NetBackup™ Installation Guide
- Preparing for installation
- General installation information
- How to install NetBackup
- About storage device configuration
- Installation operational notes and limitations
- SORT information
- Veritas NetInsights Console information
- General installation information
- NetBackup licenses
- Installing server software on UNIX systems
- Installation requirements for UNIX and Linux
- Installing NetBackup primary server software on Linux
- Installing NetBackup media server software on Linux
- About pushing client software from a primary server to clients
- Installation requirements for UNIX and Linux
- Installing server software on Windows systems
- About the administrative interfaces
- Installing NetBackup client software
- About NetBackup client installation on Windows
- About NetBackup client installation on UNIX and Linux
- Configuring NetBackup
- Removing NetBackup server and client software
- Reference
Installing NetBackup media server software on Linux
This section describes how to install a new NetBackup media server. After you have installed the primary server, you are ready to install media server software on media server computers. Use this information to install the server software on a computer with no existing version of NetBackup.
Veritas supports two media server installation methods: either the NetBackup installation script or the native Linux installers. The NetBackup installation script is the standard installation method and is recommended for new users. The native Linux installers are potentially more difficult and require additional steps.
Customers who use the NetBackup installation script for their Linux media servers only see a single change to the installation behavior. The NetBackup installation script no longer copies the installation package into the /usr/openv/pack/
directory on the client. A successful installation or upgrade is recorded in the /usr/openv/pack/install.history
file.
Media server software manages the robotic and the storage devices within your NetBackup environment.
You can use the nbserviceusercmd command to change the service user on media servers after the installation completes. Refer to the NetBackup Commands Reference Guide for more information about the nbserviceusercmd command. For more details about the service user account, refer to https://www.veritas.com/support/en_US/article.100053035.
Use the following guidelines when you install new media servers:
Designate media servers | Designate the computers that you want to be media servers and install the media server software on them. |
CA Certificate fingerprint | If you use a NetBackup Certificate Authority, you must know the CA Certificate fingerprint of the primary server at time of installation. This requirement only applies if you use a NetBackup Certificate Authority. More information is available about the details on the CA Certificate fingerprint and its role in generation of security certificates. |
Authorization Token | In some cases, if you use a NetBackup Certificate Authority, the installer requires an authorization token to successfully deploy security certificates. This requirement only applies if you use a NetBackup Certificate Authority. More information is available about the details on authorization tokens and their role in generation of security certificates. |
External certificate authority | If you use an external certificate authority (ECA), you need to know the location of your certificate. You also need know how you want to configure the Certificate Revocation Lists (CRLs). |
Install method |
|
Java GUI and JRE | Installation of the Java GUI and the JRE is optional. Decide if you want to install the Java GUI and JRE on this computer. If you change your mind after the installation completes, you can add or remove the Java GUI and the JRE after the installation. More information about the Java GUI and the JRE is available. |
To install NetBackup media server software with the NetBackup installation script
- Log in to the server as root.
- Navigate to where the ESD images (downloaded files) reside and enter the command shown:
./install
- When the following message appears, press Enter to continue:
Veritas Installation Script Copyright 1993 - 2016 Veritas Corporation, All Rights Reserved. Installing NetBackup Server Software Please review the VERITAS SOFTWARE LICENSE AGREEMENT located on the installation media before proceeding. The agreement includes details on the NetBackup Product Improvement Program. For NetBackup installation and upgrade information specific to your platform and to find out if your installed EEBs or hot fixes are contained in this release, check out the Veritas Services and Operations Readiness Tools (SORT) Installation and Upgrade Checklist and Hot fix and EEB Release Auditor, respectively, at https://sort.veritas.com/netbackup. ATTENTION! To help ensure a successful upgrade to NetBackup 10.4, please visit the NetBackup 8.x Upgrade Portal: http://www.veritas.com/docs/000115678. Do you wish to continue? [y,n] (y)
- Indicate if the current computer is the primary server by answering the following question when it appears:
Is this host the primary server? [y,n]
- Verify or enter the correct computer name when prompted by the following message:
Installing NetBackup Enterprise Server version: 10.4 If this machine will be using a different network interface than the default (name), the name of the preferred interface should be used as the configured server name. If this machine will be part of a cluster, the virtual name should be used as the configured server name. The domainname of your server appears to be "domain". You may choose to use this domainname in your configured NetBackup server name, or simply use "name" as the configured NetBackup server name. Would you like to use "name" as the configured NetBackup server name of this machine? [y, n] (y)
Note:
Incorrect information for the domain name results in failures during the configuration of Authentication Broker and NetBackup Access Controls. To correct this problem, use the bpnbaz -configureauth command to configure Authentication Broker. More information about the bpnbaz -configureauth command is available.
