NetBackup™ Commands Reference Guide

Last Published:
Product(s): NetBackup (10.0)
  1. Introduction
    1.  
      About NetBackup commands
    2.  
      Navigating multiple menu levels
    3.  
      NetBackup command conventions
    4.  
      NetBackup Media Manager command notes
    5.  
      IPV6 updates
  2. Appendix A. NetBackup Commands
    1.  
      acsd
    2.  
      add_media_server_on_clients
    3.  
      backupdbtrace
    4.  
      backuptrace
    5.  
      bmrc
    6.  
      bmrconfig
    7.  
      bmrepadm
    8.  
      bmrprep
    9.  
      bmrs
    10.  
      bmrsrtadm
    11.  
      bp
    12.  
      bparchive
    13.  
      bpbackup
    14.  
      bpbackupdb
    15.  
      bpcatarc
    16.  
      bpcatlist
    17.  
      bpcatres
    18.  
      bpcatrm
    19.  
      bpcd
    20.  
      bpchangeprimary
    21.  
      bpcleanrestore
    22.  
      bpclient
    23.  
      bpclimagelist
    24.  
      bpclntcmd
    25.  
      bpclusterutil
    26.  
      bpcompatd
    27.  
      bpconfig
    28.  
      bpdbjobs
    29.  
      bpdbm
    30.  
      bpdgclone
    31.  
      bpdown
    32.  
      bpduplicate
    33.  
      bperror
    34.  
      bpexpdate
    35.  
      bpfis
    36.  
      bpflist
    37.  
      bpgetconfig
    38.  
      bpgetdebuglog
    39.  
      bpimage
    40.  
      bpimagelist
    41.  
      bpimmedia
    42.  
      bpimport
    43.  
      bpinst
    44.  
      bpkeyfile
    45.  
      bpkeyutil
    46.  
      bplabel
    47.  
      bplist
    48.  
      bpmedia
    49.  
      bpmedialist
    50.  
      bpminlicense
    51.  
      bpnbat
    52.  
      bpnbaz
    53.  
      bppficorr
    54.  
      bpplcatdrinfo
    55.  
      bpplclients
    56.  
      bppldelete
    57.  
      bpplinclude
    58.  
      bpplinfo
    59.  
      bppllist
    60.  
      bpplsched
    61.  
      bpplschedrep
    62.  
      bpplschedwin
    63.  
      bppolicynew
    64.  
      bpps
    65.  
      bprd
    66.  
      bprecover
    67.  
      bprestore
    68.  
      bpretlevel
    69.  
      bpschedule
    70.  
      bpschedulerep
    71.  
      bpsetconfig
    72.  
      bpstsinfo
    73.  
      bpstuadd
    74.  
      bpstudel
    75.  
      bpstulist
    76.  
      bpsturep
    77.  
      bptestbpcd
    78.  
      bptestnetconn
    79.  
      bptpcinfo
    80.  
      bpup
    81.  
      bpverify
    82.  
      cat_convert
    83.  
      cat_export
    84.  
      cat_import
    85.  
      configureCerts
    86.  
      configureMQ
    87.  
      configurePorts
    88.  
      configureWebServerCerts
    89.  
      create_nbdb
    90.  
      csconfig cldinstance
    91.  
      csconfig cldprovider
    92.  
      csconfig meter
    93.  
      csconfig reinitialize
    94.  
      csconfig throttle
    95.  
      duplicatetrace
    96.  
      importtrace
    97.  
      jbpSA
    98.  
      jnbSA
    99.  
      ltid
    100.  
      mklogdir
    101.  
      nbauditreport
    102.  
      nbcallhomeproxyconfig
    103.  
      nbcatsync
    104.  
      NBCC
    105.  
      NBCCR
    106.  
      nbcertcmd
    107.  
      nbcertupdater
    108.  
      nbcldutil
    109.  
      nbcloudrestore
    110.  
      nbcomponentupdate
    111.  
      nbcplogs
    112.  
      nbcredkeyutil
    113.  
      nbdb_admin
    114.  
      nbdb_backup
    115.  
      nbdb_move
    116.  
      nbdb_ping
    117.  
      nbdb_restore
    118.  
      nbdb_unload
    119.  
      nbdb2adutl
    120.  
      nbdbms_start_server
    121.  
      nbdbms_start_stop
    122.  
      nbdc
    123.  
      nbdecommission
    124.  
      nbdelete
    125.  
      nbdeployutil
    126.  
      nbdevconfig
    127.  
      nbdevquery
    128.  
      nbdiscover
    129.  
      nbdna
    130.  
      nbemm
    131.  
      nbemmcmd
    132.  
      nbfindfile
    133.  
      nbfirescan
    134.  
      nbfp
    135.  
      nbftadm
    136.  
      nbftconfig
    137.  
      nbgetconfig
    138.  
      nbhba
    139.  
      nbholdutil
    140.  
      nbhostidentity
    141.  
      nbhostmgmt
    142.  
      nbhypervtool
    143.  
      nbidpcmd
    144.  
      nbimageshare
    145.  
      nbinstallcmd
    146.  
      nbjm
    147.  
      nbkmiputil
    148.  
      nbkmscmd
    149.  
      nbkmsutil
    150.  
      nboraadm
    151.  
      nborair
    152.  
      nbpem
    153.  
      nbpemreq
    154.  
      nbmlb
    155.  
      nbperfchk
    156.  
      nbplupgrade
    157.  
      nbrb
    158.  
      nbrbutil
    159.  
      nbregopsc
    160.  
      nbreplicate
    161.  
      nbrepo
    162.  
      nbrestorevm
    163.  
      nbseccmd
    164.  
      nbserviceusercmd
    165.  
      nbsetconfig
    166.  
      nbsmartdiag
    167.  
      nbsnapimport
    168.  
      nbsnapreplicate
    169.  
      nbsqladm
    170.  
      nbstl
    171.  
      nbstlutil
    172.  
      nbstop
    173.  
      nbsu
    174.  
      nbsvrgrp
    175.  
      netbackup_deployment_insights
    176.  
      resilient_clients
    177.  
      restoretrace
    178.  
      stopltid
    179.  
      tldd
    180.  
      tldcd
    181.  
      tpautoconf
    182.  
      tpclean
    183.  
      tpconfig
    184.  
      tpext
    185.  
      tpreq
    186.  
      tpunmount
    187.  
      verifytrace
    188.  
      vltadm
    189.  
      vltcontainers
    190.  
      vlteject
    191.  
      vltinject
    192.  
      vltoffsitemedia
    193.  
      vltopmenu
    194.  
      vltrun
    195.  
      vmadd
    196.  
      vmchange
    197.  
      vmcheckxxx
    198.  
      vmd
    199.  
      vmdelete
    200.  
      vmoprcmd
    201.  
      vmphyinv
    202.  
      vmpool
    203.  
      vmquery
    204.  
      vmrule
    205.  
      vmupdate
    206.  
      vnetd
    207.  
      vssat
    208.  
      vwcp_manage
    209.  
      vxlogcfg
    210.  
      vxlogmgr
    211.  
      vxlogview
    212.  
      W2KOption
  3.  
    Index

