Veritas NetBackup™ 53xx Appliance Initial Configuration Guide

To perform the initial configuration on a NetBackup 53xx media server appliance from the NetBackup Appliance Web Console

1. Connect a laptop to appliance port NIC1. Next, navigate to the Local Area Connection Properties dialog box.

   On the General tab, select Internet Protocol (TCP/IP) so that it is highlighted, then click Properties.

   

   On the Alternate Configuration tab, perform the following tasks:

   

   • Click User Configured.

   • For the IP address, enter 192.168.229.nnn, where nnn is any number from 2 through 254 except for 233.

   • For the Subnet mask, enter 255.255.255.0.

   • Click OK.

2. On the laptop that is connected to the appliance, open a web browser to the following URL:

   http://192.168.229.233

   Make sure to confirm the security exception to proceed.

3. Log on to the appliance with the default credentials as follows:

   • User Name: admin

   • Password: P@ssw0rd

4. On the Welcome to Appliance Setup page, review the summary of information that you need to perform the initial configuration.

   • Download Configuration Checklist

     If you have not previously filled out the checklist in the NetBackup 53xx Initial Configuration Guide, click this link to access an electronic version. Veritas recommends that you first print this file, then fill it out for use as you perform the configuration. After you have completed the initial configuration, store the checklist in a secure location for future reference.

   • Setup Appliance

     After you have filled out the configuration checklist, click this item to start the configuration.

5. On the Password Change page, enter new appliance account passwords to replace the factory default passwords.

   Review the following password policy before setting a new password:

   • Passwords must contain at least eight characters.

   • Passwords must contain at least one lowercase letter (a-z) and one number (0-9).

   • Dictionary words are considered weak passwords and are not accepted.

   • Passwords for the sysadmin (IPMI) user must contain no more than 20 characters.

   • The last seven passwords cannot be reused and the new password cannot be similar to previous passwords.

   The following shows the order in which the accounts appear, and the prompts for each password change:

   admin	New admin password: Confirm new admin password:
   maintenance	New maintenance password: Confirm new maintenance password:
   sysadmin (IPMI)	New sysadmin password: Confirm new sysadmin password:

   After you have changed all default passwords, click Next.

6. On the Storage Overview page, check and verify the status of the connected hardware components.

   The diagrams use specific icons to indicate whether any component cable or disk drive problems exist. The following describes the general icons that may appear:

   Note:

   Click the help (?) icon at the top right of the page to see a complete list of icon descriptions.

   	OK
   	Warning Indicates a problem that can be fixed later and lets you proceed with the initial configuration. However, such problems can prevent access to the affected devices. Click the icon to see a description of the problem.
   	Error Indicates a critical problem that requires immediate resolution before you can proceed with the initial configuration. Click the icon to see a description of the problem.
   	Information Click the icon to learn more about the specific area.

   If there are no problems identified, click Next to start the initial configuration. Otherwise, use the following guidelines to resolve any problems:

   • Click on the warning or the error icon to see a description of the problem.

   • Verify that all cables are connected correctly and secured.

   • Verify that all disk drives are installed and seated properly.

   • Verify that all units are turned on and have booted up completely.

   • Verify that you have checked all of the items on the hardware check list.

   • After you have verified the previous items or made any changes, click Refresh. Any warning or error icons that disappear indicate that the problem has been fixed.

     Veritas recommends that you resolve all problems before you start the initial configuration.

   Note:

   If you cannot resolve any error problems after verifying all of the previous items and refreshing, stop here and contact Veritas Technical Support.

7. The Network Configuration page contains the following taskbars to complete specific tasks with the associated data entry fields to configure network connectivity:

   • Create Bond - Use to create a bond between two or more network interfaces.

   • Tag VLAN - Use to configure VLANs in your existing network environments.

   • Add Static Route - Use to add a route configuration to your network.

   Expand each taskbar to enter the relevant network configuration information. These functions are independent of each other and do not require configuration in the order in which they appear.

   Note:

   NetBackup appliances do not support configuring two IP addresses that belong to the same subnet. The appliance runs on the Linux operating system and this type of networking is a current limitation. Each bond that you create must use an IP address that belongs to a different subnet.

   Note:

   You cannot remove an IP address if the appliance host name resolves to that IP address.

