How to deploy NetBackup in Microsoft Cloud infrastructure using ARM (Azure Resource Manager) template

How to deploy NetBackup in Microsoft Cloud infrastructure using ARM (Azure Resource Manager) template

  • Article ID:100041400
  • Last Published:
  • Product(s):NetBackup
  • Ratings: 14 2

Description

This accompanying article provides step-by-step assistance to portal users deploying Veritas NetBackup™ offer (version 8.1) from the Azure Marketplace.

To locate the NetBackup solution template in Azure Marketplace, authenticate to https://portal.azure.com and under Marketplace, search for Veritas NetBackup. This template allows the portal user to deploy an Azure Virtual Machine (VM) that hosts a NetBackup 8.1 Master server, media server or Windows client in about 15 minutes. The VM is accessible via Remote Desktop Protocol using the Operating System (OS) credentials that the portal user provides when deploying the VM.

Overview

To deploy NetBackup Master or Media Server, the Azure portal user needs to provide the following sets of parameters.

  1. Basics - NBU Install type, hostname(s) and licenses, and Azure parameters (Subscription, Location and Resource Group)
  2. Operating System and Security - OS and NetBackup credentials for Azure VM; fingerprint of Certificate Authority (CA) and Authorization token is also needed when deploying NetBackup additional clients or media servers.
  3. Network and Storage settings - Virtual network and Subnet values, VM size, storage accounts and optionally public IP and Azure DNS name.

The portal user reviews a summary of the selections provided before clicking the OK button to display a web page containing End User License Agreement (EULA). The deployment is initiated when the portal user acknowledges the EULA by clicking the Create button. Review the section below for additional assistance in deploying NetBackup 8.1 using the Azure template.

 

Note: Customers are also able to provision a Virtual Machine (VM) in Azure or Azure Stack and install NetBackup software within that VM. Veritas provides support for NetBackup within a virtual environment. Review our support guidelines for NetBackup 7.7.x and 8.x in virtual environments. For the purpose of this document, a “virtual environment” is defined as: any on-site, off-site, or public cloud IaaS virtualization solution where NetBackup can be installed into a supported guest operating system.

 

Table of Contents

  1. Basics 
  2. Operating System and Security 
  3. Network and Storage Settings 

 

1. Basics

(Back to top)

The basic information identified below is required or optional based on the NetBackup install type. Each deployment using this template must use either a newly created Azure Resource Group, or an existing Azure resource group that is empty.

 

Parameters 

Installation Type

 

Master

Media

Client

Master Hostname

Required 

Required

Required

Media Hostname

 n/a

 Required 

 n/a

Client Hostname

n/a

n/a

 Required

Additional Servers 

 Optional

Optional 

 Optional

 License Key

Required 

 Required

n/a

 

The below screenshot captures an example of the Basics tab for each of the possible installation types.

Figure 1 - Basics Tab

 

 

2. Operating System and Security

(Back to top)

The Azure portal user is prompted to provide administrative user credentials for the OS and NetBackup when deploying a master server. Beginning version 8.0, NetBackup introduces Host ID-based certificates, in addition to the host name-based certificates from previous versions. To facilitate deploying additional media servers or clients, an Authorization token needs to be provisioned on the Master server; in addition, the SHA1 fingerprint of the CA certificate is necessary to validate the identity of the master server.

 

Parameters 

Installation Type

 

Master

Media

Client

OS admin credentials

Required 

Required

Required

NB Web Service credentials

Required

 n/a

 n/a

NB Master CA certificate fingerprint

n/a

Required

 Required

NB Master Authorization Token

 n/a

Required

 Required

 

The below screenshot shows the Operating System and Security tab when deploying a NB master server and NB clients/media servers. Also listed below are steps to obtain the CA certificate fingerprint and Authorization token from the Master Server, using both graphical and command-line interfaces. 

