Veritas NetBackup™ CloudPoint Install and Upgrade Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.0)
  1. Section I. CloudPoint installation and configuration
    1. Preparing for CloudPoint installation
      1.  
        About the deployment approach
      2.  
        Deciding where to run CloudPoint
      3.  
        About deploying CloudPoint in the cloud
      4.  
        Meeting system requirements
      5. CloudPoint host sizing recommendations
        1.  
          CloudPoint sizing recommendations for cloud platforms
      6.  
        CloudPoint extension sizing recommendations
      7.  
        Creating an instance or preparing the host to install CloudPoint
      8.  
        Installing container platform (Docker, Podman)
      9.  
        Creating and mounting a volume to store CloudPoint data
      10.  
        Verifying that specific ports are open on the instance or physical host
      11.  
        Preparing CloudPoint for backup from snapshot jobs
    2. Deploying CloudPoint using container images
      1.  
        Before you begin installing CloudPoint
      2.  
        Installing CloudPoint in the Docker environment
      3.  
        Installing CloudPoint in the Podman environment
      4.  
        Verifying that CloudPoint is installed successfully
      5.  
        Restarting CloudPoint
    3. Deploying CloudPoint extensions
      1.  
        Before you begin installing CloudPoint extensions
      2.  
        Downloading the CloudPoint extension
      3.  
        Preparing to install the extension on a VM
      4.  
        Installing the CloudPoint extension on a VM
      5.  
        Preparing to install the extension on a managed Kubernetes cluster (AKS) in Azure
      6.  
        Preparing to install the extension on a managed Kubernetes cluster (EKS) in AWS
      7.  
        Install extension using the Kustomize and CR YAMLs
      8.  
        Installing the CloudPoint extension on Azure (AKS)
      9. Installing the CloudPoint extension on AWS (EKS)
        1.  
          Install extension using the extension script
      10.  
        Managing the extensions
    4. CloudPoint cloud plug-ins
      1.  
        How to configure the CloudPoint cloud plug-ins?
      2. AWS plug-in configuration notes
        1.  
          Prerequisites for configuring the AWS plug-in
        2.  
          Configuring AWS permissions for CloudPoint
        3.  
          AWS permissions required by CloudPoint
        4.  
          Before you create a cross account configuration
      3. Google Cloud Platform plug-in configuration notes
        1.  
          Google Cloud Platform permissions required by CloudPoint
        2.  
          Configuring a GCP service account for CloudPoint
        3.  
          Preparing the GCP service account for plug-in configuration
      4. Microsoft Azure plug-in configuration notes
        1.  
          Configuring permissions on Microsoft Azure
        2.  
          About Azure snapshots
      5. Microsoft Azure Stack Hub plug-in configuration notes
        1.  
          Configuring permissions on Microsoft Azure Stack Hub
        2.  
          Configuring staging location for Azure Stack Hub VMs to restore from backup
    5. CloudPoint storage array plug-ins
      1.  
        How to configure the CloudPoint storage array plug-ins?
      2. NetApp plug-in configuration notes
        1.  
          NetApp plug-in configuration parameters
        2.  
          Configuring a dedicated LIF for NetBackup access
        3.  
          Supported CloudPoint operations on NetApp storage
      3.  
        ACL configuration on NetApp array
      4. Nutanix Files plug-in configuration notes
        1.  
          Nutanix Files plug-in configuration prerequisites
        2.  
          Nutanix Files plug-in considerations and limitations
        3.  
          Supported CloudPoint operations on Nutanix Files File Server
        4. Troubleshooting NetBackup issues for Nutanix Files
          1.  
            Backup jobs for Nutanix Files fail due to snapshot import and export operations failures
          2.  
            Plug-in configuration may fail if the Nutanix Files version is unsupported
      5.  
        Configuring ACL for Nutanix array
