NetBackup™ Web UI Administrator's Guide

Last Published:
Product(s): NetBackup (10.0)
  1. Introducing the NetBackup web user interface
    1.  
      About the NetBackup web UI
    2.  
      Terminology
    3.  
      First-time sign in to a NetBackup primary server from the NetBackup web UI
    4.  
      Sign in to the NetBackup web UI
    5.  
      Sign out of the NetBackup web UI
    6.  
      Documentation for Host Properties in the NetBackup web UI
  2. Monitoring and notifications
    1.  
      The NetBackup dashboard
    2.  
      About the Activity monitor
    3. Job monitoring
      1.  
        View a job
      2.  
        View the jobs in the List view
      3.  
        View the jobs in the Hierarchy view
      4.  
        Jobs: cancel, suspend, restart, resume, delete
      5.  
        Search for or filter jobs in the jobs list
      6.  
        Create a jobs filter
      7.  
        Edit or delete a jobs filter
      8.  
        Troubleshooting the viewing of jobs
    4. Job notifications
      1. Send email notifications for job failures
        1.  
          Status codes that generate alerts
      2.  
        Send notifications to the backup administrator about failed backups
      3.  
        Send notifications to a host administrator about backups
      4.  
        Configure the nbmail.cmd script on the Windows hosts
    5. About NetBackup notifications
      1.  
        View notifications
      2.  
        Modify or disable NetBackup event notifications in the web UI
      3.  
        About configuring automatic notification cleanup tasks
  3. Section I. Configuring hosts
    1. Managing hosts
      1.  
        Reset a host's attributes
  4. Section II. Configuring storage and backups
    1. Configuring storage
      1.  
        About storage configuration
      2.  
        Create a Media Server Deduplication Pool (MSDP) storage server
      3.  
        Create a Cloud storage, OpenStorage, or AdvancedDisk storage server
      4.  
        Create a disk pool
      5.  
        Create a storage unit
      6.  
        Create a universal share
      7.  
        Using image sharing from the NetBackup web UI
      8.  
        Troubleshooting storage configuration
      9.  
        Troubleshooting universal share configuration issues
      10.  
        Create a Media Server Deduplication Pool (MSDP) storage server for image sharing
    2. Managing protection plans
      1.  
        About protection plans
      2.  
        Create a protection plan
      3.  
        Edit or delete a protection plan
      4.  
        Subscribe an asset or an asset group to a protection plan
      5.  
        Unsubscribe an asset from a protection plan
      6.  
        View protection plan overrides
      7.  
        About Backup Now
    3. Managing classic policies
      1.  
        About a NetBackup classic policy
      2.  
        About policy management in the NetBackup web UI
    4. Managing backup images
      1.  
        About the NetBackup catalog
      2.  
        Search for backup images
  5. Section III. Managing credentials
    1. Managing credentials for workloads and systems that NetBackup accesses
      1.  
        About credential management in NetBackup
      2.  
        Add a credential in NetBackup
      3.  
        Add a credential for an external KMS
      4.  
        Add a credential for NetBackup Callhome Proxy
      5.  
        Edit or delete a named credential
      6.  
        Add a credential for Network Data Management Protocol (NDMP)
      7.  
        Edit or delete Network Data Management Protocol (NDMP) credentials in NetBackup
  6. Section IV. Managing security
    1. Security events and audit logs
      1.  
        View security events and audit logs
      2. About NetBackup auditing
        1.  
          User identity in the audit report
        2.  
          Audit retention period and catalog backups of audit records
        3.  
          Viewing the detailed NetBackup audit report
      3.  
        Send audit events to system logs
    2. Managing security certificates
      1.  
        About security management and certificates in NetBackup
      2.  
        NetBackup host IDs and host ID-based certificates
      3. Managing NetBackup security certificates
        1.  
          Reissue a NetBackup certificate
        2.  
          Managing NetBackup certificate authorization tokens
      4. Using external security certificates with NetBackup
        1.  
          Configure an external certificate for the NetBackup web server
        2.  
          Remove the external certificate configured for the web server
        3.  
          Update or renew the external certificate for the web server
        4.  
          View external certificate information for the NetBackup hosts in the domain
    3. Managing host mappings
      1.  
        View host security and mapping information
      2.  
        Approve or add mappings for a host that has multiple host names
      3.  
        Remove mappings for a host that has multiple host names
    4. Managing user sessions
      1.  
        Sign out a NetBackup user session
      2.  
        Unlock a NetBackup user
      3.  
        Configure when idle sessions should time out