   Enter the appropriate Create Bond information as follows:

   Create Bond data entry fields

   Network Interface Click on the drop-down box and select the ethernet NIC port to use for a network connection. Bond Mode Click on the drop-down box and select the bond mode to use for the NIC ports that you want to bond. Bonding lets you combine (aggregate) multiple network interfaces into a single logical "bonded" interface. The behavior of the bonded interfaces depends upon the mode. The default bond mode is balance-alb. The available bonding modes from the drop-down list are as follows: balance-rr active-backup balance-xor broadcast 802.3ad balance-tlb balance-alb Some bond modes require additional configuration on the switch or the router. You should take additional care when you select a bond mode. For more information about bond modes, see the following documentation: http://www.kernel.org/doc/Documentation/networking/bonding.txt After you have entered the appropriate data into all fields, you must click + to add and immediately plumb the selected network interface. To configure bonding, you must select multiple interfaces from the Bond Mode drop-down box. For IPv6 addresses, enter 64 as the Subnet Mask. IP Address Enter the IP address for this appliance server. Subnet Mask Enter the network address that identifies the IP address for this appliance server. After you have entered the appropriate data into all fields, click + to save and add the bond settings.

   If required for your environment, enter the appropriate Tag VLAN information as follows:

   Tag VLAN data entry fields

   Select Interface Select the network interface or the device name to which you want to tag the VLAN. Description Enter a description for the VLAN. For example, Finance or Human Resource. VLAN Id Enter a numeric identifier from 1 to 4094 for the VLAN. IP Address [IPv4 or IPv6] Enter the IPv4 or the IPv6 address to be used for this appliance. Subnet Mask Enter the subnet mask value that corresponds to the IP address. Click Add to add the configuration information for tagging VLAN into to your existing network environment. To enter information for tagging additional VLANs, click the + sign to add a row. To remove any of the rows, click the - sign that is adjacent to the Subnet Mask field.

   Enter the appropriate Add Static Route information as follows:

   Routing Configuration data entry fields

   Destination IP Enter the network IP address of a destination network. The address can be either IPv4 or IPv6. Only global-scope and unique-local IPv6 addresses are allowed. See About IPv4-IPv6-based network support. Destination Subnet Mask Enter the subnet value that corresponds to the Destination IP address. For the initial configuration, this field contains a default value that cannot be changed. When you configure another route, you must enter the appropriate value. Gateway Enter the address of the network point that acts as an entrance to another network. The address can be either IPv4 or IPv6. Only global-scope and unique-local IPv6 addresses are allowed. See About IPv4-IPv6-based network support. Network Interface Click on the drop-down box and select the ethernet NIC port to use for a network connection. After you have entered the appropriate data into all fields, click + to save and add the routing configuration settings.

8. On the Host Configuration page, you can enter the host resolution information as follows:

   • To edit the hosts file manually, click here

     Add the IP address, the fully qualified host name, and the short host name directly into the /etc/hosts file. Click here to open and edit the /etc/hosts file file.

   • Enter the appliance host name and the related host resolution information in the following fields:

   Host Name	Enter the fully qualified domain name (FQDN) of this appliance. Enter the short host name or the fully qualified domain name (FQDN) of this appliance. The host name is applied to the entire appliance configuration with a few exceptions. The short name always appears in the following places: NetBackup Appliance Shell Menu prompts Deduplication pool catalog backup policy Default storage unit and disk pool names If this appliance has been factory reset and you want to import any of its previous backup images, the appliance host name must meet one of the following rules: The host name must be exactly the same as the one used before the factory reset. If you want to change the host name to an FQDN, it must include the short name that was used before the factory reset. For example, if "myhost" was used before the factory reset, use "myhost.domainname.com" as the new FQDN. If you want to change the host name to a short host name, it must be derived from the FQDN that was used before the factory reset. For example, if "myhost.domainname.com" was used before the factory reset, use "myhost" as the new short host name. Note: The Domain Name Suffix is appended to the host name and cannot be changed after the initial configuration is completed. If you need to change the suffix or move the appliance to a different domain at a later time, you must perform a factory reset first, and then perform the initial configuration again.
   For DNS systems:	Enter the following Domain Name System information: Domain Name Suffix Enter the suffix name of the DNS server. DNS IP Address(es) Enter the IP address of a DNS server, then click the + icon to add the address. Repeat as necessary for the number of addresses that you want to add. The address can be either IPv4 or IPv6. For IPv6 addresses, only global-scope or unique-local addresses are allowed. See About IPv4-IPv6-based network support. To remove an address, select it from the list that appears below the data entry field and click the x icon. Search Domain(s) If required for your environment, enter a search domain name, then click the + icon to add the name. Repeat as necessary for the number of search domains that you want to add. To remove a search domain, select it from the list that appears below the data entry field and click the x icon. After you have entered all of the necessary information, click Next.
   For the systems that do not use DNS:	Enter the following Host name resolution information: IP Enter the IP address of the appliance. The address can be either IPv4 or IPv6. For IPv6 addresses, only global-scope or unique-local addresses are allowed. See About IPv4-IPv6-based network support. Fully qualified host name Enter the fully qualified host name (FQHN) of the appliance. Short host name Enter the short name of the appliance. To enter two or more names, add a comma with no space between each name. After you have populated all fields, click the + icon. The added entries now appear below the fields. After you have entered all of the necessary information, click Next.

