Veritas NetBackup™ 53xx Appliance Initial Configuration Guide
- Preparing for initial configuration
- Initial configuration procedures
- Post configuration procedures
Performing the initial configuration on NetBackup 53xx series appliances from the NetBackup Appliance Web Console
This topic describes how to configure NetBackup 53xx series appliances that are new or have been reset to the factory defaults (factory reset).
This method requires that you connect a laptop directly to appliance port NIC1 (eth0). A NetBackup 53xx appliance can only be configured as a media server.
Starting with release 4.0, the initial configuration process requires that you change the default passwords for the admin, maintenance, and sysadmin (IPMI) user accounts. The default admin password is valid only for the initial appliance login. The Password Change page appears first after clicking Setup Appliance on the welcome page.
Starting with release 3.2, external certificate authority certificates are supported. This feature provides an alternative to using the NetBackup Certificate Authority for host verification and security. This procedure includes the necessary information to deploy these certificates. For more information about security certificates, see the chapter "External CA support in NetBackup" in the NetBackup Security and Encryption Guide.
For high availability configurations, use this procedure to configure the first 53xx appliance (compute node). Then, use the configured node to configure the high availability setup (see step 16).
Before you perform the initial configuration on this media server, verify that you have already performed the following tasks:
Verified that the primary server and this media server have compatible software versions.
Added the host name of this media server to the
SERVERS
list on the primary server that you plan to use with it.For high availability configurations, added the host name of the node that you use for the setup procedure.
Opened the appropriate ports on the primary server if a firewall exists between the primary server and this media server.
If you plan to use this media server in a NAT network, make sure to enable the DNAT feature on the primary server and to also add this media server name to the NAT servers list on the primary server.
The following link provides specific instructions about how to accomplish the above tasks:
See Configuring a primary server to communicate with an appliance media server.
To perform the initial configuration on a NetBackup 53xx media server appliance from the NetBackup Appliance Web Console
- Connect a laptop to appliance port NIC1. Next, navigate to the Local Area Connection Properties dialog box.
On the General tab, select Internet Protocol (TCP/IP) so that it is highlighted, then click Properties.
On the Alternate Configuration tab, perform the following tasks:
Click User Configured.
For the IP address, enter 192.168.229.nnn, where nnn is any number from 2 through 254 except for 233.
For the Subnet mask, enter 255.255.255.0.
Click OK.
- On the laptop that is connected to the appliance, open a web browser to the following URL:
http://192.168.229.233
- Log on to the appliance with the default credentials as follows:
User Name: admin
Password: P@ssw0rd
- On the Welcome to Appliance Setup page, review the summary of information that you need to perform the initial configuration.
Download Configuration Checklist
If you have not previously filled out the checklist in the NetBackup 53xx Initial Configuration Guide, click this link to access an electronic version. Veritas recommends that you first print this file, then fill it out for use as you perform the configuration. After you have completed the initial configuration, store the checklist in a secure location for future reference.
Setup Appliance
After you have filled out the configuration checklist, click this item to start the configuration.
- On the Password Change page, enter new appliance account passwords to replace the factory default passwords.
Review the following password policy before setting a new password:
Passwords must contain at least eight characters.
Passwords must contain at least one lowercase letter (a-z) and one number (0-9).
Dictionary words are considered weak passwords and are not accepted.
Passwords for the sysadmin (IPMI) user must contain no more than 20 characters.
The last seven passwords cannot be reused and the new password cannot be similar to previous passwords.
The following shows the order in which the accounts appear, and the prompts for each password change:
admin
New admin password:
Confirm new admin password:
maintenance
New maintenance password:
Confirm new maintenance password:
sysadmin (IPMI)
New sysadmin password:
Confirm new sysadmin password:
After you have changed all default passwords, click Next.
- On the Storage Overview page, check and verify the status of the connected hardware components.
