How to understand NetBackup BMR support with respect to external certificate authority (CA)

How to understand NetBackup BMR support with respect to external certificate authority (CA)

Article: 100044534
Last Published: 2019-05-27
Ratings: 1 0
Product(s): NetBackup

Description

NetBackup Bare Metal Recovery (BMR) restores use NetBackup CA-signed certificates or host ID-based certificates. Therefore, the NetBackup master and media servers that contain backup images for BMR client must have NetBackup CA-signed certificates for successful BMR restores.

The following table lists what all BMR backups and restores are supported in case of NetBackup CA (NBCA) and external CA (ECA) configurations.
 

Host type Supported for BMR?
Master server Media server Client Backup      Restore
NBCA      NBCA NBCA Supported Supported
NBCA and ECA NBCA and ECA NBCA or ECA Supported Supported
NBCA and ECA ECA ECA Supported Not supported
ECA ECA ECA Supported Not supported

Important notes: 

  • All BMR restores use NetBackup CA-signed certificates only.
  • NetBackup CA-signed certificates that are fetched and used during BMR restores are pushed on the restored client and after the restores, any first-boot external procedures use these certificates for communication with the master and media servers.
  • If a client is configured to use only external CA-signed certificates, during BMR restore it fetches and uses the NetBackup CA-signed certificate and completes the restore operation. After the restore when the machine reboots, you need to manually change the certificate settings by disabling NetBackup CA and configuring ECA settings in NetBackup configuration file.

For more details on the ECA configuration, refer to the 'External CA support in NetBackup' section from the NetBackup Security and Encryption Guide.

Refer to the 'Disabling the NetBackup CA in a NetBackup domain' from the NetBackup Security and Encryption Guide.

  • Also for Auto Image Replication (AIR) of a BMR client, BMR fetches and uses the NetBackup CA-signed certificates during restores of a replicated backup image for the client.

Was this content helpful?