NetBackup and Veritas Appliances Hardening Guide
- Top recommendations to improve your NetBackup and Veritas appliances security posture
- Steps to protect Flex Appliance
- Managing single sign-on (SSO)
- About lockdown mode
- Configuring an isolated recovery environment on a WORM storage server
- Steps to protect NetBackup Appliance
- About single sign-on (SSO) authentication and authorization
- About authentication using smart cards and digital certificates
- About data encryption
- About forwarding logs to an external server
- Steps to protect NetBackup
- Configure NetBackup for single sign-on (SSO)
- Configure user authentication with smart cards or digital certificates
- Access codes
- Workflow to configure immutable and indelible data
- Add a configuration for an external CMS server
- Configuring an isolated recovery environment on a NetBackup BYO media server
- About FIPS support in NetBackup
- Workflow for external KMS configuration
- Workflow to configure data-in-transit encryption
- Workflow to use external certificates for NetBackup host communication
- About certificate revocation lists for external CA
- Configuring an external certificate for a clustered primary server
- Configuring a NetBackup host (media server, client, or cluster node) to use an external CA-signed certificate after installation
- Configuration options for external CA-signed certificates
- ECA_CERT_PATH for NetBackup servers and clients
- About protecting the MSDP catalog
- How to set up malware scanning
- About backup anomaly detection
Add a credential for CyberArk
This type of credential allows you to access an external CMS server.
To add a credential for an external CMS server
- On the left, click Credential management.
- On the Named credentials tab, click Add.
- Select NetBackup and click Start.
On Add a credential page, provide the following properties:
Credential name
Tag
Description (for example: This credential is used to access the external CMS.)
- Click Next.
- Select CyberArk as the category.
- Provide the credential details for CyberArk server:
These details are used to authenticate the communication between the NetBackup primary server and the external CMS server:
Certificate - Specify the certificate file contents.
Private key - Specify the private key file contents.
CA Certificate - Specify the CA certificate file contents.
Passphrase - Enter the passphrase of the private key file.
CRL check level - Select the revocation check level for the external CMS server certificate.
CHAIN - The revocation status of all the certificates from the certificate chain are validated against the CRL.
DISABLE - Revocation check is disabled. The revocation status of the certificate is not validated against the CRL during host communication.
LEAF - The revocation status of the leaf certificate is validated against the CRL.
- Click Next.
- Add a role that you want to have access to the credential.
Click Add.
Select the role.
Select the credential permissions that you want the role to have.
- Click Next and follow the prompts to complete the wizard.