      6. Dell EMC Unity array plug-in configuration notes
        1.  
          Dell EMC Unity array plug-in configuration parameters
        2.  
          Supported Dell EMC Unity arrays
        3.  
          Supported CloudPoint operations on Dell EMC Unity arrays
      7. FUJITSU AF/DX plug-in configuration notes
        1.  
          FUJITSU AF/DX plug-in configuration parameters
        2.  
          Supported CloudPoint operations on FUJITSU AF/DX models
      8. NetApp NAS plug-in configuration notes
        1.  
          NetApp NAS plug-in configuration parameters
        2.  
          Supported CloudPoint operations on NetApp NAS models
      9. Dell EMC PowerStore plug-in configuration notes
        1.  
          Dell EMC PowerStore plug-in configuration parameters
        2.  
          Supported CloudPoint operations on Dell EMC PowerStore models
      10. Dell EMC PowerStore NAS plug-in configuration notes
        1.  
          Dell EMC PowerStore NAS plug-in configuration parameters
        2.  
          Supported CloudPoint operations on Dell EMC PowerStore NAS models
      11. Dell EMC PowerFlex plug-in configuration notes
        1.  
          Dell EMC PowerFlex plug-in configuration parameters
        2.  
          Supported CloudPoint operations on Dell EMC PowerFlex models
      12. Dell EMC XtremIO SAN plug-in configuration notes
        1.  
          Dell EMC XtremIO SAN plug-in configuration parameters
        2.  
          Supported CloudPoint operations on Dell EMC XtremIO SAN models
      13. Pure Storage FlashArray plug-in configuration notes
        1.  
          Supported Pure Storage FlashArray models
        2.  
          Supported CloudPoint operations on Pure Storage FlashArray models
      14. Pure Storage FlashBlade plug-in configuration notes
        1.  
          Pure Storage FlashBlade plug-in configuration parameters
        2.  
          Supported CloudPoint operations on Pure Storage FlashBlade models
      15. IBM Storwize plug-in configuration notes
        1.  
          IBM Storwize plug-in configuration parameters
        2.  
          Supported CloudPoint operations on IBM Storwize models
      16. HPE RMC plug-in configuration notes
        1.  
          RMC plug-in configuration parameters
        2.  
          Supported HPE storage systems
        3.  
          Supported CloudPoint operations on HPE storage arrays
      17. HPE XP plug-in configuration notes
        1.  
          HPE XP plug-in configuration parameters
        2.  
          Supported CloudPoint operations on HPE XP storage arrays
      18. Hitachi plug-in configuration notes
        1.  
          Hitachi plug-in configuration parameters
        2.  
          Supported Hitachi storage arrays
        3.  
          Supported CloudPoint operations on Hitachi arrays
      19. Hitachi (HDS VSP 5000) plug-in configuration notes
        1.  
          Hitachi (HDS VSP 5000) plug-in configuration parameters
        2.  
          Supported CloudPoint operations on Hitachi (HDS VSP 5000) array
      20. InfiniBox plug-in configuration notes
        1.  
          InifiniBox plug-in configuration parameters
        2.  
          Supported CloudPoint operations on InfiniBox arrays
      21. Dell EMC PowerScale (Isilon) plug-in configuration notes
        1.  
          Dell EMC PowerScale (Isilon) plug-in configuration prerequisites
        2.  
          Supported CloudPoint operations on Dell EMC PowerScale (Isilon) plug-in
      22. Dell EMC PowerMax and VMax plug-in configuration notes
        1.  
          Dell EMC PowerMax and VMax plug-in configuration prerequisites
        2.  
          Supported CloudPoint operations on Dell EMC PowerMax and VMax
      23. Qumulo plug-in configuration notes
        1.  
          Qumulo plug-in configuration prerequisites
        2.  
          Qumulo plug-in considerations and limitations
        3.  
          Supported CloudPoint operations on Qumulo plug-in
    6. CloudPoint application agents and plug-ins
      1.  
        Microsoft SQL plug-in configuration notes
      2. Oracle plug-in configuration notes
        1.  
          Optimizing your Oracle database data and metadata files
      3.  
