Veritas NetBackup™ Cloud Administrator's Guide
- About NetBackup cloud storage
- About the cloud storage- About the cloud storage vendors for NetBackup
- About the Amazon S3 cloud storage API type- Amazon S3 cloud storage vendors certified for NetBackup
- Amazon S3 storage type requirements
- Permissions required for Amazon S3 cloud provider user
- Amazon S3 cloud storage provider options
- Amazon S3 cloud storage options
- Amazon S3 advanced server configuration options
- Amazon S3 credentials broker details
- About private clouds from Amazon S3-compatible cloud providers
- About Amazon S3 storage classes
- Amazon virtual private cloud support with NetBackup
- About protecting data in Amazon for long-term retention
- Protecting data using Amazon's cloud tiering
- About using Amazon IAM roles with NetBackup
- About NetBackup character restrictions for Amazon S3 cloud connector
- Protecting data with Amazon Snowball and Amazon Snowball Edge- Configuring NetBackup for Amazon Snowball with Amazon Snowball client
- Configuring NetBackup for Amazon Snowball with Amazon S3 API interface
- Using multiple Amazon S3 adapters
- Configuring NetBackup with Amazon Snowball Edge with file interface
- Configuring NetBackup for Amazon Snowball Edge with S3 API interface
- Configuring NetBackup for Amazon Snowball and Amazon Snowball Edge for NetBackup CloudCatalyst Appliance
- Configuring SSL for Amazon Snowball and Amazon Snowball Edge
- Post backup procedures if you have used S3 API interface
 
 
- About Microsoft Azure cloud storage API type
- About OpenStack Swift cloud storage API type
 
- Configuring cloud storage in NetBackup- Before you begin to configure cloud storage in NetBackup
- Configuring cloud storage in NetBackup
- Cloud installation requirements
- Scalable Storage properties
- Cloud Storage properties
- About the NetBackup CloudStore Service Container
- Deploying host name-based certificates
- Deploying host ID-based certificates
- About data compression for cloud backups
- About data encryption for cloud storage
- About NetBackup KMS for encryption of NetBackup cloud storage
- About external KMS for encryption of NetBackup cloud storage
- About cloud storage servers
- About object size for cloud storage
- About the NetBackup media servers for cloud storage
- Configuring a storage server for cloud storage
- Changing cloud storage server properties
- NetBackup cloud storage server properties
- About cloud storage disk pools
- Configuring a disk pool for cloud storage
- Saving a record of the KMS key names for NetBackup cloud storage encryption
- Adding backup media servers to your cloud environment
- Configuring a storage unit for cloud storage
- About NetBackup Accelerator and NetBackup Optimized Synthetic backups
- Enabling NetBackup Accelerator with cloud storage
- Enabling optimized synthetic backups with cloud storage
- Creating a backup policy
- Changing cloud storage disk pool properties
- Certificate validation against Certificate Revocation List (CRL)
- Managing Certification Authorities (CA) for NetBackup Cloud
 
- Monitoring and Reporting
- Operational notes- NetBackup bpstsinfo command operational notes
- Unable to configure additional media servers
- Cloud configuration may fail if NetBackup Access Control is enabled
- Deleting cloud storage server artifacts
- Using csconfig reinitialize to load updated cloud configuration settings
- Enabling or disabling communication between master server and legacy cloud storage media servers
 
- Troubleshooting- About unified logging
- About legacy logging
- NetBackup cloud storage log files
- Enable libcurl logging
- NetBackup Administration Console fails to open
- Troubleshooting cloud storage configuration issues- NetBackup Scalable Storage host properties unavailable
- Connection to the NetBackup CloudStore Service Container fails
- Cannot create a cloud storage disk pool
- Cannot create a cloud storage
- Data transfer to cloud storage server fails in the SSL mode
- Amazon GovCloud cloud storage configuration fails in non-SSL mode
- Data restore from the Google Nearline storage class may fail
- Backups may fail for cloud storage configurations with Frankfurt region
- Backups may fail for cloud storage configurations with the cloud compression option
- Fetching storage regions fails with authentication version V2
 