The diagrams use specific icons to indicate whether any component cable or disk drive problems exist. The following describes the general icons that may appear:
Note:
Click the help (?) icon at the top right of the page to see a complete list of icon descriptions.
OK
Warning
Indicates a problem that can be fixed later and lets you proceed with the initial configuration. However, such problems can prevent access to the affected devices. Click the icon to see a description of the problem.
Error
Indicates a critical problem that requires immediate resolution before you can proceed with the initial configuration. Click the icon to see a description of the problem.
Information
Click the icon to learn more about the specific area.
If there are no problems identified, click Next to start the initial configuration. Otherwise, use the following guidelines to resolve any problems:
Click on the warning or the error icon to see a description of the problem.
Verify that all cables are connected correctly and secured.
Verify that all disk drives are installed and seated properly.
Verify that all units are turned on and have booted up completely.
Verify that you have checked all of the items on the hardware check list.
After you have verified the previous items or made any changes, click Refresh. Any warning or error icons that disappear indicate that the problem has been fixed.
Veritas recommends that you resolve all problems before you start the initial configuration.
Note:
If you cannot resolve any error problems after verifying all of the previous items and refreshing, stop here and contact Veritas Technical Support.
- The Network Configuration page contains the following taskbars to complete specific tasks with the associated data entry fields to configure network connectivity:
Create Bond - Use to create a bond between two or more network interfaces.
Tag VLAN - Use to configure VLANs in your existing network environments.
Add Static Route - Use to add a route configuration to your network.
Expand each taskbar to enter the relevant network configuration information. These functions are independent of each other and do not require configuration in the order in which they appear.
Note:
NetBackup appliances do not support configuring two IP addresses that belong to the same subnet. The appliance runs on the Linux operating system and this type of networking is a current limitation. Each bond that you create must use an IP address that belongs to a different subnet.
Note:
You cannot remove an IP address if the appliance host name resolves to that IP address.
Enter the appropriate Create Bond information as follows:
Create Bond data entry fields
Network Interface
Click on the drop-down box and select the ethernet NIC port to use for a network connection.
Bond Mode
Click on the drop-down box and select the bond mode to use for the NIC ports that you want to bond.
Bonding lets you combine (aggregate) multiple network interfaces into a single logical "bonded" interface. The behavior of the bonded interfaces depends upon the mode. The default bond mode is balance-alb.
The available bonding modes from the drop-down list are as follows:
balance-rr
active-backup
balance-xor
broadcast
802.3ad
balance-tlb
balance-alb
Some bond modes require additional configuration on the switch or the router. You should take additional care when you select a bond mode.
For more information about bond modes, see the following documentation:
http://www.kernel.org/doc/Documentation/networking/bonding.txt
After you have entered the appropriate data into all fields, you must click + to add and immediately plumb the selected network interface. To configure bonding, you must select multiple interfaces from the Bond Mode drop-down box. For IPv6 addresses, enter 64 as the Subnet Mask.
IP Address
Enter the IP address for this appliance server.
Subnet Mask
Enter the network address that identifies the IP address for this appliance server.
After you have entered the appropriate data into all fields, click + to save and add the bond settings.
If required for your environment, enter the appropriate Tag VLAN information as follows:
Tag VLAN data entry fields
Select Interface
Select the network interface or the device name to which you want to tag the VLAN.
Description
Enter a description for the VLAN. For example, Finance or Human Resource.
VLAN Id
Enter a numeric identifier from 1 to 4094 for the VLAN.
IP Address [IPv4 or IPv6]
Enter the IPv4 or the IPv6 address to be used for this appliance.
Subnet Mask
Enter the subnet mask value that corresponds to the IP address.
Click Add to add the configuration information for tagging VLAN into to your existing network environment.
To enter information for tagging additional VLANs, click the + sign to add a row. To remove any of the rows, click the - sign that is adjacent to the Subnet Mask field.
