NetBackup™ Web UI Nutanix AHV Administrator's Guide
- Overview
- Managing AHV clusters
- Quick configuration checklist to protect AHV virtual machines
- Configure secure communication between the AHV cluster and NetBackup host and Nutanix Prism Central and NetBackup host
- Enable the iSCSI initiator service on windows backup host
- Install the iSCSI initiator package on Linux backup host
- Migrate Java GUI/CLI added clusters into WebUI
- Configure Nutanix AHV cluster
- Configure CHAP settings for iSCSI secure communication with AHV clusters
- About the ports that NetBackup uses to communicate with AHV
- Add or browse an AHV cluster
- Remove AHV Clusters
- Add a new Nutanix Prism Central
- Add new Prism Central server credentials
- Remove Nutanix Prism Central
- Create an intelligent VM group
- Assign permissions to the intelligent VM group
- Update the intelligent VM group
- Remove the intelligent VM group
- Set CHAP for iSCSI
- Add an AHV access host
- Remove an AHV access host
- Change resource limits for AHV resource types
- Change the autodiscovery frequency of AHV assets
- Managing credentials
- Protecting AHV virtual machines
- Things to know before you protect AHV virtual machines
- Protect AHV VMs or intelligent VM groups
- Protect AHV VMs within VPC
- Customize protection settings for an AHV asset
- Schedules and retention
- Backup options
- Prerequisite to Enable virtual machine quiescing
- Remove protection from VMs or intelligent VM groups
- View the protection status of VMs or intelligent VM groups
- Recovering AHV virtual machines
- Things to consider before you recover the AHV virtual machines
- About the pre-recovery check
- Recover an AHV virtual machine
- Recover an AHV VM within VPC
- About Nutanix AHV agentless files and folders restore
- Prerequisites for agentless files and folder recovery
- SSH key fingerprint
- Recover files and folders with Nutanix AHV agentless restore
- Recovery target options
- Pre-recovery checks for Nutanix AHV
- About Nutanix-AHV agent-based files and folders restore
- Prerequisites for agent-based files and folder recovery
- Recover files and folders with Nutanix AHV agent based restore
- Limitations
- Troubleshooting AHV operations
- API and command line options for AHV
Configure secure communication between the AHV cluster and NetBackup host and Nutanix Prism Central and NetBackup host
NetBackup can now validate AHV cluster and Prism Central server certificates using their root or intermediate certificate authority (CA) certificates.
Only PEM certificate format is supported for virtualization servers.
The following procedure is applicable for the NetBackup media servers acting as backup hosts and all AHV access hosts.
To configure secure communication between AHV cluster and AHV access host and AHV Prism Central Server and AHV access host:
- Use the openssl s_client -connect Nutanix Cluster FQDN:9440 -showcerts < /dev/null command from a Linux system to obtain the Nutanix certificates.
For Nutanix Prism Central use the openssl s_client -connect Nutanix Prism Central FQDN:9440 -showcerts < /dev/null
- Scroll to the end of the results and copy the last certificate which starts from:
-----BEGIN CERTIFICATE----- <Certificate> -----END CERTIFICATE-----
Note:
Ensure to copy the five dashes before and after the BEGIN and END CERTIFICATE.
- Paste the information to a text file and then rename it as
certificate file name.pemand copy it to a path to your backup host. Recommended path is:For Linux:
/usr/openv/netbackup.For Windows:
Install drive\Program Files\Veritas\Netbackup.
For Linux: Enter the PEM file path
ECA_TRUST_STORE_PATH=/usr/openv/netbackup/certificate file name.pemin thebp.confon the backup host.For Windows: Run the command Install drive\Program Files\Veritas\Netbackup\bin\nbsetconfig.
- Use the nbsetconfig command to configure the following NetBackup configuration options on the access host:
For more information on the configuration options, refer to the NetBackup Administrator's Guide, Volume I.
For more information on external CA support, refer to the NetBackup Security and Encryption Guide.
Table:
ECA_TRUST_STORE_PATH | Specifies the file path to the certificate file that contains all trusted root CA certificates. This option is specific to file-based certificates. You should not configure this option if Windows certificate store is used. If you have already configured this external CA option, append the Nutanix AHV CA certificates to the existing external certificate trust store. If you have not configured the option, add all the required Nutanix AHV server CA certificates to the trust store and set the option. |
ECA_CRL_PATH | Specifies the path to the directory where the certificate revocation lists (CRL) of the external CA are located. If you have already configured this external CA option, append the AHV CRLs to the CRL cache. If you have not configured the option, first add all the required CRLs to the CRL cache. Then set the option. |
VIRTUALIZATION_HOSTS_SECURE_CONNECT_ENABLED | This option affects AHV, RHV, and VMware secure communication. Without this option, the secure or insurce communication with workload is decided by each workload and plug-in separately. For Nutanix AHV, secure communication is enabled by default. This option lets you skip the security certificate validation. Disabling this option lets you skip the security certificate validation. Veritas recommends that you enable secure communication using the ECA_TRUST_STORE_PATH option. |
VIRTUALIZATION_CRL_CHECK | Lets you validate the revocation status of the virtualization server certificate against the CRLs. By default, the option is enabled. |