NetBackup™ Deduplication Guide
- Introducing the NetBackup media server deduplication option
- Planning your deployment- Planning your MSDP deployment
- NetBackup naming conventions
- About MSDP deduplication nodes
- About the NetBackup deduplication destination
- About MSDP capacity support and hardware requirements
- About MSDP storage and connectivity requirements
- About NetBackup media server deduplication
- About NetBackup Client Direct deduplication
- About MSDP remote office client deduplication
- About the NetBackup Deduplication Engine credentials
- About the network interface for MSDP
- About MSDP port usage
- About MSDP optimized synthetic backups
- About MSDP and SAN Client
- About MSDP optimized duplication and replication
- About MSDP stream handlers
- MSDP deployment best practices- Use fully qualified domain names
- About scaling MSDP
- Send initial full backups to the storage server
- Increase the number of MSDP jobs gradually
- Introduce MSDP load balancing servers gradually
- Implement MSDP client deduplication gradually
- Use MSDP compression and encryption
- About the optimal number of backup streams for MSDP
- About storage unit groups for MSDP
- About protecting the MSDP data
- Save the MSDP storage server configuration
- Plan for disk write caching
 
 
- Provisioning the storage
- Configuring deduplication- Configuring media server deduplication in NetBackup
- Configuring MSDP client-side deduplication
- About the MSDP Deduplication Multi-Threaded Agent
- About MSDP fingerprinting- About the MSDP fingerprint cache
- Configuring the MSDP fingerprint cache behavior
- MSDP fingerprint cache behavior options
- About seeding the MSDP fingerprint cache for remote client deduplication
- Configuring MSDP fingerprint cache seeding on the client
- Configuring MSDP fingerprint cache seeding on the storage server
- NetBackup seedutil options
- About sampling and predictive cache
- Rebuilding the sampling cache
 
- Enabling 400 TB support for MSDP
- Configuring a storage server for a Media Server Deduplication Pool
- About disk pools for NetBackup deduplication
- Configuring a Media Server Deduplication Pool storage unit
- Configuring client attributes for MSDP client-side deduplication
- About MSDP compression
- About MSDP encryption
- About MSDP Encryption using NetBackup Key Management Server service
- About MSDP Encryption using external KMS server
- Configuring optimized synthetic backups for MSDP
- About a separate network path for MSDP duplication and replication
- About MSDP optimized duplication within the same domain- About the media servers for MSDP optimized duplication within the same domain
- About MSDP push duplication within the same domain
- About MSDP pull duplication within the same domain
- Configuring MSDP optimized duplication within the same NetBackup domain
- Configuring NetBackup optimized duplication or replication behavior
- Setting NetBackup configuration options by using the command line
 
- About MSDP replication to a different domain
- Configuring MSDP replication to a different NetBackup domain- About NetBackup Auto Image Replication
- About trusted primary servers for Auto Image Replication
- About the certificate to use to add a trusted primary server
- Add a trusted primary server
- Remove a trusted primary server
- Enable inter-node authentication for a NetBackup clustered primary server
- Configuring NetBackup CA and NetBackup host ID-based certificate for secure communication between the source and the target MSDP storage servers
- Configuring external CA for secure communication between the source MSDP storage server and the target MSDP storage server
- Configuring a target for MSDP replication to a remote domain
 
- About configuring MSDP optimized duplication and replication bandwidth
- About performance tuning of optimized duplication and replication for large images
- About performance tuning of optimized duplication and replication for MSDP cloud
- About storage lifecycle policies
- About MSDP backup policy configuration
- Creating a backup policy
- Resilient network properties
- Adding an MSDP load balancing server
- About variable-length deduplication on NetBackup clients
- About the MSDP pd.conf configuration file
- About the MSDP contentrouter.cfg file
- About saving the MSDP storage server configuration
- Setting the MSDP storage server configuration
- About the MSDP host configuration file
- Deleting an MSDP host configuration file
- Resetting the MSDP registry
- About protecting the MSDP catalog
- About MSDP FIPS compliance
- Configuring the NetBackup client-side deduplication to support multiple interfaces of MSDP
- About MSDP multi-domain support
- About MSDP application user support
- About MSDP mutli-domain VLAN Support
- About NetBackup WORM storage support for immutable and indelible data
- Running MSDP services with the non-root user
- Running MSDP commands with the non-root user
 