      4.  
        Configure the maximum of concurrent user sessions
      5.  
        Configure the maximum of failed sign-in attempts
      6.  
        Display a banner to users when they sign in
    5. Managing the security settings for the primary server
      1.  
        Certificate authority for secure communication
      2.  
        Disable communication with NetBackup 8.0 and earlier hosts
      3.  
        Disable automatic mapping of NetBackup host names
      4.  
        Configure the global data-in-transit encryption setting
      5.  
        About NetBackup certificate deployment security levels
      6.  
        Select a security level for NetBackup certificate deployment
      7.  
        Set a passphrase for disaster recovery
      8. About trusted primary servers
        1.  
          Add a trusted primary server
        2.  
          Remove a trusted primary server
    6. Access keys
      1.  
        Access keys
      2.  
        About API keys
      3. Creating and managing API keys for users (Administrators)
        1.  
          Add an API key or view API key details
        2.  
          Edit, reissue, or delete an API key
      4. Adding and managing your API keys (Users)
        1.  
          Add an API key or view your API key details
        2.  
          Edit, reissue, or delete your API key
        3.  
          Use an API key with NetBackup REST APIs
      5. Access codes
        1.  
          Get CLI access through web UI authentication
        2.  
          Approve your CLI access request
        3.  
          Approve CLI access requests of other users
        4.  
          Edit access settings
    7. Configuring authentication options
      1.  
        Sign-in options for the NetBackup web UI
      2. Configure user authentication with smart cards or digital certificates
        1.  
          Configure smart card authentication with domain
        2.  
          Configure smart card authentication without domain
        3.  
          Edit the configuration for smart card authentication
        4.  
          Add or delete a CA certificate that is used for smart card authentication
        5.  
          Disable or temporarily disable smart card authentication
      3.  
        About Single Sign-On (SSO) configuration
      4. Configure NetBackup for Single Sign-On (SSO)
        1.  
          Configure the SAML KeyStore
        2.  
          Configure the SAML keystore and add and enable the IDP configuration
        3.  
          Enroll the NetBackup primary server with the IDP
        4.  
          Manage an IDP configuration
        5.  
          Video: Configure Single Sign-On in NetBackup
      5. Troubleshooting SSO
        1.  
          Redirection issues
        2.  
          Unable to sign in due to authorization-related issues
  7. Section V. Managing role-based access control
    1. About role-based access control in NetBackup
      1.  
        RBAC features
      2. RBAC settings
        1.  
          Disable web UI access for Operating System Administrator
        2.  
          Disable CLI access for Operating System Administrator
      3.  
        Authorized users
    2. Configuring RBAC roles
      1. Configuring RBAC
        1.  
          Notes for using NetBackup RBAC
        2.  
          Add AD or LDAP domains
        3.  
          Add a custom RBAC role
        4.  
          Edit or remove a role a custom role
        5.  
          View users in RBAC
        6.  
          Add a user to a role (non-SAML)
        7.  
          Add a user to a role (non-SAML, smart card user without AD or LDAP domain association or mapping)
        8.  
          Add a user to a role (SAML)
        9.  
          Remove a user from a role
      2. Default RBAC roles
        1.  
          Administrator
        2.  
          Default AHV Administrator
        3.  
          Default Cloud Administrator
        4.  
          Default NetBackup Command Line (CLI) Administrator
        5.  
          Default Kubernetes Administrator
        6.  
          Default NetBackup Kubernetes Operator Service
        7.  
          Default Microsoft SQL Server Administrator
        8.  
          Default Oracle Administrator
        9.  
          Default RHV Administrator
        10.  
          Default SaaS Administrator
        11.  
          Default Resiliency Administrator
        12.  
          Default Security Administrator
        13.  
          Default Storage Administrator
        14.  
          Default Universal Share Administrator
        15.  
          Default VMware Administrator
    3. RBAC permissions
      1.  
        About role permissions
      2.  
        Global > BMR
      3.  
        Global > NetBackup Web Management Console Administration
      4. Global > NetBackup management
        1.  
          Access hosts
        2.  
          Agentless hosts
        3.  
          Anomalies
        4.  
          CLI sessions
        5.  
          Data classifications
        6.  
          Email notifications
        7.  
          Event logs
        8.  
          NetBackup hosts
        9.  
          Image sharing
        10.  
          NetBackup backup images
        11.  
