Frequently Asked Questions on NetBackup Replication to a Remote Master Server (Automatic Image Replication feature)
Problem
Frequently asked questions on Replication to Remote Master feature available in NetBackup. This feature is also known as Automatic Image Replication.
Solution
- What is Replication to a Remote Master feature?
The backups that are generated in one NetBackup domain can be replicated to storage in one or more target NetBackup domains. This process is referred to as Auto Image Replication.
We have 4 models for AIR:
- one to one
- one to many
- many to one
- many to many
- What are the minimum requirements to implement replication to a remote master?
Replication to a remote master requires NetBackup 7.1 or above. Kindly note that version 7.1 through 8.0 have reached their End Of Support Life (EOSL) and 8.1.x versions have reached their End Of Standard Support (EOSS), as per the Veritas™ Services and Operations Readiness Tools (SORT) website, so the installed version must be 8.2 or above to receive support for this configuration. The storage servers at the source and target domains must support Open Storage version 11 and provide plugins to make use of the replication to remote master functionality. For third party Open Storage devices, please contact the vendor for details on Replication to Remote Master support.
For firewall port requirements:
NetBackup 6.x and 7.x and 8.x firewall port requirements
If using Optimized Duplication (including Automatic Image Replication):
- For MSDP-to-MSDP, the source storage server needs access to spad/10102 and spoold/10082 on the destination server.
- For MSDP-to-PDDO, the source storage server needs access to SPA/443 and spoold/10082 on the destination server.
- For PDDO-to-PDDO, the source storage server needs access to SPA/443 and spoold/10082 on the destination server.
- For Automatic Image Replication (AIR)
- In addition to the ports for Optimized Duplication, also open the TCP port for PBX/1556 between the master servers.
- Do I require any additional license to implement AIR
No, there is no additional license requirements specific to the use of AIR.
- Can I replicate images from one source domain to multiple target domains?
Yes, you can define multiple destinations for the source storage server at the source domain. Replications to multiple targets can occur concurrently if the backend storage server supports it.
- Can I replicate images from multiple source domains to a single target domain?
Yes, the same storage server can be the target for multiple source domains. This is a good use case for storage servers at remote offices replicating to central data center. Another use case is where multiple consumers are sending data to a central backup service provider.
- Can I replicate in both directions between two NetBackup domains?
Yes, this is supported. This is ideal for environments where two productions sites also act as disaster recovery site for one another.
- What is the difference between traditional image import and automatic image import available with Replication to remote master feature?
Traditional image import is a time consuming process which is done in two phases. In the second phase, the entire image on storage needs to be scanned to regenerate the file meta data for the catalog. The larger the size of image on storage, the longer it takes to import. Additionally, larger the number of files in the image, the longer it takes to regenerate the catalog. The automatic image import available with Replication to remote master is optimized. The file meta data for the backup is part of NetBackup image on storage. During replication, the meta data is thus shipped to remote master where importing is simply a matter of reading the meta data shipped by the source domain and adding to the catalog at the target domain. The size of the image and number of files on image has little impact on optimized automatic import.
- What is Remote Retention?
In an inter-domain replication scenario, the owner of the data is the source domain. The administrator at the source domain decides how long the data should be kept offsite (remote master). This is achieved by a special time of retention level the target domain must have in the storage life cycle policy (SLP) that imports the image. This is called Remote Retention. At least one destination in the import SLP at the target domain must have Remote Retention set.
- What happens if the remote domain does not have a storage life cycle policy with the same name as the source domain?
The replications will continue to occur, but images will not get imported at the remote master server if in the SLP Parameters "Auto create A.I.R. Import SLP" is set to No. So, it is recommended to have import SLP created with the same name and if not, then set the property "Auto create A.I.R. Import SLP" to Yes in the SLP parameters. This way, import will happen successfully.
See the following guide for more information on SLP Parameters properties.
- I was told that the storage server at the remote site notifies NetBackup when new image arrives from the source domain. What happens if NetBackup was down at the remote site?
Replication to remote master is based on OpenStorage 11 events and messages. The event associated with the arrival of new image persist on storage server until NetBackup acknowledges and deletes the event. Hence the image will be processed once NetBackup comes online.
