NetBackup™ Add-in for Microsoft SCVMM Console Guide
- Introduction and notes
- Installing the NetBackup Add-in for SCVMM
- Requirements for the NetBackup Add-in for SCVMM
- Installing the NetBackup Add-in for SCVMM
- Installation message: Add-in cannot be installed
- Installation message regarding localized environments
- Configuring the add-in for an external certificate
- Reconfiguring the add-in for a NetBackup CA-signed certificate
- Uninstalling the NetBackup Add-in for SCVMM
- Configuring the NetBackup Recovery Wizard
- Creating an authentication token for the NetBackup add-in for SCVMM
- Authorizing the NetBackup add-in to restore virtual machines
- Adding or deleting an additional host name or IP address for an authentication token
- Revoking an authorization token
- Renewing an authorization token
- Listing all current authorization tokens
- Recovering virtual machines
- Troubleshooting
- About logging for the NetBackup Add-in for SCVMM
- Viewing log messages for the NetBackup Add-in for SCVMM
- Changing the logging level for the NetBackup Add-in for SCVMM
- The pre-recovery checks in the Recovery Wizard of the NetBackup Add-in for SCVMM return out-of-date information about the VM
- Next button in the NetBackup Add-in Recovery Wizard is enabled even though required input has not been entered
- The NetBackup Add-in Recovery Wizard does not prompt to overwrite the VM, and the recovery fails
- Troubleshooting primary server communication failures in the NetBackup Add-in for SCVMM
Configuring the add-in for an external certificate
The add-in communicates with the NetBackup primary server securely by means of certificate-based authentication. By default, the primary server uses NetBackup CA-signed certificates. As an alternative, the primary server can be configured to use an externally issued certificate. In that case, use the following procedure to configure the add-in for the external certificate.
Configure the add-in for an external certificate
- Enter the following command on the primary server:
Windows
install_path\NetBackup\wmc\bin\install\configureCertsForPlugins.bat -registerExternalCert -certPath "path_to_external_certificate_file" -privateKeyPath "path_to_certificate_key_file" -trustStorePath "path_to_ca_certificate_file"
UNIX, Linux
/usr/openv/wmc/bin/install/configureCertsForPlugins -registerExternalCert -certPath "path_to_external_certificate_file" -privateKeyPath "path_to_certificate_key_file" -trustStorePath "path_to_ca_certificate_file"
For example:
configureCertsForPlugins.bat -registerExternalCert -certPath "c:\server.pem" -privateKeyPath "c:\key.pem" -trustStorePath "c:\intermediateOrRootCA.pem"
This command configures the add-in to use the external certificate by importing the certificate into the keystore on the primary server. The command options are as follows:
-certPath: Specifies the path to the certificate for the web server. This file should have a single certificate in PEM format.
-privateKeyPath: Specifies the path to the private key for the web server certificate.
-trustStorePath: Specifies the path to the certificate of the intermediate or root certification authority that has issued the web server certificate. This file should have a single certificate in PEM format. The subject of this certificate should match the issuer of the web server certificate.
For further information on external certificates, see the NetBackup Security and Encryption Guide.
- Restart the NetBackup Web Management Console service on the primary server.
In the Activity monitor: Select the Daemons tab. Locate the service and select Actions > Stop. When the service has stopped, select Actions > Start.
- Renew the authentication token on the primary server:
See Renewing an authorization token.
Note:
Perform this step for each add-in that needs to communicate with the primary server.
- On the add-in, remove the existing primary server and then add the primary server that now has the renewed token:
See Authorizing the NetBackup add-in to restore virtual machines.