NetBackup™ Web UI Security Administrator's Guide

Last Published:
Product(s): NetBackup (8.2)
  1. Introducing the NetBackup web user interface
    1.  
      About the NetBackup web user interface
    2.  
      Terminology
    3.  
      First-time sign in to a NetBackup master server from the NetBackup web UI
    4.  
      Sign in to the NetBackup web UI
    5.  
      Authorized users
    6.  
      The NetBackup dashboard
  2. Managing role-based access control
    1.  
      About role-based access control (RBAC) in NetBackup
    2.  
      NetBackup default RBAC roles
    3.  
      Configuring RBAC
    4.  
      Add a custom role
    5.  
      Edit or delete a custom role
    6.  
      About object groups
    7. Steps to create an object group
      1.  
        Selecting the assets for an object group
      2.  
        Selecting application servers for an object group
      3.  
        Selecting protection plans for an object group
      4.  
        Preview the objects in an object group
    8.  
      Edit or delete an object group
    9.  
      Add access for a user through access rules
    10.  
      Edit or remove user access rules
  3. Adding AD or LDAP domains
    1.  
      Add AD or LDAP domains
  4. Security events and audit logs
    1.  
      View security events and audit logs
    2. About NetBackup auditing
      1.  
        User identity in the audit report
      2.  
        Audit retention period and catalog backups of audit records
      3.  
        Viewing the detailed NetBackup audit report
  5. Managing hosts
    1.  
      View NetBackup host information
    2.  
      Approve or add mappings for a host that has multiple host names
    3.  
      Remove mappings for a host that has multiple host names
    4.  
      Reset a host's attributes
  6. Managing security certificates
    1.  
      About security management and certificates in NetBackup
    2.  
      NetBackup host IDs and host ID-based certificates
    3. Managing NetBackup security certificates
      1.  
        Reissue a NetBackup certificate
      2.  
        Managing NetBackup certificate authorization tokens
    4. Using external security certificates with NetBackup
      1.  
        View external certificate information for the NetBackup hosts in the domain
  7. Managing user sessions
    1.  
      Display a message to users when they sign in
    2.  
      Enable maximum sign-in attempts and idle time-out settings for user sessions
    3.  
      Sign out a NetBackup user session
    4.  
      Unlock a NetBackup user
  8. Managing master server security settings
    1.  
      Certificate authority for secure communication
    2.  
      Disable communication with NetBackup 8.0 and earlier hosts
    3.  
      Disable automatic mapping of NetBackup host names
    4.  
      About NetBackup certificate deployment security levels
    5.  
      Select a security level for NetBackup certificate deployment
    6.  
      Set a passphrase for disaster recovery
  9. Creating and using API keys
    1.  
      About API keys
    2.  
      Manage API keys
    3.  
      Use an API key with NetBackup REST APIs
    4.  
      View API keys
  10. Configuring smart card authentication
    1.  
      Configure user authentication with smart cards or digital certificates
    2.  
      Edit the configuration for smart card authentication
    3.  
      Add or delete a CA certificate that is used for smart card authentication
    4.  
      Disable or temporarily disable smart card authentication
  11. Troubleshooting access to the web UI
    1.  
      Tips for accessing the NetBackup web UI
    2.  
      If a user doesn't have the correct permissions or access in the NetBackup web UI
    3. Unable to add AD or LDAP domains with the vssat command
      1.  
        Connection cannot be established with the AD or the LDAP server
      2.  
        User credentials are not valid
      3.  
        An incorrect user base DN or group base DN was provided
      4.  
        Multiple users or groups exist with the same name under user base DN or group base DN
      5.  
        User or group does not exist

Terminology

The following table describes the concepts and terms that are introduced with the new web user interface.

Table: Web user interface terminology and concepts

Term

Definition

Access rule

For RBAC, defines a user or a user group, the role or permissions, and the object group that the user or the user group can access. A user or group can have multiple access rules.

Administrator

A user that has complete access and permissions to NetBackup and all of the interfaces, including the NetBackup web UI. The root, administrator, and Enhanced Auditing user all have complete access to NetBackup. In the NetBackup Web UI guides, the term NetBackup administrator also refers to a user that has full permissions for NetBackup, usually in reference to a user of the NetBackup Administration Console.

Also see Role.

Asset group

See intelligent group.

Asset

The data to be protected, such as physical clients, virtual machines, and database applications.

Classic policy

In the NetBackup web UI, indicates that a legacy policy protects the asset. Legacy policies are created with the NetBackup Administration Console.

External certificate

A security certificate issued from any CA other than NetBackup.

Intelligent group

Allows NetBackup to automatically select assets for protection based on the criteria (queries) that you specify. An intelligent group automatically stays up-to-date with changes in the production environment. These groups are also referred to as asset groups.

For VMware and RHV, these groups appear under the tab Intelligent VM groups.

Object group

For RBAC, a collection of assets, protection plans, servers, and other resources that the user is granted access to.

NetBackup certificate

A security certificate issued from the NetBackup CA.

Protection plan

A protection plan defines when backups are performed, how long the backups are retained, and the type of storage to use. Once a protection plan is set up, assets can be subscribed to the protection plan.

RBAC

Role-based access control. Administrators can delegate or limit access to the NetBackup web UI through the access rules that are configured in RBAC.

Note: The rules that you configure in RBAC do not control access to the NetBackup Administration Console or the CLIs. The web UI is not supported with NetBackup Access Control (NBAC) and cannot be used if NBAC is enabled.

Role

For RBAC, defines the permissions that a user can have. NetBackup has three system-defined roles that allow a user to manage security, protection plans and backups, or to manage workload assets.

Storage

The storage to which the data is backed up, replicated, or duplicated (for long-term retention). Snapshot storage is used for Cloud workloads.

Subscribe, to a protection plan

The action of selecting a protection plan to protect an asset or an asset group. The asset is then protected according to the schedule and the storage settings in the plan. The web UI also refers to Subscribe as Add protection.

Unsubscribe, from a protection plan

Unsubscribe refers to the action of removing protection or removing an asset or asset group from a plan.

Workload

The type of asset. For example, VMware, RHV, or Cloud.

Workflow

An end-to-end process that can be completed using the NetBackup web UI. For example, you can protect and recover VMware and Cloud assets beginning with NetBackup 8.1.2.