Enter the appropriate Add Static Route information as follows:
Routing Configuration data entry fields
Destination IP
Enter the network IP address of a destination network. The address can be either IPv4 or IPv6. Only global-scope and unique-local IPv6 addresses are allowed.
Destination Subnet Mask
Enter the subnet value that corresponds to the Destination IP address.
For the initial configuration, this field contains a default value that cannot be changed. When you configure another route, you must enter the appropriate value.
Gateway
Enter the address of the network point that acts as an entrance to another network. The address can be either IPv4 or IPv6. Only global-scope and unique-local IPv6 addresses are allowed.
Network Interface
Click on the drop-down box and select the ethernet NIC port to use for a network connection.
After you have entered the appropriate data into all fields, click + to save and add the routing configuration settings.
- On the Host Configuration page, you can enter the host resolution information as follows:
To edit the hosts file manually, click here
Add the IP address, the fully qualified host name, and the short host name directly into the
/etc/hosts
file. Click here to open and edit the/etc/hosts file
file.Enter the appliance host name and the related host resolution information in the following fields:
Host Name
Enter the fully qualified domain name (FQDN) of this appliance.
Enter the short host name or the fully qualified domain name (FQDN) of this appliance.
The host name is applied to the entire appliance configuration with a few exceptions. The short name always appears in the following places:
NetBackup Appliance Shell Menu prompts
Deduplication pool catalog backup policy
Default storage unit and disk pool names
If this appliance has been factory reset and you want to import any of its previous backup images, the appliance host name must meet one of the following rules:
The host name must be exactly the same as the one used before the factory reset.
If you want to change the host name to an FQDN, it must include the short name that was used before the factory reset. For example, if "myhost" was used before the factory reset, use "myhost.domainname.com" as the new FQDN.
If you want to change the host name to a short host name, it must be derived from the FQDN that was used before the factory reset. For example, if "myhost.domainname.com" was used before the factory reset, use "myhost" as the new short host name.
Note:
The Domain Name Suffix is appended to the host name and cannot be changed after the initial configuration is completed. If you need to change the suffix or move the appliance to a different domain at a later time, you must perform a factory reset first, and then perform the initial configuration again.
For DNS systems:
Enter the following Domain Name System information:
Domain Name Suffix
Enter the suffix name of the DNS server.
DNS IP Address(es)
Enter the IP address of a DNS server, then click the + icon to add the address. Repeat as necessary for the number of addresses that you want to add.
The address can be either IPv4 or IPv6. For IPv6 addresses, only global-scope or unique-local addresses are allowed.
See About IPv4-IPv6-based network support.
To remove an address, select it from the list that appears below the data entry field and click the x icon.
Search Domain(s)
If required for your environment, enter a search domain name, then click the + icon to add the name. Repeat as necessary for the number of search domains that you want to add.
To remove a search domain, select it from the list that appears below the data entry field and click the x icon.
After you have entered all of the necessary information, click Next.
For the systems that do not use DNS:
Enter the following Host name resolution information:
IP
Enter the IP address of the appliance.
The address can be either IPv4 or IPv6. For IPv6 addresses, only global-scope or unique-local addresses are allowed.
Fully qualified host name
Enter the fully qualified host name (FQHN) of the appliance.
Short host name
Enter the short name of the appliance.
To enter two or more names, add a comma with no space between each name.
After you have populated all fields, click the + icon. The added entries now appear below the fields.
After you have entered all of the necessary information, click Next.
- On the Date & Time page, enter the appropriate date and time for this appliance. The date and time for this media server must match the date and time of the associated primary server.
You can enter the information manually or use a Network Time Protocol (NTP) server to synchronize the appliance date and time over the network.
Time zone
To assign a time zone to the appliance, click on the Time zone drop-down box and select the appropriate region, country, and time zone.
Specify date & time
To enter the date and the time manually, select this option and enter the following information:
In the first field, enter the date by using the mm/dd/yyyy format. Or, click on the calendar icon and select the appropriate month, day, and year.
