Veritas NetBackup™ 53xx Appliance Initial Configuration Guide
- Preparing for initial configuration
- Initial configuration procedures
- Post configuration procedures
Configuring a NetBackup 53xx high availability setup
You can configure a high availability (HA) setup from either the NetBackup Appliance Web Console or the NetBackup Appliance Shell Menu.
Note:
The Copilot feature becomes unavailable as a result of configuring an HA setup.
Note:
The NetBackup 5350 Appliance is not supported for use in HA setups.
Before you create the HA setup, review the following information:
During this procedure, the host name and the IP address of the first configured node are elevated to become the virtual host name and IP address for the HA setup. This elevation requires that you assign a new host name and a new IP address to the first node. Before you create the HA setup, you must first add the new host name to the Host Name Mappings property on the associated primary server.
Redeploy the appropriate CA certificates to the first node.
After you change the host name and the IP address on the first node, you must redeploy the required CA certificates to the node. This procedure includes the necessary information to deploy these certificates.
Note:
External CA deployment during the HA setup is only supported through the NetBackup Appliance Shell Menu.
If you use a NetBackup client to manage the NetBackup jobs, add the following information in the
bp.conf
file on the client:The virtual host name for the HA setup
The host name of the first node
The host name of the partner node
If network bonds exist on the eth2 and eth3 ports of the first node, remove the bonds.
Caution:
After the HA setup is complete, you cannot change the host name of the node until you perform a factory reset.
Note:
If you are converting an existing 53xx appliance for HA, the configuration for the HA setup may fail and report the following error message: [Error] V-409-955-4011: Failed to create the MSDP disk service. Refer to the TechNote 000127738. If this problem occurs, do not refer to TechNote 000127738 which only applies to an HA setup failure with a new 53xx appliance. Instead, contact Veritas Support and inform the representative to see article 100044266 to help you resolve the issue.
To configure an HA setup from the NetBackup Appliance Web Console
Note:
If you need to deploy an External CA certificate, you must configure the HA setup from the NetBackup Appliance Shell Menu as described in the procedure that follows this one.
- On the associated primary server, log in to the NetBackup Administration Console and add the new host name for the first configured node to the Host Name Mappings property. You must add both the short name and the fully qualified domain name (FQDN).
For details, refer to the section Host ID to Host Name Mappings in the NetBackup Security and Encryption Guide.
- On the first configured node, log on to the NetBackup Appliance Web Console as
admin
. - On the Welcome to Veritas NetBackup Appliance Web Console page, click Manage > High Availability.
- On the High Availability page, click Setup.
- On the High Availability > Setup page, do the following:
Enter a new host name for this node.
Enter a new IP address for this node.
To have the new host name and IP address added to the
/etc/hosts
file, click the Make a hosts file entry automatically check box.Click Setup.
- When the Setup window shows that the pre-check is passed, click Continue.
- When the Setup window updates and shows that the node is set up for the HA, click Close.
- After the host name and the IP address have been changed, restart the NetBackup services on this node and on the primary server to ensure that they both recognize the changes and the HA setup.
To set up a NetBackup 53xx HA configuration from the NetBackup Appliance Shell Menu
- On the associated primary server, log in to the NetBackup Administration Console and add the new host name for the first configured node to the Host Name Mappings property. You must add both the short name and the fully qualified domain name (FQDN).
For details, refer to the section Host ID to Host Name Mappings in the NetBackup Security and Encryption Guide
- On the first configured node, log on to the NetBackup Appliance Shell Menu as
admin
. - Go to Main > Manage > HighAvailability.
- Use the following command to assign the new host name and IP address to the configured node:
Setup NewHostname NewIPAddress
Where NewHostname is the new host name of the node, and NewIPAddress is the new IP address of the node.
- After you change the host name and the IP address on the first node, you must redeploy the required CA certificates.
The appliance pings the primary server for the Certificate Authority (CA) status and shows the result. Each of the following bullet statements describes the possible status results. Follow the instructions that appear below the applicable status result to complete the certificate configuration.
