Veritas NetBackup™ Cloud Administrator's Guide
- About NetBackup cloud storage
- About the cloud storage
- About the cloud storage vendors for NetBackup
- About the Amazon S3 cloud storage API type
- Amazon S3 cloud storage vendors certified for NetBackup
- Amazon S3 storage type requirements
- Permissions required for Amazon S3 cloud provider user
- Amazon S3 cloud storage provider options
- Amazon S3 cloud storage options
- Amazon S3 advanced server configuration options
- Amazon S3 credentials broker details
- About private clouds from Amazon S3-compatible cloud providers
- About Amazon S3 storage classes
- Amazon virtual private cloud support with NetBackup
- About protecting data in Amazon for long-term retention
- Protecting data using Amazon's cloud tiering
- About using Amazon IAM roles with NetBackup
- About NetBackup character restrictions for Amazon S3 cloud connector
- Protecting data with Amazon Snowball and Amazon Snowball Edge
- Configuring NetBackup for Amazon Snowball with Amazon Snowball client
- Configuring NetBackup for Amazon Snowball with Amazon S3 API interface
- Using multiple Amazon S3 adapters
- Configuring NetBackup with Amazon Snowball Edge with file interface
- Configuring NetBackup for Amazon Snowball Edge with S3 API interface
- Configuring NetBackup for Amazon Snowball and Amazon Snowball Edge for NetBackup CloudCatalyst Appliance
- Configuring SSL for Amazon Snowball and Amazon Snowball Edge
- Post backup procedures if you have used S3 API interface
- About Microsoft Azure cloud storage API type
- About OpenStack Swift cloud storage API type
- Configuring cloud storage in NetBackup
- Before you begin to configure cloud storage in NetBackup
- Configuring cloud storage in NetBackup
- Cloud installation requirements
- Scalable Storage properties
- Cloud Storage properties
- About the NetBackup CloudStore Service Container
- Deploying host name-based certificates
- Deploying host ID-based certificates
- About data compression for cloud backups
- About data encryption for cloud storage
- About key management for encryption of NetBackup cloud storage
- About cloud storage servers
- About object size for cloud storage
- About the NetBackup media servers for cloud storage
- Configuring a storage server for cloud storage
- Changing cloud storage server properties
- NetBackup cloud storage server properties
- About cloud storage disk pools
- Configuring a disk pool for cloud storage
- Saving a record of the KMS key names for NetBackup cloud storage encryption
- Adding backup media servers to your cloud environment
- Configuring a storage unit for cloud storage
- About NetBackup Accelerator and NetBackup Optimized Synthetic backups
- Enabling NetBackup Accelerator with cloud storage
- Enabling optimized synthetic backups with cloud storage
- Creating a backup policy
- Changing cloud storage disk pool properties
- Certificate validation against Certificate Revocation List (CRL)
- Managing Certification Authorities (CA) for NetBackup Cloud
- Monitoring and Reporting
- Operational notes
- Troubleshooting
- About unified logging
- About legacy logging
- NetBackup cloud storage log files
- Enable libcurl logging
- NetBackup Administration Console fails to open
- Troubleshooting cloud storage configuration issues
- NetBackup Scalable Storage host properties unavailable
- Connection to the NetBackup CloudStore Service Container fails
- Cannot create a cloud storage disk pool
- Cannot create a cloud storage
- Data transfer to cloud storage server fails in the SSL mode
- Amazon GovCloud cloud storage configuration fails in non-SSL mode
- Data restore from the Google Nearline storage class may fail
- Backups may fail for cloud storage configurations with Frankfurt region
- Backups may fail for cloud storage configurations with the cloud compression option
- Fetching storage regions fails with authentication version V2
- Troubleshooting cloud storage operational issues
- Cloud storage backups fail
- Stopping and starting the NetBackup CloudStore Service Container
- A restart of the nbcssc (on legacy media servers), nbwmc, and nbsl processes reverts all cloudstore.conf settings
- NetBackup CloudStore Service Container startup and shutdown troubleshooting
- bptm process takes time to terminate after cancelling GLACIER restore job
- Handling image cleanup failures for Amazon Glacier vault
- Cleaning up orphaned archives manually
- Restoring from Amazon Glacier vault spans more than 24 hours for single fragment
- Restoring from GLACIER_VAULT takes more than 24 hours for Oracle databases
- Troubleshooting failures due to missing Amazon IAM permissions
- Restore job fails if the restore job start time overlaps with the backup job end time
- Post processing fails for restore from Azure archive
- Troubleshooting Amazon Snowball and Amazon Snowball Edge issues
Deploying host ID-based certificates
Depending on the certificate deployment security level, a non-master host may require an authorization token before it can obtain a host ID-based certificate from the Certificate Authority (master server). When certificates are not deployed automatically, they must be deployed manually by the administrator on a NetBackup host using the nbcertcmd command.
The following topic describes the deployment levels and whether the level requires an authorization token.
Use the following procedure when the security level is such that a host administrator can deploy a certificate on a non-master host without requiring an authorization token.
To generate and deploy a host ID-based certificate when no token is needed
- The host administrator runs the following command on the non-master host to establish that the master server can be trusted:
nbcertcmd -getCACertificate
- Run the following command on the non-master host:
nbcertcmd -getCertificate
Note:
To communicate with multiple NetBackup domains, the administrator of the host must request a certificate from each master server using the -server option.
Run the following command to get a certificate from a specific master server:
nbcertcmd -getCertificate -server master_server_name
- To verify that the certificate is deployed on the host, run the following command:
nbcertcmd -listCertDetails
Use the following procedure when the security level is such that a host requires an authorization token before it can deploy a host ID-based certificate from the CA.
To generate and deploy a host ID-based certificate when a token is required
- The host administrator must have obtained the authorization token value from the CA before proceeding. The token may be conveyed to the administrator by email, by file, or verbally, depending on the various security guidelines of the environment.
- Run the following command on the non-master host to establish that the master server can be trusted:
nbcertcmd -getCACertificate
- Run the following command on the non-master host and enter the token when prompted:
nbcertcmd -getCertificate -token
Note:
To communicate with multiple NetBackup domains, the administrator of the host must request a certificate from each master server using the -server option.
If the administrator obtained the token in a file, enter the following:
nbcertcmd -getCertificate -file authorization_token_file
- To verify that the certificate is deployed on the host, run the following command:
nbcertcmd -listCertDetails
Use the -cluster option to display cluster certificates.