        About the installation and configuration process
      4.  
        Preparing to install the Linux-based agent
      5.  
        Preparing to install the Windows-based agent
      6.  
        Downloading and installing the CloudPoint agent
      7.  
        Registering the Linux-based agent
      8.  
        Registering the Windows-based agent
      9.  
        Configuring the CloudPoint application plug-in
      10.  
        Configuring VSS to store shadow copies on the originating drive
      11.  
        Creating a NetBackup protection plan for cloud assets
      12.  
        Subscribing cloud assets to a NetBackup protection plan
      13.  
        Restore requirements and limitations for Microsoft SQL Server
      14.  
        Restore requirements and limitations for Oracle
      15.  
        Additional steps required after an Oracle snapshot restore
      16.  
        Steps required before restoring SQL AG databases
      17.  
        Recovering a SQL database to the same location
      18.  
        Recovering a SQL database to an alternate location
      19. Additional steps required after a SQL Server snapshot restore
        1.  
          Steps required after a SQL Server disk-level snapshot restore to new location
      20.  
        Additional steps required after restoring SQL AG databases
      21.  
        SQL snapshot or restore and granular restore operations fail if the Windows instance loses connectivity with the CloudPoint host
      22.  
        Disk-level snapshot restore fails if the original disk is detached from the instance
      23.  
        Additional steps required after restoring an AWS RDS database instance
    7. Protecting assets with CloudPoint's agentless feature
      1.  
        About the agentless feature
      2. Prerequisites for the agentless configuration
        1.  
          Configuring SMB for Windows (Optional)
        2.  
          Configuring WMI security for Windows (optional)
      3.  
        Configuring the agentless feature
      4.  
        Configuring the agentless feature after upgrading CloudPoint
    8. Volume Encryption in NetBackup CloudPoint
      1.  
        About volume encryption support in CloudPoint
      2.  
        Volume encryption for Azure
      3.  
        Volume encryption for GCP
      4.  
        Volume encryption for AWS
    9. CloudPoint security
      1.  
        Configuring security for Azure and Azure Stack
      2.  
        Configuring the cloud connector for Azure and Azure Stack
      3.  
        CA configuration for Azure Stack
      4.  
        Securing the connection to CloudPoint
  2. Section II. CloudPoint maintenance
    1. CloudPoint logging
      1.  
        About CloudPoint logging mechanism
      2. How Fluentd-based CloudPoint logging works
        1.  
          About the CloudPoint fluentd configuration file
        2.  
          Modifying the fluentd configuration file
      3.  
        CloudPoint logs
      4.  
        Agentless logs
      5.  
        Troubleshooting CloudPoint logging
    2. Upgrading CloudPoint
      1.  
        About CloudPoint upgrades
      2.  
        Supported upgrade path
      3.  
        Upgrade scenarios
      4.  
        Preparing to upgrade CloudPoint
      5. Upgrading CloudPoint
        1.  
          Upgrade in Docker environment
        2.  
          Upgrade in Podman environment
      6.  
        Upgrading CloudPoint using patch or hotfix
      7. Migrating and upgrading CloudPoint
        1.  
          Before you begin migrating CloudPoint
        2.  
          Migrate and upgrade CloudPoint on RHEL 8.5 or 8.4
      8.  
        Post-upgrade tasks
    3. Uninstalling CloudPoint
      1.  
        Preparing to uninstall CloudPoint
      2.  
        Backing up CloudPoint
      3.  
        Unconfiguring CloudPoint plug-ins
      4.  
        Unconfiguring CloudPoint agents
      5.  
        Removing the CloudPoint agents
      6.  
        Removing CloudPoint from a standalone Docker host environment
      7.  
        Removing CloudPoint extensions - VM-based or managed Kubernetes cluster-based
      8.  
        Restoring CloudPoint
    4. Troubleshooting CloudPoint
      1.  
        Troubleshooting CloudPoint

