Veritas NetBackup™ Read This First Guide for Secure Communications
- NetBackup Read This First for Secure Communications
- About secure communications in NetBackup
- How host ID-based certificates are deployed during installation
- How certificates are deployed on hosts during upgrades
- How secure communication works with master server cluster nodes
- When an authorization token is required during certificate deployment
- Why do you need to map host names (or IP addresses) to host IDs
- How to reset host attributes or host communication status
- What has changed for catalog recovery
- What has changed with Auto Image Replication
- How the hosts with revoked certificates work
- How communication happens when a host cannot directly connect to the master server
- Are security certificates backed up
- How communication with legacy media servers happens in the case of cloud configuration
- How NetBackup 8.1 hosts communicate with NetBackup 8.0 and earlier hosts
- Communication failure scenarios
- Secure communication support for other hosts in NetBackup domain
How communication happens when a host cannot directly connect to the master server
In a demilitarized zone (DMZ), NetBackup clients may not be able to directly send requests (for certificate deployment and so on) to the master server. The HTTP tunnel on the media server is used to accept the web service requests sent by the client hosts and forward them to the master server. The configuration of the HTTP tunneling is automatic and no setup is required. The NetBackup client and the media server must be 8.1 or later for HTTP tunneling to work.
Irrespective of the certificate deployment security level that is set on the master server, you require an authorization token to deploy a host ID-based certificate on a host in a demilitarized zone.
For more information on clients in a DMZ, refer to the NetBackup Security and Encryption Guide.