- What happens if the remote master is down at the time of replication?
So long as the remote storage server is up and running, replication would work fine. The import will happen once the remote master comes up.
- What happens if the media server(s) connected to the storage server at the remote server are down?
If the storage server is an independent device, the replication would work fine. The import will happen when the media server is up. If the storage server is part of media server (e.g. Media Server Deduplication Pool), the media server needs to be running for replication to run.
A few limitations of AIR:
- Although Auto Image Replication is a disaster recovery solution, you cannot restore to clients in the primary (or originating) domain from the target master domain.
- Auto Image Replication does not support synthetic backups or optimized synthetic backups.
- Auto Image Replication does not support spanning volumes in a disk pool. NetBackup fails backup jobs to the disk pools that span volumes if the backup job is in a storage lifecycle policy that also contains a replication operation.
- Auto Image Replication does not support replicating from a storage unit group. That is, the source copy cannot be in a storage unit group.
- The ability to perform Auto Image Replication between different versions of NetBackup does not overrule the basic image compatibility rules. For example, a database backup that was taken in one NetBackup domain can be replicated to a NetBackup domain of an earlier version. However, the older server may not be able to successfully restore from the newer image.
- Synchronize the clocks of the master servers in the source and the target domains so that the master server in the target domain can import the images as soon as they are ready. The master server in the target domain cannot import an image until the image creation time is reached. Time zone differences are not a factor because the images use Coordinated Universal Time (UTC).
In addition to above points/Queries, to configure SLP, we have to follow these steps:
AIR configuration in 8.1.2 and additional steps for AIR after NetBackup is upgraded from a lower version to 8.1.2
Since 8.1.2, due to MSDP secure communications, we have to an additional step to configure AIR.
- As in older versions, it is necessary to set a trust relationship between the Two Master servers.
- Generate a Token from the target Master server’s admin console or java console.
- On the Source Master server, run the following:
nbseccmd -setuptrustedmaster -add -masterserver <master_server_name> -remotemasterserver <remote_master_server>
It will ask for a token.
- Enter the token generated from the Target Master server.
- Repeat the same steps for the Target Master server. i.e. generate the Token from the Source master server and then run the above mentioned command on the Target Master server.
For 8.1.2 and higher, perform the following steps:
- On the target NetBackup master server, run the following command to display the CA fingerprint:
Windows:install_path\NetBackup\bin\nbcertcmd -displayCACertDetail
UNIX/Linux:/usr/openv/netbackup/bin/nbcertcmd -displayCACertDetail
- On the source MSDP storage server, run the following command to get the CA from the target NetBackup master server:
Windows:install_path\NetBackup\bin\nbcertcmd -getCACertificate -server target_master_server
UNIX/Linux:/usr/openv/netbackup/bin/nbcertcmd -getCACertificate -server target_master_server
When you accept the CA, ensure that the CA fingerprint is the same as displayed in the previous step
- Generate the authorization token on the target Master server:
- Log on to the NetBackup Administration Console on the target NetBackup master server
- Open Security Management > Certificate Management > Token Management.
- Click the Create Token option to create a token, or right-click the blank area of the Token records list view
- Select the New Token menu item to create a token.
- On the source MSDP storage server, run the following command to get a certificate generated by the target NetBackup master server:
Windows:install_path\NetBackup\bin\nbcertcmd -getCertificate -server target_master_server -token token_generated_step5
UNIX/Linux:/usr/openv/netbackup/bin/nbcertcmd -getCertificate -server target_master_server -token token_generated_step5
Note: If the system was upgraded from a lower version to 8.1.2, then perform the above mentioned steps on the Storage server.
Note: If AIR is configured for bi-directional replication between two master servers, then the same has to be done on the target storage server as well.
Once the above steps are completed:
- Go to the Java console > Media and Device Management > Credentials > Storage servers
- Double click on the storage server
- Go to > Replication > select the target Master server, select the Target storage server
- Enter the credentials of the storage server.
After this, configure the SLP with replication operation on the Source domain, and the Import operation on the target domain.
See the following guide for more information about NetBackup Auto Image Replication.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.