Veritas NetBackup™ Upgrade Guide

Last Published:
Product(s): NetBackup (8.2)
  1. Introduction
    1.  
      About the NetBackup 8.2 Upgrade Guide
    2.  
      Available NetBackup upgrade methods
    3. About changes in NetBackup 8.2
      1.  
        Upgrades from NetBackup 7.6.0.4 and earlier are not supported
      2.  
        External certificate authority certificates supported by NetBackup 8.2
    4.  
      About Veritas Smart Meter
    5.  
      Best practices for Veritas Smart Meter
  2. Planning for an upgrade
    1. General upgrade planning information
      1.  
        About planning a NetBackup 8.2 upgrade
      2.  
        How to plan for an upgrade to NetBackup 8.2
      3.  
        Known catalog backup limitation
      4.  
        About security certificates for NetBackup hosts
      5.  
        About automatic file changes from an upgrade
    2. About upgrade tools
      1.  
        About Veritas Services and Operations Readiness Tools
      2.  
        Recommended SORT procedures for upgrades
      3.  
        Recommended SORT procedures for new installations
      4.  
        About the NetBackup preinstall checker
    3. Upgrade operational notes and limitations
      1.  
        Creating the user account to support the NetBackup web server
      2.  
        About NetBackup 8.2 support for Fibre Transport Media Server with RHEL 7.5
      3.  
        MSDP changes in NetBackup 8.1
      4.  
        Potential required changes for NetApp clusters
      5.  
        Errors when Bare Metal Restore information is replicated using Auto Image Replication
      6.  
        Upgrade issue with pre-8.1 clients and 8.1 or later media servers
  3. Master server upgrade
    1.  
      About master server upgrades
    2.  
      Preinstall procedure for upgrading to NetBackup 8.2
    3.  
      Performing local, remote, or clustered server upgrades on Windows systems
    4.  
      Performing silent upgrades on Windows systems
    5.  
      Upgrading UNIX and Linux server software to NetBackup 8.2
    6.  
      Post-install procedure for upgrading to NetBackup 8.2
    7.  
      About NetBackup startup and shutdown scripts
    8.  
      Completing your system update after an upgrade
  4. Media server upgrade
    1.  
      Upgrading NetBackup media servers to NetBackup 8.2
    2.  
      Silently upgrading NetBackup media server software on UNIX and Linux
  5. MSDP upgrade for NetBackup
    1.  
      MSDP upgrade considerations for NetBackup 8.1
    2.  
      About MSDP rolling data conversion
    3.  
      About MSDP fingerprinting algorithm changes
  6. Client upgrade
    1.  
      About client upgrades
    2.  
      Upgrading UNIX and Linux clients with the NetBackup upgrade script
    3.  
      Upgrade of the UNIX and Linux client binaries with native installers
  7. NetBackup Deployment Management with VxUpdate
    1.  
      About VxUpdate
    2.  
      Commands used in VxUpdate
    3.  
      Repository management
    4.  
      Deployment policy management
    5.  
      Manually initiating upgrades from the master server using VxUpdate
    6.  
      Manually initiating upgrades from the media server or client using VxUpdate
    7.  
      Deployment job status
  8. Appendix A. Reference
    1.  
      NetBackup master server web server user and group creation
    2.  
      Generate a certificate on the inactive nodes of a clustered master server
    3.  
      About the NetBackup Java Runtime Environment
    4.  
      About the NetBackup web user interface
    5.  
      About the NetBackup answer file
    6.  
      About RBAC bootstrapping
    7.  
      Update cloud configuration file on the master server immediately after install or upgrade to NetBackup 8.2
    8.  
      About NetBackup software availability
    9.  
      Additional post-upgrade steps for NetApp clusters
    10.  
      Using NetApp disk arrays with Replication Director
    11.  
      About compatibility between NetBackup versions
    12.  
      Installation and upgrade requirements for UNIX and Linux
    13.  
      Installation and upgrade requirements for Windows and Windows clusters
    14.  
      Requirements for Windows cluster installations and upgrades
    15.  
      Removing a clustered media server by migrating all data to a new media server
    16.  
      Disabling the connection between your NetBackup OpsCenter server and your NetBackup Master Server
    17.  
      Post upgrade procedures for Amazon cloud storage servers
    18.  
      Upgrading clients after servers are upgraded

About the NetBackup answer file

The NetBackup answer file (/tmp/NBInstallAnswer.conf) is used during UNIX and Linux installs and upgrades to:

  • Override some default values.

