NetBackup™ Web UI Cloud Administrator's Guide
- Managing and protecting cloud assets
- About protecting cloud assets
- Limitations and considerations
- AWS and Azure government cloud support
- Configure Snapshot Manager in NetBackup
- Managing intelligent groups for cloud assets
- Protecting cloud assets or intelligent groups for cloud assets
- About storage lifecycle policies
- Managing policies for cloud assets
- Limitations and considerations
- Planning for policies
- Creating policies for cloud assets
- Setting up attributes for PaaS assets
- Setting up attributes for IaaS assets
- Creating schedules
- About backup frequency
- About assigning retention periods
- Configuring the Start window
- Configuring the include dates
- Configuring the exclude dates
- Configuring the cloud assets for PaaS
- Configuring the cloud assets for IaaS
- Configuring backup options for IaaS
- Managing cloud policies
- Scan for malware
- Protecting Microsoft Azure resources using resource groups
- NetBackup Accelerator for cloud workloads
- Configuring backup schedules for cloud workloads using protection plan
- Backup options for cloud workloads
- AWS Snapshot replication
- Protect applications in-cloud with application-consistent snapshots
- Protecting AWS or Azure VMs for recovering to VMware
- Cloud asset cleanup
- Cloud asset filtering
- Protecting PaaS assets
- Protecting PaaS assets
- Prerequisites for protecting PaaS assets
- Enabling binary logging for MySQL and MariaDB databases
- Enabling backup and restore in Kubernetes
- Prerequisites for protecting Amazon RDS SQL Server database assets
- Protecting RDS Custom instances
- Protecting Azure Managed Instance databases
- Limitation and considerations
- For all databases
- For PostgreSQL
- For incremental backups for Azure PostgreSQL
- For AWS RDS PostgreSQL and AWS Aurora PostgreSQL
- For AWS DynamoDB
- For AWS DocumentDB
- For AWS Neptune
- For AWS RDS SQL
- For Azure, AWS RDS, and Aurora MySQL
- For incremental backups using Azure MySQL server
- For incremental backups using the GCP SQL Server
- For Azure SQL and SQL Managed Instance
- For Azure SQL and SQL Managed Instance (without temp. database)
- For Azure SQL Server and SQL Managed Instance incremental backup
- For Azure Cosmos DB for MongoDB
- For Azure Cosmos DB for NoSQL
- For Amazon RDS for Oracle
- For Amazon Redshift databases
- For Amazon Redshift clusters
- For GCP SQL Server
- For GCP BigQuery
- Installing the native client utilities
- Configuring storage for different deployments
- Configuring the storage server for instant access
- About incremental backup for PaaS workloads
- Configuring incremental backups for Azure MySQL server
- About archive redo log backup for PaaS workloads
- About Auto Image Replication for PaaS workloads
- Discovering PaaS assets
- Viewing PaaS assets
- Managing PaaS credentials
- Add protection to PaaS assets
- Recovering cloud assets
- Recovering cloud assets
- About the pre-recovery check for VMs
- Supported parameters for restoring cloud assets
- Recovering virtual machines
- Recovering applications and volumes to their original location
- Recovering applications and volumes to an alternate location
- Recovery scenarios for GCP VMs with read-only volumes
- (GCP only) Restoring virtual machines and volumes using the autoDelete disk support
- Perform rollback recovery of cloud assets
- Recovering AWS or Azure VMs to VMware
- Recovering PaaS assets
- Recovering cloud assets
- Performing granular restore
- Troubleshooting protection and recovery of cloud assets
- Troubleshoot cloud workload protection issues
- Error Code 9855: Error occurred while exporting snapshot for the asset: <asset_name>
- VMs and other OCI assets with CMK-encrypted disks are marked as deleted in NetBackup UI.