AWS plug-in configuration notes

The Amazon Web Services (AWS) plug-in lets you create, restore, and delete snapshots of the following assets in an Amazon cloud:

  • Elastic Compute Cloud (EC2) instances

  • Elastic Block Store (EBS) volumes

  • Amazon Relational Database Service (RDS) instances

  • Aurora clusters

Note:

Before you configure the AWS plug-in, make sure that you have configured the proper permissions so CloudPoint can work with your AWS assets.

CloudPoint supports the following AWS regions:

Table: AWS regions supported by CloudPoint

AWS commercial regions

AWS GovCloud (US) regions

  • us-east-1, us-east-2, us-west-1, us-west-2

  • ap-east-1, ap-south-1, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-southeast-3

  • eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, eu-south-1 Milan, eu-south-1 Cape Town

  • cn-north-1, cn-northwest-1

  • ca-central-1

  • me-south-1

  • sa-east-1

  • us-gov-east-1

  • us-gov-west-1

The following information is required for configuring the CloudPoint plug-in for AWS:

If CloudPoint is deployed on a on-premise host or a virtual machine:

Table: AWS plug-in configuration parameters

CloudPoint configuration parameter

AWS equivalent term and description

Access key

The access key ID, when specified with the secret access key, authorizes CloudPoint to interact with the AWS APIs.

Secret key

The secret access key.

Regions

One or more AWS regions in which to discover cloud assets.

Note:

CloudPoint encrypts credentials using AES-256 encryption.

If CloudPoint is deployed in the AWS cloud:

Table: AWS plug-in configuration parameters: cloud deployment

CloudPoint configuration parameter

Description

For Source Account configuration

Regions

One or more AWS regions associated with the AWS source account in which to discover cloud assets.

Note:

If you deploy CloudPoint using the CloudFormation template (CFT), then the source account is automatically configured as part of the template-based deployment workflow.

For Cross Account configuration

Account ID

The account ID of the other AWS account (cross account) whose assets you wish to protect using the CloudPoint instance configured in the Source Account.

Role Name

The IAM role that is attached to the other AWS account (cross account).

Regions

One or more AWS regions associated with the AWS cross account in which to discover cloud assets.

When CloudPoint connects to AWS, it uses the following endpoints. You can use this information to create a allowed list on your firewall.

  • ec2.*.amazonaws.com

  • sts.amazonaws.com

  • rds.*.amazonaws.com

  • kms. *.amazonaws.com

  • ebs.*.amazonaws.com

  • iam.amazonaws.com

In addition, you must specify the following resources and actions:

  • ec2.SecurityGroup.*

  • ec2.Subnet.*

  • ec2.Vpc.*

  • ec2.createInstance

  • ec2.runInstances

Configuring multiple accounts or subscriptions or projects

  • If you are creating multiple configurations for the same plug-in, ensure that they manage assets from different Tenant IDs. Two or more plug-in configurations should not manage the same set of cloud assets simultaneously.

  • When multiple accounts are all managed with a single CloudPoint server, the number of assets being managed by a single CloudPoint instance might get too large and it would be better to space them out.

  • To achieve application consistent snapshots, we would require agent/agentless network connections between the remote VM instance and CloudPoint server. This would require setting up cross account/subscription/project networking.

AWS plug-in considerations and limitations

Before you configure the plug-in, consider the following:

  • CloudPoint does not support AWS Nitro-based instances that use EBS volumes that are exposed as non-volatile memory express (NVMe) devices.

    To allow CloudPoint to discover and protect AWS Nitro-based Windows instances that use NVMe EBS volumes, ensure that the AWS NVMe tool executable file, ebsnvme-id.exe, is present in any of the following locations on the AWS Windows instance:

    • %PROGRAMDATA%\Amazon\Tools

      This is the default location for most AWS instances.

    • %PROGRAMFILES%\Veritas\Cloudpoint

      Manually download and copy the executable file to this location.

    • System PATH environment variable

      Add or update the executable file path in the system's PATH environment variable.

