Veritas NetBackup™ Appliance Release Notes

Last Published:
Product(s): Appliances (3.2)
Platform: NetBackup Appliance OS

New features, enhancements, and changes for NetBackup Appliance 3.2

The following list describes the new features, enhancements, and changes in the NetBackup appliance 3.2 release:

  • Pre-upgrade requirements for version 3.2

    Before you can upgrade to NetBackup Appliance software version 3.2, you must first install the following updates:

    • HDD firmware and BIOS updates

      Appliance models 5230 and 5330 are likely to require an HDD firmware update prior to version 3.2 upgrades. Appliance models 5230 and 5330 all require a BIOS update prior to version 3.2 upgrades. Appliance models 5240 and 5340 are not affected and do not require these updates before an upgrade to version 3.2. Hotfixes that contain both the HDD firmware and BIOS updates are available for software versions 2.7.3 through 3.2.

    • MSDP fingerprinting conversion hotfix

      All appliances currently on versions 2.7.3 or 3.0 require installation of this hotfix. Once installed, the fingerprinting conversion can take some time to complete. You cannot upgrade the appliance until the fingerprinting conversion has completed.

      For a complete checklist of pre-upgrade requirements, refer to the following article:

      https://www.veritas.com/support/en_US/article.100046066

  • About the Upgrade rpm preflight check and Appliance Upgrade Readiness Analyzer

    Starting with appliance release 2.7.3, appliance upgrade rpms run a script for a preflight check to determine if the appliance is ready for an upgrade. The preflight check analyzes several system parameters and provides information about what was found and whether an upgrade can proceed. If the preflight check detects any issues that fail to meet the upgrade requirements, the upgrade is not allowed. You must address all reported issues before the next upgrade attempt.

    The Appliance Upgrade Readiness Analyzer tool includes the same base check items as the upgrade rpm. The tool can also contain additional check items that are not included in the upgrade rpm. The differences between the upgrade rpm and the analyzer tool can occur as Veritas learns about other upgrade issues after the release of an upgrade rpm. The analyzer tool can be updated and released anytime between appliance releases.

    To ensure that you get the most accurate pre-upgrade check results, Veritas recommends that you download the latest available version of the analyzer tool and run it before any upgrade attempt. To download the analyzer tool, see the following article:

    https://www.veritas.com/support/en_US/article.100040055

    The following describes the recommended best practices for when to use the analyzer tool:

    • Run the analyzer tool prior to your upgrade maintenance window.

      Do this to ensure that you have enough time to implement any required changes that are reported in the analyzer tool results.

    • Run the analyzer tool again right before you upgrade.

      Do this to verify whether any changes within your environment since the previous analysis could impact the upgrade.

  • Starting with this release, NetBackup appliances support external certificate authority (ECA) deployment. The deployment takes place when you select the media server role configuration for a new or a factory reset appliance. For appliances in a high availability (HA) setup, the deployment on the compute (first) node occurs during the initial configuration and again when setting up HA. For the partner node, the deployment takes place when you add the partner node to the HA setup. For complete details, see the following documents:

    NetBackup 52xx Appliance Initial Configuration Guide

    NetBackup 53xx Appliance Initial Configuration Guide

    NetBackup Appliance High Availability Reference Guide

    Note:

    Upgrades to version 3.2 using the NetBackup Appliance Shell Menu or the Appliance Management Console (AMS) do not support ECA deployment. After a successful upgrade, you can enable the ECA for NetBackup. For details, see the NetBackup Appliance Commands Reference Guide. Additionally, you can configure the ECA to the appliance infrastructure services such as mongodb, tomcat, and nginx. For details, see the NetBackup Appliance Security Guide.

  • Upgrades to version 3.2 also update the key-exchange algorithms that are used for connecting to the appliance. Before you upgrade, make sure that your SSH client supports the following key-exchange algorithms for connecting to the appliance:

    • diffie-hellman-group-exchange-sha256

    • diffie-hellman-group18-sha512

    • diffie-hellman-group16-sha512

    • diffie-hellman-group14-sha256

    • ecdh-sha2-nistp256

    • 6ecdh-sha2-nistp384

    • ecdh-sha2-nistp521

      If your SSH client does not support any of the above algorithms, an error message appears to inform you of the problem when you attempt to connect to the appliance.

  • Starting with this release, you can create a Protection Point for a Universal Share to take advantage of the data management capabilities in Storage Lifecycle Policies. A Protection Point is a point in time copy of the data that exists in a Universal Share. The data within a Protection Point is cataloged which lets you manage it using the data management capabilities in Storage Lifecycle Policies. In most cases, it takes only seconds to create a Protection Point. For complete details, see the NetBackup Appliance Security Guide.

