Veritas NetBackup™ Plug-in for VMware vSphere Client (HTML5) Guide

Last Published:
Product(s): NetBackup (8.3)
Platform: Linux,UNIX,Windows
  1. Introduction and notes
    1.  
      About the NetBackup plug-in for VMware vSphere Client (HTML5)
    2.  
      Notes on the NetBackup plug-in for vSphere Client (HTML5)
    3.  
      How to access the features of the NetBackup plug-in for vSphere Client (HTML5)
    4.  
      Updates to this guide for NetBackup 8.3
  2. Installing the NetBackup plug-in for vSphere Client (HTML5)
    1.  
      Requirements for the NetBackup plug-in for vSphere Client (HTML5)
    2.  
      Using consistent vCenter naming with the NetBackup plug-in for vSphere Client (HTML5)
    3.  
      vCenter privileges for managing NetBackup plug-in installation
    4.  
      Notes on using the vSphere Client (HTML5) plug-in in a VMware Platform Services Controller (PSC) environment
    5. Installing the NetBackup plug-in for vSphere Client (HTML5)
      1.  
        VIRTUALIZATION_HOSTS_SECURE_CONNECT_ENABLED for servers and clients
    6.  
      Upgrading the NetBackup plug-in for vSphere Client (HTML5)
    7.  
      Uninstalling the NetBackup plug-in for vSphere Client (HTML5)
    8. Configuration overview for the NetBackup Recovery and Instant Recovery Wizards
      1.  
        Configuring ports for the NetBackup Web Services
      2.  
        Port usage for the NetBackup vSphere Client (HTML5) plug-in
      3.  
        Creating an authentication token for the NetBackup plug-in for vSphere Client (HTML5)
      4.  
        Authorizing the NetBackup vSphere Client (HTML5) plug-in to restore virtual machines
      5.  
        Configuring the plug-in for an external certificate
      6.  
        Reconfiguring the plug-in for a NetBackup CA-signed certificate
      7.  
        Setting vCenter privileges for recovering virtual machines
      8.  
        Adding or deleting an additional host name or IP address for an authentication token
      9.  
        Revoking an authorization token
      10.  
        Renewing an authorization token
      11.  
        Listing all current authentication tokens
      12.  
        Permissions on the NetBackup plug-in authentication token file may need to be changed
  3. Excluding virtual disks from the backup
    1.  
      About excluding virtual disks from the backup
    2.  
      Setting the exclude disks Custom Attribute
  4. Monitoring backup status
    1.  
      vCenter privileges for backup monitoring
    2.  
      Backup monitoring displays in the NetBackup plug-in for vSphere Client (HTML5)
    3.  
      Summary display
    4.  
      Virtual Machines display
    5.  
      Events display
    6.  
      Using the Veritas NetBackup plug-in for backup reporting
    7.  
      How to respond to backup status
  5. Restoring virtual machines
    1.  
      Configuring settings for virtual machine recovery
    2.  
      Notes on the NetBackup recovery wizards
    3.  
      How to access the NetBackup Recovery Wizards
    4. NetBackup Recovery Wizard screens
      1.  
        Virtual Machine Selection screen
      2.  
        Image Selection screen
      3.  
        Destination Selection screen
      4.  
        Transport Selection screen
      5.  
        Disk Provision screen
      6.  
        Virtual Machine Options screen
      7.  
        Network Selection screen
      8.  
        Pre-Recovery Check screen
    5. NetBackup Instant Recovery Wizard screens
      1.  
        Instant Recovery: Virtual Machine Selection screen
      2.  
        Instant Recovery: Image Selection screen
      3.  
        Instant Recovery: Destination Selection
      4.  
        Instant Recovery: Virtual Machine Options screen
      5.  
        Instant Recovery: Review Selection
    6.  
      Instant Recovery: Cleaning the recovery environment and releasing the NetBackup resources
  6. Troubleshooting
    1.  
      The message NoPermission appears during plug-in installation
    2.  
      Reducing the load time for the NetBackup plug-in for vSphere Client (HTML5)
    3.  
      A NetBackup master server is not available in the master server list of the Instant Recovery Wizard
    4.  
      The NetBackup plug-in for vSphere Client (HTML5) does not find any backup images in the listed events
    5.  
      The NetBackup Recovery wizard for vSphere Client (HTML5) does not find a particular backup image
    6.  
      Mismatch in vCenter server name (uppercase vs. lowercase letters) causes the VMware connectivity test to fail
    7.  
      Instant recovery operation is not complete due to NFS mount limit exceed
    8.  
      Instant recovery-ready backup images are not available for selection
    9.  
      The vCenter server and NetBackup master server names are not available for search
    10.  
      Preferred Instant recovery destination options are not saved
    11.  
      Virtual machine display name conflicts are not shown before the pre-recovery check
    12.  
      Reasons for failure of pre-recovery checks
    13.  
      Too much time taken to populate the list of NetBackup master servers
    14.  
      The NetBackup plug-in is not shown in the vSphere Client (HTML5) interface even after registration
    15.  
      The correct NetBackup master server does not show up for selection for a given vCenter server on the Instant recovery wizard
    16.  
      Troubleshooting master server communication failures in the plug-in's Recovery Portal
  7. Appendix A. Instant recovery events and best practices
    1.  
      Instant recovery events for non-available virtual machines
    2.  
      Best practices for instant recovery operations
  8. Appendix B. Installing the vSphere Client (HTML5) plug-in from a NetBackup media server and plug-in package host
    1.  
      Installing the vSphere Client (HTML5) plug-in from a NetBackup media server and plug-in package host (web server)

Adding or deleting an additional host name or IP address for an authentication token

The manageClientCerts command generates an authentication token for a specific vCenter. The token gives the vCenter access to the NetBackup master server where the token was generated. The token works if the vCenter's host name or DNS name is identical to the name that was entered on the manageClientCerts command.

