NetBackup™ Deduplication Guide

Last Published:
Product(s): NetBackup (11.0)
  1. Introducing the NetBackup media server deduplication option
    1.  
      About the NetBackup deduplication options
  2. Planning your deployment
    1.  
      Planning your MSDP deployment
    2.  
      NetBackup naming conventions
    3.  
      About MSDP deduplication nodes
    4.  
      About the NetBackup deduplication destination
    5.  
      About MSDP capacity support and hardware requirements
    6. About MSDP storage and connectivity requirements
      1.  
        Fibre Channel and iSCSI comparison for MSDP
    7. About NetBackup media server deduplication
      1.  
        About MSDP storage servers
      2.  
        About MSDP load balancing servers
      3.  
        About MSDP server requirements
      4.  
        About MSDP unsupported configurations
    8. About NetBackup Client Direct deduplication
      1.  
        About MSDP client deduplication requirements and limitations
    9. About MSDP remote office client deduplication
      1.  
        About MSDP remote client data security
      2.  
        About remote client backup scheduling
    10.  
      About the NetBackup Deduplication Engine credentials
    11.  
      About the network interface for MSDP
    12.  
      About MSDP port usage
    13.  
      About MSDP optimized synthetic backups
    14.  
      About MSDP and SAN Client
    15.  
      About MSDP optimized duplication and replication
    16. About MSDP stream handlers
      1.  
        Oracle stream handler
      2.  
        Microsoft SQL Server stream handler
    17. MSDP deployment best practices
      1.  
        Use fully qualified domain names
      2.  
        About scaling MSDP
      3.  
        Send initial full backups to the storage server
      4.  
        Increase the number of MSDP jobs gradually
      5.  
        Introduce MSDP load balancing servers gradually
      6.  
        Implement MSDP client deduplication gradually
      7.  
        Use MSDP compression and encryption
      8.  
        About the optimal number of backup streams for MSDP
      9.  
        About storage unit groups for MSDP
      10.  
        About protecting the MSDP data
      11.  
        Save the MSDP storage server configuration
      12.  
        Plan for disk write caching
  3. Provisioning the storage
    1.  
      About provisioning the storage for MSDP
    2.  
      Do not modify MSDP storage directories and files
    3.  
      About volume management for NetBackup MSDP
  4. Configuring deduplication
    1.  
      Configuring media server deduplication in NetBackup
    2.  
      Configuring MSDP client-side deduplication
    3. About the MSDP Deduplication Multi-Threaded Agent
      1.  
        Configuring the Deduplication Multi-Threaded Agent behavior
      2.  
        MSDP mtstrm.conf file parameters
      3.  
        Configuring deduplication plug-in interaction with the Multi-Threaded Agent
    4. About MSDP fingerprinting
      1.  
        About the MSDP fingerprint cache
      2.  
        Configuring the MSDP fingerprint cache behavior
      3.  
        MSDP fingerprint cache behavior options
      4.  
        About seeding the MSDP fingerprint cache for remote client deduplication
      5.  
        Configuring MSDP fingerprint cache seeding on the client
      6.  
        Configuring MSDP fingerprint cache seeding on the storage server
      7.  
        NetBackup seedutil options
      8.  
        About sampling and predictive cache
      9.  
        Rebuilding the sampling cache
    5. Enabling 400 TB support for MSDP
      1.  
        Creating the data directories for 400 TB MSDP support
      2.  
        Adding volumes to a 400 TB Media Server Deduplication Pool
    6. Configuring a storage server for a Media Server Deduplication Pool
      1.  
        MSDP storage path properties
      2.  
        MSDP network interface properties
    7. About disk pools for NetBackup deduplication
      1.  
        Configuring a disk pool for deduplication
      2.  
        Media Server Deduplication Pool properties
    8. Configuring a Media Server Deduplication Pool storage unit
      1.  
        Media Server Deduplication Pool storage unit properties
      2.  
        MSDP storage unit recommendations
    9. Configuring client attributes for MSDP client-side deduplication
      1.  
        Disabling MSDP client-side deduplication for a client
      2.  
        Disable client-side deduplication for all clients in a policy
    10.  
      About MSDP compression
    11. About MSDP encryption
      1.  
        Configuring encryption for MSDP local storage volume
      2.  
        Configuring encryption for MSDP cloud storage volumes
      3.  
        Configuring MSDP encryption on different platforms
      4.  
        Modes of rolling data conversion
      5.  
        MSDP encryption behavior and compatibilities
    12. About MSDP Encryption using NetBackup Key Management Server service
      1.  
        Enabling KMS encryption for a local LSU
      2.  
        Upgrading KMS for MSDP
    13.  
      About MSDP Encryption using external KMS server
    14.  
      Configuring optimized synthetic backups for MSDP
    15. About a separate network path for MSDP duplication and replication
      1.  
        Configuring a separate network path for MSDP duplication and replication
    16. About MSDP optimized duplication within the same domain
      1.  
        About the media servers for MSDP optimized duplication within the same domain
      2.  
        About MSDP push duplication within the same domain
      3.  
        About MSDP pull duplication within the same domain
      4.  
        Configuring MSDP optimized duplication within the same NetBackup domain
      5.  
        Configuring NetBackup optimized duplication or replication behavior
      6.  
        Setting NetBackup configuration options by using the command line
    17.  
      About MSDP replication to a different domain
    18. Configuring MSDP replication to a different NetBackup domain
      1. About NetBackup Auto Image Replication
        1.  
          One-to-many Auto Image Replication model
        2.  
          Cascading Auto Image Replication model
        3.  
          About the domain relationship for replication
        4.  
          About the replication topology for Auto Image Replication
        5. Viewing the replication topology for Auto Image Replication
          1.  
            Sample volume properties output for MSDP replication
      2.  
        About trusted primary servers for Auto Image Replication
      3.  
        About the certificate to use to add a trusted primary server
      4.  
        Add a trusted primary server
      5.  
        Remove a trusted primary server
      6.  
        Enable inter-node authentication for a NetBackup clustered primary server
      7.  
        Configuring NetBackup CA and NetBackup host ID-based certificate for secure communication between the source and the target MSDP storage servers
      8.  
        Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server
      9. Configuring a target for MSDP replication to a remote domain
        1.  
          Target options for MSDP replication
        2.  
          Configuring a NetBackup Deduplication Engine user with limited permissions for Auto Image Replication
    19.  
      About configuring MSDP optimized duplication and replication bandwidth
    20.  
      About performance tuning of optimized duplication and replication for large images
    21.  