  • Starting with this release, NetBackup appliances support two-factor authentication (2FA). The following describes the 2FA support for this release:

    • The nbasecadmin user or any user with the NetBackup Adminstrator role can configure 2FA for the NetBackup Web UI.

    • 2FA is only supported for Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) domain users with the NetBackup™ Web UI. The 2FA feature is not currently supported through the NetBackup Appliance Shell Menu or NetBackup Appliance Web Console.

    • 2FA configuration requires separate AD or LDAP configuration for NetBackup, even if AD or LDAP is already configured on the appliance.

      For complete details, see the NetBackup Appliance Security Guide.

  • Starting with this release, you can update client software and install EEBs from an appliance master server using VxUpdate. New commands have been added to the NetBackup Appliance Shell Menu (shell menu) for managing the NetBackup package repository that is used to store VxUpdate packages.

    Note:

    VxUpdate only supports updating the existing software version on a client. It does not support deploying new client installations on a client.

    For complete details, see the NetBackup Appliance Upgrade Guide.

  • Starting with this release, the following banner appears when you try to log in to the appliance shell menu while a rollback from an upgrade is in progress:

    Rollback is in progress.....
    Cannot interrupt or stop a rollback that is in progress.
    Wait for rollback to complete.

  • Starting with this release, the upgrade process checks the status of all storage partitions. If any partitions are not imported or mounted successfully, the upgrade either pauses or starts a rollback.

  • Starting with this release, the Instant Access feature is supported on NetBackup 5230 appliance. This feature allows you to create an Instant Access VM from a NetBackup backup image. The VM is available almost instantaneously, achieving a near-zero recovery time objective. NetBackup mounts the VM snapshot directly on the backup storage device to allow your ESXi host or cluster to treat the snapshot as a normal VM.

    For information about how to use this feature, see the NetBackup Web UI VMware Administrator's Guide.

  • Starting with this release, the following improvements were made for VMware support with the Instant Access feature:

    • Added multi-file and multi-folder download and restore operations

    • Enhanced several error codes

    • Added vMotion support for VMs

    • Added LDM support

    • Added the ability to preserve Windows ACLs

    • Improved SFR speed

    • Added the ability to display NBU jobs status

    • Enhanced the file browsing experience by making additional details visible for each file

  • Starting with this release, NetBackup appliances gather more detailed telemetry information during upgrades. Information about service status, storage status, space usage, RAID status, and IPMI status are collected at various stages of the upgrade in the form of events. If Call Home is enabled, the collected logs and events are sent to the AutoSupport server. If Call Home is disabled, the logs and events are saved on the appliance.

  • Starting with this release, Destination Network Address Translation (DNAT) is supported on NetBackup master server and media server appliances. This feature provides support for communication with Network Address Translation (NAT) clients. DNAT can be enabled from the appliance shell menu, after you have completed the appliance initial configuration. For details, see the NetBackup Appliance Commands Reference Guide.

  • Starting with this release, the Appliance Management Server (AMS) version 1.3 supports the following:

    • Emergency Engineering Binary (EEB) uninstallation

      Remove or uninstall EEBs from the AMS.

    • Network throttling

      Limit the bandwidth for downloading packages to the AMS.

    • Login page for NetBackup Virtual Appliance

      A new login page is provided for virtual appliance users.

      For details about these features, see the Veritas Appliance Management Guide.

  • Starting with this release, the initial configuration procedure for a NetBackup 5240 CloudCatalyst Appliance has changed. Configuration for the cloud storage provider must be done using the Cloud Storage Configuration wizard in the NetBackup Administration Console. After this configuration is completed, you must manually create a backup policy for the deduplication (MSDP) pool catalog. For details, see the NetBackup 52xx Appliance Initial Configuration Guide.

  • Starting with this release, the Multi-Threaded Agent service (mtstrmd) in NetBackup now runs in all appliance HA environments. This service improves the MSDP performance in HA environments.

  • Starting with this release, a change to the spoold process in NetBackup eliminates the timeout issues that could occur during the HA setup or a switchover operation.

  • Starting with this release, the Intelligent Platform Management Interface (IPMI) port (623) is disabled by default to mitigate security-related issues with the IPMI protocol. For more information about the security-related issues associated with the IPMI protocol (CVE-2013-4786), see:

    https://nvd.nist.gov/vuln/detail/CVE-2013-4786.