- Backup from snapshot jobs take longer time than expected
- Backup from snapshot job fails due to connectivity issues when Snapshot Manager is deployed on an Ubuntu host
- Error disambiguation in NetBackup UI
- Status Code 150: Termination requested by administrator
- Troubleshoot PaaS workload protection and recovery issues
Creating a system or user-managed identity username
Do any of the following configurations:
Configure the managed identity user as an AAD admin:
Set the AAD admin on the SQL server or the Managed instance.
Go to Settings > Microsoft Entra ID> Set admin. Search and set the system-assigned or user-assigned managed identity, and save.
Note:
Only media servers configured with both system-assigned managed identity and AAD administrator permissions can perform backup and restore.
Create a managed identity user on the database using the SSMS client:
To set AAD admin for SQL server, create users, go to Settings > Active Directory admin > Set admin. Pick active directory for the user, and save.
Login to the SQL database or Managed database to create a user under that database.
CREATE USER [<managed_identity>] FROM EXTERNAL PROVIDER; ALTER ROLE db_owner ADD MEMBER [<managed_identity>];Provide login permission for that user on the SQL Server, run
# CREATE USER [<managed_identity>] FROM EXTERNAL PROVIDER; # ALTER ROLE loginmanager ADD MEMBER [<managed_identity>];
Note:
You must create users for all media servers communicating with the database using the system-assigned managed identity.
Note:
To restore a database, you must configure the managed identity user as an AAD admin on the target server.
To configure the AAD admin for the MySQL server, create a user. Go to Settings > Active Directory admin > Set admin. Pick the active directory user, and save.
Get the client ID for managed identity using Azure CLI, run
# az ad sp list --display-name <managed_identity> --query [*].appId --out tsv
Generate an access token to log on, using Azure CLI, run:
# az account get-access-token --resource-type oss-rdbms
Log on using the AAD admin user and access token, run:
# mysql -h <server name> --user <user name> --enable-cleartext-plugin --password=<token>
Create the manage identity user and grant the permissions, run:
# SET aad_auth_validate_oids_in_tenant = OFF; # CREATE AADUSER '<db_user>' IDENTIFIED BY '<Generated_client_id>'; # GRANT USAGE, DROP, SELECT, CREATE, SHOW VIEW, EVENT, LOCK TABLES , ALTER, CREATE VIEW, INSERT, REFERENCES, ALTER ROUTINE, PROCESS ON *.* TO '<db_user>'@'%'
To configure the AAD admin for the PostgreSQL server, create a user. Go to Settings > Active Directory admin > Set admin. Pick the active directory user, and save.
Get the client ID for the managed identity:
# az ad sp list --display-name <managed_identity> --query [*].appId --out tsv
Generate the access token required to login, run:
# az account get-access-token --resource-type oss-rdbms
Export the password for the generated token, run:
# export PGPASSWORD=<token>
Login using the AAD admin user and the access token, run:
# psql "host=<host name> port=5432 dbname=<dbname> user=<user name> sslmode=require"
To create a user and grant permissions, run:
# SET aad_auth_validate_oids_in_tenant = OFF; # CREATE ROLE <db_user> WITH LOGIN PASSWORD '<client_id>' IN ROLE azure_ad_user; # GRANT azure_pg_admin TO <db_user>; # ALTER USER smipguser CREATEDB; # ALTER USER smipguser Replication;
Note:
Only user-managed identity is supported for MySQL Flexible Server. Managed Identity support is not available for PostgreSQL Flexible Server.
Log on to your Azure portal.
To assign the Cosmos DB Built-in Data Contributor role to the managed identity, run the command:
# az cosmosdb sql role assignment create -a <Account_Name> -g <Resource_Group_Name> -s "/" -p <Object_ID/Principle_ID> -d 00000000-0000-0000-0000-000000000002
Where:
Account_Name is the Azure Cosmos account name.
Resource_Group_Name is the Resource group name of the account.
Object_ID/Principle_ID is the Managed identity object or principle ID.
00000000-0000-0000-0000-000000000002 is the Cosmos DB Built-in Data Contributor role ID.