9. On the Date & Time page, enter the appropriate date and time for this appliance. The date and time for this media server must match the date and time of the associated primary server.

   You can enter the information manually or use a Network Time Protocol (NTP) server to synchronize the appliance date and time over the network.

   Time zone	To assign a time zone to the appliance, click on the Time zone drop-down box and select the appropriate region, country, and time zone.
   Specify date & time	To enter the date and the time manually, select this option and enter the following information: In the first field, enter the date by using the mm/dd/yyyy format. Or, click on the calendar icon and select the appropriate month, day, and year. In the second field, enter the time by using the hh:mm:ss format. Entries must be in the 24 hour format (00:00:00 - 23:59:59).
   NTP	To synchronize the appliance with an NTP server, select this option and enter the appropriate NTP Server IP address.

   After you have entered all of the necessary information, click Next.

10. On the Alerting and Call Home page, enter the information for the appliance to send alerts or to upload status reports by email to a Veritas Call Home server.

    To configure this server to upload alerts, enter the appropriate Alerting Configuration information as follows:

    Alert Configuration
    Notification interval (in minutes) Enter the interval for the server to upload alerts to the Veritas Call Home server. Entries must be in increments of 15 minutes.
    SNMP Server Configuration Select one of the following options: SNMP V2 SNMP V3 None (default) SNMP Server Enter either the SNMP server host name or its IP address to define this server. The IP address can be either IPv4 or IPv6. For IPv6, only global-scope and unique-local addresses are allowed. SNMP Port Enter the port number of the SNMP server to allow communication with this server. The default is 162. Note: Your firewall must allow access from the appliance to the SNMP server through this port. SNMP Community This field is required for SNMP V2 and is optional for SNMP V3. Enter the community name where the alerts or traps are sent. For example, you can enter the same information that you used for the SNMP server. You can also enter a company name or another name like, admin_group, public, or private. If you do not enter anything, the default value is public. SNMP Username (SNMP V3 only) Enter an SNMP user name as follows: Enter up to 32 characters maximum. May include uppercase letters, lowercase letters, numbers, and the following punctuation marks: period, hyphen/dash, underscore. Spaces, commas, and special characters are not allowed. Authentication Protocol (SNMP V3 only) Configure as follows to set the security level: None (default) Sets the security level to no authentication and no privileges (authentication is disabled). Password and encryption fields are greyed out and not required. SHA256 or SHA512 Sets the security level for authentication. An SNMP password is required. SNMP Password/Confirm SNMP Password (SNMP V3 only) Enter a password for the SNMP user as follows: Must have 8 or more characters. May include uppercase letters, lowercase letters, numbers, and the following punctuation marks: period, hyphen/dash, underscore. Spaces, commas, and special characters are not allowed. Encryption Protocol (SNMP V3 only) Configure as follows to set the encryption policy: None (default) Encryption policy is not used or enforced. Passphrase fields are greyed out and not required. AES128 AES192 AES256 AES512 Select one of these options to enforce the associated encryption policy. An Encryption Passphrase is required. Encryption Passphrase/Confirm Encryption Passphrase (SNMP V3 only) If you set the Encryption Protocol to use an encryption policy, enter a passphrase for the SNMP user as follows: Must have 8 or more characters. May include uppercase letters, lowercase letters, numbers, and the following punctuation marks: period, hyphen/dash, underscore. Spaces, commas, and special characters are not allowed. The following describes summaries of the required fields for specific SNMP configuration scenarios: SNMP V2 SNMP Server SNMP Port SNMP Community All other fields are not required. SNMP V3 - no authentication/no privileges SNMP Server SNMP Port SNMP Community (optional) Authentication Protocol - None All other fields are not required. SNMP V3 - authentication/no privileges SNMP Server SNMP Port SNMP Community (optional) Authentication Protocol (SHA256, SHA512) SNMP Password/Confirm SNMP Password All other fields are not required. SNMP v3 - authentication/privileges SNMP Server SNMP Port SNMP Community (optional) Authentication Protocol (SHA256, SHA512) SNMP Password/Confirm SNMP Password Encryption Protocol (AES128, AES192, AES256, AES512) Encryption Passphrase/Confirm Encryption Passphrase View SNMP MIB file To set up the appliance SNMP Manager to receive hardware monitoring related traps, click this link to view the content of the MIB file. Then, copy the file to another location and use the content to update the SNMP Manager. The SNMP MIB file serves as a data dictionary that is used to assemble and interpret SNMP messages. If you configure SNMP, you must import the MIB file into the monitoring software so that the software can interpret the SNMP traps. The appliance can only accept traps in the SNMPv2c format.
    SMTP Server Configuration SMTP Server Enter either the SMTP server host name or its IP address. SMTP Port Enter the port number of the SNMP server to allow communication with this server. The default is 25. Software Administrator Email Enter the email address of your software administrator so that they can receive and notifications. Hardware Administrator Email Enter the email address of your hardware administrator so that they can receive and notifications. Sender Email Enter the email address of this server so that recipients can identify the source of the report. SMTP Account Enter an account name for the SMTP server. Password To increase security, enter a password for the SMTP server.