For some environments, it may be necessary to allow the token to work with additional host names or IP addresses. An example is a multi-homed vCenter on multiple networks. Another example is a vCenter that uses Network Address Translation (NAT). In these cases, the request for access to the NetBackup master may come from a host name or IP address that was not specified when the token was generated.

To allow access to NetBackup from such environments, you can use the manageClientCerts command to do the following:

  • Add another host name (or IP address) of the vCenter server for the existing token. The added host name or IP address is referred to as an alias. You can add multiple aliases for a token.

    IPv4 and IPv6 addresses are supported.

  • Delete a host name or IP address from a token.

  • Allow the token to be used on any vCenter server.

  • List existing aliases for a token.

The manageClientCerts command is in the following location:

Windows

install_path\NetBackup\wmc\bin\install\manageClientCerts.bat

UNIX, Linux

/usr/openv/wmc/bin/install/manageClientCerts

Table: Add a host name or IP address for an existing authentication token

Task

Enter the following on the NetBackup master server:

Add a host name

manageClientCerts -addAlias host_name_used_to_generate_token -HOST additional_host_name_for_token

Where host_name_used_to_generate_token is the host name that was specified when the token was generated, and additional_host_name_for_token is the additional host name of the vCenter server.

For example:

manageClientCerts -addAlias vCenter1 -HOST vCenter1.example.com

Command output:

Successful -addAlias, for client: vCenter1, type: HOST,
alias: vCenter1.example.com

In this example, the added host name is vCenter1.example.com.

Note:

You can add multiple host names for a token. Add one host name for each instance of manageClientCerts.

Add an IP address or range of IP addresses

manageClientCerts -addAlias host_name_used_to_generate_token -IP IP_address_for_token | IP_address_with_netmask_for_token

Where host_name_used_to_generate_token is the host name that was specified when the token was generated. The IP address to add can be a single address (IP_address_for_token) or a range of addresses (IP_address_with_netmask_for_token).

For example:

To add a single IP address:

manageClientCerts -addAlias vCenter1 -IP 10.80.154.1

To add a range of IP addresses using a netmask:

manageClientCerts -addAlias vCenter1 -IP 10.80.154.0/29

In this example, 10.80.154.0/29 allows 6 hosts with IP addresses from 10.80.154.1 to 10.80.154.7 to use the same token.

Note:

For a range of IP addresses, manageClientCerts supports IP net masking, sometimes called Classless Inter-Domain Routing notation (CIDR).

Note:

You can add multiple IP addresses for a token. If not adding a range of addresses, add one IP address for each instance of manageClientCerts.

Note:

IPv4 and IPv6 addresses are supported.

Allow the token to operate with any host

manageClientCerts -addAlias host_name_used_to_generate_token -ANY

Where host_name_used_to_generate_token is the host name that was specified when the token was generated. -ANY allows any host or any IP address to communicate with the NetBackup server by means of this token.

Caution: Use the -ANY option with care. Allowing any host to use the token may introduce a security risk.

Table: Remove a host name or IP address from an existing authentication token

Task

Enter the following on the NetBackup master server:

Delete a host name

manageClientCerts -deleteAlias host_name_used_to_generate_token -HOST host_name_to_delete

Where host_name_used_to_generate_token is the host name that was specified when the token was generated, and host_name_to_delete is the name to be removed.

Delete an IP address

manageClientCerts -deleteAlias host_name_used_to_generate_token -IP IP_address_to_delete

Where host_name_used_to_generate_token is the host name that was specified when the token was generated, and IP_address_to_delete is the IP address to be removed.

Delete the -ANY option

manageClientCerts -deleteAlias host_name_used_to_generate_token -ANY

Where host_name_used_to_generate_token is the host name that was specified when the token was generated. The -ANY option is removed from the token. If particular aliases (host names or IP addresses) had been added for the token, those aliases remain in force.

Table: List the host names or IP addresses (aliases) that have been defined for a token

Task

Enter the following on the NetBackup master server:

List host names or IP addresses (aliases)

manageClientCerts -listAliases host_name_used_to_generate_token

Where host_name_used_to_generate_token is the host name that was specified when the token was generated.

For example:

manageClientCerts -listAliases vCenter1

Command output:

Aliases for vCenter1:
HOST = vCenter1.example.com

In this example, the alias is vCenter1.example.com. If the token was set with the -ANY option (to accept connections from any host or any IP address), the -listAliases output is the following:

Aliases for vCenter1:
HOST = *

Further assistance is available:

See Troubleshooting master server communication failures in the plug-in's Recovery Portal.