Veritas NetBackup™ Appliance Administrator's Guide
- Overview
- About accessing the NetBackup Appliance Web Console
- About the NetBackup Appliance Shell Menu
- About appliance console components
- Monitoring the NetBackup appliance
- About hardware monitoring and alerts
- About Symantec Data Center Security on the NetBackup appliance
- Managing a NetBackup appliance from the NetBackup Appliance Web Console
- About storage configuration
- About Copilot functionality and Share management
- About viewing storage space information using the Show command
- About appliance supported tape devices
- About configuring Host parameters for your appliance
- Manage > Appliance Restore
- Manage > License
- About the Migration Utility
- Software release updates for NetBackup Appliances
- About installing an EEB
- About installing NetBackup Administration Console and client software
- Manage > Additional Servers
- Manage > High Availability
- Managing NetBackup appliance using the NetBackup Appliance Shell Menu
- About OpenStorage plugin installation
- About mounting a remote NFS
- About running NetBackup commands from the appliance
- About NetBackup administrator capabilities
- Creating a NetBackup touch file from the NetBackup appliance
- Creating NetBackup administrator user accounts
- About NetBackup administrator capabilities
- About Auto Image Replication between appliances
- About forwarding logs to an external server
- About high availability configuration
- About the non-certified disk erasure
- Understanding the NetBackup appliance settings
- Settings > Notifications
- Settings > Network
- Settings > Network > Network Settings
- Settings > Network > Fibre Transport
- Settings > Network > Host
- Settings > Authentication
- About configuring user authentication
- About authorizing NetBackup appliance users
- Settings > Authentication > LDAP
- Settings > Authentication > Active Directory
- Settings > Authentication > Kerberos-NIS
- Settings > Authentication > User Management
- Troubleshooting
- Deduplication pool catalog backup and recovery
Adding a trusted master server
You can configure a trust relationship between multiple NetBackup domains. To do so, in the source domain and the target domain you must add a trust relationship.
A trust relationship between domains helps with replication operations.
Perform the following steps on both the source and the target server.
Identify the NetBackup versions that are installed on the source and the target servers.
Obtain the authorization tokens of the remote server.
Use the bpnbat command to log in and nbcertcmd to get the authorization tokens.
To perform this task, see the NetBackup Commands Reference Guide.
Obtain the fingerprints for the remote server.
To obtain the SHA1 fingerprint of root certificate, use the nbcertcmd -displayCACertDetail command.
To perform this task, see the NetBackup Commands Reference Guide.
Ensure that you have one of the following permissions:
System administrator permissions with root permissions for UNIX and administrator permissions for Windows, and a NetBackupCLI user for a 3.1 NetBackup appliance.
Access to NetBackup Administrator console, where you have <username> ADMIN=ALL permissions through
auth.conf
.Enhanced audit user permissions through
authalias.conf
.
For more information, see the NetBackup Security and Encryption Guide.
If NBAC is enabled, ensure that both the target and the source master server have the same NBAC configuration.
If the either the source or the target server master server is on version 8.0 or earlier, ensure that the Enable insecure communication with Appliance 8.0 and earlier hosts option on tab is selected.
To add a trusted master server
- In the NetBackup Administration Console, expand NetBackup Management > Host Properties > Master Servers in the left pane.
- In the right pane, select the master server.
- On the Actions menu, click Properties.
- In the properties dialog box left pane, select Servers.
- In the Servers dialog box, select the Trusted Master Servers tab.
- On the Trusted Master Servers tab, click Add.
The Add Trusted Master Server dialog box appears.
- In the Add Trusted Master Server dialog box, enter the fully-qualified host name of the remote master server.
- Click Validate Certificate Authority.
Depending on the NetBackup version of the target server, the next screens are displayed.
The following is an example of the dialog box:
- If the target server is on version 8.0 or earlier:
In the Add Trusted Master Server dialog box, enter the Username and Password of the remote master server host.
Skip steps 10 through 12.
The following is an example of the dialog box:
- If both the source and the target server are on version 8.1 or later:
In the Validate Certificate Authority dialog box, verify if the CA certificate fingerprint of the remote server is correct.
- To proceed, click Yes.
Or
If the fingerprints don't match, click No.
Contact the remote server admin to provide the correct fingerprints.
- In the Add Trusted Master Server dialog box, enter the trusted master server details.
Select Specify Authentication Token of the trusted master server and enter the token details of the remote master server.
Note:
To view the token you have entered, select Show Token.
Or
Select Specify credentials of the trusted master server and enter the user name and password.
To establish trust with a 3.1 NetBackup master appliance, use the NetBackupCLI credentials.
Note:
Veritas recommends using an authentication token to connect to the remote master server. An authentication token provides restricted access and allows secure communication between both the hosts. The use of user credentials (user name and password) may present a possible security breach.
The following is an example of the dialog box:
- Click OK.
- Perform the same procedure on the remote master server of the master server you have added above.
Skip this step if the target server is on version 8.0 or earlier.
Note:
You will not be able to fetch the host properties of a trusted master server from Host Properties > Client lists.