Veritas NetBackup™ 53xx Appliance Initial Configuration Guide

Last Published:
Product(s): Appliances (4.1)
Platform: NetBackup Appliance OS

Appliance configuration guidelines

Use the following configuration guidelines when you deploy new appliances:

Table: Appliance configuration guidelines

Parameter

Description

NetBackup Appliance Web Console access

The NetBackup Appliance Web Console is accessible only over HTTPS on the default port 443. Port 80 over HTTP has been disabled.

Connectivity during initial configuration

When you perform the appliance initial configuration, you must take precautions to avoid loss of connectivity. Any loss of connectivity during initial configuration results in failure.

The computer that you use to configure the appliance should be set up to avoid the following events:

  • Conditions that cause the computer to go to sleep

  • Conditions that cause the computer to shut down or to lose power

  • Conditions that cause the computer to lose its network connection

Required names and addresses

Before the configuration, gather the following information:

  • Network IP addresses, netmask, and gateway IP addresses for the appliance

  • Network names for all appliances

  • DNS or host information

    If DNS is used, make sure that the network names of all appliances and the primary server are DNS resolvable (FQHN and short name).

    If DNS is not used, make sure that you enter the proper host entries for the appliance during the initial configuration.

    Note:

    The Domain Name Suffix is appended to the host name and cannot be changed after the initial configuration is completed. If you need to change the suffix or move the appliance to a different domain at a later time, you must perform a factory reset first, and then perform the initial configuration again.

  • Names for NetBackup storage units

    The Storage Name fields appear when you configure the appliance role. You can change the default names or leave them.

    The default values that appear in the NetBackup Administration Console for the storage units and disk pools are as follows:

    • For AdvancedDisk:

      Default storage unit name: stu_adv_<hostname>

      Default disk pool name: dp_adv_<hostname>

    • For NetBackup Deduplication:

      Default storage unit name: stu_disk_<hostname>

      Default disk pool name: dp_disk_<hostname>

Note:

The short host name of the appliance appears as the default storage unit name and the disk pool name.

Default user name and password

New NetBackup appliances are shipped with the following default login credentials:

  • User name: admin

  • Password: P@ssw0rd

Starting with software version 4.0, the initial configuration process requires that you change the default passwords for the following user accounts:

  • admin

  • maintenance

  • sysadmin (IPMI)

From the NetBackup Appliance Web Console, the first page in the initial configuration prompts you to change the default passwords. From the NetBackup Appliance Shell Menu, you are prompted to change the default passwords when you run the Main_Menu > Appliance Primary or Main_Menu > Appliance Media role configuration commands.

Firewall port usage

Make sure that the following ports are open on any firewall that exists between a primary server and a media server:

  • 13724 (vnetd)

  • 13720 (bprd)

  • 1556 (PBX)

For more information about firewall ports for NetBackup and the NetBackup appliance, see the following tech note on the Veritas Support website:

https://www.veritas.com/support/en_US/article.TECH178855

Media server role

Before you configure a NetBackup appliance as a media server, the primary server that you plan to use with it must be updated with the new appliance media server name. Whether the primary server is a NetBackup appliance or a traditional NetBackup primary server, the name of the new appliance media server must be added to the Additional Servers list on the primary server.

Adding the new appliance media server name to the primary server before the new appliance is configured provides the following benefits when performing the initial configuration on the new appliance:

  • Provides the appropriate network communication that allows the media server to become part of the NetBackup domain.

  • Allows the media server to create the storage server and the disk pool entries.

Security certificate requirements

Starting with release 3.2, external certificate authority certificates are supported. This feature provides an alternative to using the NetBackup Certificate Authority for host verification and security. To configure this appliance as a media server, you have to deploy security certificates on the appliance to trust the primary server.

If the primary server is operating with an external CA issued certificate only, this appliance media server requires configuration with an issued certificate from the same external CA. For CA certificate provisioning, the Host certificate, Trusted certificate, Private Key certificate file, and the use of a Certificate Revocation List (CRL) are all required to proceed with the media server role configuration.

If the primary server uses both an external CA issued certificate and a NetBackup CA-signed certificate, you can choose to configure this media server appliance with a certificate issued by the same external CA or with a NetBackup CA-signed certificate. If the primary server is using a NetBackup CA-signed certificate only, a CA certificate and a host ID-based certificate must be deployed from the primary server that you plan to use with this appliance. The CA certificate is automatically downloaded and deployed if you select to trust the primary server.

To deploy the host ID-based certificate:

  • If the security level of the primary server is Very High, you need to manually enter an authorization token to deploy the host ID-based certificate to the media server.

  • If the security level of the primary server is High or Medium, the authentication token is not required. The host ID-based certificate is automatically deployed to the media server.

Note:

Regardless of the primary security level, if the appliance is ever factory reset or re-imaged, a reissue token is required when the appliance is reconfigured.

If the security certificates have been deployed on the appliance media server, you are not requested to deploy them again during the role configuration.

