NetBackup™ Deduplication Guide

Last Published:
Product(s): NetBackup (10.0)
  1. Introducing the NetBackup media server deduplication option
    1.  
      About the NetBackup deduplication options
  2. Quick start
    1.  
      About client-side deduplication
    2. About the media server deduplication (MSDP) node cloud tier
      1.  
        Configuring the MSDP node cloud tier
    3.  
      About Auto Image Replication (A.I.R.)
  3. Planning your deployment
    1.  
      Planning your MSDP deployment
    2.  
      NetBackup naming conventions
    3.  
      About MSDP deduplication nodes
    4.  
      About the NetBackup deduplication destinations
    5.  
      About MSDP storage capacity
    6. About MSDP storage and connectivity requirements
      1.  
        Fibre Channel and iSCSI comparison for MSDP
    7. About NetBackup media server deduplication
      1.  
        About MSDP storage servers
      2.  
        About MSDP load balancing servers
      3.  
        About MSDP server requirements
      4.  
        About MSDP unsupported configurations
    8. About NetBackup Client Direct deduplication
      1.  
        About MSDP client deduplication requirements and limitations
    9. About MSDP remote office client deduplication
      1.  
        About MSDP remote client data security
      2.  
        About remote client backup scheduling
    10.  
      About the NetBackup Deduplication Engine credentials
    11.  
      About the network interface for MSDP
    12.  
      About MSDP port usage
    13.  
      About MSDP optimized synthetic backups
    14.  
      About MSDP and SAN Client
    15.  
      About MSDP optimized duplication and replication
    16. About MSDP performance
      1.  
        How file size may affect the MSDP deduplication rate
    17. About MSDP stream handlers
      1.  
        Oracle stream handler
      2.  
        Microsoft SQL Server stream handler
    18. MSDP deployment best practices
      1.  
        Use fully qualified domain names
      2.  
        About scaling MSDP
      3.  
        Send initial full backups to the storage server
      4.  
        Increase the number of MSDP jobs gradually
      5.  
        Introduce MSDP load balancing servers gradually
      6.  
        Implement MSDP client deduplication gradually
      7.  
        Use MSDP compression and encryption
      8.  
        About the optimal number of backup streams for MSDP
      9.  
        About storage unit groups for MSDP
      10.  
        About protecting the MSDP data
      11.  
        Save the MSDP storage server configuration
      12.  
        Plan for disk write caching
  4. Provisioning the storage
    1.  
      About provisioning the storage for MSDP
    2.  
      Do not modify MSDP storage directories and files
    3.  
      About volume management for NetBackup MSDP
  5. Licensing deduplication
    1.  
      About the MSDP license
    2.  
      Licensing NetBackup MSDP
  6. Configuring deduplication
    1.  
      Configuring MSDP server-side deduplication
    2.  
      Configuring MSDP client-side deduplication
    3.  
      About the MSDP Deduplication Multi-Threaded Agent
    4. Configuring the Deduplication Multi-Threaded Agent behavior
      1.  
        MSDP mtstrm.conf file parameters
    5.  
      Configuring deduplication plug-in interaction with the Multi-Threaded Agent
    6.  
      About MSDP fingerprinting
    7.  
      About the MSDP fingerprint cache
    8. Configuring the MSDP fingerprint cache behavior
      1.  
        MSDP fingerprint cache behavior options
    9.  
      About seeding the MSDP fingerprint cache for remote client deduplication
    10.  
      Configuring MSDP fingerprint cache seeding on the client
    11. Configuring MSDP fingerprint cache seeding on the storage server
      1.  
        NetBackup seedutil options
    12.  
      Enabling 400 TB support for MSDP
    13. About MSDP Encryption using NetBackup KMS service
      1.  
        Upgrading KMS for MSDP
      2.  
        Enabled KMS encryption for Local LSU
    14.  
      About MSDP Encryption using external KMS server
    15. Configuring a storage server for a Media Server Deduplication Pool
      1.  
        MSDP storage path properties
      2.  
        MSDP network interface properties
    16.  
      About disk pools for NetBackup deduplication
    17. Configuring a disk pool for deduplication
      1.  
        Media Server Deduplication Pool properties
    18.  
      Creating the data directories for 400 TB MSDP support
    19.  
      Adding volumes to a 400 TB Media Server Deduplication Pool
    20. Configuring a Media Server Deduplication Pool storage unit
      1.  
        Media Server Deduplication Pool storage unit properties
      2.  
        MSDP storage unit recommendations
    21.  
      Configuring client attributes for MSDP client-side deduplication
    22.  
      Disabling MSDP client-side deduplication for a client
    23.  
      About MSDP compression
    24.  
      About MSDP encryption
    25.  
      MSDP compression and encryption settings matrix
    26.  
      Configuring encryption for MSDP backups
    27.  
      Configuring encryption for MSDP optimized duplication and replication