- MSDP volume group (MVG)- About the MSDP volume group
- Configuring the MSDP volume group- MSDP volume group requirements
- Configuring an MVG server using the web UI
- Creating an MVG volume using the web UI
- Configuring an MVG server using the command-line
- Creating an MVG volume using the command-line
- Updating an MVG volume using the command-line
- Configuring the targeted AIR with an MVG volume
- Updating an MVG volume using the web UI
- Listing the MVG volumes
- Deleting an MVG volume
- Configuring the MSDP server to be used by an MVG server having different credentials
- Migrate a backup policy from a regular MSDP disk volume to the MVG volume
- Migrate a backup policy from an MVG volume to a regular MSDP disk volume
- Assigning a client policy combination to another MSDP server
- Removing an MVG server configuration
 
- MSDP volume group disaster recovery
- The MSDP server maintenance
- Limitations of the MSDP volume group
- About the node failure management
- MSDP volume group best practices
- MSDP commands for MVG maintenance
- Troubleshooting the MVG errors
 
- MSDP cloud support- About MSDP cloud support
- Create a Media Server Deduplication Pool storage server in the NetBackup web UI
- Managing credentials for MSDP-C
- Creating a cloud storage unit
- Updating cloud credentials for a cloud LSU
- Updating encryption configurations for a cloud LSU
- Deleting a cloud LSU
- Backup data to cloud by using cloud LSU
- Duplicate data cloud by using cloud LSU
- Configuring AIR to use cloud LSU
- About backward compatibility support
- About the configuration items in cloud.json, contentrouter.cfg, and spa.cfg
- Cloud space reclamation
- About the tool updates for cloud support
- About the disaster recovery for cloud LSU
- About Image Sharing using MSDP cloud
- About restore from a backup in Microsoft Azure Archive
- About Cohesity Alta Recovery Vault Azure and Amazon
- Configuring Veritas Alta Recovery Vault Azure and Azure Government
- Configuring Veritas Alta Recovery Vault Azure and Azure Government using the CLI
- Configuring Veritas Alta Recovery Vault Amazon and Amazon Government
- Configuring Cohesity Alta Recovery Vault Amazon and Amazon Government using the CLI
- Migrating from standard authentication to token-based authentication for Recovery Vault
- About MSDP cloud immutable (WORM) storage support- Creating a cloud immutable storage unit using the web UI
- Updating a cloud immutable volume
- About immutable object support for AWS S3
- About immutable object support for AWS S3 compatible platforms
- About immutable storage support for Azure blob storage
- About object-level immutable storage support for Google Cloud Storage
- About using the cloud immutable storage in a cluster environment
- Troubleshooting the errors when disk volume creation using web UI fails
- Deleting the immutable image with the enterprise mode
- Deleting the S3 object permanently
- About MSDP cloud admin tool
 
- About AWS IAM Role Anywhere support
- About Azure service principal support
- About instant access for object storage
- About NetBackup support for AWS Snowball Edge
- Upgrading to NetBackup 10.3 and cluster environment
- About the cloud direct
- About MSDP lazy delete
 
- S3 Interface for MSDP- About S3 interface for MSDP
- Prerequisites for MSDP build-your-own (BYO) server
- Configuring S3 interface for MSDP on MSDP build-your-own (BYO) server
- Identity and Access Management (IAM) for S3 interface for MSDP
- S3 Object Lock In Flex WORM
- S3 APIs for S3 interface for MSDP
- Creating a protection policy for the MSDP object store
- Recovering the MSDP object store data from the backup images
- Instant access for MSDP object store
- Disaster recovery in S3 interface for MSDP
- Limitations in S3 interface for MSDP
- Logging and troubleshooting
- Best practices
 
- Monitoring deduplication activity- Monitoring the MSDP deduplication and compression rates
- Viewing MSDP job details
- About MSDP storage capacity and usage reporting
- About MSDP container files
- Viewing storage usage within MSDP container files
- About monitoring MSDP processes
- Reporting on Auto Image Replication jobs
- Checking the image encryption status
 