      About performance tuning of optimized duplication and replication for MSDP cloud
    22. About storage lifecycle policies
      1.  
        About the storage lifecycle policies required for Auto Image Replication
      2.  
        Creating a storage lifecycle policy
      3.  
        Storage lifecycle policy settings
    23.  
      About MSDP backup policy configuration
    24.  
      Creating a backup policy
    25. Resilient network properties
      1.  
        Resilient connection resource usage
      2.  
        Specify resilient connections for clients
    26.  
      Adding an MSDP load balancing server
    27. About variable-length deduplication on NetBackup clients
      1.  
        Managing the variable-length deduplication using the cacontrol command-line utility
    28. About the MSDP pd.conf configuration file
      1.  
        Editing the MSDP pd.conf file
      2.  
        MSDP pd.conf file parameters
    29.  
      About the MSDP contentrouter.cfg file
    30. About saving the MSDP storage server configuration
      1.  
        Saving the MSDP storage server configuration
      2.  
        Editing an MSDP storage server configuration file
    31.  
      Setting the MSDP storage server configuration
    32.  
      About the MSDP host configuration file
    33.  
      Deleting an MSDP host configuration file
    34.  
      Resetting the MSDP registry
    35. About protecting the MSDP catalog
      1.  
        About the MSDP shadow catalog
      2.  
        About the MSDP catalog backup policy
      3.  
        Changing the MSDP shadow catalog path
      4.  
        Changing the MSDP shadow catalog schedule
      5.  
        Changing the number of MSDP catalog shadow copies
      6.  
        Configuring an MSDP catalog backup
      7.  
        MSDP drcontrol options
      8.  
        Updating an MSDP catalog backup policy
    36.  
      About MSDP FIPS compliance
    37.  
      Configuring the NetBackup client-side deduplication to support multiple interfaces of MSDP
    38.  
      About MSDP multi-domain support
    39.  
      About MSDP application user support
    40.  
      About MSDP mutli-domain VLAN Support
    41. About NetBackup WORM storage support for immutable and indelible data
      1.  
        About the NetBackup command line options to configure immutable and indelible data
    42. Running MSDP services with the non-root user
      1.  
        Changing the service user after installation or upgrade
    43. Running MSDP commands with the non-root user
      1.  
        Configuring a non-root user to run MSDP commands through msdpcmdrun
      2.  
        About PDPAS logging
      3.  
        Sample msdpcmdrun commands
      4.  
        Considerations for file access
      5.  
        Running the MSDP commands on NetBackup appliances
  5. MSDP volume group (MVG)
    1. About the MSDP volume group
      1.  
        The MSDP volume group components
      2.  
        About MVG resilience
    2. Configuring the MSDP volume group
      1.  
        MSDP volume group requirements
      2.  
        Configuring an MVG server using the web UI
      3.  
        Creating an MVG volume using the web UI
      4.  
        Configuring an MVG server using the command-line
      5.  
        Creating an MVG volume using the command-line
      6.  
        Updating an MVG volume using the command-line
      7.  
        Configuring the targeted AIR with an MVG volume
      8.  
        Updating an MVG volume using the web UI
      9.  
        Listing the MVG volumes
      10.  
        Deleting an MVG volume
      11.  
        Configuring the MSDP server to be used by an MVG server having different credentials
      12.  
        Migrate a backup policy from a regular MSDP disk volume to the MVG volume
      13.  
        Migrate a backup policy from an MVG volume to a regular MSDP disk volume
      14.  
        Assigning a client policy combination to another MSDP server
      15.  
        Removing an MVG server configuration
    3.  
      MSDP volume group disaster recovery
    4.  
      The MSDP server maintenance
    5.  
      Limitations of the MSDP volume group
    6.  
      About the node failure management
    7.  
      MSDP volume group best practices
    8.  
      MSDP commands for MVG maintenance
    9.  
      Troubleshooting the MVG errors
  6. MSDP cloud support
    1. About MSDP cloud support
      1.  
        Operating system requirement for configuration
      2.  
        Limitations
    2.  
      Create a Media Server Deduplication Pool storage server in the NetBackup web UI
    3.  
      Managing credentials for MSDP-C
    4.  
      Creating a cloud storage unit
    5.  
      Updating cloud credentials for a cloud LSU
    6.  
      Updating encryption configurations for a cloud LSU
    7.  
      Deleting a cloud LSU
    8.  
      Backup data to cloud by using cloud LSU
    9.  
      Duplicate data cloud by using cloud LSU
    10.  
      Configuring AIR to use cloud LSU
    11.  
      About backward compatibility support
    12.  
      About the configuration items in cloud.json, contentrouter.cfg, and spa.cfg
    13. Cloud space reclamation
      1.  
        Configuring the container aging
      2.  
        Configuring the cloud compaction
    14.  
      About the tool updates for cloud support
    15. About the disaster recovery for cloud LSU
      1.  
        Common disaster recovery steps
      2.  
        Disaster recovery for cloud LSU in Flex Scale
      3.  
        Additional steps for Cohesity Alta Recovery Vault Azure disaster recovery
    16. About Image Sharing using MSDP cloud
      1.  
        Things to consider before you use image sharing to convert VM image to VHD in Azure
      2. Converting the VM image to VHD in Azure
        1.  
          Converting the Windows VM image to VHD
        2.  
          Converting the RHEL7.6 VM image to VHD
        3.  
          Converting SUSE 12 SP4 VM image to VHD
        4.  
          Converting RHEL 8.6 VM image to VHD
        5.  
          Converting SLES 15 SP4 VM image to VHD
    17.  
      About restore from a backup in Microsoft Azure Archive
    18.  
      About Cohesity Alta Recovery Vault Azure and Amazon
    19.  
      Configuring Veritas Alta Recovery Vault Azure and Azure Government
    20.  
      Configuring Veritas Alta Recovery Vault Azure and Azure Government using the CLI
    21.  
      Configuring Veritas Alta Recovery Vault Amazon and Amazon Government
    22.  
      Configuring Cohesity Alta Recovery Vault Amazon and Amazon Government using the CLI
    23.  
      Migrating from standard authentication to token-based authentication for Recovery Vault
    24. About MSDP cloud immutable (WORM) storage support
      1.  
        Creating a cloud immutable storage unit using the web UI
      2.  
        Updating a cloud immutable volume
      3. About immutable object support for AWS S3
        1.  
          Extend the cloud immutable volume live duration automatically
        2.  
          Performance tuning
        3.  
          AWS user permissions to create the cloud immutable volume
        4.  
          About bucket policy for immutable storage
      4.  
        About immutable object support for AWS S3 compatible platforms
      5.  
        About immutable storage support for Azure blob storage
      6. About object-level immutable storage support for Google Cloud Storage
        1.  
          Google cloud storage user permissions to create the cloud immutable volume
      7.  
        About using the cloud immutable storage in a cluster environment
      8.  