  • Avoid answering some questions during interactive installation.

  • Perform unattended or silent UNIX and Linux client installs and upgrades on most supported operating systems.

Templates for media and clients are available at the top level of the NetBackup installation image downloaded from Veritas.

Populate the NetBackup answer file on the target host before you run the installation script. Create the file if it does not exist. The supported entries are shown along with any relevant information.

Table: Template options and required computers

Option

NetBackup role

Required for upgrade?

ACCEPT_REVERSE_CONNECTION

Client

Only if you want to configure NetBackup to support NAT clients.

AUTHORIZATION_TOKEN

Media and client

Review About security configuration considerations for details.

CA_CERTIFICATE_FINGERPRINT

Media and client

Review About security configuration considerations for details.

CLIENT_NAME

Media and client

No

ECA_CERT_PATH

Media and client

Review About security configuration considerations for details.

ECA_CRL_CHECK_LEVEL

Media and client

Review About security configuration considerations for details.

ECA_CRL_PATH

Media and client

Only when ECA_CRL_CHECK_LEVEL=USE_PATH is specified.

ECA_KEY_PASSPHRASEFILE

Media and client

No

ECA_PRIVATE_KEY_PATH

Media and client

Review About security configuration considerations for details.

ECA_TRUST_STORE_PATH

Media and client

Review About security configuration considerations for details.

INSTALL_PATH

Media and client

No

LICENSE

Media

No

MACHINE_ROLE

Media and client

No

MEDIA_SERVER

Client

No

MERGE_SERVERS_LIST

Client

No

RBAC_DOMAIN_NAME

Master

No

RBAC_DOMAIN_TYPE

Master

No

RBAC_PRINCIPAL_NAME

Master

No

RBAC_PRINCIPAL_TYPE

Master

No

SERVER

Media and client

No

SERVICES

Client

No

WEBSVC_GROUP

Master

No

WEBSVC_USER

Master

No

About security configuration considerations

If this operation is an initial installation or an upgrade from pre-8.0, at least one set of security configuration parameters must be provided.

To use the NetBackup master server as your Certificate Authority, the CA_CERTIFICATE_FINGERPRINT of the master server must be provided. The AUTHORIZATION_TOKEN option may be required depending on either the security level of the master server or if this computer is already configured on the master server. More information is available: https://www.veritas.com/support/en_US/article.000127129.

To use an external certificate authority, the ECA_CERT_PATH, ECA_CRL_CHECK_LEVEL, ECA_PRIVATE_KEY_PATH, and ECA_TRUST_STORE_PATH values are required. The ECA_CRL_PATH and ECA_KEY_PASSPHRASEFILE values are optional. More information is available: https://www.veritas.com/support/en_US/article.100044300.

About skipping the external certificate authority configuration

To continue the installation or upgrade without configuring the certificate authority, specify SKIP for all the required ECA_ options. Be aware the installation or upgrade fails if you don't set all the ECA_ values to SKIP. If you continue the installation or the upgrade without the required certificate authority components, backups and restores fail.

ACCEPT_REVERSE_CONNECTION
  • Description: Use this option to identify how a NAT client connects with a NetBackup host. Accepted values are TRUE and FALSE. Set this option to TRUE if NetBackup needs to support NAT, otherwise set it to FALSE. Set ACCEPT_REVERSE_CONNECTION = FALSE if:

    • You do not want NetBackup to support NAT clients.

    • The NetBackup clients are not behind the firewall.

  • Default value: FALSE

  • ACCEPT_REVERSE_CONNECTION=TRUE | FALSE

  • Return to Table: Template options and required computers.

AUTHORIZATION_TOKEN
  • Description: This option specifies that NetBackup should automatically use an authorization or a reissue token when it retrieves the host certificate. The AUTHORIZATION_TOKEN is 16 upper case letters. Some environments require an authorization token for backups and restores to work correctly. If this information is required and is not provided in the answer file, the installation fails. If SKIP is specified, the installer attempts to retrieve a host certificate without including a token. In some environments this choice may result in additional manual steps following the installation.

    Be aware that AUTHORIZATION_TOKEN is ignored on upgrade under either of these conditions:

    • NBCA is already configured on the host.