    28.  
      About the rolling data conversion mechanism for MSDP
    29.  
      Modes of rolling data conversion
    30.  
      MSDP encryption behavior and compatibilities
    31.  
      Configuring optimized synthetic backups for MSDP
    32.  
      About a separate network path for MSDP duplication and replication
    33.  
      Configuring a separate network path for MSDP duplication and replication
    34. About MSDP optimized duplication within the same domain
      1. About the media servers for MSDP optimized duplication within the same domain
        1.  
          About MSDP push duplication within the same domain
        2.  
          About MSDP pull duplication within the same domain
    35. Configuring MSDP optimized duplication within the same NetBackup domain
      1. Configuring NetBackup optimized duplication or replication behavior
        1.  
          Setting NetBackup configuration options by using the command line
    36.  
      About MSDP replication to a different domain
    37. Configuring MSDP replication to a different NetBackup domain
      1. About NetBackup Auto Image Replication
        1.  
          One-to-many Auto Image Replication model
        2.  
          Cascading Auto Image Replication model
        3.  
          About the domain relationship for replication
        4.  
          About the replication topology for Auto Image Replication
        5. Viewing the replication topology for Auto Image Replication
          1.  
            Sample volume properties output for MSDP replication
      2.  
        About trusted primary servers for Auto Image Replication
      3.  
        About the certificate to be used for adding a trusted master server
      4.  
        Adding a trusted master server using a NetBackup CA-signed (host ID-based) certificate
      5.  
        Adding a trusted primary server using external CA-signed certificate
      6.  
        Removing a trusted primary server
      7.  
        Enabling NetBackup clustered primary server inter-node authentication
      8.  
        Configuring NetBackup CA and NetBackup host ID-based certificate for secure communication between the source and the target MSDP storage servers
      9.  
        Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server
      10. Configuring a target for MSDP replication to a remote domain
        1.  
          Target options for MSDP replication
        2.  
          Configuring a NetBackup Deduplication Engine user with limited permissions for Auto Image Replication
    38.  
      About configuring MSDP optimized duplication and replication bandwidth
    39.  
      About performance tuning of optimized duplication and replication for MSDP cloud
    40.  
      About storage lifecycle policies
    41.  
      About the storage lifecycle policies required for Auto Image Replication
    42. Creating a storage lifecycle policy
      1.  
        Storage Lifecycle Policy dialog box settings
    43.  
      About MSDP backup policy configuration
    44.  
      Creating a backup policy
    45. Resilient Network properties
      1.  
        Resilient connection resource usage
    46.  
      Specifying resilient connections
    47.  
      Adding an MSDP load balancing server
    48.  
      About variable-length deduplication on NetBackup clients
    49.  
      About the MSDP pd.conf configuration file
    50. Editing the MSDP pd.conf file
      1.  
        MSDP pd.conf file parameters
    51.  
      About the MSDP contentrouter.cfg file
    52.  
      About saving the MSDP storage server configuration
    53.  
      Saving the MSDP storage server configuration
    54.  
      Editing an MSDP storage server configuration file
    55.  
      Setting the MSDP storage server configuration
    56.  
      About the MSDP host configuration file
    57.  
      Deleting an MSDP host configuration file
    58.  
      Resetting the MSDP registry
    59. About protecting the MSDP catalog
      1.  
        About the MSDP shadow catalog
      2.  
        About storing MSDP catalog shadow copy duplicates on data volumes
      3.  
        About the MSDP catalog backup policy
    60.  
      Changing the MSDP shadow catalog path
    61.  
      Changing the MSDP shadow catalog schedule
    62.  
      Changing the number of MSDP catalog shadow copies
    63. Configuring an MSDP catalog backup
      1.  
        MSDP drcontrol options
    64.  
      Updating an MSDP catalog backup policy
    65.  
      About MSDP FIPS compliance
    66.  
      Configuring the NetBackup client-side deduplication to support multiple interfaces of MSDP
    67.  
      About MSDP multi-domain support
    68.  
      About MSDP application user support
    69.  
      About MSDP mutli-domain VLAN Support
    70. About NetBackup WORM storage support for immutable and indelible data
      1.  
        About the NetBackup command line options to configure immutable and indelible data
  7. MSDP cloud support
    1. About MSDP cloud support
      1.  
        Operating system requirement for configuration
      2.  
        Limitations
    2.  
      Create a Media Server Deduplication Pool (MSDP) storage server in the NetBackup web UI