        Troubleshooting the errors when disk volume creation using web UI fails
      9.  
        Deleting the immutable image with the enterprise mode
      10.  
        Deleting the S3 object permanently
      11.  
        About MSDP cloud admin tool
    25. About AWS IAM Role Anywhere support
      1.  
        Prerequisites for AWS IAM Role Anywhere configuration
      2. Configure IAM Role Anywhere in AWS
        1.  
          Create the required certificates
        2.  
          Create the trust anchor
        3.  
          Create policy
        4.  
          Create role
        5.  
          Create profile
        6.  
          Configure a new disk pool using AWS IAM Anywhere
    26. About Azure service principal support
      1.  
        Prerequisites for Azure service principal configuration
      2. Configure Azure service principal
        1.  
          Create a new custom role
        2.  
          Create a new service principal
      3.  
        Configure a disk pool using Azure service principal
    27.  
      About instant access for object storage
    28. About NetBackup support for AWS Snowball Edge
      1.  
        Interfacing with the device
      2.  
        Using Credentials
      3. Configuring NetBackup for AWS Snowball Edge
        1.  
          Configuring SSL for AWS Snowball Edge
        2.  
          Configuring NetBackup for AWS Snowball Edge with SSL Enabled
      4.  
        Shipping the device
      5. Reconfigure NetBackup to work with S3
        1.  
          Bucket is in a default AWS Region
        2.  
          Bucket is in a non-default AWS Region (or storage already exists in the AWS region)
      6.  
        Configuring NetBackup for AWS Snowball Edge using CLI
      7.  
        Using AWS Snowball Edge for large backup restore
      8.  
        Limitations when AWS Snowball Edge is used
    29.  
      Upgrading to NetBackup 10.3 and cluster environment
    30. About the cloud direct
      1.  
        Configuring the cloud direct for backup
      2.  
        Configuring the cloud direct for restore
    31.  
      About MSDP lazy delete
  7. S3 Interface for MSDP
    1.  
      About S3 interface for MSDP
    2.  
      Prerequisites for MSDP build-your-own (BYO) server
    3. Configuring S3 interface for MSDP on MSDP build-your-own (BYO) server
      1.  
        Changing the certificate in S3 server
      2.  
        Changing the ETAG type of the S3 objects
    4. Identity and Access Management (IAM) for S3 interface for MSDP
      1.  
        Signing IAM and S3 API requests
      2.  
        IAM workflow
      3. IAM APIs for S3 interface for MSDP
        1.  
          Common Parameters
        2.  
          Common Error Codes
        3.  
          CreateUser
        4.  
          GetUser
        5.  
          ListUsers
        6.  
          DeleteUser
        7.  
          CreateAccessKey
        8.  
          ListAccessKeys
        9.  
          DeleteAccessKey
        10.  
          UpdateAccessKey
        11.  
          PutUserPolicy
        12.  
          GetUserPolicy
        13.  
          ListUserPolicies
        14.  
          DeleteUserPolicy
        15.  
          Data Types
      4.  
        IAM policy document syntax
    5.  
      S3 Object Lock In Flex WORM
    6. S3 APIs for S3 interface for MSDP
      1. S3 APIs on Buckets
        1.  
          CreateBucket
        2.  
          DeleteBucket
        3.  
          GetBucketEncryption
        4.  
          GetBucketLocation
        5.  
          GetBucketVersioning
        6.  
          HeadBucket
        7.  
          ListBuckets
        8.  
          ListMultipartUploads
        9.  
          ListObjects
        10.  
          ListObjectsV2
        11.  
          ListObjectVersions
        12.  
          PutBucketVersioning
        13.  
          Put Object Lock Configuration (Flex WORM only)
        14.  
          Get Object Lock Configuration (Flex WORM only)
      2. S3 APIs on Objects
        1.  
          AbortMultipartUpload
        2.  
          CompleteMultipartUpload
        3.  
          CreateMultipartUpload
        4.  
          DeleteObject
        5.  
          DeleteObjects
        6.  
          GetObject
        7.  
          HeadObject
        8.  
          PutObject
        9.  
          Copy Object
        10.  
          UploadPart
        11.  
          PutObject (snowball-auto-extract for small files)
        12.  
          Put Object Retention (Flex WORM only)
        13.  
          Get Object Retention (Flex WORM only)
      3.  
        The naming rules for buckets and objects
    7.  
      Creating a protection policy for the MSDP object store
    8.  
      Recovering the MSDP object store data from the backup images
    9.  
      Instant access for MSDP object store
    10. Disaster recovery in S3 interface for MSDP
      1.  
        Recovering the MSDP S3 IAM configurations from cloud LSU
    11.  
      Limitations in S3 interface for MSDP
    12.  
      Logging and troubleshooting
    13.  
      Best practices
  8. Monitoring deduplication activity
    1.  
      Monitoring the MSDP deduplication and compression rates
    2. Viewing MSDP job details
      1.  
        MSDP job details
    3.  
      About MSDP storage capacity and usage reporting
    4.  
      About MSDP container files
    5.  
      Viewing storage usage within MSDP container files
    6.  
      About monitoring MSDP processes
    7.  
      Reporting on Auto Image Replication jobs
    8.  
      Checking the image encryption status
  9. Managing deduplication
    1. Managing MSDP servers
      1.  
        Viewing MSDP storage servers
      2.  
        Determining the MSDP storage server state
      3.  
        Viewing MSDP storage server attributes
      4.  
        Setting MSDP storage server attributes
      5.  
        Changing MSDP storage server properties
      6.  
        Clearing MSDP storage server attributes
      7.  
        About changing the MSDP storage server name or storage path
      8.  
        Changing the MSDP storage server name or storage path
      9.  
        Removing an MSDP load balancing server
      10.  
        Deleting an MSDP storage server
      11.  
        Deleting the MSDP storage server configuration
    2. Managing NetBackup Deduplication Engine credentials
      1.  
        Determining which media servers have deduplication credentials
      2.  
        Adding NetBackup Deduplication Engine credentials
      3.  
        Changing NetBackup Deduplication Engine credentials
      4.  
        Deleting credentials from a load balancing server
    3. Managing Media Server Deduplication Pools
      1.  
        Viewing Media Server Deduplication Pools
      2.  
        Determining the Media Server Deduplication Pool state
      3.  
        Viewing Media Server Deduplication Pool attributes
      4.  
        Setting a Media Server Deduplication Pool attribute
      5. Changing a Media Server Deduplication Pool properties
        1.  
          How to resolve volume changes for Auto Image Replication
      6.  
        Clearing a Media Server Deduplication Pool attribute
      7.  
        Determining the MSDP disk volume state
      8.  
        Changing the MSDP disk volume state
      9.  
        Deleting a Media Server Deduplication Pool
    4.  
      Analyzing the disc space consumption of the backup images
    5.  
      Deleting backup images
    6.  
      About MSDP queue processing
    7.  
      Processing the MSDP transaction queue manually
    8. About MSDP data integrity checking
      1.  
