Please enter search query.
Search <book_title>...
NetBackup™ Cloud Administrator's Guide
Last Published:
2022-03-27
Product(s):
NetBackup (10.0)
- About NetBackup cloud storage
- About the cloud storage
- About the cloud storage vendors for NetBackup
- About the Amazon S3 cloud storage API type
- Amazon S3 cloud storage vendors certified for NetBackup
- Amazon S3 storage type requirements
- Permissions required for Amazon S3 cloud provider user
- Amazon S3 cloud storage provider options
- Amazon S3 cloud storage options
- Amazon S3 advanced server configuration options
- Amazon S3 credentials broker details
- About private clouds from Amazon S3-compatible cloud providers
- About Amazon S3 storage classes
- Amazon virtual private cloud support with NetBackup
- About protecting data in Amazon for long-term retention
- Protecting data using Amazon's cloud tiering
- About using Amazon IAM roles with NetBackup
- About NetBackup character restrictions for Amazon S3 cloud connector
- Protecting data with Amazon Snowball and Amazon Snowball Edge
- Configuring NetBackup for Amazon Snowball with Amazon Snowball client
- Configuring NetBackup for Amazon Snowball with Amazon S3 API interface
- Using multiple Amazon S3 adapters
- Configuring NetBackup with Amazon Snowball Edge with file interface
- Configuring NetBackup for Amazon Snowball Edge with S3 API interface
- Configuring SSL for Amazon Snowball and Amazon Snowball Edge
- Post backup procedures if you have used S3 API interface
- About Microsoft Azure cloud storage API type
- About OpenStack Swift cloud storage API type
- Configuring cloud storage in NetBackup
- Before you begin to configure cloud storage in NetBackup
- Configuring cloud storage in NetBackup
- Cloud installation requirements
- Scalable Storage properties
- Cloud Storage properties
- About the NetBackup CloudStore Service Container
- Deploying host name-based certificates
- Deploying host ID-based certificates
- About data compression for cloud backups
- About data encryption for cloud storage
- About NetBackup KMS for encryption of NetBackup cloud storage
- About external KMS for encryption of NetBackup cloud storage
- About cloud storage servers
- About object size for cloud storage
- About the NetBackup media servers for cloud storage
- Configuring a storage server for cloud storage
- Changing cloud storage server properties
- NetBackup cloud storage server properties
- About cloud storage disk pools
- Configuring a disk pool for cloud storage
- Saving a record of the KMS key names for NetBackup cloud storage encryption
- Adding backup media servers to your cloud environment
- Configuring a storage unit for cloud storage
- About NetBackup Accelerator and NetBackup Optimized Synthetic backups
- Enabling NetBackup Accelerator with cloud storage
- Enabling optimized synthetic backups with cloud storage
- Creating a backup policy
- Changing cloud storage disk pool properties
- Certificate validation against Certificate Revocation List (CRL)
- Managing Certification Authorities (CA) for NetBackup Cloud
- Monitoring and Reporting
- Operational notes
- NetBackup bpstsinfo command operational notes
- Unable to configure additional media servers
- Cloud configuration may fail if NetBackup Access Control is enabled
- Deleting cloud storage server artifacts
- Using csconfig reinitialize to load updated cloud configuration settings
- Enabling or disabling communication between master server and legacy cloud storage media servers
- Troubleshooting
- About unified logging
- About legacy logging
- NetBackup cloud storage log files
- Enable libcurl logging
- NetBackup Administration Console fails to open
- Troubleshooting cloud storage configuration issues
- NetBackup Scalable Storage host properties unavailable
- Connection to the NetBackup CloudStore Service Container fails
- Cannot create a cloud storage disk pool
- Cannot create a cloud storage
- Data transfer to cloud storage server fails in the SSL mode
- Amazon GovCloud cloud storage configuration fails in non-SSL mode
- Data restore from the Google Nearline storage class may fail
- Backups may fail for cloud storage configurations with Frankfurt region
- Backups may fail for cloud storage configurations with the cloud compression option
- Fetching storage regions fails with authentication version V2
- Troubleshooting cloud storage operational issues
- Cloud storage backups fail
- Stopping and starting the NetBackup CloudStore Service Container
- A restart of the nbcssc (on legacy media servers), nbwmc, and nbsl processes reverts all cloudstore.conf settings
- NetBackup CloudStore Service Container startup and shutdown troubleshooting
- bptm process takes time to terminate after cancelling GLACIER restore job
- Handling image cleanup failures for Amazon Glacier vault
- Cleaning up orphaned archives manually
- Restoring from Amazon Glacier vault spans more than 24 hours for single fragment
- Restoring from GLACIER_VAULT takes more than 24 hours for Oracle databases
- Troubleshooting failures due to missing Amazon IAM permissions
- Restore job fails if the restore job start time overlaps with the backup job end time
- Post processing fails for restore from Azure archive
- Troubleshooting Amazon Snowball and Amazon Snowball Edge issues
- Index
Displaying KMS key information for cloud storage encryption
You can use the nbkmsutil command to list the following information about the key groups and the key records:
|
Key groups | |
|
Keys |
Note:
It is recommended that you keep a record key information. The key tag that is listed in the output is necessary if you need to recover keys.
To display KMS key group information
- To list all of the key groups, use the nbkmsutil with the -listkgs option. The following is the command format:
UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkgs
Windows: install_path\Veritas\NetBackup\bin\admincmd\nbkmsutil -listkgs
The following is example output on UNIX hosted storage. On Windows, the volume name is not used.
nbkmsutil -listkgs Key Group Name : CloudStorageVendor.com:symc_volume_for_backups Supported Cypher : AES_256 Number of Keys : 1 Has Active Key : Yes Creation Time : Tues Jan 01 01:00:00 2013 Last Modification Time: Tues Jan 01 01:00:00 2013 Description : -
To display KMS key information
- To list all of the keys that belong to a key group name, use the nbkmsutil with the -listkgs and -kgname options. The following is the command format:
UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkeys -kgname AdvDiskServer1.example.com:AdvDisk_Volume
Windows: install_path\Veritas\NetBackup\bin\admincmd\nbkmsutil -listkeys -kgname AdvDiskServer1.example.com:
The following is example output on UNIX hosted storage. On Windows, the volume name is not used.
nbkmsutil -listkeys -kgname CloudStorageVendor.com:symc_volume_for_backup Key Group Name : CloudStorageVendor.com:symc_volume_for_backups Supported Cypher : AES_256 Number of Keys : 1 Has Active Key : Yes Creation Time : Tues Jan 01 01:00:00 2013 Last Modification Time: Tues Jan 01 01:00:00 2013 Description : - Key Tag : 532cf41cc8b3513a13c1c26b5128731e5ca0b9b01e0689cc38ac2b7596bbae3c Key Name : Encrypt_Key_April Current State : Active Creation Time : Tues Jan 01 01:02:00 2013 Last Modification Time: Tues Jan 01 01:02:00 2013 Description : -
You can also use the nbkmscmd command to list the keys from NetBackup KMS and external KMS server. You need to ensure that a Symmetric encryption key already exists in the external KMS server with a custom attribute with value of key group in the 'storage_server_name:volume_name' format.
To display the key information for NetBackup KMS and external KMS
- Run the following command to retrieve the KMS server configuration names.
nbkmscmd -listkmsconfig
- Run the following command to retrieve key information for a key group from the KMS server.
nbkmscmd -listkeys -name KMS_server_name -keyGroupName key_group_name -jsonRaw