In the second field, enter the time by using the hh:mm:ss format. Entries must be in the 24 hour format (00:00:00 - 23:59:59).
NTP
To synchronize the appliance with an NTP server, select this option and enter the appropriate NTP Server IP address.
After you have entered all of the necessary information, click Next.
- On the Alerting and Call Home page, enter the information for the appliance to send alerts or to upload status reports by email to a Veritas Call Home server.
To configure this server to upload alerts, enter the appropriate Alerting Configuration information as follows:
Alert Configuration
Notification interval (in minutes)
Enter the interval for the server to upload alerts to the Veritas Call Home server. Entries must be in increments of 15 minutes.
SNMP Server Configuration
Select one of the following options:
SNMP V2
SNMP V3
None (default)
SNMP Server
Enter either the SNMP server host name or its IP address to define this server.
The IP address can be either IPv4 or IPv6. For IPv6, only global-scope and unique-local addresses are allowed.
SNMP Port
Enter the port number of the SNMP server to allow communication with this server. The default is 162.
Note:
Your firewall must allow access from the appliance to the SNMP server through this port.
SNMP Community
This field is required for SNMP V2 and is optional for SNMP V3.
Enter the community name where the alerts or traps are sent.
For example, you can enter the same information that you used for the SNMP server. You can also enter a company name or another name like, admin_group, public, or private. If you do not enter anything, the default value is public.
SNMP Username (SNMP V3 only)
Enter an SNMP user name as follows:
Enter up to 32 characters maximum.
May include uppercase letters, lowercase letters, numbers, and the following punctuation marks: period, hyphen/dash, underscore.
Spaces, commas, and special characters are not allowed.
Authentication Protocol (SNMP V3 only)
Configure as follows to set the security level:
None (default)
Sets the security level to no authentication and no privileges (authentication is disabled). Password and encryption fields are greyed out and not required.
SHA256 or SHA512
Sets the security level for authentication. An SNMP password is required.
SNMP Password/Confirm SNMP Password (SNMP V3 only)
Enter a password for the SNMP user as follows:
Must have 8 or more characters.
May include uppercase letters, lowercase letters, numbers, and the following punctuation marks: period, hyphen/dash, underscore.
Spaces, commas, and special characters are not allowed.
Encryption Protocol (SNMP V3 only)
Configure as follows to set the encryption policy:
None (default)
Encryption policy is not used or enforced. Passphrase fields are greyed out and not required.
AES128 AES192 AES256 AES512
Select one of these options to enforce the associated encryption policy. An Encryption Passphrase is required.
Encryption Passphrase/Confirm Encryption Passphrase (SNMP V3 only)
If you set the Encryption Protocol to use an encryption policy, enter a passphrase for the SNMP user as follows:
Must have 8 or more characters.
May include uppercase letters, lowercase letters, numbers, and the following punctuation marks: period, hyphen/dash, underscore.
Spaces, commas, and special characters are not allowed.
The following describes summaries of the required fields for specific SNMP configuration scenarios:
SNMP V2
SNMP Server
SNMP Port
SNMP Community
All other fields are not required.
SNMP V3 - no authentication/no privileges
SNMP Server
SNMP Port
SNMP Community (optional)
Authentication Protocol - None
All other fields are not required.
SNMP V3 - authentication/no privileges
SNMP Server
SNMP Port
SNMP Community (optional)
Authentication Protocol (SHA256, SHA512)
SNMP Password/Confirm SNMP Password
All other fields are not required.
SNMP v3 - authentication/privileges
SNMP Server
SNMP Port
SNMP Community (optional)
Authentication Protocol (SHA256, SHA512)
SNMP Password/Confirm SNMP Password
Encryption Protocol (AES128, AES192, AES256, AES512)
Encryption Passphrase/Confirm Encryption Passphrase
View SNMP MIB file
To set up the appliance SNMP Manager to receive hardware monitoring related traps, click this link to view the content of the MIB file. Then, copy the file to another location and use the content to update the SNMP Manager.