      If the NVMe tool is not present in one of the mentioned locations, CloudPoint may fail to discover the file systems on such instances.

      You may see the following error in the logs:

      "ebsnvme-id.exe" not found in expected paths!"

  • To allow CloudPoint to discover and protect Windows instances created from custom/community AMI.

    • AWS NVMe drivers must be installed on custom or community AMIs. See this link.

    • Install the ebsnvme-id.exe either in %PROGRAMDATA%\Amazon\Tools or %PROGRAMFILES%\Veritas\Cloudpoint

    • Friendly device name must contain the substring "NVMe", or update in Windows registry for all NVMe backed devices.

      Registry path:

      Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001

      \Enum\SCSI\Disk&Ven_NVMe&Prod_Amazon_Elastic_B\

      Property Name: FriendlyName

      Value: NVMe Amazon Elastic B SCSI Disk Drive

  • You cannot delete automated snapshots of RDS instances and Aurora clusters through CloudPoint.

  • You cannot take application-consistent snapshots of AWS RDS instances. Even though CloudPoint allows you to create an application-consistent snapshot for such an instance, the actual snapshot that gets created is not application-consistent.

    This is a limitation from AWS and is currently outside the scope of CloudPoint.

  • All automated snapshot names start with the pattern rds:.

  • If you are configuring the plug-in to discover and protect AWS Nitro-based Windows instances that use NVMe EBS volumes, you must ensure that the AWS NVMe tool executable file, ebsnvme-id.exe, is present in any of the following locations on the AWS instance:

    • %PROGRAMDATA%\Amazon\Tools

      This is the default location for most AWS instances.

    • %PROGRAMFILES%\Veritas\Cloudpoint

      Manually download and copy the executable file to this location.

    • System PATH environment variable

      Add or update the executable file path in the system's PATH environment variable.

    If the NVMe tool is not present in one of the mentioned locations, CloudPoint may fail to discover the file systems on such instances. You may see the following error in the logs:

    "ebsnvme-id.exe" not found in expected paths!"

    This is required for AWS Nitro-based Windows instances only. Also, if the instance is launched using the community AMI or custom AMI, you might need to install the tool manually.

  • CloudPoint does not support cross-account replication for AWS RDS instances or clusters, if the snapshots are encrypted using the default RDS encryption key (aws/rds). You cannot share such encrypted snapshots between AWS accounts.

    If you try to replicate such snapshots between AWS accounts, the operation fails with the following error:

    Replication failed The source snapshot KMS key [<key>] does not exist, 
is not enabled or you do not have permissions to access it.

    This is a limitation from AWS and is currently outside the scope of CloudPoint.

  • If a region is removed from the AWS plug-in configuration, then all the discovered assets from that region are also removed from the CloudPoint assets database. If there are any active snapshots that are associated with the assets that get removed, then you may not be able perform any operations on those snapshots.

    Once you add that region back into the plug-in configuration, CloudPoint discovers all the assets again and you can resume operations on the associated snapshots. However, you cannot perform restore operations on the associated snapshots.

  • CloudPoint supports commercial as well as GovCloud (US) regions. During AWS plug-in configuration, even though you can select a combination of AWS commercial and GovCloud (US) regions, the configuration will eventually fail.

  • CloudPoint does not support IPv6 addresses for AWS RDS instances. This is a limitation of Amazon RDS itself and is not related to CloudPoint.

    Refer to the AWS documentation for more information:

    https://aws.amazon.com/premiumsupport/knowledge-center/rds-ipv6/

  • CloudPoint does not support application consistent snapshots and granular file restores for Windows systems with virtual disks or storage spaces that are created from a storage pool. If a Microsoft SQL server snapshot job uses disks from a storage pool, the job fails with an error. But if a snapshot job for virtual machine which is in a connected state is triggered, the job might be successful. In this case, the file system quiescing and indexing is skipped. The restore job for such an individual disk to original location also fails. In this condition, the host might move to an unrecoverable state and requires a manual recovery.