    3.  
      Creating a cloud storage unit
    4.  
      Updating cloud credentials for a cloud LSU
    5.  
      Updating encryption configurations for a cloud LSU
    6.  
      Deleting a cloud LSU
    7.  
      Backup data to cloud by using cloud LSU
    8.  
      Duplicate data cloud by using cloud LSU
    9.  
      Configuring AIR to use cloud LSU
    10.  
      About backward compatibility support
    11.  
      About the configuration items in cloud.json, contentrouter.cfg, and spa.cfg
    12.  
      About the tool updates for cloud support
    13. About the disaster recovery for cloud LSU
      1.  
        Common disaster recovery steps
      2.  
        Disaster recovery for cloud LSU in Flex Scale
    14. About Image Sharing using MSDP cloud
      1.  
        Things to consider before you use image sharing to convert VM image to VHD in Azure
      2.  
        Converting the VM image to VHD in Azure
    15.  
      About restore from a backup in Microsoft Azure Archive
    16. About MSDP cloud immutable (WORM) storage support
      1.  
        About MSDP cloud admin tool
      2. About immutable object support for AWS S3
        1.  
          Creating a cloud immutable storage unit
        2.  
          Managing AWS S3 immutable storage using msdpcldutil tool
        3.  
          Performance tuning
        4.  
          AWS user permissions to create the cloud immutable volume
        5.  
          About bucket policy for immutable storage
      3. About immutable object support for AWS S3 compatible platforms
        1.  
          Creating a cloud immutable storage unit for the S3 compatible platforms
        2.  
          Managing HCP for Cloud Scale using msdpcldutil tool
        3.  
          Managing Cloudian HyperStore using msdpcldutil tool
        4.  
          Managing Seagate Lyve Cloud using msdpcldutil tool
        5.  
          Managing Veritas Access Cloud using msdpcldutil tool
      4. About immutable storage support for Azure blob storage
        1.  
          Creating an Azure cloud immutable storage unit using the Web UI
        2.  
          Managing an Azure cloud immutable volume using msdpcldutil tool
      5.  
        Troubleshooting the error when the bucket is created without msdpcldutil
  8. Monitoring deduplication activity
    1.  
      Monitoring the MSDP deduplication and compression rates
    2. Viewing MSDP job details
      1.  
        MSDP job details
    3.  
      About MSDP storage capacity and usage reporting
    4.  
      About MSDP container files
    5.  
      Viewing storage usage within MSDP container files
    6.  
      Viewing MSDP disk reports
    7.  
      About monitoring MSDP processes
    8.  
      Reporting on Auto Image Replication jobs
  9. Managing deduplication
    1. Managing MSDP servers
      1.  
        Viewing MSDP storage servers
      2.  
        Determining the MSDP storage server state
      3.  
        Viewing MSDP storage server attributes
      4.  
        Setting MSDP storage server attributes
      5.  
        Changing MSDP storage server properties
      6.  
        Clearing MSDP storage server attributes
      7.  
        About changing the MSDP storage server name or storage path
      8.  
        Changing the MSDP storage server name or storage path
      9.  
        Removing an MSDP load balancing server
      10.  
        Deleting an MSDP storage server
      11.  
        Deleting the MSDP storage server configuration
    2. Managing NetBackup Deduplication Engine credentials
      1.  
        Determining which media servers have deduplication credentials
      2.  
        Adding NetBackup Deduplication Engine credentials
      3.  
        Changing NetBackup Deduplication Engine credentials
      4.  
        Deleting credentials from a load balancing server
    3. Managing Media Server Deduplication Pools
      1.  
        Viewing Media Server Deduplication Pools
      2.  
        Determining the Media Server Deduplication Pool state
      3.  
        Changing OpenStorage disk pool state
      4.  
        Viewing Media Server Deduplication Pool attributes
      5.  
        Setting a Media Server Deduplication Pool attribute
      6. Changing a Media Server Deduplication Pool properties
        1.  
          How to resolve volume changes for Auto Image Replication
      7.  
        Clearing a Media Server Deduplication Pool attribute
      8.  
        Determining the MSDP disk volume state
      9.  
        Changing the MSDP disk volume state
      10.  
        Inventorying a NetBackup disk pool
      11.  
        Deleting a Media Server Deduplication Pool
    4.  
      Deleting backup images
    5.  
      About MSDP queue processing
    6.  
      Processing the MSDP transaction queue manually
    7.  
      About MSDP data integrity checking
    8. Configuring MSDP data integrity checking behavior
      1.  
        MSDP data integrity checking configuration parameters
    9.  
      About managing MSDP storage read performance
    10. About MSDP storage rebasing
      1.  
        MSDP server-side rebasing parameters
    11.  
      About the MSDP data removal process
    12.  
      Resizing the MSDP storage partition
