Veritas NetBackup™ Read This First Guide for Secure Communications
- NetBackup Read This First for Secure Communications
- About secure communications in NetBackup
- How host ID-based certificates are deployed during installation
- How certificates are deployed on hosts during upgrades
- How secure communication works with master server cluster nodes
- When an authorization token is required during certificate deployment
- Why do you need to map host names (or IP addresses) to host IDs
- How to reset host attributes or host communication status
- What has changed for catalog recovery
- What has changed with Auto Image Replication
- How the hosts with revoked certificates work
- How communication happens when a host cannot directly connect to the master server
- Are security certificates backed up
- How communication with legacy media servers happens in the case of cloud configuration
- How NetBackup 8.1 hosts communicate with NetBackup 8.0 and earlier hosts
- Communication failure scenarios
- Secure communication support for other hosts in NetBackup domain
About secure communications in NetBackup
NetBackup 8.1 hosts can communicate with each other only in a secure mode.
NetBackup uses Transport Layer Security (TLS) protocol for host communication where each host needs to present its security certificate and validate the peer host's certificate against the Certificate Authority (CA) certificate.
In NetBackup 8.1, each host must establish trust with the CA after which a CA certificate is added in the trust store. Each NetBackup 8.1 host must also have a host ID-based certificate for successful communication.
A host ID-based certificate is deployed on a host during NetBackup installation. If, for some reason, a certificate cannot be deployed on a host during installation, the host cannot communicate with other hosts. In that case, you must manually deploy a host ID-based certificate on the host using the nbcertcmd command to start host communication after installation.
The following nodes in the NetBackup Administration Console provide secure communication settings: Host Management and Global Security Settings.
The following commands provide options to manage certificate deployment and other security settings: nbhostmgmt, nbhostidentity, nbcertcmd, and nbseccmd.
If you have NetBackup 8.0 or earlier hosts in your environment, you can enable insecure communication with them.
See How NetBackup 8.1 hosts communicate with NetBackup 8.0 and earlier hosts.
Note:
A host name-based certificate is required in the following scenarios:
NetBackup Access Control or NBAC-enabled hosts require a host name-based certificate.
Enhanced Auditing operations require that the hosts have a host name-based certificate.
The NetBackup CloudStore Service Container requires that the host name-based certificate be installed on the media server.