Veritas NetBackup™ Read This First Guide for Secure Communications
- How secure communication works with master server cluster nodes
- Communication failure scenarios
- Secure communication support for other hosts in NetBackup domain
How host ID-based certificates are deployed during installation
The following diagram illustrates how certificates are deployed on hosts during installation:
Host ID-based certificate deployment occurs in the following order:
A host ID-based certificate is automatically deployed on the NetBackup master server during installation. The master server is the CA.
A host ID-based certificate is deployed on Host 1 during installation after confirming the CA fingerprint that is made available by the installation wizard or the script.
An authorization token is not required because the certificate deployment security level on the master server is set to High and Host 1 is known to the master server.
A fingerprint is used to authenticate the CA of the master server before it is added to the trust store of a host. The master server administrator communicates the CA fingerprint to the host administrators by email or file, or publishes it on a website.
An authorization token is used as a mechanism to authorize a host's certificate request that is sent to the NetBackup master server. An authorization token is confidential and only the master server administrator can create it. The master server administrator then passes it on to the administrator of the host where you want to deploy a certificate. A reissue token is a special authorization token that is used to redeploy a certificate on a host to which a certificate was previously issued.
If you continued with the NetBackup installation without confirming the master server fingerprint, you need to carry out manual steps before backups and restores can occur.
A host ID-based certificate is deployed on Host 2 during installation after the master server fingerprint is confirmed. An authorization token is required, because the certificate deployment security level on the master server is set to High and Host 2 is not known to the master server.