    13.  
      How MSDP restores work
    14.  
      Configuring MSDP restores directly to a client
    15.  
      About restoring files at a remote site
    16.  
      About restoring from a backup at a target master domain
    17.  
      Specifying the restore server
  10. Recovering MSDP
    1.  
      About recovering the MSDP catalog
    2.  
      Restoring the MSDP catalog from a shadow copy
    3.  
      Recovering from an MSDP storage server disk failure
    4.  
      Recovering from an MSDP storage server failure
    5.  
      Recovering the MSDP storage server after NetBackup catalog recovery
  11. Replacing MSDP hosts
    1.  
      Replacing the MSDP storage server host computer
  12. Uninstalling MSDP
    1.  
      About uninstalling MSDP
    2.  
      Deactivating MSDP
  13. Deduplication architecture
    1.  
      MSDP server components
    2.  
      Media server deduplication backup process
    3.  
      MSDP client components
    4.  
      MSDP client - side deduplication backup process
  14. Configuring and using universal shares
    1.  
      About Universal Shares
    2.  
      Configuring and using an MSDP build-your-own (BYO) server for Universal Shares
    3.  
      MSDP build-your-own (BYO) server prerequisites and hardware requirements to configure Universal Shares
    4.  
      Configuring Universal Share user authentication
    5.  
      Mounting a Universal Share created from the NetBackup web UI
    6.  
      Creating a Protection Point for a Universal Share
    7.  
      Using the ingest mode
    8.  
      Changing the number of vpfsd instances
    9.  
      Upgrading to NetBackup 10.0
  15. Troubleshooting
    1. About unified logging
      1.  
        About using the vxlogview command to view unified logs
      2.  
        Examples of using vxlogview to view unified logs
    2. About legacy logging
      1.  
        Creating NetBackup log file directories for MSDP
    3.  
      NetBackup MSDP log files
    4. Troubleshooting MSDP installation issues
      1.  
        MSDP installation on SUSE Linux fails
    5. Troubleshooting MSDP configuration issues
      1.  
        MSDP storage server configuration fails
      2.  
        MSDP database system error (220)
      3.  
        MSDP server not found error
      4.  
        License information failure during MSDP configuration
      5.  
        The disk pool wizard does not display an MSDP volume
    6. Troubleshooting MSDP operational issues
      1.  
        Verify that the MSDP server has sufficient memory
      2.  
        MSDP backup or duplication job fails
      3.  
        MSDP client deduplication fails
      4.  
        MSDP volume state changes to DOWN when volume is unmounted
      5.  
        MSDP errors, delayed response, hangs
      6.  
        Cannot delete an MSDP disk pool
      7.  
        MSDP media open error (83)
      8.  
        MSDP media write error (84)
      9.  
        MSDP no images successfully processed (191)
      10.  
        MSDP storage full conditions
      11.  
        Troubleshooting MSDP catalog backup
      12.  
        Storage Platform Web Service (spws) does not start
      13.  
        Disk volume API or command line option does not work
    7.  
      Viewing MSDP disk errors and events
    8.  
      MSDP event codes and messages
    9.  
      Unable to obtain the administrator password to use an AWS EC2 instance that has a Windows OS
    10. Trouble shooting multi-domain issues
      1.  
        Unable to configure OpenStorage server from another domain
      2.  
        MSDP storage server is down when you configure an OpenStorage server
      3.  
        MSDP server is overloaded when it is used by multiple NetBackup domains
  16. Appendix A. Migrating to MSDP storage
    1.  
      Migrating from another storage type to MSDP
  17. Appendix B. Migrating from Cloud Catalyst to MSDP direct cloud tiering
    1.  
      About migration from Cloud Catalyst to MSDP direct cloud tiering
    2.  
      About Cloud Catalyst migration strategies
    3. About direct migration from Cloud Catalyst to MSDP direct cloud tiering
      1.  
        About requirements for a new MSDP direct cloud tier storage server
      2.  
        About beginning the direct migration
      3.  
        Placing the Cloud Catalyst server in a consistent state
      4.  
        About installing and configuring the new MSDP direct cloud tier server
      5.  
        Running the migration to the new MSDP direct cloud tier server
    4.  
      About postmigration configuration and cleanup
    5.  
      About the Cloud Catalyst migration -dryrun option
    6.  
      About Cloud Catalyst migration cacontrol options
    7.  
      Reverting back to Cloud Catalyst from a successful migration
    8.  
      Reverting back to Cloud Catalyst from a failed migration
  18. Appendix C. Encryption Crawler
    1.  
      About the Encryption Crawler
    2.  
      About the two modes of the Encryption Crawler
    3.  
      Managing the Encryption Crawler
    4.  
      Advanced options
    5.  
      Tuning options
    6.  
      Encrypting the data
    7.  
      Command usage example outputs
  19.  
    Index