    • ECA is in use on the master server.

  • Default value: None.

  • Required: Review About security configuration considerations for details.

  • AUTHORIZATION_TOKEN=ABCDEFGHIJKLMNOP | SKIP

  • Return to Table: Template options and required computers.

CA_CERTIFICATE_FINGERPRINT
  • Description: This option specifies the Certificate Authority (CA) Certificate Fingerprint. The Certificate Fingerprint is retrieved from the CA during installation or upgrade. The fingerprint format is 59 characters and is a combination of the digits 0-9, the letters A-F, and colons. For example, 01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67. The fingerprint value must match the fingerprint for the server value that is specified in the first SERVER=server_name option. To continue the installation or upgrade without configuring security, specify CA_CERTIFICATE_FINGERPRINT=SKIP.

    Be aware that CA_CERTIFICATE_FINGERPRINT is ignored on upgrade under either of these conditions:

    • NBCA is already configured on the host.

    • ECA is in use on the master server.

  • Default value: None.

  • Required: Review About security configuration considerations for details.

  • CA_CERTIFICATE_FINGERPRINT=fingerprint | SKIP

  • Return to Table: Template options and required computers.

CLIENT_NAME
  • Description: This option specifies the name that NetBackup uses to identify this computer. The XLOCALHOSTX value lets the local host provide the computer name. If this value is used, it may be possible to use the same answer file on all computers within a single master server domain. This value is added to the bp.conf file.

    If CLIENT_NAME is specified on upgrade, a check is made to validate that the name that is provided in the answer file matches the value that is configured in the bp.conf file.

  • Default value: None.

  • Required: No

  • CLIENT_NAME=name | XLOCALHOSTX

  • Return to Table: Template options and required computers.

ECA_CERT_PATH
  • Description: This option specifies the path and the file name of the external certificate file.

    To skip setting up the certificate authority, set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.

    The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.

  • Default value: None.

  • Required: Review About security configuration considerations for details.

  • ECA_CERT_PATH=path_and_file_name

  • Return to Table: Template options and required computers.

ECA_CRL_CHECK_LEVEL
  • Description: This option specifies the CRL mode. Supported values are:

    • USE_CDP: Use the CRL defined in the certificate.

    • USE_PATH: Use the CRL at the path that is specified in ECA_CRL_PATH.

    • DISABLED: Do not use a CRL.

    • SKIP: Used to skip setting up the certificate authority. To skip the ECA configuration, you must set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.

      The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.

  • Default value: None.

  • Required: Review About security configuration considerations for details.

  • ECA_CRL_CHECK_LEVEL=value

  • Return to Table: Template options and required computers.

ECA_CRL_PATH
  • Description: This option specifies the path and the file name of the CRL associated with the external CA certificate.

    To skip setting up the certificate authority, set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.

    The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.

  • Default value: None.

  • Required: Only when ECA_CRL_CHECK_LEVEL=USE_PATH is specified.

  • ECA_CRL_PATH=path

  • Return to Table: Template options and required computers.

ECA_KEY_PASSPHRASEFILE
  • Description: This option specifies the path and the file name of the file that contains the passphrase to access the keystore.

    The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.

  • Default value: None.

  • Required: No

  • ECA_KEY_PASSPHRASEFILE=path/filename

  • Return to Table: Template options and required computers.

ECA_PRIVATE_KEY_PATH
  • Description: This option specifies the path and the file name of the file representing the private key.

    To skip setting up the certificate authority, set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.

    The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.

  • Default value: None.

  • Required: Review About security configuration considerations for details.

  • ECA_PRIVATE_KEY_PATH=path/filename

  • Return to Table: Template options and required computers.

ECA_TRUST_STORE_PATH
  • Description: This option specifies the path and the file name of the file representing the trust store location.

    To skip setting up the certificate authority, set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.

    The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.

  • Default value: None.

  • Required: Review About security configuration considerations for details.

  • ECA_TRUST_STORE_PATH=path/filename

  • Return to Table: Template options and required computers.

INSTALL_PATH
  • Description: This option specifies the location to install the NetBackup binaries. Only the absolute path to a base directory is required for this option. The installer automatically appends /openv. This option cannot be used to change the location of NetBackup during an upgrade.