          Jobs
        12.  
          Licensing
        13.  
          Media server
        14.  
          Remote primary server certificate authority
        15.  
          Resiliency
        16.  
          Resource limits
        17.  
          Retention levels
        18.  
          Servers > Trusted primary servers
        19.  
          Cloud providers
        20.  
          CloudPoint servers
        21.  
          WebSocket servers
      5.  
        Global > Protection
      6. Global > Security
        1.  
          Access control
        2.  
          Security events
        3.  
          Certificate management
        4.  
          Disaster recovery passphrase
        5.  
          Identity provider and SAML certificate configuration
        6.  
          Key Management Services (KMS)
        7.  
          Passphrase constraints
        8.  
          Service principal configuration
        9.  
          Global security settings
        10.  
          Trust versions
        11.  
          API keys
        12.  
          User certificates
        13.  
          User sessions and authentication
      7. Global > Storage
        1.  
          Cloud storage
        2.  
          Disk pools
        3.  
          Storage Key Management Services
        4.  
          Storage servers
        5.  
          Storage units
        6.  
          Tape media
        7.  
          Replication-capable target storage servers
      8. Assets
        1.  
          AHV assets
        2.  
          Cassandra assets
        3.  
          Cloud assets
        4.  
          Instant access for MS-Windows policies
        5.  
          Instant access for Standard policies
        6.  
          Kubernetes assets
        7.  
          Microsoft SQL Server assets
        8.  
          OpenStack servers
        9.  
          Oracle assets
        10.  
          PaaS assets
        11.  
          RHV assets
        12.  
          SaaS assets
        13.  
          Universal shares
        14.  
          VMware assets
        15.  
          Windows and Standard client types
      9.  
        Protection plans
      10.  
        Credentials
      11. Manage access
        1.  
          Remove a role that has access to an area of the web UI
        2.  
          View access definitions
        3.  
          Accessing Azure managed instance for RBAC custom role
  8. Section VI. Managing detection and reporting
    1. Detecting malware
      1.  
        About Malware detection
      2. NetBackup Web UI Malware scanning workflow configuration
        1.  
          Configure a new scan host pool
        2.  
          Add an existing scan host
        3.  
          Manage credentials
        4.  
          Remove the scan host
        5.  
          Deactivate the scan host
      3.  
        Perform Malware scanning
      4.  
        Recovery flow for malware scan
    2. Detecting anomalies
      1.  
        About backup anomaly detection
      2.  
        How a backup anomaly is detected
      3.  
        View anomalies
      4.  
        Configure anomaly detection settings
    3. Usage reporting and capacity licensing
      1.  
        Track protected data size on your primary servers
      2.  
        Configure the servers list for usage reporting
      3.  
        Configure usage reporting settings
      4.  
        Scheduling reports for capacity licensing
      5.  
        Other configuration for incremental reporting
      6.  
        Troubleshooting failures for usage reporting and incremental reporting
  9. Managing deployment
    1.  
      Managing the NetBackup Package repository
    2.  
      Update host
  10. Managing Resiliency Platforms
    1.  
      About Resiliency Platform in NetBackup
    2.  
      Understanding the terms
    3. Configuring a Resiliency Platform
      1.  
        Add a Resiliency Platform
      2.  
        Configure a third-party CA certificate
      3.  
        Edit or delete a Resiliency Platform
      4.  
        View the automated or not-automated VMs
    4.  
      Troubleshooting NetBackup and Resiliency Platform issues
  11. NetBackup SaaS Protection
    1.  
      Overview of NetBackup for SaaS
    2.  
      Adding NetBackup SaaS Protection Hubs
    3. Configuring the autodiscovery frequency
      1.  
        Proxy configuration for autodiscovery
    4.  
      Viewing asset details
    5.  
      Configuring permissions
    6.  
      Troubleshooting SaaS workload issues
  12. NetBackup Flex Scale
    1. Managing NetBackup Flex Scale
      1.  
        Access NetBackup Flex Scale from the NetBackup web UI
      2.  
        Access NetBackup from the Flex Scale infrastructure management console
      3.  
        Manage NetBackup and the Flex Scale cluster infrastructure from the Flex Scale UI
  13. Managing Bare Metal Restore (BMR)
    1.  
      About Bare Metal Restore (BMR)
    2.  
      Add a custom role for a Bare Metal Restore (BMR) administrator
  14. Troubleshooting the NetBackup Web UI
    1.  
      Tips for accessing the NetBackup web UI
    2.  
      If a user doesn't have the correct permissions or access in the NetBackup web UI
    3.  
      Unable to validate the user or group