        Configuring MSDP data integrity checking behavior
      2.  
        MSDP data integrity checking configuration parameters
      3.  
        About the CRC notifications for local LSU
    9.  
      About managing MSDP storage read performance
    10. About MSDP storage rebasing
      1.  
        MSDP server-side rebasing parameters
    11.  
      About the MSDP data removal process
    12.  
      Resizing the MSDP storage partition
    13.  
      How MSDP restores work
    14.  
      Configuring MSDP restores directly to a client
    15.  
      About restoring files at a remote site
    16.  
      About restoring from a backup at a target primary domain
    17.  
      Specifying the restore server
    18.  
      Enabling extra OS STIG hardening on WORM storage server instance
    19.  
      Using multiple MSDP nodes for multistream backups on MSDP cluster
    20.  
      Enabling the media server and MSDP engine affinity in the MSDP cluster
  10. Recovering MSDP
    1.  
      About recovering the MSDP catalog
    2.  
      Restoring the MSDP catalog from a shadow copy
    3.  
      Recovering from an MSDP storage server disk failure
    4.  
      Recovering from an MSDP storage server failure
    5.  
      Recovering the MSDP storage server after NetBackup catalog recovery
  11. Replacing MSDP hosts
    1.  
      Replacing the MSDP storage server host computer
  12. Uninstalling MSDP
    1.  
      About uninstalling MSDP
    2.  
      Deactivating MSDP
  13. Deduplication architecture
    1.  
      MSDP server components
    2.  
      Media server deduplication backup process
    3.  
      MSDP client components
    4.  
      MSDP client - side deduplication backup process
  14. Configuring and managing universal shares
    1. Introduction to universal shares
      1.  
        Overview of universal shares
      2.  
        Key benefits
      3.  
        How to work with universal shares
      4.  
        Configuring and using an MSDP build-your-own (BYO) server for universal shares
    2. Prerequisites to configure universal shares
      1. Build-your-own (BYO) server prerequisites and hardware requirements to configure universal shares
        1.  
          Managing the deduplication web service user and the user group for MSDP BYO server
      2. Configuring universal share user authentication
        1.  
          Active Directory-based authentication
        2.  
          Local user-based authentication
        3. Kerberos-based authentication
          1.  
            Creating Active Directory users for Kerberos authentication
          2.  
            Registering the Kerberos principals to the KDC database
          3.  
            Configuring the Kerberos-based authentication on the servers and the clients
    3. Managing universal shares
      1. Create a universal share
        1.  
          About Host wildcard validation for universal share creation
        2.  
          Using instant access for MS-Windows, Standard, and Universal-Share policies
        3.  
          Use Direct Network File System to improve the performance of Network Attached Storage
      2.  
        View or edit a universal share
      3.  
        Delete a universal share
    4.  
      Mounting a universal share
    5.  
      Creating a protection point for a universal share
    6. Restoring data using universal shares
      1.  
        Restore methods of universal shares
      2.  
        Disaster recovery for a universal share
      3. Restore universal share data using Instant Access or single file recovery
        1.  
          Performing a universal share self-service recovery
    7. Advanced features of universal shares
      1. Direct universal share data to object store
        1.  
          Enabling a universal share with object store
        2.  
          Enabling instant access with object storage
      2. Universal share accelerator for data deduplication
        1.  
          Preparing NetBackup for the universal share accelerator
        2.  
          Installing the universal share accelerator
        3.  
          Creating a protection policy for the universal share accelerator
        4. Configure a universal share accelerator
          1.  
            Creating a universal share accelerator
          2.  
            Mounting a Universal share accelerator
          3.  
            Deleting a universal share accelerator
          4.  
            Unconfiguring a universal share accelerator
          5.  
            Managing the universal share accelerator services
          6.  
            Adding additional storage paths for universal share accelerator
        5. About the universal share accelerator quota
          1.  
            Enabling or changing the quota
          2.  
            Reviewing the quota usage
          3.  
            Repairing the quota of the universal share
        6.  
          Recovering a point in time for the universal share accelerator
        7.  
          Deleting a recovered universal share accelerator
        8.  
          Logging for universal share accelerator
      3. Load backup data to a universal share with the ingest mode
        1.  
          Using the ingest mode to take a snapshot over NFS or SMB
        2.  
          Using the ingest mode to run a policy using NFS or SMB
      4.  
        Universal share with disabled MSDP data volumes
      5.  
        Universal Share WORM capability
      6. Universal share scale out
        1.  
          Configure a universal share cluster
    8. Managing universal share services
      1.  
        Scan data volumes with the vpfs_stats utility
      2.  
        Changing the number of vpfsd instances
      3.  
        Configuring the variable-length deduplication (VLD) algorithm for universal shares
      4.  
        Using the marker file interface for universal share operations
    9. Troubleshooting issues related to universal shares
      1.  
        Troubleshooting universal share configuration issues
      2.  
        Logging and reporting for universal share VPFS instance
      3.  
        Vpfsd logs for file system operations in universal shares
      4.  
        Notify events to primary server with the vpfsd service
      5.  
        Data integrity check and recovery using the vpfsd service
  15. Configuring isolated recovery environment (IRE)
    1.  
      Requirements
    2.  
      Configuring the network isolation
    3. Configuring an isolated recovery environment using the web UI
      1.  
        Configuring the allowed subnets
      2.  
        Configuring the reverse connections
      3.  
        Configuring the reverse replication schedule
      4.  
        Adding a replication operation to SLP at the production primary server
    4. Configuring an isolated recovery environment using the command line
      1.  
        Configuring an isolated recovery environment on a NetBackup BYO media server
      2.  
        Managing an isolated recovery environment on a NetBackup BYO media server
      3.  
        Configuring A.I.R. for replicating backup images from production environment to IRE BYO environment
      4.  
        Configuring an isolated recovery environment on a WORM storage server
      5.  
        Managing an isolated recovery environment on a WORM storage server
      6.  
        Configuring data transmission between a production environment and an IRE WORM storage server
    5.  
      Replicating the backup images from the IRE domain to the production domain
  16. Using the NetBackup Deduplication Shell
    1.  
      About the NetBackup Deduplication Shell