Name

nbkmsutil — run the NetBackup Key Management Service utility

SYNOPSIS

nbkmsutil [-createkey] [-createkg] [-deletekey] [-deletekg] [-export] [-gethmkid] [-getkpkid] [-import] [-ksstats] [-listkeys] [-listkgs] [-modifyhmk] [-modifykey] [-modifykg] [-modifykpk] [-quiescedb] [-recoverkey] [-unquiescedb]

nbkmsutil -createkey [ -nopphrase ] -kgname key_group_name -keyname key_name [ -activate ] [ -desc description ]

nbkmsutil -createkg -kgname key_group_name [ -cipher type ] [ -desc description ]

nbkmsutil -deletekey -keyname key_name -kgname key_group_name

nbkmsutil -deletekg -kgname key_group_name

nbkmsutil -export -path secure_key_container [-key_groups key_group_name_1 ... | -key_file key_file_name]

nbkmsutil -gethmkid

nbkmsutil -getkpkid

nbkmsutil -import -path secure_key_container [-preserve_kgname] [-desc description] [-preview]

nbkmsutil -ksstats [-noverbose]

nbkmsutil -listkeys -kgname key_group_name [ -keyname key_name | -activekey ] [ -verbose ]

nbkmsutil -listkgs [ -kgname key_group_name | -cipher type | -emptykgs | -noactive ] [ -verbose ]

nbkmsutil -modifyhmk [ -nopphrase ]

nbkmsutil -modifykey -keyname key_name -kgname key_group_name [ -state new_state | -activate ] [ -name new_keyname ] [ -desc new_description ]

nbkmsutil -modifykg -kgname key_group_name [ -name new_key_group_name ] [ -desc new_description ]

nbkmsutil -modifykpk [ -nopphrase ]

nbkmsutil -quiescedb

nbkmsutil -recoverkey -keyname key_name -kgnamekey_group_name -tag key_tag [-desc description]

nbkmsutil -unquiescedb

 

On UNIX systems, the directory path to this command is /usr/openv/netbackup/bin/admincmd/

On Windows systems, the directory path to this command is install_path\NetBackup\bin\admincmd\

DESCRIPTION

The nbkmsutil command performs the following operations:

-createkey

Create a new key. The default state of the new key is Prelive.

-createkg

Create a new key group. The default cipher of the new key group is AES_256.

-deletekey

Delete a key. Only keys in Prelive and Terminated states can be deleted.

-deletekg

Delete an empty key group.

To force the delete of a key group that is not empty, use the -force option.

# nbkmsutil -deletekg -kgname key_group_name -force

-export

Exports keys and keys groups across domains

-gethmkid

Return the current HMK ID.

-getkpkid

Returns the current KPK ID.

-import

Imports keys and keys groups across domains

To preview the results of the import option, use -preview.

# nbkmsutil -import -path secure_key_container -preview

-ksstats

Returns the keystore statistics. The statistics consist of the number of key groups, the total number of keys, and the outstanding quiesce calls.

-listkeys

Get the details of keys.

-listkgs

Get the details of the key groups. If no option is specified, retrieve the details of all the key groups.

-modifyhmk

Modify the host master key (HMK). HMK is used to encrypt the keystore. To modify the HMK, provide an optional seed (passphrase) and an HMK ID which can remind the user of the specified passphrase. The passphrase and the HMK ID are both read interactively.

-modifykey

Modify key attributes.

-modifykg

Modify key group attributes.

-modifykpk

Modify the key protection key (KPK). KPK is used to encrypt KMS keys. KPK is per keystore. To modify the KPK, provide an optional seed (passphrase) and a KPK ID which can remind the user of the specified passphrase. The passphrase and the KPK ID are both read interactively.

-quiescedb

Sends a quiesce request to KMS. If the command succeeds, the current outstanding quiesce count is returned (as multiple backup jobs might quiesce the KMS DB to back it up)

-recoverkey

Restore could fail if a key used in encrypting the backup data is lost. Such Keys can be recovered (re-created) with the knowledge of the original Key's attributes (tag and passphrase).

-unquiescedb

Sends an unquiesce request to KMS. If the command succeeds, the current outstanding quiesce count is returned. A count of zero (0) means that the KMS database is completely unquiesced.

OPTIONS

The nbkmsutil command uses the following options:

-activate

Sets the state of the specified key to active. The default state is prelive.

-activekey

Retrieves the details of a specific key group's active key.

-cipher

The type of cipher that the key group supports. All keys that belong to a key group support the same cipher type. Supported cipher types are BLOW, AES_128, AES_192, and AES_256 (default cipher).

-emptykgs

Retrieves the details of all the key groups with zero keys in it.

-keyname

key_name specifies the name of a key. This name should be unique within a key group. The key group name and key name uniquely identify a key in the keystore.

-kgname

key_group_name specifies the name of a key group. Within a keystore, the key group name uniquely identifies the key group.

-name

Specifies the new name of the key group when used with -modifykg or the new name of the key when used with -modifykey. The new key group name must not conflict with other names in the keystore.

-noactive

Retrieves the details of all the key groups in which there are no active keys.

-nopphrase

Disables the utility function that prompts you for a pass phrase. Instead, the utility creates the key. The default condition is the use of the pass phrase to create a key with a seed. A lengthy seed and a strong seed results in a strong key.

-noverbose

Disables verbosity. The default condition is verbosity, which prints the details in readable format.

-state

new_state specifies the new state of the Key. Possible states are Prelive, Active, Inactive, Deprecated, and Terminated.

Key states can be changed only in the following ways:

  • Prelive to Active

  • Transition between Active and Inactive

  • Transition between Inactive and Deprecated

  • Transition between Deprecated and Terminated

-tag

key_tag specifies a random unique identifier that is created for the key record that the utility creates. The listkey option can display this tag. If you need to recover (recreate) the key record, you need to use the original tag value, hence the - tag option for these recovery options.