NetBackup™ Web UI Security Administrator's Guide
- Introducing the NetBackup web user interface
- Managing role-based access control
- Steps to create an object group
- Adding AD or LDAP domains
- Security events and audit logs
- Managing hosts
- Managing security certificates
- Managing NetBackup security certificates
- Using external security certificates with NetBackup
- Managing user sessions
- Managing master server security settings
- Creating and using API keys
- Configuring smart card authentication
- Troubleshooting access to the web UI
- Unable to add AD or LDAP domains with the vssat command
About the NetBackup web user interface
The NetBackup web user interface provides the following features:
Ability to access the master server from a web browser, including Chrome and Firefox.
For details on supported browsers for the web UI, see the NetBackup Software Compatibility List.
A dashboard that displays a quick overview of the information that is important to you.
Role-based access control (RBAC) that lets the administrator configure user access to NetBackup and to delegate the tasks that are related to security, backup management, or workload protection.
NetBackup security administrators can manage NetBackup security, certificates, RBAC, API keys, user sessions, and locked NetBackup user accounts.
Backup administrators provide protection services to satisfy their service level objectives (SLOs). Protection of assets is achieved through protection plans, job management, and visibility of the protection status of assets.
Workload administrators can subscribe assets to the protection plans that meet the SLO, monitor protection status, and perform self-service recovery of virtual machines. The web UI supports the following workloads:
Red Hat Virtualization (RHV)
Usage reporting tracks the size of backup data on your master servers. You can also easily connect to Veritas Smart Meter to view and manage NetBackup licensing.
NetBackup uses role-based access control to grant access to the web UI. This access control includes the tasks a user can perform and the assets the user can view and manage. Access control is accomplished through access rules.
Access rules associate a user or a user group with a role and an object group. The role defines the permissions a user has. An object group defines the assets and NetBackup objects a user can access. Multiple access rules can be created for a single user or group, allowing for full and flexible customization of user access.
NetBackup comes with three default roles. Choose the role that best fits a user's needs or create a custom role to meet the requirements for that user.
Use object groups to define groups of assets or application servers or to indicate the protection plans that users can view or manage. For example, you can grant access for VMware administrators by creating an object group with specific VMware application servers. Also add to the object group the specific protection plans that the VMware administrator can choose to protect VMware assets.
RBAC is only available for the web UI and the APIs.
Other access control methods for NetBackup are not supported for the web UI and APIs, with the exception of Enhanced Auditing (EA). You cannot use the web UI if you have NetBackup Access Control (NBAC) enabled.
The NetBackup web UI lets the security and the backup administrators more easily monitor NetBackup operations and events and identify any issues that need attention.
For a NetBackup security administrator, the dashboard lets the administrator see the status of security certificates and of audit events.
For a backup administrator, the dashboard allows the administrator to see the status of NetBackup jobs. Email notifications can also be configured so they receive notifications when job failures occur. NetBackup supports any ticketing system that can receive inbound email.
Protection plans offer the following benefits:
In addition to schedules for backups, a protection plan can also include a schedule for replication and long-term retention.
You can easily choose either on-premises or snapshot storage.
When you select from your available storage, you can see any additional features available for that storage.
The backup administrator creates and manages protection plans and is therefore responsible for backup schedules and storage.
The workload administrator primarily selects the protection plans to use to protect assets or intelligent groups. However, the backup administrator can also subscribe assets to protection plans if needed.