Figure 2 - OS and NB Security

 

Finding the SHA1 fingerprint of the CA certificate (click for more details)

* Using the NetBackup Administration Console:
Expand Security Management > Certificate Management.
On the Actions menu, select View Certificate Authority. The Certificate Authority Details dialog appears.
The Copy Fingerprint to Clipboard option is available to help the administrator communicate the fingerprint to the host administrator.

* Using the command line:
Run the following command on the master server to view the Root Certificate Fingerprint:

C:\Program Files\VERITAS\NetBackup\bin>nbcertcmd.exe -listCACertDetails
      Subject Name : /CN=nbatd/OU=root@nbmas.4v3gjqedkveutdhbivqirydbna.xx.internal.cloudapp.net/O=vx
        Start Date : Dec 21 21:42:58 2017 GMT
       Expiry Date : Dec 16 22:57:58 2037 GMT
  SHA1 Fingerprint : 2D:CD:68:9C:93:EE:67:5B:C8:77:D0:10:C6:6C:67:2A:C1:8C:AB:2F

 

Creating an Authorization Token

* Using the NetBackup Administration Console:
Expand Security Management > Certificate Management > Token Management. From the Actions menu, select New Token. For additional parameters when creating a new token, review the section Creating authorization tokens

* Using the command line:
To create a token, a bpnbat web log-on is required with an account that has NetBackup administrator privileges; see example below. When prompted for Authentication Broker, provide the hostname of the Master Server. See  bpnbat section in the Commands Reference Guide for additional details on bpnbat usage.
In the example below, command responses keyed in by the NetBackup administrative user are indicated in bold font.

C:\Program Files\VERITAS\NetBackup\bin>bpnbat -login -loginType WEB
Authentication Broker: nbmas
Authentication port [0 is default]:
Authentication type (NIS, NISPLUS, WINDOWS, vx, unixpwd, ldap): WINDOWS
Domain: nbmas
Login Name: nbadmin
Password: ************
Operation completed successfully.

Once authenticated, create a token using the nbcertcmd command.

C:\Program Files\VERITAS\NetBackup\bin>nbcertcmd -createToken -name Token4Installs
Token XWTZDESIYASIDNWI created successfully.

 

3. Network and Storage Settings

(Back to top)

The Network and Storage blade prompts the portal user to:
- Create or specify the Virtual Network (VNET) and subnet into which the NetBackup host is to be deployed. The VNET/subnet address space must be entered using notation (CIDR) notation. (See the left side of the image below.)
- Select an existing storage account for the OS disks of the server, or create a new storage account and pick the disk performance type - either Premium or Standard. To ensure durability and high availability, Azure storage replication can be employed using either Locally redundant storage (LRS) or Geo-redundant storage (GRS).
- Choose if a Public IP address is needed for the provisioned NetBackup host. If one is necessary, the portal user is prompted to create or choose a new Public IP address, and the type of allocation method.

Notes about provisioning a Public IP address:
- The Public IP address allocation method (dynamic vs. static) is inherited from the button selected for the parameter 'Public IP address type'. The value specified using the radio button labeled 'Assignment' on the blade titled 'Create public IP address' is currently ignored. (See the right portion of the image below.)

Figure 3 - Virtual Network, subnet, storage account and Public IP address settings

 

Click OK to proceed to the Summary page. Under the title of the page, a red-shaded box indicates that validation failed and errors are displayed below. A blue-shaded box is displayed when the parameters specified were validated for use along with the deployment template. Click OK to proceed to next page that displays the Terms of Use; clicking the Create button at the bottom of the page commences the template deployment.

Deployment progress can be seen in the portal as "Deployment in Progress". After the deployment is succeeded, connect to the server using the credentials provided in Step 1 - Basic settings.

Image 4 - Template Deployment Progress

Note: When the deployment is in progress, if the VM is being stopped from the console followed by start operation, re-provisioning of VM will happen which will result in running the extension again and all the data will be lost.


 

Was this content helpful?