The SNMP MIB file serves as a data dictionary that is used to assemble and interpret SNMP messages. If you configure SNMP, you must import the MIB file into the monitoring software so that the software can interpret the SNMP traps. The appliance can only accept traps in the SNMPv2c format.
SMTP Server Configuration
SMTP Server
Enter either the SMTP server host name or its IP address.
SMTP Port
Enter the port number of the SNMP server to allow communication with this server. The default is 25.
Software Administrator Email
Enter the email address of your software administrator so that they can receive and notifications.
Hardware Administrator Email
Enter the email address of your hardware administrator so that they can receive and notifications.
Sender Email
Enter the email address of this server so that recipients can identify the source of the report.
SMTP Account
Enter an account name for the SMTP server.
Password
To increase security, enter a password for the SMTP server.
You can configure this server to send email reports to a proxy server or to the Veritas Call Home server.
The following describes the supported proxy servers:
Squid
Apache
TMG
Note:
NTLM authentication in the proxy configuration is also supported.
For Call Home, enter the appropriate Call Home Configuration information as follows:
Call Home Configuration data entry fields
Enable Call Home
Click this check box to enable the appliance to send email reports to the Veritas Call Home server.
Enable proxy server
Click this check box to use a proxy server for email notification and provide the proxy information that follows.
Enable proxy Tunneling
To enable proxy tunneling, click this check box and provide the following proxy information:
Proxy server
Enter the IP address of the server.
The IP address can be either IPv4 or IPv6. For IPv6, only global-scope and unique-local addresses are allowed.
Proxy port
Enter the port number of the proxy server to allow communication with this appliance.
Proxy username
Enter the user name for the proxy server.
Proxy password
Enter the password of the proxy server.
Test Call Home
After you have entered all of the necessary information, Veritas recommends that you click Test Call Home to verify communication with the Veritas server.
If the test fails, check that you have entered all names, IP addresses, and port numbers correctly. If the test fails again, contact Veritas Technical Support.
After you have entered all of the necessary information, click Next.
- On the Specify Primary Server page, the following prompts appear:
DNAT configuration
Follow the prompts if you plan to use this media server in a NAT network.
Primary Server Name
For primary servers with only one name and IP address, enter the host name or the IP address of the primary server and click Add.
For clustered primary servers or primary servers with multiple names and IP addresses, enter each host name or IP address in the field (one at a time) and click Add. If the primary server is clustered, the first entry must be the virtual host name of the cluster.
If the host name of the primary server is an FQDN, Veritas recommends that you use the FQDN to specify the primary server for the media server.
Certificate provisioning/Certificate revocation list (CRL)
After you have entered the primary server name, the appliance pings the primary server for the Certificate Authority (CA) status and shows the result. Each of the following bullet statements describes the possible status results. Follow the instructions that appear below the applicable status result to complete the certificate configuration.
The primary server currently uses an external CA issued certificate. You are required to configure this appliance with a certificate issued by the same external CA.
Enter the following certificate provisioning information:
Host certificate
Trusted certificate
Private key
Private key passphrase (Required only if the private key file is encrypted.)
Select one of the following CRL options:
Use CRL location from certificate
Upload CRL file
Do not use CRL
After you have entered all of the necessary information, click Next.
The primary server currently uses an external CA issued certificate and its own internal certificate. Would you like to proceed with the external CA issued certificate?
If you select no, the following message appears:
This appliance will use a NetBackup issued certificate for secure communication.
If you select yes, enter the following certificate provisioning information:
Host certificate
Trusted certificate
Private key
Private key passphrase (Required only if the private key file is encrypted.)
Select one of the following CRL options:
Use CRL location from certificate
Upload CRL file
Do not use CRL
After you have entered all of the necessary information, click Next.