    2. Managing users from the deduplication shell
      1.  
        Adding and removing local users from the deduplication shell
      2.  
        Adding MSDP users from the deduplication shell
      3.  
        Adding MSDP admin alias users from the deduplication shell
      4.  
        Connecting an Active Directory domain to a WORM or an MSDP storage server for Universal Shares and Instant Access
      5.  
        Disconnecting an Active Directory domain from the deduplication shell
      6.  
        Changing a user password from the deduplication shell
    3.  
      Managing VLAN interfaces from the deduplication shell
    4.  
      Managing the retention policy on a WORM storage server
    5.  
      Managing images with a retention lock on a WORM storage server
    6.  
      Auditing WORM retention changes
    7.  
      Protecting the MSDP catalog from the deduplication shell
    8. About the external MSDP catalog backup
      1.  
        Configuring an external MSDP catalog backup from the deduplication shell
      2.  
        Restoring from the external MSDP catalog backup
      3.  
        Troubleshooting the external MSDP catalog backup
    9. Managing certificates from the deduplication shell
      1.  
        Viewing the certificate details from the deduplication shell
      2.  
        Importing certificates from the deduplication shell
      3.  
        Removing certificates from the deduplication shell
    10.  
      Managing FIPS mode from the deduplication shell
    11.  
      Managing post-quantum cryptography (PQC) mode from the deduplication shell
    12.  
      Encrypting backups from the deduplication shell
    13.  
      Tuning the MSDP configuration from the deduplication shell
    14.  
      Setting the MSDP log level from the deduplication shell
    15. Managing NetBackup services from the deduplication shell
      1.  
        Managing the cyclic redundancy checking (CRC) service
      2.  
        Managing the content router queue processing (CRQP) service
      3.  
        Managing the online checking service
      4.  
        Managing the compaction service
      5.  
        Managing the deduplication (MSDP) services
      6.  
        Managing the MSDP services across the cluster
      7.  
        Managing the Storage Platform Web Service (SPWS)
      8.  
        Managing Open Cloud Storage Daemon
      9.  
        Managing the Cohesity provisioning file system (VPFS) configuration parameters
      10.  
        Managing the Cohesity provisioning file system (VPFS) mounts
      11.  
        Managing the NGINX service
      12.  
        Managing the SMB service
    16. Monitoring and troubleshooting NetBackup services from the deduplication shell
      1.  
        Managing the health monitor
      2.  
        Viewing information about the system
      3.  
        Viewing the deduplication (MSDP) history or configuration files
      4.  
        Viewing process information in the pseudo-file system
      5.  
        Viewing the deduplication rate of a Veritas provisioning file service (VPFS) share
      6.  
        Viewing the log files
      7.  
        Collecting and transferring troubleshooting files
    17. Managing S3 service from the deduplication shell
      1.  
        Configuring the S3 service
      2.  
        Creating or resetting root credentials
      3.  
        Changing the S3 service certificates
      4.  
        Managing the S3 service
      5.  
        Changing S3 service log level
    18.  
      Multi-person authorization for deduplication shell commands
    19.  
      Managing cloud LSU in Flex Scale and Cloud Scale
    20.  
      Managing the NFS version 3 server services for the MSDP container
    21.  
      Viewing the NetBackup RBAC roles assigned to the MSDP container
  17. Troubleshooting
    1. About unified logging
      1.  
        About using the vxlogview command to view unified logs
      2.  
        Examples of using vxlogview to view unified logs
    2. About legacy logging
      1.  
        Creating NetBackup log file directories for MSDP
    3.  
      NetBackup MSDP log files
    4. Troubleshooting MSDP configuration issues
      1.  
        MSDP storage server configuration fails
      2.  
        MSDP database system error (220)
      3.  
        MSDP server not found error
      4.  
        License information failure during MSDP configuration
      5.  
        The disk pool wizard does not display an MSDP volume
    5. Troubleshooting MSDP operational issues
      1.  
        Verify that the MSDP server has sufficient memory
      2.  
        MSDP backup or duplication job fails
      3.  
        MSDP client deduplication fails
      4.  
        MSDP volume state changes to DOWN when volume is unmounted
      5.  
        MSDP errors, delayed response, hangs
      6.  
        Cannot delete an MSDP disk pool
      7.  
        MSDP media open error (83)
      8.  
        MSDP media write error (84)
      9.  
        MSDP no images successfully processed (191)
      10.  
        MSDP storage full conditions
      11.  
        Troubleshooting MSDP catalog backup
      12.  
        Storage Platform Web Service (spws) does not start
      13.  
        Disk volume API or command line option does not work
    6.  
      Viewing MSDP disk errors and events
    7.  
      MSDP event codes and messages
    8.  
      Unable to obtain the administrator password to use an AWS EC2 instance that has a Windows OS
    9. Trouble shooting multi-domain issues
      1.  
        Unable to configure OpenStorage server from another domain
      2.  
        MSDP storage server is down when you configure an OpenStorage server
      3.  
        MSDP server is overloaded when it is used by multiple NetBackup domains
    10.  
      Troubleshooting the cloud compaction error messages
    11.  
      Troubleshooting the msdpcmdrun issues
  18. Appendix A. Migrating to MSDP storage
    1.  
      Migrating from another storage type to MSDP
  19. Appendix B. Migrating from Cloud Catalyst to MSDP direct cloud tiering
    1.  
      About migration from Cloud Catalyst to MSDP direct cloud tiering
    2.  
      About Cloud Catalyst migration strategies
    3. About direct migration from Cloud Catalyst to MSDP direct cloud tiering
      1.  
        About requirements for a new MSDP direct cloud tier storage server
      2.  
        About beginning the direct migration
      3.  
        Placing the Cloud Catalyst server in a consistent state
      4.  
        About installing and configuring the new MSDP direct cloud tier server
      5.  
        Running the migration to the new MSDP direct cloud tier server
    4.  
      About postmigration configuration and cleanup
    5.  
      About the Cloud Catalyst migration -dryrun option
    6.  
      About Cloud Catalyst migration cacontrol options
    7.  
      Reverting back to Cloud Catalyst from a successful migration
    8.  
      Reverting back to Cloud Catalyst from a failed migration
  20. Appendix C. Encryption Crawler
    1.  
      About the Encryption Crawler
    2.  
      About the two modes of the Encryption Crawler
    3.  
      Managing the Encryption Crawler
    4.  
      Advanced options
    5.  
      Tuning options
    6.  
      Encrypting the data
    7.  
      Command usage example outputs
    8. Updating the KMS configuration
      1.  
        Converting the legacy KMS to KEK-based KMS
      2.  
        Performing the KMS key rotation
      3.  
        Performing the KEK rotation
      4.  
        Migrating the KMS vendor
  21.  
    Index