    You can configure this server to send email reports to a proxy server or to the Veritas Call Home server.

    The following describes the supported proxy servers:

    • Squid

    • Apache

    • TMG

    Note:

    NTLM authentication in the proxy configuration is also supported.

    For Call Home, enter the appropriate Call Home Configuration information as follows:

    Call Home Configuration data entry fields

    Enable Call Home Click this check box to enable the appliance to send email reports to the Veritas Call Home server. Enable proxy server Click this check box to use a proxy server for email notification and provide the proxy information that follows. Enable proxy Tunneling To enable proxy tunneling, click this check box and provide the following proxy information: Proxy server Enter the IP address of the server. The IP address can be either IPv4 or IPv6. For IPv6, only global-scope and unique-local addresses are allowed. Proxy port Enter the port number of the proxy server to allow communication with this appliance. Proxy username Enter the user name for the proxy server. Proxy password Enter the password of the proxy server. Test Call Home After you have entered all of the necessary information, Veritas recommends that you click Test Call Home to verify communication with the Veritas server. If the test fails, check that you have entered all names, IP addresses, and port numbers correctly. If the test fails again, contact Veritas Technical Support.

    After you have entered all of the necessary information, click Next.

11. On the Specify Primary Server page, the following prompts appear:

    • DNAT configuration

      Follow the prompts if you plan to use this media server in a NAT network.

    • Primary Server Name

      For primary servers with only one name and IP address, enter the host name or the IP address of the primary server and click Add.

      For clustered primary servers or primary servers with multiple names and IP addresses, enter each host name or IP address in the field (one at a time) and click Add. If the primary server is clustered, the first entry must be the virtual host name of the cluster.

      If the host name of the primary server is an FQDN, Veritas recommends that you use the FQDN to specify the primary server for the media server.

    • Certificate provisioning/Certificate revocation list (CRL)

      After you have entered the primary server name, the appliance pings the primary server for the Certificate Authority (CA) status and shows the result. Each of the following bullet statements describes the possible status results. Follow the instructions that appear below the applicable status result to complete the certificate configuration.

      • The primary server currently uses an external CA issued certificate. You are required to configure this appliance with a certificate issued by the same external CA.

        Enter the following certificate provisioning information:

        Host certificate

        Trusted certificate

        Private key

        Private key passphrase (Required only if the private key file is encrypted.)

        Select one of the following CRL options:

        Use CRL location from certificate

        Upload CRL file

        Do not use CRL

        After you have entered all of the necessary information, click Next.

      • The primary server currently uses an external CA issued certificate and its own internal certificate. Would you like to proceed with the external CA issued certificate?

        If you select no, the following message appears:

        This appliance will use a NetBackup issued certificate for secure communication.

