbpcd -host 10.82.105.8 10.82.105.8:54309 -> 10.82.105.8:1556
This example demonstrates two nuances of source binding evaluation that result in the use of ANY interface instead of the non-prohibited interfaces. The second entry removes the 10.82.10.10 local interface from the source binding list before the third entry is processed making that source unavailable. The source on the first entry causes the shortened list created by the second entry to be ignored during all evaluations.
PREFERRED_NETWORK = 10.82.104.249 MATCH 10.82.105.0/24 PREFERRED_NETWORK = 10.82.10.10 PROHIBITED PREFERRED_NETWORK = 10.82.56.0/24 MATCH 10.82.10.10
FL: billcat -> 10.82.105.15 ... SRC: ANY (First source implicitly negates second target)
FL: muzzy -> 10.82.105.14 ... SRC: ANY (First source implicitly negates second target)
FL: beetle -> 10.82.104.249 ... SRC: 10.82.105.11 (Matched first, used first in range)
FL: lilo -> 10.82.56.79 ... SRC: ANY (Second target explicitly negates third source)
In Example 8, the source on the first entry matches two local interfaces. The 10.82.105.11 interface was chosen over 10.82.105.8 as the source when connecting to beetle because that interface was returned first by the operating system as shown in the bplocaladdrs output for this example. (See Using bplocaladdrs to troubleshoot.)
This example shows how the binding list is shortened by prohibiting a local interface. When ANY was the default source binding list, the outbound interface for these destinations was 10.82.105.11. (See Example 1.) Prohibiting a different local interface causes NetBackup to provide a shortened list and the operating system selected 10.82.10.10 as the source IP. Because this operating system uses the strong host model, that interface is not valid for these destination IPs and the connection attempts fail.
PREFERRED_NETWORK = 10.82.105.8 PROHIBITED FL: billcat -> 10.82.105.15 ... SRC: 10.82.10.10,10.82.105.11 FL: lilo -> 10.82.56.79 ... SRC: 10.82.10.10,10.82.105.11 $ bptestbpcd -host billcat <16> bptestbpcd main: ConnectToBPCD(billcat) failed: 25 cannot connect on socket $ bptestbpcd -host lilo <16> bptestbpcd main: ConnectToBPCD(lilo) failed: 25 cannot connect on socket
If the operating system is changed to the weak host model, the TCP SYN for each connection is transmitted out the default interface (10.10.82.105.11) onto the 10.82.104.0 network, but with a source IP of 10.82.10.10. If there is a network route from the 10.82.104.0 network to the destination hosts, then the SYN will reach the destinations. But the reply is only successful if there is an asymmetrical route back to the 10.82.8.0 network from the destination host. Notice the spoofed source IP in the successful connection which does not reflect the network onto which the TCP SYN packet was actually sent.
$ bptestbpcd -host billcat <16> bptestbpcd main: ConnectToBPCD(billcat) failed: 25 cannot connect on socket $ bptestbpcd -host lilo 10.82.10.10:52842 -> 10.82.56.79:1556