About Image Sharing using MSDP cloud

Use image sharing to share the images from your on-premises NetBackup server to another NetBackup server. The NetBackup server that is configured for image sharing is called Cloud Recovery Server (CRS). Image sharing also provides the ability to convert backed up VMs as AWS instances or Azure VHD in certain scenarios.

MSDP with image sharing is a self-describing storage server. When you configure image sharing, NetBackup stores all the data and metadata that is required to recover the images in the cloud.

Note:

The Cloud Recovery Server version must be the same or later than the on-premises NetBackup version. 

The following table describes the image sharing feature workflow.

Table: Image sharing workflow

Task

Description

Prepare a cloud recovery server.

You must have a virtual machine in your cloud environment and have NetBackup installed on it. You can deploy the virtual machine using one of the following ways.

Configure the NetBackup KMS server.

If KMS encryption is enabled, perform the following tasks.

Configure image sharing on the cloud recovery server.

The NetBackup virtual machine in the cloud that is configured for image sharing is called a cloud recovery server. Perform the following steps to configure the image sharing:

Prepare images for import for high-latency storage.

This step is applicable only for high-latency storage such as Amazon Glacier, Amazon Glacier Deep Archive, and Azure Archive storage.

Preparing the images for import to high-latency storage

Use the image sharing.

After you configure this NetBackup virtual machine for image sharing, you can import the images from your on-premises environment to the cloud and recover them when required. You can also convert VMs to VHD in Azure or AMI in AWS.

Read additional information about image sharing.

Additional information about image sharing

Important features of image sharing

  • In a situation where MSDP cloud backed up the deduplicated data to cloud, the NetBackup catalog was available on the on-premises NetBackup server.

    Image sharing in the cloud uploads the NetBackup catalog along with the backup images and lets you restore data from the cloud without the on-premises NetBackup server.

  • You can launch NetBackup on demand, which is called the cloud recovery server, and recover the backup images from the cloud.

  • Image sharing discovers the backup images that are stored in cloud storage through the REST APIs, command line, or web UI, recovers the NetBackup catalog, and restores the images.

  • You can use command line options or NetBackup web UI that have the function as REST APIs.

  • For the imported Standard, MS Windows, and Universal share backup images, you can instantly access them with NetBackup Instant Access APIs as the exported share is in a read-only mode. For the imported VMware images, you can instantly scan them with the VMware Malware Scan APIs as the exported share is in a read-only mode.

    See About instant access for object storage .

  • For Veritas Alta Recovery Vault, in the VM conversion procedure, a temporary bucket or blob container is created automatically. Region and the security options of the bucket are the same as the Veritas Alta Recovery Vault account on the image sharing server.

    The temporary bucket or blob container name format is vrtsonvert-<timestamp>/VRTSConvert-<timestamp>.

  • For Veritas Alta Recovery Vault Amazon, MSDP-C credentials with AWS account with IAM and EC2 related permissions must be created before the VM conversion. For Veritas Alta Recovery Vault Azure, MSDP-C credentials with Azure general-purpose storage accounts must be created before the VM conversion.

  • For Veritas Alta Recovery Vault, only the image import function uses Veritas Alta Recovery Vault credentials. Before running the VM image conversion, ensure that you create MSDP-C credentials with the access credentials of your Azure/AWS account. The VM image conversion needs the access credentials of your Azure/AWS account because the Recovery Vault storage does not support creating AMI or VHD. Additionally, Azure Service Principal and AWS IAM Roles Anywhere MSDP-C credentials are not supported for VM conversion with Veritas Alta Recovery Vault.

Things to consider before you use image sharing

  • Before you install NetBackup, create an instance based on SUSE Linux Enterprise or RHEL 7.3 or later. You can also set up a computer based on SUSE Linux Enterprise or RHEL 7.3 or later. The recommendation is that the instance has more than 64 GB of memory, 8 CPUs.

  • The HTTPS port 443 is enabled.

  • Change the host name to the server's FQDN.

    In Azure virtual machine, you must change the internal host name, which is created automatically for you and you cannot get an internal host name from an IP address.

  • Add the following items in the /etc/hosts file:

    "External IP" "Server's FQDN"

    "Internal IP" "Server's FQDN"

    For a computer, add the following items in the /etc/hosts file:

    "IP address" "Server's FQDN"

  • (Optional) For an instance, change the search domain order in the /etc/resolv.conf file to search external domains before internal domains.

  • For a new image sharing server, ensure that NGINX is installed and running.

    Install NGINX from Red Hat Software Collections. Refer to https://www.softwarecollections.org/en/scls/rhscl/rh-nginx114/ for instructions.

    Because the package name depends on the NGINX version, run yum search rh-nginx to check if a new version is available. (For NetBackup 8.3, an EEB is required if NGINX is installed from Red Hat Software Collections.)