The primary server <primary_server_name> currently uses an External CA-signed certificate. You are required to configure this appliance with a certificate issued by the same external CA. Do you want to import the External CA-signed certificate for this Media server now [yes,no](yes):
Press Enter to continue. The following message appears:
To configure the HA setup, the External CA-signed certificate must include the vip hostname and FQDN DNS information in the Subject Alternative Name.
The following shares have been opened on the appliance for you to upload certificate files:
NFS share <media_server_name>:/inst/share
CIFS share \\<media_server_name>\general_share
Enter the following details for external certificate configuration:
Enter the certificate file path:
Enter the trust store file path:
Enter the private key path:
Enter the password for the passphrase file path or skip security configuration (default: NONE):
Enter the following details for CRL usage:
Should a CRL be honored for the external certificate?
1) Use the CRL defined in the certificate.
2) Use the specific CRL directory.
3) Do not use a CRL.
q) Skip security configuration.
CRL option: Enter 1, 2, 3, or q.
Verify the External CA details that you entered:
Certificate file name:
Trust store file name:
Private key file name:
CRL check level: (Shows the selected CRL option.)
Do you want to use the above certificate files? [yes, no](yes):
After verifying that the entered information is correct, press Enter to continue and answer the following prompt:
Is this correct? [yes, no](yes):
If all of the information is correct, press Enter to continue.
The appliance performs an ECA health check and shows the result of each validation check. When the health check has completed successfully, the following messages appear:
ECA health check was successful.
The external certificate has been registered successfully.
The primary server <primary_server_name> currently uses an external CA issued certificate and its own internal certificate. Would you like to proceed with the external CA issued certificate? [yes,no](yes):
If you select no, the following message appears:
This appliance will use a NetBackup issued certificate for secure communication.
If you select yes, the following message appears:
To configure the HA setup, the External CA-signed certificate must include the vip hostname and FQDN DNS information in the Subject Alternative Name.
The following shares have been opened on the appliance for you to upload certificate files:
NFS share <media_server_name>:/inst/share
CIFS share \\<media_server_name>\general_share
Enter the following details for external certificate configuration:
Enter the certificate file path:
Enter the trust store file path:
Enter the private key path:
Enter the password for the passphrase file path or skip security configuration (default: NONE):
Enter the following details for CRL usage:
Should a CRL be honored for the external certificate?
1) Use the CRL defined in the certificate.
2) Use the specific CRL directory.
3) Do not use a CRL.
q) Skip security configuration.
CRL option: Enter 1, 2, 3, or q.
Verify the External CA details that you entered:
Certificate file name:
Trust store file name:
Private key file name:
CRL check level: (Shows the selected CRL option.)
Do you want to use the above certificate files? [yes, no](yes):
After verifying that the entered information is correct, press Enter to continue and answer the following prompt:
Is this correct? [yes, no](yes):
If all of the information is correct, press Enter to continue.
The appliance performs an ECA health check and shows the result of each validation check. When the health check has completed successfully, the following messages appear:
ECA health check was successful.
The external certificate has been registered successfully.
This appliance will use a NetBackup issued certificate for secure communication.
No further certificate configuration is required. Click Next to continue
- After the host name and the IP address have been changed, restart the NetBackup services on this node and on the primary server to ensure that they both recognize the changes and the HA setup.
Once the node is set up, the new network information of the node is added automatically to the additional server list on the primary server.
To complete the HA setup, perform the following procedures in the order as shown:
Perform the initial configuration on the partner node.
Add the partner node to the HA configuration and approve all host name mappings for the HA setup in the NetBackup Administration Console.
See Adding the partner node to the NetBackup 53xx high availability configuration.
All host name mappings must be approved. Otherwise, the MSDP service will not be online after a switchover. The referenced procedure includes a step that describes how to approve the host name mappings.
For additional details about host name mappings, refer to the section "Host ID to Host Name Mappings" in the NetBackup Security and Encryption Guide.