NetBackup™ Snapshot Manager for Data Center 管理指南
- 简介
- 准备 NetBackup Snapshot Manager for Data Center 安装
- 使用容器映像部署 NetBackup Snapshot Manager for Data Center
- 开始安装 NetBackup Snapshot Manager for Data Center 之前
- 在 Docker/Podman 环境中安装 NetBackup Snapshot Manager for Data Center
- 保护与 NetBackup Snapshot Manager for Data Center 的连接
- 验证是否已成功安装 NetBackup Snapshot Manager for Data Center
- 重新启动 NetBackup Snapshot Manager for Data Center
- 将 NetBackup 介质服务器与 Snapshot Manager for Data Center 关联
- 升级 NetBackup Snapshot Manager for Data Center
- 卸载 NetBackup Snapshot Manager for Data Center
- Snapshot Manager for Data Center 目录库备份和恢复
- 配置 NetBackup Snapshot Manager for Data Center
- Storage array replication(存储阵列同步复制)
- Snapshot Manager for Data Center 存储阵列插件
- 为 Snapshot Manager for Data Center 配置存储阵列插件
- 不同阵列所需的端口
- Dell EMC PowerMax 和 VMax 阵列
- Dell EMC PowerFlex 阵列
- Dell EMC PowerScale (Isilon)
- DELL EMC PowerScale (Isilon) 上支持的 NetBackup Snapshot Manager for Data Center 操作
- DELL EMC PowerScale (Isilon) 插件配置前提条件
- Dell EMC PowerScale (Isilon) 插件配置参数
- 将 SmartConnect 与 Snapshot Manager for Data Center 一起使用
- Dell EMC PowerScale (Isilon) 上的角色和权限
- Dell EMC PowerScale (Isilon) 的快照同步复制
- 支持的 Dell EMC PowerScale (Isilon) 同步复制拓扑
- Dell EMC PowerScale (Isilon) 的注意事项
- Dell EMC PowerStore SAN 和 NAS 插件
- Dell EMC XtremIO SAN 阵列
- Dell EMC Unity 阵列
- Fujitsu Eternus AF/DX SAN 阵列
- Fujitsu Eternus AB/HB SAN 阵列
- HPE RMC 插件
- HPE XP 插件
- HPE Alletra 9000 SAN 阵列
- HPE Alletra 6000 SAN 阵列
- HPE GreenLake for Block Storage 阵列
- Hitachi NAS 阵列
- Hitachi SAN 阵列
- IBM Storwize SAN V7000 插件
- IBM FlashSystem 插件
- IBM SAN Volume Controller 插件
- InfiniBox SAN 阵列
- InfiniBox NAS 阵列
- Lenovo DM 5000 系列阵列
- NetApp 存储阵列
- NetApp Cloud Volumes ONTAP (CVO)
- Amazon FSx for NetApp ONTAP 插件
- NetApp E 系列阵列
- Nutanix Files 阵列
- Pure Storage FlashArray SAN
- Pure Storage FlashBlade 插件配置说明
- PowerMax eNAS 阵列
- Qumulo NAS 阵列
- Configuring storage lifecycle policies for snapshots and snapshot replication(为快照和快照同步复制配置存储生命周期策略)
- NetBackup Snapshot Manager 日志记录
- 故障排除
保护与 NetBackup Snapshot Manager for Data Center 的连接
支持的情况:
主服务器和 Snapshot Manager for Data Center 必须使用 ECA 或 NBCA 。
对于 NBCA 和 ECA 混合模式,继续使用 ECA 模式进行 NetBackup Snapshot Manager for Data Center 安装。
不支持的情况:主服务器使用 NBCA,而 NetBackup Snapshot Manager for Data Center 使用 ECA,反之亦然。
在 NetBackup Snapshot Manager for Data Center 中,可以在 /cloudpoint/eca/crl 文件中上传外部 CA 的 CRL。如果 crl 目录不存在或为空,则上传的 CRL 不起作用。
以下三个参数是可调参数,可以在 /cloudpoint/flexsnap.conf 文件中的 eca 部分下添加条目。
表:ECA 参数
参数 | 默认值 | 值 | 备注 |
|---|---|---|---|
eca_crl_check | 0 (Disabled) | 0 (disabled) 1 (leaf) 2 (chain) | 证书检查级别。用于控制连接到本地/云工作负载的 NetBackup Snapshot Manager for Data Center 主机的 CRL/OCSP 验证级别。
|
eca_crl_refresh_ hours | 24 | 介于 0 到 4830 之间的数值 | 通过证书 CDP URL 从 CA 更新 NetBackup Snapshot Manager for Data Center CRL 缓存的时间间隔(以小时为单位)。如果存在 |
eca_crl_path_sync_ hours | 1 | 介于 1 到 720 之间的数值 | 从 |
有关更多信息,请参考《NetBackup™ 安全和加密指南》的以下部分。
关于基于主机 ID 的证书吊销列表
证书部署过程中何时需要授权令牌。
注意:
如果在 /cloudpoint/flexsnap.conf 文件中手动添加或修改任何 ECA 可调参数,则不会验证缓存。
有关 NetBackup CA 和证书的详细信息,请参考《NetBackup™ 安全和加密指南》的“NetBackup CA 和 NetBackup 证书”一章。
下表提供了在 Snapshot Manager for Data Center 中吊销证书时要执行的重新生成步骤:
用例 | 命令 |
|---|---|
|
CA 迁移 |
|
吊销证书后,重新生成 NBCA 证书 | # flexsnap_configure renew --token <reissue-token> Generating new NetBackup Host-ID certificate... Snapshot Manager certificate is renewed. |
吊销证书后,重新生成 ECA 证书 | # flexsnap_configure renew --ca /eca2/trusted/cacerts.pem --key /eca2/private/key.pem --chain /eca2/cert_chain.pem Enrolling external CA certificates with NetBackup... Snapshot Manager certificate is renewed. |
迁移后,重新生成 ECA/NBCA 证书 | # flexsnap_configure renew --hostnames new-nbsm.veritas.com --token <authentication-token> Generating new NetBackup Host-ID certificate... Snapshot Manager certificate is renewed. Please run 'flexsnap_configure renew --internal --hostnames <nbsm_fqdn> to renew Snapshot Manager's internal CA and certificates. |
为扩展重新生成证书 | # flexsnap_configure renew --extension --primary <nbsm_fqdn> --token <extension_token> |
证书轮换 | # flexsnap_configure renew --force Generating new NetBackup Host-ID certificate... Snapshot Manager certificate is renewed. |
内部 flexsnap CA 证书(在迁移、灾难恢复情况下) | # flexsnap_configure renew --internal --hostnames <nbsm_fqdn> Renewed Flexsnap CA ... skip Renewed rabbitmq certificate ... done Renewed postgresql certificate ... done Renewed listener certificate ... done Renewed workflow certificate ... done Renewed scheduler certificate ... done Renewed agent certificate ... done Renewed client certificate ... done Renewed certmaster certificate ... done Renewed agent certificate ... done Renewed notification certificate ... done Renewed client certificate ... done Renewed client certificate ... done Renewed mongodb certificate ... done Renewed coordinator certificate ... done Renewed config certificate ... done Renewed idm certificate ... done Renewed agent certificate ... done Renewed client certificate ... done Renewed policy certificate ... done Snapshot Manager's CA and certificates are renewed. Restart the Snapshot Manager stack using 'flexsnap_configure restart' to take effect. |