    If you configure the storage server for image sharing before NGINX is installed and enabled, run the following command on the storage server after you install and enable NGINX:

    /usr/openv/pdde/vpfs/bin/vpfs_config.sh --configure_byo

Configure Image sharing using MSDP cloud by NetBackup web UI

You can access NetBackup web UI to use image sharing. For more information, refer to the Create a Media Server Deduplication Pool (MSDP) storage server for image sharing topic in the NetBackup Web UI Administrator's Guide.

Configure Image sharing using MSDP cloud with the ims_system_config.py script

After installing NetBackup, you can run the ims_system_config.py script to configure image sharing.

The path to access the command is: /usr/openv/pdde/pdag/scripts/.

Amazon Web Service cloud provider:

ims_system_config.py -t PureDisk -k <AWS_access_key> -s
<AWS_secret_access_key> -b <name_S3_bucket> -bs <bucket_sub_name>
[-r <bucket_region>] [-p <mount_point>] [-sc <storage class>]

If you have configured IAM role in the EC2 instance, use the following command:

ims_system_config.py  -t PureDisk -k dummy -s dummy <bucket_name> -bs <bucket_sub_name> [-r <bucket_region>] [-p <mount_point>]

Microsoft Azure cloud provider:

ims_system_config.py -cp 2 -k <key_id> -s <secret_key> -b
<container_name> -bs <bucket_sub_name> [-p <_mount_point_>] [-sc <storage tier>]

Other S3 compatible cloud providers (For example, Hitachi HCP):

If Cloud Instance has been existed in NetBackup, use the following command:

ims_system_config.py -cp 3 -t PureDisk -k <key_id> -s <secret_key> -b <bucket_name> -bs <bucket_sub_name> -c <Cloud_instance_name> [-p <mount_point>]

Or use the following command:

ims_system_config.py -cp 3 -t PureDisk -k <key_id> -s <secret_key> -b <bucket_name> -pt <cloud_provider_type> -sh <s3_hostname> -sp <s3_http_port> -sps <s3_https_port> -ssl <ssl_usage> [-p <mount_point>]

Example for HCP provider:

ims_system_config.py -cp 3 -t PureDisk -k xxx -s xxx -b emma -bs subtest -pt hitachicp  -sh yyy.veritas.com -sp 80 -sps 443 -ssl 0

Description: (Specify the following options to use HCP cloud)

-cp 3: Specify the third-party S3 cloud provider that is used.

-pt hitachicp: Specify the cloud provider type as hitachicp (HCP LAN)

-t PureDisk: Specify the storage server type as PureDisk.

-sh <s3_hostname>: Specify an HCP storage server host name.

-sp <s3_http_port>: Specify an HCP storage server HTTP port (Default is 80).

-sps <s3_https_port>: Specify an HCP storage server HTTP port (Default is 443).

-ssl <ssl_usage>: Specify whether to use SSL. (0- Disable SSL. 1- Enable SSL. Default is 1.) If SSL is disabled, it uses <s3_http_port> to make a connection to <s3_hostname>. Otherwise, it uses <s3_https_port>.

Note:

Configuring image sharing using MSDP cloud with the ims_system_config.py script is not supported for SUSE Linux Enterprise. Use NetBackup web UI to configure image sharing using MSDP cloud for SUSE Linux Enterprise.

Preparing the images for import to high-latency storage

If you are using image sharing for high-latency storage such as Amazon Glacier, Amazon Glacier Deep Archive, and Azure Archive storage, you must prepare the images before you import them to the cloud storage. For the source version 11.0 or later, MSDP automatically prepares images for import in the background.

To prepare the images for import to the high-latency storage

  1. If the source version is earlier than 11.0 or the source server is down and did not finish pre-import operations, run the following command to prepare the images for import:

    tiermover --start --lsu <LSU name> --client <client> --policy <policy> [--backupid <backup ID>] [--retrieval Bulk|Standard|Expedited] [--verbose] [--debug]

  2. If the source version is 11.0 or later, MSDP automatically prepares images for import in the background. Wait for images to be ready for the import. Run the following command to check the status:

    tiermover --status --lsu <LSU name> [--client <client>] [--policy <policy>] [--backupid <backup ID>] [--sobins] [--active] [--lsulist] [--debug] [--verbose]

Note:

Import fails if the images are not ready for the import.

Using image sharing by NetBackup web UI

You can access NetBackup web UI to use image sharing. For more information, refer to the Share images from an on-premises location to the cloud topic in the NetBackup Web UI Administrator's Guide.

Using image sharing with the nbimageshare command

You can use the nbimageshare command to configure image sharing.

Run the nbimageshare command to list and import the virtual machine and standard images and then recover the virtual machines.

The path to access the command is: /usr/openv/netbackup/bin/admincmd/

For more information about the nbimageshare command, refer to the NetBackup Commands Reference Guide.

The following table lists the steps for image sharing and the command options:

Table: Steps for image sharing and the command options

Step

Command

Log on to NetBackup.

 
nbimageshare --login <username> <password>
nbimageshare --login -interact

List all the backup images that are in the cloud.

 
nbimageshare --listimage <LSU name> 
<MSDP image sharing server>

Note:

In the list of images, the increment schedule type might be differential incremental or cumulative incremental.

Import the backup images to NetBackup.

Import a single image:

nbimageshare --singleimport <client> <policy> <backupID> <LSU name> <MSDP image sharing server>

Import multiple images:

--batch-import <image list file path> <LSU name> <MSDP image sharing server>

Note:

The format of the image_list_file_path is same as the output of "list images".

You can import the multiple images. For every 100 images, a new import job is created.

You can import an already imported image. This action does not affect the NetBackup image catalog.

Recover the VM as an AWS EC2 AMI or VHD in Azure.

 
nbimageshare --recovervm <LSU name> <MSDP image sharing server>

  • Only VM images are supported.

  • This command does not support Veritas Alta Recovery Vault.

  • For Azure, account should be Azure general-purpose storage accounts.

  • For AWS, the AWS account must have the following read and write permissions to S3:

    "ec2:CreateTags"
"ec2:DescribeImportImageTasks"
"ec2:ImportImage"
"ec2:DescribeImages"
"iam:ListRolePolicies"
"iam:ListRoles"
"iam:GetRole"
"iam:GetRolePolicy"
"iam:CreateRole"
"iam:PutRolePolicy"
Manual KMS key transfer in Image sharing in case of NetBackup KMS

When KMS encryption is enabled, you can share the images in the cloud storage to the cloud recovery server with manual KMS key transfer.