If the displayed (default) media server name is correct, press Enter.
If the displayed (default) media server name is not correct, type n and enter the correct name.
- Identify the name of the primary server when prompted with this question:
What is the fully qualified name of the primary server?
If the primary server is clustered, enter the virtual name of the primary server.
- For the NetBackup installation location, enter the appropriate platform information as follows:
When the following question appears, press Enter to accept the default (y).
The NetBackup and Media Manager software is built for use on <platform> hardware. Do you want to install NetBackup and Media Manager files? [y,n] (y)
When the following question appears, select where to install NetBackup and Media Manager software:
NetBackup and Media Manager are normally installed in /usr/openv. Is it OK to install in /usr/openv? [y,n] (y)
To accept the default (y), press Enter.
To change the installation location, type n and press Enter. Then enter the appropriate destination.
Additional information about installation folder restrictions is available.
- After you confirm the installation location for the binaries, the installer fetches the certificate authority certificate details.
Getting CA certificate mode from the primary server. Depending on the network, this action may take a few minutes. To continue without setting up secure communication, press Ctrl+C.
Be aware if you press Ctrl+C, this action requires you to rerun the installation or continue with the installation without the required security components. If these security components are absent, backups and restores fail.
- The installer then looks to see what certificate authority the local system is configured to use. The options for certificate authority on the local system are: NetBackup Certificate Authority, external certificate authority, or indeterminate.
The installer then uses a combination of the primary server certificate authority mode and the local system certificate authority configuration to determine the next steps.
- If the installer prompts you for a certificate file path, your environment uses an external certificate authority. Proceed to step 11.
If the installer prompts you for fingerprint information, your environment uses a NetBackup Certificate Authority. Proceed to step 17.
If the installer cannot determine the configuration of the certificate authority on the primary server, you are presented with two options:
Skip the security configuration and configure your certificate authority after installation. More information about post-installation certificate authority configuration is available:
https://www.veritas.com/support/en_US/article.100044300
For more information, see the NetBackup Security and Encryption Guide and refer to the chapter on external CA and external certificates.
Proceed to step 21.
Exit the installation and restart the installation once you configure your certificate authority.
- Provide the external certificate authority information at the prompts shown:
Enter the certificate file path or q to skip security configuration: /usr/eca/cert_chain.pem Enter the trust store location or q to skip security configuration: /usr/eca/trusted/cacerts.pem Enter the private key path or q to skip security configuration: /usr/eca/private/key.pem Enter the passphrase file path or q to skip security configuration (default: NONE): /usr/eca/private/passphrase.txt
Note:
Be aware the passphrase file path is optional.