About Image Sharing using MSDP cloud

Use image sharing to share the images from your on-premises NetBackup server to the NetBackup server running in AWS or Azure. The NetBackup server that is running in the cloud and configured for image sharing is called Cloud Recovery Server (CRS). Image sharing also provides the ability to convert backed up VMs as AWS instances or Azure VHD in certain scenarios.

MSDP with image sharing is a self-describing storage server. When you configure image sharing, NetBackup stores all the data and metadata that is required to recover the images in the cloud.

The following table describes the image sharing feature workflow.

Table: Image sharing workflow

Task

Description

Prepare cloud recovery server.

You must have a virtual machine in your cloud environment and have NetBackup installed on it. You can deploy the virtual machine using one of the following ways.

Configure the NetBackup KMS server.

If KMS encryption is enabled, perform the following tasks.

Configure image sharing on the cloud recovery server.

The NetBackup virtual machine in the cloud that is configured for image sharing is called cloud recovery server. Perform the following step to configure the image sharing:

Use the image sharing.

After you configure this NetBackup virtual machine for image sharing, you can import the images from your on-premises environment to the cloud and recover them when required. You can also convert VMs to VHD in Azure or AMI in AWS.

Read additional information about image sharing.

Additional information about image sharing

Important features of image sharing

  • In a situation where MSDP cloud backed up the deduplicated data to cloud, but the NetBackup catalog was available only on the on-premises NetBackup server. There, the data cannot be restored from the cloud without the on-premises NetBackup server.

    Image sharing in cloud uploads the NetBackup catalog along with the backup images and lets you restore data from the cloud without the on-premises NetBackup server.

  • You can launch an all-in-one NetBackup in the cloud on demand called the cloud recovery server, and recover the backup images from cloud.

  • Image sharing discovers the backup images that are stored in cloud storage through the REST APIs, command line, or Web UI, recovers the NetBackup catalog, and restores the images.

  • You can use command line options or NetBackup Web UI that have the function as REST APIs.

Things to consider before you use image sharing

  • Before you install NetBackup, create an instance based on RHEL 7.3 or later in cloud. You can also set up a computer based on RHEL 7.3 or later. The recommendation is that the instance has more than 64 GB of memory, 8 CPUs.

  • The HTTPS port 443 is enabled.

  • Change host name to the server's FQDN.

    In Azure virtual machine, you must change the internal hostname, which is created automatically for you and cannot get internal hostname from IP address.

  • Add the following items in the /etc/hosts file:

    "External IP" "Server's FQDN"

    "Internal IP" "Server's FQDN"

    For a computer, add the following items in the /etc/hosts file:

    "IP address" "Server's FQDN"

  • (Optional) For an instance, change the search domain order in the /etc/resolv.conf file to search external domains before internal domains.

  • NetBackup should be an all-in-one setup.

    Refer to the NetBackup Installation Guide for more information.

Configure Image sharing using MSDP cloud by NetBackup Web UI

You can access NetBackup Web UI to use image sharing. For more information, refer to the Create a cloud recovery server for image sharing topic in the NetBackup Web UI Administrator's Guide.

Configure Image sharing using MSDP cloud with the ims_system_config.py script

After installing NetBackup, you can run the ims_system_config.py script to configure image sharing.

The path to access the command is: /usr/openv/pdde/pdag/scripts/.

Amazon Web Service cloud provider:

ims_system_config.py -t PureDisk -k <AWS_access_key> -s <AWS_secret_access_key> -b <name_S3_bucket> -bs <bucket_sub_name> [-r <bucket_region>] [-p <mount_point>]

If you have configured IAM role in the EC2 instance, use the following command:

ims_system_config.py  -t PureDisk -k dummy -s dummy <bucket_name> -bs <bucket_sub_name> [-r <bucket_region>] [-p <mount_point>]

Microsoft Azure cloud provider:

ims_system_config.py -cp 2 -k <key_id> -s <secret_key> -b <container_name> -bs <bucket_sub_name> [-p <_mount_point_>]

Other S3 compatible cloud provider (For example, Hitachi HCP):

If Cloud Instance has been existed in NetBackup, use the following command:

ims_system_config.py -cp 3 -t PureDisk -k <key_id> -s <secret_key> -b <bucket_name> -bs <bucket_sub_name> -c <Cloud_instance_name> [-p <mount_point>]

Or use the following command:

ims_system_config.py -cp 3 -t PureDisk -k <key_id> -s <secret_key> -b <bucket_name> -pt <cloud_provider_type> -sh <s3_hostname> -sp <s3_http_port> -sps <s3_https_port> -ssl <ssl_usage> [-p <mount_point>]

Example for HCP provider:

ims_system_config.py -cp 3 -t PureDisk -k xxx -s xxx -b emma -bs subtest -pt hitachicp  -sh yyy.veritas.com -sp 80 -sps 443 -ssl 0

Description: (Specify the following options to use HCP cloud)

-cp 3: Specify third-party S3 cloud provider that is used.

-pt hitachicp: Specify cloud provider type as hitachicp (HCP LAN)

-t PureDisk_hitachicp_rawd: Specify storage server type as PureDisk_hitachicp_rawd

-sh <s3_hostname>: Specify HCP storage server host name

-sp <s3_http_port>: Specify HCP storage server HTTP port (Default is 80)

-sps <s3_https_port>: Specify HCP storage server HTTP port (Default is 443)

-ssl <ssl_usage>: Specify whether to use SSL. (0- Disable SSL. 1- Enable SSL. Default is 1.) If SSL is disabled, it uses <s3_http_port> to make connection to <s3_hostname>. Otherwise, it uses <s3_https_port>.

Using image sharing by NetBackup Web UI

You can access NetBackup Web UI to use image sharing. For more information, refer to the Using image sharing from the NetBackup Web UI topic in the NetBackup Web UI Administrator's Guide.

Using image sharing with the nbimageshare command

You can use the nbimageshare command to configure image sharing.

Run the nbimageshare command to list and import the virtual machine and standard images and then recover the virtual machines.

The path to access the command is: /usr/openv/netbackup/bin/admincmd/

For more information about the nbimageshare command, refer to the NetBackup Commands Reference Guide.

The following table lists the steps for image sharing and the command options:

Table: Steps for image sharing and the command options

Step

Command

Log on to NetBackup

 
nbimageshare --login <username> <password>
nbimageshare --login -interact

List all the backup images that are in the cloud

 
nbimageshare --listimage

Note:

In the list of images, the increment schedule type might be differential incremental or cumulative incremental.

Import the backup images to NetBackup

Import a single image:

nbimageshare --singleimport
<client> <policy> <backupID>

Import multiple images:

nbimageshare --batchimport 
<image_list_file_path>

Note:

The format of the image_list_file_path is same as the output of "list images".

The multiple images number must be equal to or less than 64.

You can import an already imported image. This action does not affect the NetBackup image catalog.

Recover the VM as an AWS EC2 AMI or VHD in Azure

 
nbimageshare --recovervm 
<client> <policy> <backupID>

  • Only VM images are supported.

  • For Azure, account should be Azure general-purpose storage accounts.

  • For AWS, the AWS account must have the following read and write permissions to S3:

    "ec2:CreateTags"
"ec2:DescribeImportImageTasks"
"ec2:ImportImage"
"ec2:DescribeImages"
"iam:ListRolePolicies"
"iam:ListRoles"
"iam:GetRole"
"iam:GetRolePolicy"
"iam:CreateRole"
"iam:PutRolePolicy"
Manual KMS key transfer in Image sharing in case of NetBackup KMS

When KMS encryption is enabled, you can share the images in the cloud storage to the cloud recovery server with manual KMS key transfer.

On-premises side:

  1. Storage server: Find the key group name for the given Storage server

    Find contentrouter.cfg in /etc/pdregistry.cfg

    Find key group name is in contentrouter.cfg under [KMSOptions]

    (Example KMSKeyGroupName=amazon.com:test1)

  2. NetBackup master server: Exports the key group with a passphrase to a file:

    /usr/openv/netbackup/bin/admincmd/nbkmsutil -export -key_groups <key-group-name> -path <key file path>

cloud recovery server (cloud side):

  1. Copy the exported key to the cloud recovery server

  2. Config KMS server

    /usr/openv/netbackup/bin/nbkms -createemptydb
/usr/openv/netbackup/bin/nbkms
/usr/openv/netbackup/bin/nbkmscmd -discovernbkms -autodiscover

  3. Import keys to KMS service.

    /usr/openv/netbackup/bin/admincmd/nbkmsutil -import -path <key file path> -preserve_kgname

  4. Configure the cloud recovery server using NetBackup Web UI or with ims_system_config.py

On-premises KMS key changes:

In case of KMS key changes for the given group for on-premises storage server after the cloud recovery server is set up, you must export the key file from on-premises KMS server and import that key file on the cloud recovery server.

  1. On-premises NetBackup master server:

    Exports the key group with a passphrase to a file:

    /usr/openv/netbackup/bin/admincmd/nbkmsutil -export -key_groups <key-group-name> -path <key file path>

  2. Cloud recovery server:

    /usr/openv/netbackup/bin/admincmd/nbkmsutil -deletekg -kgname <key-group-name> -force
    /usr/openv/netbackup/bin/admincmd/nbkmsutil -import -path <key file path> -preserve_kgname
Manual steps in image sharing in case of external KMS

If an on-premises storage server is configured to use keys from external KMS server, then make sure that the same KMS server is configured on the cloud recovery server before running ims_system_config.py. To know more about configuring an external KMS server in NetBackup, refer to NetBackup Security and Encryption Guide.

Make sure that the external KMS server is reachable from the cloud recovery server on a specific port.

Additional information about image sharing

  • It is recommended that you launch a cloud recovery server in the cloud on demand and don't upgrade it.

  • Do not use nbdevconfig to modify cloud LSU or add new cloud LSU in the image sharing server as it might cause an issue in the image sharing server (cloud recovery server). If KMS encryption is enabled in on-premise side after image sharing server is configured, the encrypted image cannot be import by this image sharing server.

  • Cloud LSU requires free disk space. When you configure image sharing server using the ims_system_config.py script, ensure that you have enough disk space in the default mount point or storage, or you can use -p parameter of ims_system_config.py to specify a different mount point to meet the requirement of free disk spaces.

  • After the image is imported in the image sharing server, the image catalog exists in the image sharing server. If the image is expired on the on-premises NetBackup domain, then restoring the image to the image sharing server fails even though the image catalog exists in the image sharing server.

  • If the image expires in the image sharing server, the image catalog in the image sharing server is removed but the image data in the cloud storage is not removed.

  • You can restore any image that you import in the image sharing server. Only VM images in AWS and Azure can be recovered because they can be converted into EC2 instance in AWS or VHD in Azure. VM images in other cloud storages cannot be converted, and can only be restored. You can recover only the VM images that are full backup images or accelerator-enabled incremental backup images.

  • Image sharing supports many policy types.

    See the NetBackup compatibility lists for the latest information on the supported policy types.

  • After the image sharing is configured, the storage server is in a read-only mode.

  • For information on the VM recovery limitations in AWS, refer to the AWS VM import information in AWS help.

  • You can configure the maximum active jobs when the images are imported to cloud storage.

    Modify the file path /usr/openv/var/global/wsl/config/web.conf to add the configuration item as imageshare.maxActiveJobLimit.

    For example, imageshare.maxActiveJobLimit=16.

    The default value is 16 and the configurable range is 1 to 100.

    If the import request is made and the active job count exceeds the configured limit, the following message is displayed:

    "Current active job count exceeded active job count limitation".

  • The images in cloud storage can be shared. If Amazon Glacier, Deep Archive or Azure Archive is enabled, you cannot use image sharing.

  • Regarding the errors about role policy size limitation in AWS:

    Errors that occur when the role policy size exceeds the maximum size is an AWS limitation. You can find the following error in a failed restore job:

    "error occurred (LimitExceeded) when calling the PutRolePolicy operation:
Maximum policy size of 10240 bytes exceeded for role vmimport"

    Workaround:

    • You can change the maximum policy size limit for the vmimport role.

    • You can list and delete the existing policies using the following commands:

      aws iam list-role-policies --role-name vmimport
aws iam delete-role-policy --role-name vmimport --policy-name 
<bucketname> -vmimport

  • The recover operation with AWS provider includes AWS import process. Therefore, a vmdk image cannot be recovered concurrently in two restore jobs at the same time.

  • In AWS, the image sharing feature can recover the virtual machines that satisfy the Amazon Web Services VM import prerequisites.

    For more information about the prerequisites, refer to the following article:

    https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html

  • If you cannot obtain the administrator password to use an AWS EC2 instance that has a Windows OS, the following error is displayed:

    Password is not available. This instance was launched from a custom AMI, or the default password has changed. A password cannot be retrieved for this instance. If you have forgotten your password, you can reset it using the Amazon EC2 configuration service. For more information, see Passwords for a Windows Server Instance.

    This error occurs after the instance is launched from an AMI that is converted using image sharing.

    For more information, refer to the following articles:

  • You cannot cancel an import job on the cloud recovery server.

  • If there is data optimization done on the on-premises image, you might not be able to restore the image that you have imported on the cloud recovery server. You can expire this image, import it again on the image-sharing server, and then restore the image.

  • After the backup job, duplication job, or AIR import job completes, you can import the images on a cloud recovery server.

  • If you want to convert a VM image again, you must delete the VHD from Azure blob.