    Be aware that the INSTALL_PATH option is ignored on upgrade.

  • Default value: /usr

  • Required: No

  • INSTALL_PATH = path

  • Return to Table: Template options and required computers.

LICENSE
  • Description: This option specifies the license key string to apply to the server. Additional LICENSE = key_string lines may be added if more licenses are to be applied. This option only adds additional keys - no existing keys are removed.

  • Default value: None.

  • Required: No.

  • LICENSE = key_string

  • Return to Table: Template options and required computers.

MACHINE_ROLE
  • Description: This option specifies the NetBackup role to install and configure on this computer. For upgrades, this value must match the configured role on the computer.

  • Default value: None. Supported values are MASTER, MEDIA, and CLIENT.

  • Required: No.

  • MACHINE_ROLE = MASTER | MEDIA | CLIENT

  • Return to Table: Template options and required computers.

MEDIA_SERVER
  • Description: This option specifies that NetBackup may use the named host to tunnel secure web requests for this client. A tunnel is required when communication between the client and the NetBackup Web Service on the master server is blocked. This communication is required to obtain a host certificate during the NetBackup installation or upgrade. Multiple MEDIA_SERVER entries may exist in the answer file. Each one is used as a candidate to tunnel https requests. These entries are added to the bp.conf file.

  • Default value: None.

  • Required: No.

  • MEDIA_SERVER=media_server_name

  • Return to Table: Template options and required computers.

MERGE_SERVERS_LIST
  • Description: Merge the servers present in bp.conf on the master with the server list contained in this client's bp.conf.

  • Default value: NO

  • Required: No.

  • MERGE_SERVERS_LIST = yes | no

  • Return to Table: Template options and required computers.

RBAC_DOMAIN_NAME
  • Description: This option specifies the domain name of the principal that is configured to have the role-based access control (RBAC) permissions for the security administrator and backup administrator roles.

  • Default value: None.

  • Required: No

  • RBAC_DOMAIN_NAME = domain_name

  • Return to Table: Template options and required computers.

RBAC_DOMAIN_TYPE
  • Description: This option specifies the domain type of the principal that is configured to have the role-based access control (RBAC) permissions for the security administrator and backup administrator roles.

  • Default value: None.

  • Required: No

  • RBAC_DOMAIN_TYPE = domain_type

  • Return to Table: Template options and required computers.

RBAC_PRINCIPAL_NAME
  • Description: This option specifies the name of the principal that is configured to have the role-based access control (RBAC) permissions for the security administrator and backup administrator roles. This user or the user group must already exist on the system.

  • Default value: None.

  • Required: No

  • RBAC_PRINCIPAL_NAME = principal_name

  • Return to Table: Template options and required computers.

RBAC_PRINCIPAL_TYPE
  • Description: This option specifies the type of the principal that is configured to have the role-based access control (RBAC) permissions for the security administrator and backup administrator roles.

  • Default value: None.

  • Required: No

  • RBAC_PRINCIPAL_TYPE = USER | USERGROUP

  • Return to Table: Template options and required computers.

SERVER
  • Description: This option specifies the server name this computer recognizes as the current NetBackup master server. Additional SERVER= lines may be added if there are other servers that should be recognized. In the case where multiple SERVER= lines are present, the first occurrence is the master server. These entries are added to the bp.conf file.

  • Default value: None.

  • Required: No.

  • SERVER=master_server_name

  • Return to Table: Template options and required computers.

SERVICES
  • Description: This option specifies whether NetBackup services should be started upon completion of the client installation or upgrade. If no is specified, the NetBackup services are not started. Additional manual configuration steps may be performed after the install or upgrade but before the NetBackup services are started.

  • Default value: YES

  • Required: No.

  • SERVICES=no

  • Return to Table: Template options and required computers.

WEBSVC_GROUP
  • Description: This option specifies the group name of the account that the NetBackup web server uses. This group must already exist on the system.

  • Default value: nbwebgrp

  • Required: No.

  • WEBSVC_GROUP=custom_group_account_name

  • Return to Table: Template options and required computers.

WEBSVC_USER
  • Description: This option specifies the user name of the account that the NetBackup web server uses. This user must already exist on the system.

  • Default value: nbwebsvc

  • Required: No.

  • WEBSVC_USER=custom_user_account_name

  • Return to Table: Template options and required computers.