NetBackup™ for Cloud Object Store Administrator's Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (11.0)
  1. Introduction
    1.  
      Overview of NetBackup protection for Cloud object store
    2.  
      Features of NetBackup Cloud object store workload support
  2. Managing Cloud object store assets
    1.  
      Planning NetBackup protection for Cloud object store assets
    2.  
      Enhanced backup performance in 11.0 or later
    3.  
      Prerequisites for adding Cloud object store accounts
    4.  
      Configuring buffer size for backups
    5.  
      Configure a temporary staging location
    6.  
      Configuring advanced parameters for Cloud object store
    7.  
      Permissions required for Amazon S3 cloud provider user
    8.  
      Permissions required for Azure blob storage
    9.  
      Permissions required for GCP
    10.  
      Limitations and considerations
    11. Adding Cloud object store accounts
      1.  
        Creating cross-account access in AWS
      2.  
        Check certificate for revocation
      3.  
        Managing Certification Authorities (CA) for NetBackup Cloud
      4.  
        Adding a new region
    12.  
      Manage Cloud object store accounts
    13. Scan for malware
      1.  
        Backup images
      2.  
        Assets by policy type
  3. Protecting Cloud object store assets
    1. About accelerator support
      1.  
        How NetBackup accelerator works with Cloud object store
      2.  
        Accelerator notes and requirements
      3.  
        Accelerator force rescan for Cloud object store (schedule attribute)
      4.  
        Accelerator backup and NetBackup catalog
      5.  
        Calculate the NetBackup accelerator track log size
    2.  
      About incremental backup
    3.  
      About dynamic multi-streaming
    4. About storage lifecycle policies
      1.  
        Adding an SLP
    5.  
      About policies for Cloud object store assets
    6.  
      Planning for policies
    7.  
      Prerequisites for Cloud object store policies
    8.  
      Creating a backup policy
    9.  
      Policy attributes
    10.  
      Creating schedule attributes for policies
    11. Configuring the Start window
      1.  
        Adding, changing, or deleting a time window in a policy schedule
      2.  
        Example of schedule duration
    12.  
      Configuring the exclude dates
    13.  
      Configuring the include dates
    14.  
      Configuring the Cloud objects tab
    15.  
      Adding conditions
    16.  
      Adding tag conditions
    17.  
      Examples of conditions and tag conditions
    18. Managing Cloud object store policies
      1.  
        Copy a policy
      2.  
        Deactivating or deleting a policy
      3.  
        Manually backup assets
  4. Recovering Cloud object store assets
    1.  
      Prerequisites for recovering Cloud object store objects
    2.  
      Configuring Cloud object retention properties
    3.  
      Recovering Cloud object store assets
  5. Troubleshooting
    1.  
      Error 5541: Cannot take backup, the specified staging location does not have enough space
    2.  
      Error 5537: Backup failed: Incorrect read/write permissions are specified for the download staging path.
    3.  
      Error 5538: Cannot perform backup. Incorrect ownership is specified for the download staging path.
    4.  
      Reduced acceleration during the first full backup, after upgrade to versions 10.5 and 11.
    5.  
      After backup, some files in the shm folder and shared memory are not cleaned up.
    6.  
      After an upgrade to NetBackup version 10.5, copying, activating, and deactivating policies may fail for older policies
    7.  
      Backup fails with default number of streams with the error: Failed to start NetBackup COSP process.
    8.  
      Backup fails, after you select a scale out server or Snapshot Manager as a backup host
    9.  
      Backup fails or becomes partially successful on GCP storage for objects with content encoded as GZIP.
    10.  
      Recovery for the original bucket recovery option starts, but the job fails with error 3601
    11.  
      Recovery Job does not start
    12.  
      Restore fails: "Error bpbrm (PID=3899) client restore EXIT STATUS 40: network connection broken"
    13.  
      Access tier property not restored after overwriting the existing object in the original location
    14.  
      Reduced accelerator optimization in Azure for OR query with multiple tags
    15.  
      Backup failed and shows a certificate error with Amazon S3 bucket names containing dots (.)
    16.  
      Azure backup jobs fail when space is provided in a tag query for either tag key name or value.
    17.  
      The Cloud object store account has encountered an error
    18.  
      The bucket is list empty during policy selection
    19.  
      Creating a second account on Cloudian fails by selecting an existing region
    20.  
      Restore failed with 2825 incomplete restore operation
    21.  
      Bucket listing of a cloud provider fails when adding a bucket in the Cloud objects tab
    22.  
      AIR import image restore fails on the target domain if the Cloud store account is not added to the target domain
    23.  
      Backup for Azure Data Lake fails when a back-level media server is used with backup host or storage server version 10.3
    24.  
      Backup fails partially in Azure Data Lake: "Error nbpem (pid=16018) backup of client
    25.  
      Recovery for Azure Data Lake fails: "This operation is not permitted as the path is too deep"
    26.  
      Empty directories are not backed up in Azure Data Lake
    27.  
      Recovery error: "Invalid alternate directory location. You must specify a string with length less than 1025 valid characters"
    28.  
      Recovery error: "Invalid parameter specified"
    29.  
      Restore fails: "Cannot perform the COSP operation, skipping the object: [/testdata/FxtZMidEdTK]"
    30.  
      Cloud store account creation fails with incorrect credentials
    31.  
      Discovery failures due to improper permissions
    32.  
      Restore failures due to object lock

Prerequisites for adding Cloud object store accounts

Gather the following before you start adding a Cloud object store account.

  • Gather information about the cloud provider, service host, and region.

    Here, the service host is the host name of the Cloud object storage API endpoint that is provided by the cloud provider. For example, in the AWS public S3 endpoint URL: https://s3.us-east-1.amazonaws.com, the part:  s3.us-east-1.amazonaws.com is the service host.

    For a private cloud setup, the URL may be like: https://s3.us-east-1.amazomaws.com/tenent123/. Here the service host is: s3.us-east-1.amazomaws.com/tenent123/.

  • Note the supported authentication types by the cloud service provider and decide on the authentication type to use. All cloud providers support the Access credentials authentication type. Other supported Authentication types are:

    • IAM Role (EC2): For Amazon and Amazon Gov

    • Assume Role: For Amazon and Amazon Gov

    • Assume role EC2: For Amazon and Amazon Gov

    • Credential Broker: For Amazon Gov

    • Service Principal: For Azure

    • Managed Identity: For Azure

  • If you plan to use a proxy for communication with cloud endpoints, gather the required details of the proxy server.

  • Get the Cloud account credentials, and any additional required parameters, as per the authentication type. These credential details should have the required permissions recommended in NetBackup documentation.

    See Permissions required for Amazon S3 cloud provider user.

    See Permissions required for Azure blob storage.

    See Permissions required for GCP.

  • Make sure that the required outbound ports are open, and configurations are done for communication from the backup host or scale-out server to the cloud provider endpoint using REST API calls.

    • On the backup host, S3 or Azure storage URL endpoints use the HTTPS default port 443. For a private cloud provider, this port can be any custom port that is configured in the private cloud storage.

    • If you use a proxy server to connect to the cloud storage, you need to allow that port. You can provide the proxy server-related details in NetBackup, while creating a Cloud object store account.

    • The certificate revocation status check option uses the OCSP protocol, which typically uses HTTP port 80. Ensure that the OCSP URL is reachable from the backup host.