Approve or add mappings for a host that has multiple host names

A NetBackup host can have multiple host names. For example, both a private and a public name or a short name and a fully qualified domain name (FQDN). A NetBackup host may also share a name with other NetBackup host in the environment. NetBackup also discovers cluster names, including the host name and fully qualified domain name (FQDN) of the virtual name of the cluster.

See Examples of auto-discovered mappings for a cluster.

See Example of auto-discovered mappings for a cluster in a multiple NIC environment.

See Examples of auto-discovered mappings for SQL Server environments.

The NetBackup client name of a host (or the primary name) is automatically mapped to its host ID during certificate deployment. For successful communication between NetBackup hosts, NetBackup also automatically maps all hosts to their other host names. However, that method is less secure. Instead, you can choose to disable this setting. Then choose to manually approve the individual host name mappings that NetBackup discovers.

See Disable automatic mapping of NetBackup host names.

Approve the host mappings that NetBackup discovers

NetBackup automatically discovers many shared names or cluster names that are associated with the NetBackup hosts in your environment. Use the Mappings to approve tab to review and accept the relevant host names. When Automatically map host names to their NetBackup host ID is enabled, the Mappings to approve list shows only the mappings that conflict with other hosts.

Note:

You must map all available host names with the associated host ID. When you deploy a certificate to a host, the host name must map to the associated host ID. If it does not, NetBackup considers the host to be a different host. NetBackup then deploys a new certificate to the host and issues it a new host ID.

To approve the host names that NetBackup discovers

  1. On the left, select Security > Host mappings.
  2. Click the Mappings to approve tab.
  3. Click the name of the host.
  4. Review the mappings for the host and click Approve if you want to use the discovered mapping.

    Click Reject if you do not want to associate the mapping with the host.

    The rejected mappings do not appear in the list until NetBackup discovers them again.

  5. Click Save.

 

Map other host names to a host

You can manually map the NetBackup host to its host names. This mapping ensures that NetBackup can successfully communicate with the host using the other name.

