Veritas NetBackup™ Logging Reference Guide
- Using logs
- Changing the logging levels
- About unified logging
- About legacy logging
- Backup process and logging
- Media and device processes and logging
- Restore process and logging
- Advanced backup and restore features
- Storage logging
- NetBackup Deduplication logging
- OpenStorage Technology (OST) logging
- Storage lifecycle policy (SLP) and Auto Image Replication (A.I.R.) logging
- NetBackup secure communication logging
- NetBackup proxy helper logging
- NetBackup proxy tunnel logging
- Snapshot technologies
- Locating logs
- NetBackup Administration Console logging
- Using the Logging Assistant
Setting up a secure channel between the NetBackup Administration Console and either nbsl or nbvault
The following steps describe the process flow to set up a secure channel between the NetBackup Administration Console and either nbsl or nbvault:
Trust is already set up between the NetBackup Administration Console and bpjava-*. The user information and session token already exist in a designated location with a name similar to the following:
See Setting up a secure channel between the NetBackup Administration Console and bpjava-*.
The NetBackup Administration Console sends a request to nbsl/nbvault for a secure connection.
nbsl/nbvault accepts the request and initiates a secure channel using the security certificate on the host. These daemons run with root/administrator privileges and can access the security certificate.
This secure channel is a one-way authenticated SSL channel where only the server certificate is present and there is no peer certificate. There is no certificate from the NetBackup Administration Console side.
The trust options for the security certificate are as follows:
The NetBackup Administration Console accepts the security certificate (or gives approval for this secure channel) if it trusts the NetBackup Certificate Authority (CA) who signed the security certificate.
If the NetBackup Administration Console does not trust the CA who signed the security certificate, it displays a pop-up dialog box. This dialog box asks if the user trusts the CA who has signed the certificate (This is a one-time activity. After the user gives consent to trust the CA, the dialog box does not display again.).
The NetBackup Administration Console sends a session token to nbsl/nbvault. See Setting up a secure channel between the NetBackup Administration Console and bpjava-*.
nbsl/nbvault verifies this session token by performing the following procedure:
Generates a hash of the session token that was received
Searches for the file with the name that starts with this hash at the designated location
If the file is found, it extracts the PID from it (see step 1)
Checks to see if the PID is valid
The success of the verification creates a trust between nbsl/nbvault and the NetBackup Administration Console.
All further communication occurs between nbsl/nbvault and the NetBackup Administration Console on this trusted secure channel.