Veritas NetBackup™ Cloud Administrator's Guide

Last Published:
Product(s): NetBackup (8.1.2)
  1. About NetBackup cloud storage
    1.  
      About cloud storage features and functionality
    2.  
      About the catalog backup of cloud configuration files
    3.  
      About support limitations for NetBackup cloud storage
  2. About the cloud storage
    1.  
      About the cloud storage vendors for NetBackup
    2. About the Amazon S3 cloud storage API type
      1.  
        Amazon S3 cloud storage vendors certified for NetBackup
      2.  
        Amazon S3 storage type requirements
      3.  
        Amazon S3 cloud storage provider options
      4.  
        Amazon S3 cloud storage options
      5.  
        Amazon S3 advanced server configuration options
      6.  
        Amazon S3 credentials broker details
      7.  
        About private clouds from Amazon S3-compatible cloud providers
      8.  
        About Amazon S3 storage classes
      9.  
        Amazon virtual private cloud support with NetBackup
      10. About protecting data in Amazon for long-term retention
        1. About protecting data in Amazon Glacier
          1.  
            About backing up data to Amazon Glacier
          2.  
            About restoring data from Amazon Glacier
        2. About protecting data in Amazon Glacier vault
          1.  
            About backing up data to Amazon Glacier vault
          2.  
            About restoring data from Amazon Glacier vault
      11. Protecting data using Amazon's cloud tiering
        1.  
          About backing up data using LIFECYCLE storage class
        2.  
          About restoring data from LIFECYCLE storage class
      12.  
        About NetBackup character restrictions for Amazon S3 cloud connector
    3. About Microsoft Azure cloud storage API type
      1.  
        Microsoft Azure cloud storage vendors certified for NetBackup
      2.  
        Microsoft Azure storage type requirements
      3.  
        Microsoft Azure cloud storage provider options
      4.  
        Microsoft Azure advanced server configuration options
    4. About OpenStack Swift cloud storage API type
      1.  
        OpenStack Swift cloud storage vendors certified for NetBackup
      2.  
        OpenStack Swift storage type requirements
      3.  
        OpenStack Swift cloud storage provider options
      4.  
        OpenStack Swift storage region options
      5.  
        OpenStack Swift add cloud storage configuration options
      6.  
        OpenStack Swift proxy settings
  3. Configuring cloud storage in NetBackup
    1.  
      Before you begin to configure cloud storage in NetBackup
    2.  
      Configuring cloud storage in NetBackup
    3.  
      Cloud installation requirements
    4. Scalable Storage properties
      1.  
        Configuring advanced bandwidth throttling settings
      2.  
        Advanced bandwidth throttling settings
    5. Cloud Storage properties
      1.  
        Adding a cloud storage instance
      2.  
        Changing cloud storage host properties
      3.  
        Deleting a cloud storage host instance
    6. About the NetBackup CloudStore Service Container
      1.  
        NetBackup CloudStore Service Container security certificates
      2.  
        NetBackup CloudStore Service Container security modes
      3.  
        NetBackup cloudstore.conf configuration file
    7.  
      Deploying host name-based certificates
    8.  
      Deploying host ID-based certificates
    9.  
      About data compression for cloud backups
    10.  
      About data encryption for cloud storage
    11.  
      About key management for encryption of NetBackup cloud storage
    12.  
      About cloud storage servers
    13.  
      About object size for cloud storage
    14. About the NetBackup media servers for cloud storage
      1.  
        Using media server as NetBackup Cloud master host
    15. Configuring a storage server for cloud storage
      1.  
        KMS database encryption settings
      2.  
        Assigning a storage class to Amazon cloud storage
    16.  
      Changing cloud storage server properties
    17. NetBackup cloud storage server properties
      1.  
        NetBackup cloud storage server bandwidth throttling properties
      2.  
        NetBackup cloud storage server connection properties
      3.  
        NetBackup CloudCatalyst storage server properties
      4.  
        NetBackup cloud storage server encryption properties
    18.  
      About cloud storage disk pools
    19.  
      Configuring a disk pool for cloud storage
    20.  
      Saving a record of the KMS key names for NetBackup cloud storage encryption
    21.  
      Adding backup media servers to your cloud environment
    22. Configuring a storage unit for cloud storage
      1.  
        Cloud storage unit properties
      2.  
        Configure a favorable client-to-server ratio
      3.  
        Control backup traffic to the media servers
    23.  
      About NetBackup Accelerator and NetBackup Optimized Synthetic backups
    24.  
      Enabling NetBackup Accelerator with cloud storage
    25.  
      Enabling optimized synthetic backups with cloud storage
    26.  
      Creating a backup policy
    27. Changing cloud storage disk pool properties
      1.  
        Cloud storage disk pool properties
    28.  
      Managing Certification Authorities (CA) for NetBackup Cloud
  4. Monitoring and Reporting
    1.  
      About monitoring and reporting for cloud backups
    2.  
      Viewing cloud storage job details
    3.  
      Viewing the compression ratio
    4.  
      Viewing NetBackup cloud storage disk reports
    5.  
      Displaying KMS key information for cloud storage encryption
  5. Operational notes
    1.  
      NetBackup bpstsinfo command operational notes
    2.  
      Unable to configure additional media servers
    3.  
      Cloud configuration may fail if NetBackup Access Control is enabled
    4.  
      Deleting cloud storage server artifacts
  6. Troubleshooting
    1. About unified logging
      1.  
        About using the vxlogview command to view unified logs
      2.  
        Examples of using vxlogview to view unified logs
    2. About legacy logging
      1.  
        Creating NetBackup log file directories for cloud storage
    3.  
      NetBackup cloud storage log files
    4.  
      Enable libcurl logging
    5.  
      NetBackup Administration Console fails to open
    6. Troubleshooting cloud storage configuration issues
      1.  
        NetBackup Scalable Storage host properties unavailable
      2.  
        Connection to the NetBackup CloudStore Service Container fails
      3.  
        Cannot create a cloud storage disk pool
      4.  
        Cannot create a cloud storage
      5.  
        Data transfer to cloud storage server fails in the SSL mode
      6.  
        Amazon GovCloud cloud storage configuration fails in non-SSL mode
      7.  
        Data restore from the Google Nearline storage class may fail
      8.  
        Backups may fail for cloud storage configurations with Frankfurt region
      9.  
        Backups may fail for cloud storage configurations with the cloud compression option
      10.  
        Fetching storage regions fails with authentication version V2
    7. Troubleshooting cloud storage operational issues
      1.  
        Cloud storage backups fail
      2.  
        Stopping and starting the NetBackup CloudStore Service Container
      3.  
        A restart of the nbcssc (on legacy media servers), nbwmc, and nbsl processes reverts all cloudstore.conf settings
      4.  
        NetBackup CloudStore Service Container startup and shutdown troubleshooting
      5.  
        bptm process takes time to terminate after cancelling GLACIER restore job
      6.  
        Handling image cleanup failures for Amazon Glacier vault
      7.  
        Cleaning up orphaned archives manually
      8.  
        Restoring from Amazon Glacier vault spans more than 24 hours for single fragment
      9.  
        Restoring from GLACIER_VAULT takes more than 24 hours for Oracle databases
      10.  
        Troubleshooting failures due to missing Amazon IAM permissions
      11.  
        Restore job fails if the restore job start time overlaps with the backup job end time