To map a host name to a host

  1. On the left, select Security > Host mappings.
  2. Select the host and click Manage mappings.
  3. Click Add.
  4. Enter the host name or IP address and click Save.
  5. Click Close.

 

Map shared or cluster names to multiple NetBackup hosts

Add a shared or a cluster name mapping if multiple NetBackup hosts share a host name. For example, a cluster name.

Note the following before you create a shared or a cluster name mapping:

  • NetBackup automatically discovers many shared names or cluster names. Review the Mappings to approve tab.

  • If a mapping is shared between an insecure and a secure host, NetBackup assumes that the mapping name is secure. However, if at run-time the mapping resolves to an insecure host, the connection fails. For example, assume that you have a two-node cluster with a secure host (node 1) and an insecure host (node 2). In this case, the connection fails if node 2 is the active node.

To map shared or cluster names to multiple NetBackup hosts

  1. On the left, select Security > Host mappings.
  2. Click Add shared or cluster mappings.
  3. Enter a Shared host name or cluster name that you want to map to two or more NetBackup hosts.

    For example, enter a cluster name that is associated with NetBackup hosts in your environment.

  4. On the right, click Add.
  5. Select the NetBackup hosts that you want to add and click Add to list.

    For example, if you entered a cluster name in step 3 select the nodes in the cluster here.

  6. Click Save.
Examples of auto-discovered mappings for a cluster

For a cluster with hosts client01.lab04.com and client02.lab04.com, you may see the following entries. For each host, approve the mappings that are valid.

Host

Auto-discovered mapping

client01.lab04.com

client01

client01.lab04.com

clustername

client01.lab04.com

clustername.lab04.com

client02.lab04.com

client02

client02.lab04.com

clustername

client02.lab04.com

clustername.lab04.com

When you have approved all valid mappings, you see the Mapped host or IP address settings that are similar to the following entries.

Host

Mapped Host Names/IP Addresses

client01.lab04.com

client01.lab04.com, client01, clustername, clustername.lab04.com

client02.lab04.com

client02.lab04.com, client02, clustername, clustername.lab04.com

Example of auto-discovered mappings for a cluster in a multiple NIC environment

Backups of a cluster in a multi-NIC environment require special mappings. You must map the cluster node names to the virtual name of the cluster on the private network.

Table: Mapping host names for a cluster in a multi-NIC environment

Host

Mapped Host Names

Private name of Node 1

Virtual name of the cluster on the private network

Private name of Node 2

Virtual name of the cluster on the private network

For example, for a cluster in a multi-NIC environment with hosts client01-bk.lab04.com and client02-bk.lab04.com, you may see the following entries. For each host, approve the mappings that are valid.

Host

Auto-discovered Mapping

client01-bk.lab04.com

clustername-bk.lab04.com

client02-bk.lab04.com

clustername-bk.lab04.com

When you have approved all valid mappings, you see the Mapped host or IP address settings that are similar to the following entries.

Host

Mapped Host Names/IP Addresses

client01-bk.lab04.com

clustername-bk.lab04.com

client02-bk.lab04.com

clustername-bk.lab04.com

Examples of auto-discovered mappings for SQL Server environments

In Table: Example mapped host names for SQL Server environments, FCI is a SQL Server failover cluster instance. WSFC is Windows Server Failover Cluster.

Table: Example mapped host names for SQL Server environments

Environment

Host

Mapped Host Names

FCI (cluster with two nodes)

Physical name of Node 1

Virtual name of the SQL Server cluster

Physical name of Node 2

Virtual name of the SQL Server cluster

Basic or advanced availability group (primary and secondary)

Primary name

WSFC name

Secondary name

WSFC name

Basic or advanced availability group, with an FCI (primary FCI and secondary FCI)

Primary FCI name

WSFC name

Secondary FCI name

WSFC name

Physical name of Node 1

Virtual name of the SQL Server cluster

Physical name of Node 2

Virtual name of the SQL Server cluster