        If you select yes, enter the following certificate provisioning information:

        Host certificate

        Trusted certificate

        Private key

        Private key passphrase (Required only if the private key file is encrypted.)

        Select one of the following CRL options:

        Use CRL location from certificate

        Upload CRL file

        Do not use CRL

        After you have entered all of the necessary information, click Next.

        When the Certificate Verification dialog box appears, click Deploy to deploy the CA certificate to this appliance. If required, enter the token and click Deploy to deploy the host ID-based certificate to this appliance.

        After you have entered all of the necessary information, click Next.

        When the Certificate Verification dialog box appears, click Deploy to deploy the CA certificate to this appliance. If required, enter the token and click Deploy to deploy the host ID-based certificate to this appliance.

      • This appliance will use a NetBackup issued certificate for secure communication.

        No further certificate configuration is required. Click Next to continue.

        Note:

        After you complete the role configuration, the storage initialization starts. Depending on the number of disk drives in the system, the storage initialization can take up to 46 hours to complete. As a result, appliance backup and restore performance is degraded until the storage initialization process has completed.

12. On the Storage Configuration page, create names for the storage units and the disk pools that you plan to use, and configure the size of the disk partitions.

    You can configure storage partitions for AdvancedDisk, for Deduplication (MSDP), or for both.

    Note:

    If you choose to configure MSDP storage, a policy is automatically created to protect the MSDP catalog. Veritas recommends reviewing this policy and activating it once your appliance is configured.

    AdvancedDisk

    Enter the following information: Storage Unit Name Enter the name that you want to use to identify this storage unit. The name can contain any letters, numbers, or special characters. The name can include up to 256 characters. Note: The name should not start with the minus (-) character and spaces should not be used anywhere in the name. Disk Pool Name Enter the name that you want to use to identify this disk pool. The name can contain any letters, numbers, or special characters. The name can include up to 256 characters. Note: The name should not start with the minus (-) character and spaces should not be used anywhere in the name. Size Set the size for this partition by entering a precise number in the Size field, or click and drag the box on the gray slide bar to the desired size. The size can be set in GB or TB units, depending on the maximum available space.

    Deduplication Disk (MSDP)

    Enter the following information: Storage Unit Name Enter the name that you want to use to identify this storage unit. The name can contain any letters, numbers, or special characters. The name can include up to 256 characters. Note: The name should not start with the minus (-) character and spaces should not be used anywhere in the name. Disk Pool Name Enter the name that you want to use to identify this disk pool. The name can contain any letters, numbers, or special characters. The name can include up to 256 characters. Note: The name should not start with the minus (-) character and spaces should not be used anywhere in the name. Size Set the size for this partition by entering a precise number in the Size field, or click and drag the box on the gray slide bar to the desired size. The size can be set in GB or TB units, depending on the maximum available space.

    After you have entered all of the necessary information, click Next.

13. On the Configuration Progress page, you can monitor the progress of the appliance as it applies all of the data input from the configuration pages.

    The amount of time for the configuration to complete varies and depends on the complexity of your environment.

14. On the Summary of Configuration page, review the results of the configuration. Examine the results to make sure that the configuration completed successfully.

    This page also identifies any errors that may have occurred. You may need to perform the initial configuration again if errors appear in the results.

15. After the configuration has completed successfully, wait about 10 minutes for the NetBackup services to start. You must then use the fully qualified host name to reconnect and log into the appliance.
16. For high availability solutions, you must set up a high availability configuration on this configured appliance (compute node) before you perform the initial configuration on the partner node. To continue and complete the high availability configuration, perform the following tasks in the order as shown:

    See Configuring a NetBackup 53xx high availability setup.

    See Performing the initial configuration on the partner node for a NetBackup 53xx high availability configuration.

    See Adding the partner node to the NetBackup 53xx high availability configuration.

17. After all appliances are configured and operational, you are ready to install client software on the computers that you want to back up.

    See Downloading NetBackup client packages to a client from a NetBackup appliance.

    See Installing NetBackup client software through an NFS share.

18. If you want to configure the appliance for MSDP cloud, do the following:

    • Log in to the to the NetBackup Appliance Shell Menu after completing the initial configuration and change the default password for the nbasecadmin user.

    • Log in to the NetBackup web UI as the nbasecadmin user and configure the MSDP cloud storage as follows:

      • Create a disk pool.

      • Create a storage unit.

        For details, see the NetBackup Web UI Administrator's Guide.