For more information about security certificates, refer to the chapter Security certificates in NetBackup in the NetBackup Security and Encryption Guide.

See Configuring a primary server to communicate with an appliance media server.

High Availability

Starting with appliance release version 3.1, you can deploy 53xx series appliances for a high availability (HA) solution. An HA configuration uses two NetBackup 53xx appliances that are designated as a compute node and a partner node. These nodes are connected to each other and also to specific channels on the same Primary Storage Shelf.

Note:

The Copilot feature becomes unavailable as a result of configuring an HA setup.

Note:

The NetBackup 5350 Appliance is not supported for use in HA setups.

A NetBackup appliance HA configuration must use two identical appliances with regard to the model number, the hardware configuration, and the appliance software version as follows:

  • Model number and hardware configuration

    The model number and the I/O configuration of both appliances must match. For example, use two model 5330 appliances with configuration D or two model 5340 appliances with configuration D. You cannot use one model 5330 appliance with configuration D and one model 5340 appliance with configuration D.

  • Appliance software version

    Both appliances must use the same software version. The appliance primary server that is used must also use the same software version as the HA appliances. If a traditional (non-appliance) primary server is used, it must use the NetBackup software version that is associated with the appliance software version. For example, if the HA appliances use version 3.1, the traditional NetBackup primary server must use NetBackup version 8.1.

You can set up an HA configuration as follows:

  • New system installations

    Perform the initial configuration on one NetBackup 53xx appliance (compute node), then set up the HA configuration on this same node. Next, perform the initial configuration on the other appliance (partner node). Finally, complete the HA configuration on the compute node by adding the configured partner node.

  • Existing systems

    The existing components must first be upgraded as follows:

    Primary server: Traditional NetBackup (non-appliance) primary servers must be upgraded to NetBackup release version 8.1 or later. NetBackup appliance primary servers must be upgraded to appliance release version 3.1 or later.

    Media server (existing model 53xx): This appliance must be upgraded to appliance release version 3.1 or later.

    After these upgrades are completed, set up the HA configuration on the existing 53xx compute node. Next, perform the initial configuration on the partner node. Finally, complete the HA configuration on the compute node by adding the partner node.

  • Host name and IP address requirements

    In an HA setup, three host names with corresponding IP addresses are required as follows:

    • Physical nodes

      A dedicated host name and IP address must be assigned to each of the two physical media server nodes. Each host name should resolve to its corresponding IP address in the same subnet.

    • Virtual host name and IP address

      This host name and its corresponding IP address are used for the HA identity that encompasses the two physical nodes with the common attached storage. The virtual host name and IP address work as a pointer within the HA setup between the two nodes. For example, if one node is not running properly or is down for an upgrade or maintenance, the virtual host name automatically points to the node that is still operational.

      Before you configure the HA setup, all of the HA host names and IP addresses must be added to the Host Name Mappings property in the NetBackup Administration Console. This task must be performed on the associated primary server. If the mappings property is not updated before the initial configuration of the physical nodes, the HA setup configuration process can fail. Starting with appliance release 3.1.2, the host name mappings also require approval.

      For complete details on adding host name mappings and approval, see the NetBackup Security and Encryption Guide.

When you set up the HA configuration, the host name and the IP address of the first configured or existing media server are automatically elevated as the virtual host name and IP address for the HA configuration. You must provide a new host name and IP address for this media server at that time.

Note:

If you plan to use Active Directory (AD) authentication, do not set up the HA configuration until after you update the AD server with the host names and IP addresses of the HA configuration. The virtual host name and virtual IP address, along with the host name and IP address for each node are required on the AD server before setting up the HA configuration. Otherwise, AD users may experience problems when they access the system.

If you plan to use a NetBackup client to manage the NetBackup jobs, add the three host names to the bp.conf file on the client: the host name of the two nodes and the new host name.

Disk storage option licenses

The appliance comes with a not for resale (NFR) license key that expires after a specific period of time. The appliance does not provide a warning message that this license key is about to expire. Therefore, Veritas recommends that you change this key to a permanent key after you install and configure the appliance. See the NetBackup Appliance Administrator's Guide for information and instructions on how to view and change a license key.

Replace the NFR keys with permanent keys before they expire.

Optimized Share Reserve storage

If you plan to use the Copilot feature, it is recommended that you create any Optimized Share Reserve during the initial configuration. An Optimized Share Reserve can also be created after the initial configuration is completed. For example, when you add an Expansion Storage Shelf to an existing or operational 53xx appliance.

Note:

The Copilot feature becomes unavailable as a result of configuring an HA setup.

An Optimized Share Reserve can be created only as follows:

  • The configuration must be performed through the NetBackup Appliance Shell Menu.

  • The appliance hardware configuration must include at least one Expansion Storage Shelf.

  • All storage space on the Expansion Storage Shelf must be dedicated for Optimized Share Reserve use. The minimum size for a reserve is 114 TB.

  • AdvancedDisk and MSDP partitions must reside on a different shelf. They cannot coexist on the dedicated shelf with the Optimized Share Reserve.