Managing Certification Authorities (CA) for NetBackup Cloud

NetBackup cloud supports only X.509 certificates in .PEM (Privacy-enhanced Electronic Mail) format.

You can find the details of the Certification Authorities (CAs) in the cacert.pem bundle at following location:

  • Windows: install_path\Veritas\NetBackup\var\global\wmc\cloud\cacert.pem

    On media server versions 7.7.x to 8.1.2, the path is install_path\Veritas\NetBackup\db\cloud\cacert.pem.

  • UNIX: /usr/openv/var/global/wmc/cloud/cacert.pem

    On media server versions 7.7.x to 8.1.2, the path is /usr/openv/netbackup/db/cloud/cacert.pem.

Note:

In a cluster deployment, NetBackup database path points to the shared disk, which is accessible from the active node.

You can add or remove a CA from the cacert.pem bundle.

After you complete the changes, when you upgrade to a new version of NetBackup, the cacert.pem bundle is overwritten by the new bundle. All the entries that you may have added or removed are lost. As a best practice, keep a local copy of the edited cacert.pem file. You can use the local copy to override the upgraded file and restore your changes.

To add a CA

You must get a CA certificate from the required cloud provider and update it in the cacert.pem file. The certificate must be in .PEM format.

  1. Open the cacert.pem file.
  2. Append the self-signed CA certificate on a new line and at the beginning or the end of the cacert.pem file.

    Add the following information block:

    Certificate Authority Name

    ==========================

    - - - - - BEGIN CERTIFICATE - - - - -

    <Certificate content>

    - - - - - END CERTIFICATE - - - - -

  3. Save the file.

To remove a CA

Before you remove a CA from the cacert.pem file, ensure that none of the cloud jobs are using the related certificate.

  1. Open the cacert.pem file.
  2. Remove the required CA. Remove the following information block:

    Certificate Authority Name

    ==========================

    - - - - - BEGIN CERTIFICATE - - - - -

    <Certificate content>

    - - - - - END CERTIFICATE - - - - -

  3. Save the file.
List of CAs approved by NetBackup

  • Baltimore CyberTrust Root

  • Cybertrust Global Root

  • DigiCert Assured ID Root CA

  • DigiCert Assured ID Root G2

  • DigiCert Assured ID Root G3

  • DigiCert Global Root CA

  • DigiCert Global Root G2

  • DigiCert Global Root G3

  • DigiCert High Assurance EV Root CA

  • DigiCert Trusted Root G4

  • GeoTrust Global CA

  • GeoTrust Primary Certification Authority

  • GeoTrust Primary Certification Authority - G2

  • GeoTrust Primary Certification Authority - G3

  • GeoTrust Universal CA

  • GeoTrust Universal CA 2

  • RSA Security 2048 v3

  • Starfield Services Root Certificate Authority - G2

  • Thawte Primary Root CA

  • Thawte Primary Root CA - G2

  • Thawte Primary Root CA - G3

  • VeriSign Class 1 Public Primary Certification Authority - G3

  • VeriSign Class 2 Public Primary Certification Authority - G3

  • Verisign Class 3 Public Primary Certification Authority - G3

  • VeriSign Class 3 Public Primary Certification Authority - G4

  • VeriSign Class 3 Public Primary Certification Authority - G5

  • VeriSign Universal Root Certification Authority