When the Certificate Verification dialog box appears, click Deploy to deploy the CA certificate to this appliance. If required, enter the token and click Deploy to deploy the host ID-based certificate to this appliance.
After you have entered all of the necessary information, click Next.
When the Certificate Verification dialog box appears, click Deploy to deploy the CA certificate to this appliance. If required, enter the token and click Deploy to deploy the host ID-based certificate to this appliance.
This appliance will use a NetBackup issued certificate for secure communication.
No further certificate configuration is required. Click Next to continue.
Note:
After you complete the role configuration, the storage initialization starts. Depending on the number of disk drives in the system, the storage initialization can take up to 46 hours to complete. As a result, appliance backup and restore performance is degraded until the storage initialization process has completed.
- On the Storage Configuration page, create names for the storage units and the disk pools that you plan to use, and configure the size of the disk partitions.
You can configure storage partitions for AdvancedDisk, for Deduplication (MSDP), or for both.
Note:
If you choose to configure MSDP storage, a policy is automatically created to protect the MSDP catalog. Veritas recommends reviewing this policy and activating it once your appliance is configured.
Enter the following information:
Storage Unit Name
Enter the name that you want to use to identify this storage unit. The name can contain any letters, numbers, or special characters. The name can include up to 256 characters.
Note:
The name should not start with the minus (-) character and spaces should not be used anywhere in the name.
Disk Pool Name
Enter the name that you want to use to identify this disk pool. The name can contain any letters, numbers, or special characters. The name can include up to 256 characters.
Note:
The name should not start with the minus (-) character and spaces should not be used anywhere in the name.
Size
Set the size for this partition by entering a precise number in the Size field, or click and drag the box on the gray slide bar to the desired size. The size can be set in GB or TB units, depending on the maximum available space.
Enter the following information:
Storage Unit Name
Enter the name that you want to use to identify this storage unit. The name can contain any letters, numbers, or special characters. The name can include up to 256 characters.
Note:
The name should not start with the minus (-) character and spaces should not be used anywhere in the name.
Disk Pool Name
Enter the name that you want to use to identify this disk pool. The name can contain any letters, numbers, or special characters. The name can include up to 256 characters.
Note:
The name should not start with the minus (-) character and spaces should not be used anywhere in the name.
Size
Set the size for this partition by entering a precise number in the Size field, or click and drag the box on the gray slide bar to the desired size. The size can be set in GB or TB units, depending on the maximum available space.
After you have entered all of the necessary information, click Next.
- On the Configuration Progress page, you can monitor the progress of the appliance as it applies all of the data input from the configuration pages.
The amount of time for the configuration to complete varies and depends on the complexity of your environment.
- On the Summary of Configuration page, review the results of the configuration. Examine the results to make sure that the configuration completed successfully.
This page also identifies any errors that may have occurred. You may need to perform the initial configuration again if errors appear in the results.
- After the configuration has completed successfully, wait about 10 minutes for the NetBackup services to start. You must then use the fully qualified host name to reconnect and log into the appliance.
- For high availability solutions, you must set up a high availability configuration on this configured appliance (compute node) before you perform the initial configuration on the partner node. To continue and complete the high availability configuration, perform the following tasks in the order as shown:
See Configuring a NetBackup 53xx high availability setup.
See Adding the partner node to the NetBackup 53xx high availability configuration.
- After all appliances are configured and operational, you are ready to install client software on the computers that you want to back up.
See Downloading NetBackup client packages to a client from a NetBackup appliance.
See Installing NetBackup client software through an NFS share.
- If you want to configure the appliance for MSDP cloud, do the following:
Log in to the to the NetBackup Appliance Shell Menu after completing the initial configuration and change the default password for the nbasecadmin user.
Log in to the NetBackup web UI as the nbasecadmin user and configure the MSDP cloud storage as follows:
Create a disk pool.
Create a storage unit.
For details, see the NetBackup Web UI Administrator's Guide.