On-premises side:

  1. Storage server: Find the key group name for the given Storage server.

    Find contentrouter.cfg in /etc/pdregistry.cfg

    Find the key group name is in contentrouter.cfg under [KMSOptions]

    (Example KMSKeyGroupName=amazon.com:test1)

  2. NetBackup primary server: Exports the key group with a passphrase to a file:

    /usr/openv/netbackup/bin/admincmd/nbkmsutil -export -key_groups <key-group-name> -path <key file path>

cloud recovery server (cloud side):

  1. Copy the exported key to the cloud recovery server.

  2. Configure the KMS server.

    /usr/openv/netbackup/bin/nbkms -createemptydb
/usr/openv/netbackup/bin/nbkms
/usr/openv/netbackup/bin/nbkmscmd -discovernbkms -autodiscover

  3. Import keys to KMS service.

    /usr/openv/netbackup/bin/admincmd/nbkmsutil -import -path <key file path> -preserve_kgname

  4. Configure the cloud recovery server using NetBackup web UI or with ims_system_config.py

On-premises KMS key changes:

In the case of KMS key changes for the given group for on-premises storage server after the cloud recovery server is set up, you must export the key file from the on-premises KMS server and import that key file on the cloud recovery server.

  1. On-premises NetBackup primary server:

    Exports the key group with a passphrase to a file:

    /usr/openv/netbackup/bin/admincmd/nbkmsutil -export -key_groups <key-group-name> -path <key file path>

  2. Cloud recovery server:

    /usr/openv/netbackup/bin/admincmd/nbkmsutil -deletekg -kgname <key-group-name> -force
    /usr/openv/netbackup/bin/admincmd/nbkmsutil -import -path <key file path> -preserve_kgname
Manual steps in image sharing in case of external KMS

If an on-premises storage server is configured to use keys from an external KMS server, then make sure that the same KMS server is configured on the cloud recovery server before running ims_system_config.py. To know more about configuring an external KMS server in NetBackup, refer to NetBackup Security and Encryption Guide.

Make sure that the external KMS server is reachable from the cloud recovery server on a specific port.

Additional information about image sharing

  • It is recommended that you launch a cloud recovery server on demand and do not upgrade it.

  • Do not use nbdevconfig to modify cloud LSU or add new cloud LSU in the image sharing server as it might cause an issue in the image sharing server (cloud recovery server). If KMS encryption is enabled in the on-premises side after image sharing server is configured, the encrypted image cannot be imported by this image sharing server.

  • Cloud LSU requires free disk space. When you configure image sharing server using the ims_system_config.py script, ensure that you have enough disk space in the default mount point or storage, or you can use -p parameter of ims_system_config.py to specify a different mount point to meet the requirement of free disk spaces.

  • After the image is imported in the image sharing server, the image catalog exists in the image sharing server. If the image is expired on the on-premises NetBackup domain, then restoring the image to the image sharing server fails even though the image catalog exists in the image sharing server.

  • The imported image expiration time is the time for which the imported image catalog exists in the image sharing server. If the image expires in the image sharing server, the image catalog in the image sharing server is removed but the image data in the cloud storage is not removed.

  • You can restore any image that you import in the image sharing server. Only VM images in AWS and Azure can be recovered because they can be converted into EC2 instances in AWS or VHD in Azure. VM images in other cloud storages cannot be converted, and can only be restored. You can recover only the VM images that are full backup images or accelerator-enabled incremental backup images.

  • Image sharing supports many policy types.

    See the NetBackup compatibility list for the latest information on the supported policy types.

  • After the image sharing is configured, the storage server is in a read-only mode. Some MSDP commands are not supported.

  • For information on the VM recovery limitations in AWS, refer to the AWS VM import information in AWS help.

  • You can configure the maximum active jobs when the images are imported to cloud storage.

    Modify the file path /usr/openv/var/global/wsl/config/web.conf to add the configuration item as imageshare.maxActiveJobLimit.

    For example, imageshare.maxActiveJobLimit=16.

    The default value is 16 and the configurable range is 1 to 100.

    If the import request is made and the active job count exceeds the configured limit, the following message is displayed:

    "Current active job count exceeded active job count limitation".

  • The images in cloud storage can be shared. If Amazon Glacier, Deep Archive or Azure Archive is enabled, you cannot use image sharing for the storage servers running versions earlier than 11.0.

  • If Amazon Glacier, Deep Archive or Azure Archive is enabled and the LSU was previously migrated from Cloud Catalyst, you cannot use image sharing.

  • Regarding the errors about role policy size limitation in AWS:

    Errors that occur when the role policy size exceeds the maximum size is an AWS limitation. You can find the following error in a failed restore job:

    "error occurred (LimitExceeded) when calling the PutRolePolicy operation:
Maximum policy size of 10240 bytes exceeded for role vmimport"

    Workaround:

    • You can change the maximum policy size limit for the vmimport role.

    • You can list and delete the existing policies using the following commands:

      aws iam list-role-policies --role-name vmimport
aws iam delete-role-policy --role-name vmimport --policy-name 
<bucketname> -vmimport

  • The recover operation with AWS provider includes the AWS import process. Therefore, a vmdk image cannot be recovered concurrently in two restore jobs at the same time.

  • In AWS, the image sharing feature can recover the virtual machines that satisfy the Amazon Web Services VM import prerequisites.

    For more information about the prerequisites, refer to the following article:

    https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html

  • If you cannot obtain the administrator password to use an AWS EC2 instance that has a Windows OS, the following error is displayed:

    Password is not available. This instance was launched from a custom AMI, or the default password has changed. A password cannot be retrieved for this instance. If you have forgotten your password, you can reset it using the Amazon EC2 configuration service. For more information, see Passwords for a Windows Server Instance.

    This error occurs after the instance is launched from an AMI that is converted using image sharing.

    For more information, refer to the following articles:

  • You cannot cancel an import job on the cloud recovery server.

  • If there is data optimization done on the on-premises image, you might not be able to restore the image that you have imported on the cloud recovery server. You can expire this image, import it again on the image-sharing server, and then restore the image.

  • After the backup job, duplication job, or AIR import job completes, you can import the images on a cloud recovery server. The images that are created by User-Archive job cannot be imported.

  • AIR is not supported for the image sharing server.

  • If you want to convert a VM image again, you must delete the VHD from the Azure blob.