Veritas NetBackup™ Logging Reference Guide
- Using logs
- About unified logging
- About legacy logging
- About global logging levels
- Troubleshooting error messages in the NetBackup Administration Console
- Backup process and logging
- Media and device processes and logging
- Restore process and logging
- Advanced Backup and Restore Features
- Storage logging
- NetBackup Deduplication logging
- OpenStorage Technology (OST) logging
- Storage lifecycle policy (SLP) and Auto Image Replication (A.I.R.) logging
- Snapshot technologies
- Locating logs
- Java-based administration console logging
Setting up a secure channel between the Java-based administration console and bpjava-*
The following steps describe the process flow to set up a secure channel between the Java-based administration console and bpjava-*:
The following processes are used: bpjava-msvc, which controls the login and authentication; bpjava-susvc, which is the administration console process; and bpjava-usvc, which is the client Backup, Archive, and Restore (BAR) interface.
The user initiates a login to the console. The credentials are sent to bpjava-msvc over the SSL (using the Server Security Certificate).
The bpjava-msvc process authenticates the user who uses the user credentials that were received in step 1.
After the user is authenticated, the bpjava-msvc process performs the following:
Generates the entities that are called the self-signed session certificate, the key, and the session token.
Launches the daemon bpjava-*usvc to gather more requests from the NetBackup Java-based administration console.
Passes the self-signed session certificate and the session token to bpjava-*usvc.
The bpjava-*usvc process uses a session certificate as a Server Security Certificate for the SSL channel. It uses the session token to authenticate the Java-based administration console. The console does not use credentials while it connects to the bpjava-*usvc process. The Java-based administration console uses the session token for authentication.
Sends the session token and the fingerprint of the session certificate to the Java-based administration console.
Persists session token and user information to a secure directory (
install_path/var; for example,
usr/openv/var) in a file on the NetBackup host. This directory is accessible only to the root/administrator. The file name format is as follows:
msvc saves this information so it can be used by nbsl or nbvault to authenticate the Java-based administration console.
The msvc process stops the execution and exits.
bpjava-*usvc uses the session certificate to start the secure channel with the Java-based administration console. This secure channel is a one-way authenticated SSL channel. (Only the server certificate is present and there is no peer certificate. There is no certificate from the Java-based administration console side.)
The Java-based administration console receives the session certificate as a part of the initial SSL handshake. It verifies the authenticity of the session certificate by using the pre-existing fingerprint of the session certificate (see step 3). The Java-based administration console calculates the fingerprint of the session certificate that was received from bpjava-*usvc due to the SSL handshake. It compares the new fingerprint with the fingerprint sent by msvc.
Once the authenticity of the certificate is verified, the Java-based administration console sends the session token (received in step 3) to bpjava-*usvc.
bpjava-*usvc verifies the received session token with the pre-existing one (see step 3).
The success of the session token validation creates trust between bpjava-*usvc and the Java-based administration console.
All further communication occurs between bpjava-*usvc and the Java-based administration console on this trusted secure channel.