- Troubleshooting cloud storage operational issues- Cloud storage backups fail
- Stopping and starting the NetBackup CloudStore Service Container
- A restart of the nbcssc (on legacy media servers), nbwmc, and nbsl processes reverts all cloudstore.conf settings
- NetBackup CloudStore Service Container startup and shutdown troubleshooting
- bptm process takes time to terminate after cancelling GLACIER restore job
- Handling image cleanup failures for Amazon Glacier vault
- Cleaning up orphaned archives manually
- Restoring from Amazon Glacier vault spans more than 24 hours for single fragment
- Restoring from GLACIER_VAULT takes more than 24 hours for Oracle databases
- Troubleshooting failures due to missing Amazon IAM permissions
- Restore job fails if the restore job start time overlaps with the backup job end time
- Post processing fails for restore from Azure archive
 
- Troubleshooting Amazon Snowball and Amazon Snowball Edge issues
 
- Index
Managing Certification Authorities (CA) for NetBackup Cloud
NetBackup cloud supports only X.509 certificates in .PEM (Privacy-enhanced Electronic Mail) format.
 You can find the details of the Certification Authorities (CAs) in the cacert.pem bundle at following location:
- Windows: - install_path\Veritas\NetBackup\var\global\wmc\cloud\cacert.pem- On media server versions 7.7.x to 8.1.2, the path is - install_path\Veritas\NetBackup\db\cloud\cacert.pem.
- UNIX: - /usr/openv/var/global/wmc/cloud/cacert.pem- On media server versions 7.7.x to 8.1.2, the path is - /usr/openv/netbackup/db/cloud/cacert.pem.
Note:
In a cluster deployment, NetBackup database path points to the shared disk, which is accessible from the active node.
You can add or remove a CA from the cacert.pem bundle.
After you complete the changes, when you upgrade to a new version of NetBackup, the cacert.pem bundle is overwritten by the new bundle. All the entries that you may have added or removed are lost. As a best practice, keep a local copy of the edited cacert.pem file. You can use the local copy to override the upgraded file and restore your changes.
To add a CA
You must get a CA certificate from the required cloud provider and update it in the cacert.pem file. The certificate must be in .PEM format.
- 	Open thecacert.pemfile.
- Append the self-signed CA certificate on a new line and at the beginning or the end of the cacert.pemfile.Add the following information block: Certificate Authority Name ========================== - - - - - BEGIN CERTIFICATE - - - - - <Certificate content> - - - - - END CERTIFICATE - - - - - 
- Save the file.
To remove a CA
Before you remove a CA from the cacert.pem file, ensure that none of the cloud jobs are using the related certificate.
- 	Open thecacert.pemfile.
- 	Remove the required CA. Remove the following information block:Certificate Authority Name ========================== - - - - - BEGIN CERTIFICATE - - - - - <Certificate content> - - - - - END CERTIFICATE - - - - - 
- Save the file.
- AddTrust External Root 
- Baltimore CyberTrust Root 
- Cybertrust Global Root 
- DigiCert Assured ID Root CA 
- DigiCert Assured ID Root G2 
- DigiCert Assured ID Root G3 
- DigiCert Global CA G2 
- DigiCert Global Root CA 
- DigiCert Global Root G2 
- DigiCert Global Root G3 
- DigiCert High Assurance EV Root CA 
- DigiCert Trusted Root G4 
- D-Trust Root Class 3 CA 2 2009 
- GeoTrust Global CA 
- GeoTrust Primary Certification Authority 
- GeoTrust Primary Certification Authority - G2 
- GeoTrust Primary Certification Authority - G3 
- GeoTrust Universal CA 
- GeoTrust Universal CA 2 
- RSA Security 2048 v3 
- Starfield Services Root Certificate Authority - G2 
- Thawte Primary Root CA 
- Thawte Primary Root CA - G2 
- Thawte Primary Root CA - G3 
- VeriSign Class 1 Public Primary Certification Authority - G3 
- VeriSign Class 2 Public Primary Certification Authority - G3 
- Verisign Class 3 Public Primary Certification Authority - G3 
- VeriSign Class 3 Public Primary Certification Authority - G4 
- VeriSign Class 3 Public Primary Certification Authority - G5 
- VeriSign Universal Root Certification Authority