- Managing deduplication- Managing MSDP servers- Viewing MSDP storage servers
- Determining the MSDP storage server state
- Viewing MSDP storage server attributes
- Setting MSDP storage server attributes
- Changing MSDP storage server properties
- Clearing MSDP storage server attributes
- About changing the MSDP storage server name or storage path
- Changing the MSDP storage server name or storage path
- Removing an MSDP load balancing server
- Deleting an MSDP storage server
- Deleting the MSDP storage server configuration
 
- Managing NetBackup Deduplication Engine credentials
- Managing Media Server Deduplication Pools- Viewing Media Server Deduplication Pools
- Determining the Media Server Deduplication Pool state
- Viewing Media Server Deduplication Pool attributes
- Setting a Media Server Deduplication Pool attribute
- Changing a Media Server Deduplication Pool properties
- Clearing a Media Server Deduplication Pool attribute
- Determining the MSDP disk volume state
- Changing the MSDP disk volume state
- Deleting a Media Server Deduplication Pool
 
- Analyzing the disc space consumption of the backup images
- Deleting backup images
- About MSDP queue processing
- Processing the MSDP transaction queue manually
- About MSDP data integrity checking
- About managing MSDP storage read performance
- About MSDP storage rebasing
- About the MSDP data removal process
- Resizing the MSDP storage partition
- How MSDP restores work
- Configuring MSDP restores directly to a client
- About restoring files at a remote site
- About restoring from a backup at a target primary domain
- Specifying the restore server
- Enabling extra OS STIG hardening on WORM storage server instance
- Using multiple MSDP nodes for multistream backups on MSDP cluster
- Enabling the media server and MSDP engine affinity in the MSDP cluster
 
- Managing MSDP servers
- Recovering MSDP
- Replacing MSDP hosts
- Uninstalling MSDP
- Deduplication architecture
- Configuring and managing universal shares- Introduction to universal shares
- Prerequisites to configure universal shares
- Managing universal shares
- Mounting a universal share
- Creating a protection point for a universal share
- Restoring data using universal shares
- Advanced features of universal shares- Direct universal share data to object store
- Universal share accelerator for data deduplication- Preparing NetBackup for the universal share accelerator
- Installing the universal share accelerator
- Creating a protection policy for the universal share accelerator
- Configure a universal share accelerator
- About the universal share accelerator quota
- Recovering a point in time for the universal share accelerator
- Deleting a recovered universal share accelerator
- Logging for universal share accelerator
 
- Load backup data to a universal share with the ingest mode
- Universal share with disabled MSDP data volumes
- Universal Share WORM capability
- Universal share scale out
 
- Managing universal share services
- Troubleshooting issues related to universal shares
 
- Configuring isolated recovery environment (IRE)- Requirements
- Configuring the network isolation
- Configuring an isolated recovery environment using the web UI
- Configuring an isolated recovery environment using the command line- Configuring an isolated recovery environment on a NetBackup BYO media server
- Managing an isolated recovery environment on a NetBackup BYO media server
- Configuring A.I.R. for replicating backup images from production environment to IRE BYO environment
- Configuring an isolated recovery environment on a WORM storage server
- Managing an isolated recovery environment on a WORM storage server
- Configuring data transmission between a production environment and an IRE WORM storage server
 
- Replicating the backup images from the IRE domain to the production domain
 
- Using the NetBackup Deduplication Shell- About the NetBackup Deduplication Shell
- Managing users from the deduplication shell- Adding and removing local users from the deduplication shell
- Adding MSDP users from the deduplication shell
- Adding MSDP admin alias users from the deduplication shell
- Connecting an Active Directory domain to a WORM or an MSDP storage server for Universal Shares and Instant Access
- Disconnecting an Active Directory domain from the deduplication shell
- Changing a user password from the deduplication shell
 
- Managing VLAN interfaces from the deduplication shell
- Managing the retention policy on a WORM storage server
- Managing images with a retention lock on a WORM storage server
- Auditing WORM retention changes
- Protecting the MSDP catalog from the deduplication shell
- About the external MSDP catalog backup
- Managing certificates from the deduplication shell
- Managing FIPS mode from the deduplication shell
- Managing post-quantum cryptography (PQC) mode from the deduplication shell
- Encrypting backups from the deduplication shell
- Tuning the MSDP configuration from the deduplication shell
- Setting the MSDP log level from the deduplication shell
- Managing NetBackup services from the deduplication shell- Managing the cyclic redundancy checking (CRC) service
- Managing the content router queue processing (CRQP) service
- Managing the online checking service
- Managing the compaction service
- Managing the deduplication (MSDP) services
- Managing the MSDP services across the cluster
- Managing the Storage Platform Web Service (SPWS)
- Managing Open Cloud Storage Daemon
- Managing the Cohesity provisioning file system (VPFS) configuration parameters
- Managing the Cohesity provisioning file system (VPFS) mounts
- Managing the NGINX service
- Managing the SMB service
 
- Monitoring and troubleshooting NetBackup services from the deduplication shell- Managing the health monitor
- Viewing information about the system
- Viewing the deduplication (MSDP) history or configuration files
- Viewing process information in the pseudo-file system
- Viewing the deduplication rate of a Veritas provisioning file service (VPFS) share
- Viewing the log files
- Collecting and transferring troubleshooting files
 
- Managing S3 service from the deduplication shell
- Multi-person authorization for deduplication shell commands
- Managing cloud LSU in Flex Scale and Cloud Scale
- Managing the NFS version 3 server services for the MSDP container
- Viewing the NetBackup RBAC roles assigned to the MSDP container
 
- Troubleshooting- About unified logging
- About legacy logging
- NetBackup MSDP log files
- Troubleshooting MSDP configuration issues
- Troubleshooting MSDP operational issues- Verify that the MSDP server has sufficient memory
- MSDP backup or duplication job fails
- MSDP client deduplication fails
- MSDP volume state changes to DOWN when volume is unmounted
- MSDP errors, delayed response, hangs
- Cannot delete an MSDP disk pool
- MSDP media open error (83)
- MSDP media write error (84)
- MSDP no images successfully processed (191)
- MSDP storage full conditions
- Troubleshooting MSDP catalog backup
- Storage Platform Web Service (spws) does not start
- Disk volume API or command line option does not work
 
- Viewing MSDP disk errors and events
- MSDP event codes and messages
- Unable to obtain the administrator password to use an AWS EC2 instance that has a Windows OS
- Trouble shooting multi-domain issues
- Troubleshooting the cloud compaction error messages
- Troubleshooting the msdpcmdrun issues
 
- Appendix A. Migrating to MSDP storage
- Appendix B. Migrating from Cloud Catalyst to MSDP direct cloud tiering- About migration from Cloud Catalyst to MSDP direct cloud tiering
- About Cloud Catalyst migration strategies
- About direct migration from Cloud Catalyst to MSDP direct cloud tiering
- About postmigration configuration and cleanup
- About the Cloud Catalyst migration -dryrun option
- About Cloud Catalyst migration cacontrol options
- Reverting back to Cloud Catalyst from a successful migration
- Reverting back to Cloud Catalyst from a failed migration
 
- Appendix C. Encryption Crawler
- Index
Creating Active Directory users for Kerberos authentication
After storage servers are added to the Active Directory domain, perform the following tasks before you configure Kerberos-based authentication for universal shares on the NetBackup web UI.
- On Windows Active Directory domain server, create Active Directory users for Kerberos authentication. 
- Register Kerberos principals to KDC (Key Distribution Center) database. - See Registering the Kerberos principals to the KDC database. 
To create Active Directory users for Kerberos authentication.
- Log in to the Windows Active Directory domain server.
- Navigate to Start > Administrative Tools > Active Directory Users and Computers.
- In the left pane, select the correct domain name and then select Users.
- Right-click Users and select New > User.
- Enter the domain user information. User logon name is used for Active Directory domain login and authentication. For storage servers, the logon name must be nfs/<storage server FQDN>. Where the nfs is an NFS service principal and storage server is the host where your universal shares are created. For example, nfs/storage-server.mydomain.com. For a universal share server, create one more user host/<storage server FQDN>. For a universal share server, you must create two Active Directory users, nfs/<storage server FQDN> and host/<storage server FQDN>. For a universal share client, create only one user, host/<universal share client FQDN>. 
- Set password for the new user.
- Click Finish to finish the user creation.
- Double-click the user you have created to open the property window.
- In Account options list, select AES 128 and AES 256 encryption items.