- When prompted, provide the required information for the CRL configuration:
Should a CRL be honored for the external certificate? 1) Use the CRL defined in the certificate. 2) Use the CRL from a file path. 3) Do not use a CRL. q) skip security configuration CRL option (1):
- (Conditional) If you specify 2, you must enter the path to the CRL location:
Enter the CRL location path or q to skip security configuration: /usr/eca/crl
- The installer echoes the configuration information you entered and attempts to retrieve details for the external certificate:
External CA values entered: Certificate file path: /usr/eca/cert_chain.pem Trust store file path: /usr/eca/trusted/cacerts.pem Private key file path: /usr/eca/private/key.pem Passphrase file path: /usr/eca/private/passphrase.txt CRL check level: Use the CRL from a file path. CRL location path: /usr/eca/crl Getting external CA certificate details Issued By : CN=IITFRMNUSINT,O=Veritas,OU=iitf Subject Name : CN=cuomovm04,O=Veritas,OU=iitf Expiry Date : Oct 31 17:25:59 2019 GMT SHA1 Fingerprint : 62:B2:C3:31:D5:95:15:85:9D:C9:AE:C6:EA:C2:DF:DF: 6D:4B:92:5B Serial Number : 0x6c7fa2743072ec3eaae4fd60085d468464319a Certificate Path : /usr/eca/cert_chain.pem Validating host ECA certificate. NOTE: Depending on the network, this action may take a few minutes. To continue without setting up secure communication, press Ctrl+C.
- (Conditional) If the external certificate enrollment pre-check finishes successfully, select 1 and press Enter to continue.
The external certificate enrollment pre-check is successful. The external certificate is valid for use with primary server name How do you want to proceed? 1) Continue the installation using this certificate. 2) Update external certificate values. 3) Abort the installation. Default option (1):
Proceed to step 21.
- (Conditional) If the external certificate enrollment pre-check fails, select from the choices shown. The default is 2.
The external certificate enrollment pre-check failed. The external certificate is not valid for use with primary server name How do you want to proceed? 1) Continue the installation and set up external certificates later. 2) Modify the external CA values entered. 3) Abort the installation. Default option (2):
Proceed to step 21.
- When prompted, review the fingerprint information and confirm that it is accurate.
Primary server [primary_name] reports the following CA Certificate fingerprints: SHA-256 Fingerprint: [sha-256_fingerprint], SHA-1 Fingerprint: [sha-1_fingerprint]. Is this correct?
After you confirm the fingerprint information, the installer stores the certificate authority certificate details.
Storing CA certificate. Depending on the network, this action may take a few minutes. To continue without setting up secure communication, press Ctrl+C.
Be aware if you press Ctrl+C, this action requires you to rerun the installation or continue with the installation without the required security components. If these security components are absent, backups and restores fail.
- After the Certificate Authority certificate is stored, the installer fetches the host certificate.
Getting host certificate. Depending on the network, this action may take a few minutes. To continue without setting up secure communication, press Ctrl+C.
Be aware if you press Ctrl+C, this action requires you to rerun the installation or continue with the installation without the required security components. If these security components are absent, backups and restores fail.
- (Conditional) If prompted for the Authorization Token, please enter it.
An authorization token is required in order to get the host certificate for this host. At the prompt, enter the authorization token or q to skip the question. NOTE: The answer entered will not be displayed to the terminal.
Enter the authorization token for primary_server_FQDN or q to skip:
- When prompted, specify if you want Java GUI and the JRE packages installed.
The Java GUI and JRE packages are currently not installed on this host.
The Java GUI and JRE can be optionally included with NetBackup. The Java GUI and JRE enable the NetBackup Administration Console and the Backup, Archive, and Restore (BAR) GUI.
Choose an option from the list below.
1) Include the Java GUI and JRE.
2) Exclude the Java GUI and JRE.
If you specify 1, you see: Including the installation of Java GUI and JRE packages. If you specify 2, you see: Excluding the installation of Java GUI and JRE packages.
- When the following message appears, press Enter and accept the default name of the EMM server. You must configure EMM on the primary server. All primary servers must have their own EMM configuration. Remote EMM or shared EMM is no longer supported.
Enter the name of the Enterprise Media Manager (default: <name>)
The primary server name is displayed by default.
- Repeat steps 1 through 21 to install media server software on any remaining media servers.