NetBackup™ Web UI Security Administrator's Guide
- Introducing the NetBackup web user interface
- Managing role-based access control
- Steps to create an object group
- Adding AD or LDAP domains
- Security events and audit logs
- Managing hosts
- Managing security certificates
- Managing user sessions
- Managing master server security settings
- Creating and using API keys
- Configuring smart card authentication
- Troubleshooting access to the web UI
Terminology
The following table describes the concepts and terms that are introduced with the new web user interface.
Table: Web user interface terminology and concepts
Term | Definition |
---|---|
Access rule | For RBAC, defines a user or a user group, the role or permissions, and the object group that the user or the user group can access. A user or group can have multiple access rules. |
Administrator | A user that has complete access and permissions to NetBackup and all of the interfaces, including the NetBackup web UI. The root, administrator, and Enhanced Auditing user all have complete access to NetBackup. In the NetBackup Web UI guides, the term NetBackup administrator also refers to a user that has full permissions for NetBackup, usually in reference to a user of the NetBackup Administration Console. Also see Role. |
Asset group | See intelligent group. |
Asset | The data to be protected, such as physical clients, virtual machines, and database applications. |
Classic policy | In the NetBackup web UI, indicates that a legacy policy protects the asset. Legacy policies are created with the NetBackup Administration Console. |
External certificate | A security certificate issued from any CA other than NetBackup. |
Intelligent group | Allows NetBackup to automatically select assets for protection based on the criteria (queries) that you specify. An intelligent group automatically stays up-to-date with changes in the production environment. These groups are also referred to as asset groups. For VMware and RHV, these groups appear under the tab . |
Object group | For RBAC, a collection of assets, protection plans, servers, and other resources that the user is granted access to. |
NetBackup certificate | A security certificate issued from the NetBackup CA. |
Protection plan | A protection plan defines when backups are performed, how long the backups are retained, and the type of storage to use. Once a protection plan is set up, assets can be subscribed to the protection plan. |
RBAC | Role-based access control. Administrators can delegate or limit access to the NetBackup web UI through the access rules that are configured in RBAC. The rules that you configure in RBAC do not control access to the NetBackup Administration Console or the CLIs. The web UI is not supported with NetBackup Access Control (NBAC) and cannot be used if NBAC is enabled. |
Role | For RBAC, defines the permissions that a user can have. NetBackup has three system-defined roles that allow a user to manage security, protection plans and backups, or to manage workload assets. |
Storage | The storage to which the data is backed up, replicated, or duplicated (for long-term retention). Snapshot storage is used for Cloud workloads. |
Subscribe, to a protection plan | The action of selecting a protection plan to protect an asset or an asset group. The asset is then protected according to the schedule and the storage settings in the plan. The web UI also refers to Subscribe as Add protection. |
Unsubscribe, from a protection plan | Unsubscribe refers to the action of removing protection or removing an asset or asset group from a plan. |
Workload | The type of asset. For example, VMware, RHV, or Cloud. |
Workflow | An end-to-end process that can be completed using the NetBackup web UI. For example, you can protect and recover VMware and Cloud assets beginning with NetBackup 8.1.2. |