Veritas NetBackup™ Security and Encryption Guide
- Increasing NetBackup security
- Security deployment models
- Port security
- About NetBackup daemons, ports, and communication
- Additional port information for products that interoperate with NetBackup
- About configuring ports
- Auditing NetBackup operations
- Configuring Enhanced Auditing
- Access control security
- NetBackup Access Control Security (NBAC)
- Configuring NetBackup Access Control (NBAC)
- Configuring Access Control host properties for the master and media server
- Access Control host properties dialog for the client
- Troubleshooting Access Management
- Windows verification points
- UNIX verification points
- Verification points in a mixed environment with a UNIX master server
- Verification points in a mixed environment with a Windows master server
- About determining who can access NetBackup
- Configuring user groups
- About defining a user group and users
- Viewing specific user permissions for NetBackup user groups
- Security management in NetBackup
- About the Security Management utilities
- About audit events
- About host management
- Adding shared or cluster mappings
- Allowing or disallowing automatic certificate reissue
- About global security settings
- About host name-based certificates
- About host ID-based certificates
- Using the Certificate Management utility to issue and deploy host ID-based certificates
- About certificate deployment security levels
- Setting up trust with the master server (Certificate Authority)
- About reissuing host ID-based certificates
- About Token Management for host ID-based certificates
- About the host ID-based certificate revocation list
- About revoking host ID-based certificates
- Security certificate deployment in a clustered NetBackup setup
- About deployment of a host ID-based certificate on a clustered NetBackup host
- Data at rest encryption security
- About NetBackup client encryption
- Configuring standard encryption on clients
- About configuring standard encryption from the server
- Configuring legacy encryption on clients
- About configuring legacy encryption from the client
- About configuring legacy encryption from the server
- Additional legacy key file security for UNIX clients
- Data at rest key management
- About the Key Management Service (KMS)
- Installing KMS
- Configuring KMS
- About key groups and key records
- Overview of key record states
- Configuring NetBackup to work with KMS
- About using KMS for encryption
- KMS database constituents
- Command line interface (CLI) commands
- About exporting and importing keys from the KMS database
- Troubleshooting KMS
- Regenerating keys and certificates
- NetBackup web services account
Resetting NetBackup host attributes
In certain scenarios, you may need to clean up or reset host attributes: For example, you have downgraded the host.
In such cases, you need to reset host ID to host name mapping information, communication status and so on for successful communication.
You must reset the host attributes of the downgraded host if you want the master server to communicate with the host in an insecure mode.
Resetting host attributes resets host ID to host name mapping information, communication status and so on. It does not reset the host ID, host name, or security certificates of the host.
After you reset the host attributes, the connection status (is secure flag) is set to insecure state. At the time of the next host communication, the connection status is updated appropriately.
If you have inadvertently used the Reset Host Attributes option, you can undo the changes by restarting the bpcd service. Else the host attributes are automatically updated with the appropriate values after 24 hours.
NetBackup 8.1 master server can communicate securely with all 8.1 hosts. However, it communicates insecurely with 8.0 and earlier hosts.
In certain scenarios, you may need to downgrade a NetBackup client from 8.1 version to 8.0 or earlier. After the downgrade, the master server cannot communicate with the client, because the communication status for the client is still set to secure mode. The communication status is not automatically updated to insecure mode after the downgrade.
Use one of the following options to reset a host:
To reset a host using the NetBackup Administration Console
- Expand Security Management > Host Management.
- On the Hosts tab, in the details pane, right-click the host that you have downgraded and which you want to reset, and click Reset Host Attributes.
To resume insecure communication with downgraded hosts, ensure that the Enable insecure communication with 8.0 and earlier hosts option on the Security Management > Global Security Settings > Secure Communication tab is selected.
To reset host attributes using the command-line interface
- Run the following command to authenticate your web services login:
bpnbat -login -loginType WEB
- Run the following command to reset the host: