NetBackup™ Deduplication Guide
- Introducing the NetBackup media server deduplication option
- Quick start
- Planning your deployment
- Planning your MSDP deployment
- NetBackup naming conventions
- About MSDP deduplication nodes
- About the NetBackup deduplication destinations
- About MSDP storage capacity
- About MSDP storage and connectivity requirements
- About NetBackup media server deduplication
- About NetBackup Client Direct deduplication
- About MSDP remote office client deduplication
- About the NetBackup Deduplication Engine credentials
- About the network interface for MSDP
- About MSDP port usage
- About MSDP optimized synthetic backups
- About MSDP and SAN Client
- About MSDP optimized duplication and replication
- About MSDP performance
- About MSDP stream handlers
- MSDP deployment best practices
- Use fully qualified domain names
- About scaling MSDP
- Send initial full backups to the storage server
- Increase the number of MSDP jobs gradually
- Introduce MSDP load balancing servers gradually
- Implement MSDP client deduplication gradually
- Use MSDP compression and encryption
- About the optimal number of backup streams for MSDP
- About storage unit groups for MSDP
- About protecting the MSDP data
- Save the MSDP storage server configuration
- Plan for disk write caching
- Provisioning the storage
- Licensing deduplication
- Configuring deduplication
- Configuring MSDP server-side deduplication
- Configuring MSDP client-side deduplication
- About the MSDP Deduplication Multi-Threaded Agent
- Configuring the Deduplication Multi-Threaded Agent behavior
- Configuring deduplication plug-in interaction with the Multi-Threaded Agent
- About MSDP fingerprinting
- About the MSDP fingerprint cache
- Configuring the MSDP fingerprint cache behavior
- About seeding the MSDP fingerprint cache for remote client deduplication
- Configuring MSDP fingerprint cache seeding on the client
- Configuring MSDP fingerprint cache seeding on the storage server
- About sampling and predictive cache
- Enabling 400 TB support for MSDP
- About MSDP Encryption using NetBackup KMS service
- About MSDP Encryption using external KMS server
- Configuring a storage server for a Media Server Deduplication Pool
- About disk pools for NetBackup deduplication
- Configuring a disk pool for deduplication
- Creating the data directories for 400 TB MSDP support
- Adding volumes to a 400 TB Media Server Deduplication Pool
- Configuring a Media Server Deduplication Pool storage unit
- Configuring client attributes for MSDP client-side deduplication
- Disabling MSDP client-side deduplication for a client
- About MSDP compression
- About MSDP encryption
- MSDP compression and encryption settings matrix
- Configuring encryption for MSDP backups
- Configuring encryption for MSDP optimized duplication and replication
- About the rolling data conversion mechanism for MSDP
- Modes of rolling data conversion
- MSDP encryption behavior and compatibilities
- Configuring optimized synthetic backups for MSDP
- About a separate network path for MSDP duplication and replication
- Configuring a separate network path for MSDP duplication and replication
- About MSDP optimized duplication within the same domain
- Configuring MSDP optimized duplication within the same NetBackup domain
- About MSDP replication to a different domain
- Configuring MSDP replication to a different NetBackup domain
- About NetBackup Auto Image Replication
- About trusted primary servers for Auto Image Replication
- About the certificate to be used for adding a trusted master server
- Adding a trusted master server using a NetBackup CA-signed (host ID-based) certificate
- Adding a trusted primary server using external CA-signed certificate
- Removing a trusted primary server
- Enabling NetBackup clustered primary server inter-node authentication
- Configuring NetBackup CA and NetBackup host ID-based certificate for secure communication between the source and the target MSDP storage servers
- Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server
- Configuring a target for MSDP replication to a remote domain
- About configuring MSDP optimized duplication and replication bandwidth
- About performance tuning of optimized duplication and replication for MSDP cloud
- About storage lifecycle policies
- About the storage lifecycle policies required for Auto Image Replication
- Creating a storage lifecycle policy
- About MSDP backup policy configuration
- Creating a backup policy
- Resilient Network properties
- Specifying resilient connections
- Adding an MSDP load balancing server
- About variable-length deduplication on NetBackup clients
- About the MSDP pd.conf configuration file
- Editing the MSDP pd.conf file
- About the MSDP contentrouter.cfg file
- About saving the MSDP storage server configuration
- Saving the MSDP storage server configuration
- Editing an MSDP storage server configuration file
- Setting the MSDP storage server configuration
- About the MSDP host configuration file
- Deleting an MSDP host configuration file
- Resetting the MSDP registry
- About protecting the MSDP catalog
- Changing the MSDP shadow catalog path
- Changing the MSDP shadow catalog schedule
- Changing the number of MSDP catalog shadow copies
- Configuring an MSDP catalog backup
- Updating an MSDP catalog backup policy
- About MSDP FIPS compliance
- Configuring the NetBackup client-side deduplication to support multiple interfaces of MSDP
- About MSDP multi-domain support
- About MSDP application user support
- About MSDP mutli-domain VLAN Support
- About NetBackup WORM storage support for immutable and indelible data
- MSDP cloud support
- About MSDP cloud support
- Create a Media Server Deduplication Pool (MSDP) storage server in the NetBackup web UI
- Creating a cloud storage unit
- Updating cloud credentials for a cloud LSU
- Updating encryption configurations for a cloud LSU
- Deleting a cloud LSU
- Backup data to cloud by using cloud LSU
- Duplicate data cloud by using cloud LSU
- Configuring AIR to use cloud LSU
- About backward compatibility support
- About the configuration items in cloud.json, contentrouter.cfg, and spa.cfg
- Cloud space reclamation
- About the tool updates for cloud support
- About the disaster recovery for cloud LSU
- About Image Sharing using MSDP cloud
- About restore from a backup in Microsoft Azure Archive
- About MSDP cloud immutable (WORM) storage support
- About MSDP cloud admin tool
- About immutable object support for AWS S3
- About immutable object support for AWS S3 compatible platforms
- Creating a cloud immutable storage unit for the S3 compatible platforms
- Managing HCP for Cloud Scale using msdpcldutil tool
- Managing Cloudian HyperStore using msdpcldutil tool
- Managing Seagate Lyve Cloud using msdpcldutil tool
- Managing Veritas Access Cloud using msdpcldutil tool
- Managing Wasabi cloud storage using msdpcldutil tool
- Managing Scality RING - LAN using msdpcldutil tool
- Managing EMC-ECS using msdpcldutil tool
- About immutable storage support for Azure blob storage
- About using the cloud immutable storage in a cluster environment
- Troubleshooting the error when the bucket is created without msdpcldutil
- Deleting the immutable image with the governance mode
- Refreshing the immutable cloud volume retention range value in the web UI
- Deleting the S3 object permanently
- About instant access for object storage in cloud
- S3 Interface for MSDP
- About S3 interface for MSDP
- Prerequisites
- Configuring S3 interface for MSDP
- Identity and Access Management (IAM) for S3 interface for MSDP
- S3 APIs for S3 interface for MSDP
- Disaster recovery in S3 interface for MSDP
- Limitations in S3 interface for MSDP
- Logging and troubleshooting
- Best practices
- Monitoring deduplication activity
- Monitoring the MSDP deduplication and compression rates
- Viewing MSDP job details
- About MSDP storage capacity and usage reporting
- About MSDP container files
- Viewing storage usage within MSDP container files
- Viewing MSDP disk reports
- About monitoring MSDP processes
- Reporting on Auto Image Replication jobs
- Managing deduplication
- Managing MSDP servers
- Viewing MSDP storage servers
- Determining the MSDP storage server state
- Viewing MSDP storage server attributes
- Setting MSDP storage server attributes
- Changing MSDP storage server properties
- Clearing MSDP storage server attributes
- About changing the MSDP storage server name or storage path
- Changing the MSDP storage server name or storage path
- Removing an MSDP load balancing server
- Deleting an MSDP storage server
- Deleting the MSDP storage server configuration
- Managing NetBackup Deduplication Engine credentials
- Managing Media Server Deduplication Pools
- Viewing Media Server Deduplication Pools
- Determining the Media Server Deduplication Pool state
- Changing OpenStorage disk pool state
- Viewing Media Server Deduplication Pool attributes
- Setting a Media Server Deduplication Pool attribute
- Changing a Media Server Deduplication Pool properties
- Clearing a Media Server Deduplication Pool attribute
- Determining the MSDP disk volume state
- Changing the MSDP disk volume state
- Inventorying a NetBackup disk pool
- Deleting a Media Server Deduplication Pool
- Deleting backup images
- About MSDP queue processing
- Processing the MSDP transaction queue manually
- About MSDP data integrity checking
- Configuring MSDP data integrity checking behavior
- About managing MSDP storage read performance
- About MSDP storage rebasing
- About the MSDP data removal process
- Resizing the MSDP storage partition
- How MSDP restores work
- Configuring MSDP restores directly to a client
- About restoring files at a remote site
- About restoring from a backup at a target master domain
- Specifying the restore server
- Managing MSDP servers
- Recovering MSDP
- Replacing MSDP hosts
- Uninstalling MSDP
- Deduplication architecture
- Configuring and using universal shares
- About universal shares
- Configuring and using an MSDP build-your-own (BYO) server for universal shares
- MSDP build-your-own (BYO) server prerequisites and hardware requirements to configure universal shares
- Configuring universal share user authentication
- Mounting a universal share created from the NetBackup web UI
- Creating a protection point for a universal share
- About universal share self-service recovery
- Performing a universal share self-service recovery
- Using the ingest mode
- About universal shares with object store
- Enabling a universal share with object store
- Disaster recovery for a universal share
- Changing the number of vpfsd instances
- Upgrading to NetBackup 10.1
- Configuring isolated recovery environment (IRE)
- Using the NetBackup Deduplication Shell
- About the NetBackup Deduplication Shell
- Managing users from the deduplication shell
- Adding and removing local users from the deduplication shell
- Adding MSDP users from the deduplication shell
- Connecting an Active Directory domain to a WORM or an MSDP storage server for Universal Shares and Instant Access
- Disconnecting an Active Directory domain from the deduplication shell
- Changing a user password from the deduplication shell
- Managing VLAN interfaces from the deduplication shell
- Managing the retention policy on a WORM storage server
- Managing images with a retention lock on a WORM storage server
- Auditing WORM retention changes
- Managing certificates from the deduplication shell
- Managing FIPS mode from the deduplication shell
- Encrypting backups from the deduplication shell
- Tuning the MSDP configuration from the deduplication shell
- Setting the MSDP log level from the deduplication shell
- Managing NetBackup services from the deduplication shell
- Managing the cyclic redundancy checking (CRC) service
- Managing the content router queue processing (CRQP) service
- Managing the online checking service
- Managing the compaction service
- Managing the deduplication (MSDP) services
- Managing the Storage Platform Web Service (SPWS)
- Managing the Veritas provisioning file system (VPFS) mounts
- Managing the NGINX service
- Managing the SMB service
- Monitoring and troubleshooting NetBackup services from the deduplication shell
- Troubleshooting
- About unified logging
- About legacy logging
- NetBackup MSDP log files
- Troubleshooting MSDP installation issues
- Troubleshooting MSDP configuration issues
- Troubleshooting MSDP operational issues
- Verify that the MSDP server has sufficient memory
- MSDP backup or duplication job fails
- MSDP client deduplication fails
- MSDP volume state changes to DOWN when volume is unmounted
- MSDP errors, delayed response, hangs
- Cannot delete an MSDP disk pool
- MSDP media open error (83)
- MSDP media write error (84)
- MSDP no images successfully processed (191)
- MSDP storage full conditions
- Troubleshooting MSDP catalog backup
- Storage Platform Web Service (spws) does not start
- Disk volume API or command line option does not work
- Viewing MSDP disk errors and events
- MSDP event codes and messages
- Unable to obtain the administrator password to use an AWS EC2 instance that has a Windows OS
- Trouble shooting multi-domain issues
- Troubleshooting the cloud compaction error messages
- Appendix A. Migrating to MSDP storage
- Appendix B. Migrating from Cloud Catalyst to MSDP direct cloud tiering
- About migration from Cloud Catalyst to MSDP direct cloud tiering
- About Cloud Catalyst migration strategies
- About direct migration from Cloud Catalyst to MSDP direct cloud tiering
- About postmigration configuration and cleanup
- About the Cloud Catalyst migration -dryrun option
- About Cloud Catalyst migration cacontrol options
- Reverting back to Cloud Catalyst from a successful migration
- Reverting back to Cloud Catalyst from a failed migration
- Appendix C. Encryption Crawler
- Index
Configuring universal share user authentication
The universal share created with CIFS/SMB protocol supports two methods of user authentication:
Active Directory-based user authentication
Local user-based authentication
If the appliance, Flex Appliance application instance, or MSDP BYO server is part of the Active Directory domain, you can use this approach.
When you create a universal share from the NetBackup web UI, you can specify Active Directory users or groups. This approach restricts access to only specified users or groups. You can also control permissions from the Windows client where the universal share is mounted. See the NetBackup Web UI Administrator's Guide for more information.
For information about setting up Active Directory users or groups with an appliance, see the NetBackup Appliance Security Guide.
For information about setting up Active Directory users or groups with a Flex Appliance application instance, see the NetBackup 10.1 Application Guide for Flex Appliance OS.
Universal shares can be created with NFS or SMB protocol. When the SMB protocol is used, SMB must be set up with ADS or in local user mode. The following table describes how to configure the media server with Active Directory for various platforms and create a universal share using SMB.
Table: Describes the requirements for different platforms to join the Active Directory domain
Platform | Requirements |
|---|---|
BYO appliance | For BYO, Example usage of register_samba_to_ad.sh: /usr/openv/pdde/vpfs/bin/register_samba_to_ad.sh --domain=<domain> --username=<username> The following are other options you can use with register_samba_to_ad.sh: --domain=<domain> : domain name --domaincontroller=<domain controller> : domain controller --username=<username> : windows domain username which has the privilege to join the client to domain --help|-h : Print the usage |
NetBackup appliance (NBA) | Review the section Adding an Active Directory server configuration in the NetBackup Appliance Administrator's Guide. |
Flex media server | The same as BYO. |
Flex media server HA | The same as BYO. |
WORM enabled storage server | The storage server can be configured to join or leave Active Directory with Restricted Shell commands. [msdp-16.0] deecl01vm046p3 > setting ActiveDirectory configure ad_server=<ad_server> domain=<domain_server> domain_admin=<domain_adin> |
Flex Scale | Review the section Configuring AD server for Universal shares and Instant Access in the NetBackup Flex Scale Administrator's Guide. |
AKS/EKS AD | NetBackup support only SMB local user mode. The SMB server is configured with local user mode by default. |
Once the storage server has been added to an Active Directory domain, a universal share can be created as normal. Any users and user groups that are specified are checked using the wbinfo command to ensure that they are valid. The following procedure describes how to add a universal share to an Active Directory.
Adding a universal share to an Active Directory
- Create a universal share with SMB protocol on NetBackup web UI.
- Mount the shared storage on a Windows client.
Provide all necessary credentials.
- Verify that the universal share is fully set up, and can be backed up and restored using a Universal-Share policy.
The following items must be set up for to add Microsoft SQL Instant Access to an Active Directory:
Storage server and client must be in the same domain.
Use domain user to log in to the Microsoft SQL client.
Register Microsoft SQL instance with the domain user on the NetBackup Administration Console.
Must use domain user credentials to do instant access.
You must configure SMB users on the corresponding storage server and enter the credentials on the client.
If the SMB service is part of a Windows domain, the Windows domain users can use the SMB share. In this scenario, credentials are not required to access the share.
For Azure Kubernetes Service (AKS) and Amazon Elastic Kubernetes Service (EKS) cloud platforms, only a SMB local user can access the SMB share. You must add SMB users to access the SMB share.
If the SMB service is not part of Windows domain, perform the following steps:
For a NetBackup Appliance:
For a NetBackup Appliance, local users are also SMB users. To manage local users, log in to the CLISH and select . The SMB password is the same as the local user's login password.
For an MDSP BYO server:
For an MDSP BYO server, create a Linux user (if one does not exist). Then, add the user to SMB.
For example, the following commands create a test_smb_user use for the SMB service only:
# adduser --no-create-home -s /sbin/nologin test_smb_user
# smbpasswd -a test_smb_user
To add an existing user to the SMB service, run the following command:
# smbpasswd -a username
For a Flex Appliance primary or media server application instance:
For a Flex Appliance primary or media server application instance, log in to the instance and add any local user to the SMB service as follows:
If desired, create a new local user with the following commands:
#useradd <username> #passwd <username>
You can also use an existing local user.
Run the following commands to create user credentials for the SMB service and enable the user:
smbpasswd -a <username> smbpasswd -e <username>
For a WORM storage server application instance:
For a WORM storage server instance, log in to the instance and add a local SMB user with the following command: setting smb add-user username=<username> password=<password>
You can view the new user with the setting smb list-users command. To remove a user, run the setting smb remove-user username=<username> command.
For the AKS and the EKS cloud platform:
Log in to the MSDP engine pod in a cluster using kubectl.
Run the following command to log in to RShell in the MSDP engine.
su - msdpadm
Run the following RShell command to add a SMB user.
setting samba add-user username=[samba user name] password=[samba password]
For example,
msdp-16.1] > setting samba add-user username=test_samba_user password=Te@Pss1fg0
You can use the same command to update the password for an existing user.
In AKS and EKS cloud platforms, the SMB RShell command configures SMB servers in all MSDP engines in a cluster.