NetBackup™ for Cloud Object Store Administrator's Guide
- Introduction
- Managing Cloud object store assets
- Planning NetBackup protection for Cloud object store assets
- Prerequisites for adding Cloud object store accounts
- Configuring buffer size for backups
- Permissions required for Amazon S3 cloud provider user
- Permissions required for Azure blob storage
- Permissions required for GCP
- Limitations and considerations
- Adding Cloud object store accounts
- Manage Cloud object store accounts
- Scan for malware
- Protecting Cloud object store assets
- About accelerator support
- About incremental backup
- About dynamic multi-streaming
- About policies for Cloud object store assets
- Planning for policies
- Prerequisites for Cloud object store policies
- Creating a backup policy
- Policy attributes
- Creating schedule attributes for policies
- Configuring the Start window
- Configuring the exclude dates
- Configuring the include dates
- Configuring the Cloud objects tab
- Adding conditions
- Adding tag conditions
- Examples of conditions and tag conditions
- Managing Cloud object store policies
- Recovering Cloud object store assets
- Troubleshooting
- Reduced acceleration during the first full backup, after upgrade to version 10.5
- After backup, some files in the shm folder and shared memory are not cleaned up.
- After an upgrade to NetBackup version 10.5, copying, activating, and deactivating policies may fail for older policies
- Backup fails with default number of streams with the error: Failed to start NetBackup COSP process.
- Backup fails or becomes partially successful on GCP storage for objects with content encoding as GZIP.
- Recovery for the original bucket recovery option starts, but the job fails with error 3601
- Recovery Job does not start
- Restore fails: "Error bpbrm (PID=3899) client restore EXIT STATUS 40: network connection broken"
- Access tier property not restored after overwriting the existing object in the original location
- Reduced accelerator optimization in Azure for OR query with multiple tags
- Backup failed and shows a certificate error with Amazon S3 bucket names containing dots (.)
- Azure backup jobs fail when space is provided in a tag query for either tag key name or value.
- The Cloud object store account has encountered an error
- The bucket is list empty during policy selection
- Creating a second account on Cloudian fails by selecting an existing region
- Restore failed with 2825 incomplete restore operation
- Bucket listing of a cloud provider fails when adding a bucket in the Cloud objects tab
- AIR import image restore fails on the target domain if the Cloud store account is not added to the target domain
- Backup for Azure Data Lake fails when a back-level media server is used with backup host or storage server version 10.3
- Backup fails partially in Azure Data Lake: "Error nbpem (pid=16018) backup of client
- Recovery for Azure Data Lake fails: "This operation is not permitted as the path is too deep"
- Empty directories are not backed up in Azure Data Lake
- Recovery error: "Invalid alternate directory location. You must specify a string with length less than 1025 valid characters"
- Recovery error: "Invalid parameter specified"
- Restore fails: "Cannot perform the COSP operation, skipping the object: [/testdata/FxtZMidEdTK]"
- Cloud store account creation fails with incorrect credentials
- Discovery failures due to improper permissions
- Restore failures due to object lock
Managing Certification Authorities (CA) for NetBackup Cloud
NetBackup supports only X.509 certificates in .PEM (Privacy-enhanced Electronic Mail) format.
You can find the details of the Certification Authorities (CAs) in the cacert.pem bundle at the following location:
Windows:
<installation-path>\NetBackup\var\global\cloudUNIX:
/usr/openv/var/global/cloud/
Note:
In a cluster deployment, the NetBackup database path points to the shared disk, which is accessible from the active node.
You can add or remove a CA from the cacert.pem bundle.
After you complete the changes, when you upgrade to a new version of NetBackup, the cacert.pem bundle is overwritten by the new bundle. All the entries that you may have added or removed are lost. As a best practice, keep a local copy of the edited cacert.pem file. You can use the local copy to override the upgraded file and restore your changes.
Note:
Ensure that you do not change the file permission and ownership of the cacert.pem file.
To add a CA
You must get a CA certificate from the required cloud provider and update it in the cacert.pem file. The certificate must be in .PEM format.
- Open the
cacert.pemfile. - Append the self-signed CA certificate on a new line and at the beginning or end of the
cacert.pemfile.Add the following information block:
Certificate Authority Name
==========================
- - - - - BEGIN CERTIFICATE - - - - -
<Certificate content>
- - - - - END CERTIFICATE - - - - -
- Save the file.
To remove a CA
Before you remove a CA from the cacert.pem file, ensure that none of the cloud jobs are using the related certificate.
- Open the
cacert.pemfile. - Remove the required CA. Remove the following information block:
Certificate Authority Name
==========================
- - - - - BEGIN CERTIFICATE - - - - -
<Certificate content>
- - - - - END CERTIFICATE - - - - -
- Save the file.
Starfield Services Root Certificate Authority - G2
Baltimore CyberTrust Root
DigiCert Assured ID Root CA
DigiCert Assured ID Root G2
DigiCert Assured ID Root G3
DigiCert Global CA G2
DigiCert Global Root CA
DigiCert Global Root G2
DigiCert Global Root G3
DigiCert High Assurance EV Root CA
DigiCert Trusted Root G4
D-Trust Root Class 3 CA 2 2009
GlobalSign Root CA
GlobalSign Root CA - R3
COMODO RSA Certification Authority
AAA Certificate Services
Go Daddy Root Certificate Authority - G2
ISRG Root X1