Veritas NetBackup™ Commands Reference Guide

Last Published:
Product(s): NetBackup (8.1.2)
  1. Introduction
    1.  
      About NetBackup commands
    2.  
      Navigating multiple menu levels
    3.  
      NetBackup command conventions
    4.  
      NetBackup Media Manager command notes
    5.  
      IPV6 updates
    6.  
      Removal of nbexecute command
  2. Appendix A. NetBackup Commands
    1.  
      acsd
    2.  
      add_media_server_on_clients
    3.  
      backupdbtrace
    4.  
      backuptrace
    5.  
      bmrc
    6.  
      bmrconfig
    7.  
      bmrepadm
    8.  
      bmrprep
    9.  
      bmrs
    10.  
      bmrsrtadm
    11.  
      bp
    12.  
      bparchive
    13.  
      bpbackup
    14.  
      bpbackupdb
    15.  
      bpcatarc
    16.  
      bpcatlist
    17.  
      bpcatres
    18.  
      bpcatrm
    19.  
      bpcd
    20.  
      bpchangeprimary
    21.  
      bpclient
    22.  
      bpclimagelist
    23.  
      bpclntcmd
    24.  
      bpclusterutil
    25.  
      bpcompatd
    26.  
      bpconfig
    27.  
      bpdbjobs
    28.  
      bpdbm
    29.  
      bpdgclone
    30.  
      bpdown
    31.  
      bpduplicate
    32.  
      bperror
    33.  
      bpexpdate
    34.  
      bpfis
    35.  
      bpflist
    36.  
      bpgetconfig
    37.  
      bpgetdebuglog
    38.  
      bpimage
    39.  
      bpimagelist
    40.  
      bpimmedia
    41.  
      bpimport
    42.  
      bpinst
    43.  
      bpkeyfile
    44.  
      bpkeyutil
    45.  
      bplabel
    46.  
      bplist
    47.  
      bpmedia
    48.  
      bpmedialist
    49.  
      bpminlicense
    50.  
      bpnbat
    51.  
      bpnbaz
    52.  
      bppficorr
    53.  
      bpplcatdrinfo
    54.  
      bpplclients
    55.  
      bppldelete
    56.  
      bpplinclude
    57.  
      bpplinfo
    58.  
      bppllist
    59.  
      bpplsched
    60.  
      bpplschedrep
    61.  
      bpplschedwin
    62.  
      bppolicynew
    63.  
      bpps
    64.  
      bprd
    65.  
      bprecover
    66.  
      bprestore
    67.  
      bpretlevel
    68.  
      bpschedule
    69.  
      bpschedulerep
    70.  
      bpsetconfig
    71.  
      bpstsinfo
    72.  
      bpstuadd
    73.  
      bpstudel
    74.  
      bpstulist
    75.  
      bpsturep
    76.  
      bptestbpcd
    77.  
      bptestnetconn
    78.  
      bptpcinfo
    79.  
      bpup
    80.  
      bpverify
    81.  
      cat_convert
    82.  
      cat_export
    83.  
      cat_import
    84.  
      configurePorts
    85.  
      configureTPCerts
    86.  
      create_nbdb
    87.  
      csconfig cldinstance
    88.  
      csconfig cldprovider
    89.  
      csconfig meter
    90.  
      csconfig throttle
    91.  
      duplicatetrace
    92.  
      importtrace
    93.  
      jbpSA
    94.  
      jnbSA
    95.  
      ltid
    96.  
      manageClientCerts
    97.  
      mklogdir
    98.  
      nbauditreport
    99.  
      nbcatsync
    100.  
      NBCC
    101.  
      NBCCR
    102.  
      nbcertcmd
    103.  
      nbcertupdater
    104.  
      nbcldutil
    105.  
      nbcloudrestore
    106.  
      nbcomponentupdate
    107.  
      nbcplogs
    108.  
      nbdb_admin
    109.  
      nbdb_backup
    110.  
      nbdb_move
    111.  
      nbdb_ping
    112.  
      nbdb_restore
    113.  
      nbdb_unload
    114.  
      nbdbms_start_server
    115.  
      nbdbms_start_stop
    116.  
      nbdc
    117.  
      nbdecommission
    118.  
      nbdelete
    119.  
      nbdeployutil
    120.  
      nbdevconfig
    121.  
      nbdevquery
    122.  
      nbdiscover
    123.  
      nbdna
    124.  
      nbemm
    125.  
      nbemmcmd
    126.  
      nbfindfile
    127.  
      nbfirescan
    128.  
      nbftadm
    129.  
      nbftconfig
    130.  
      nbgetconfig
    131.  
      nbhba
    132.  
      nbholdutil
    133.  
      nbhostidentity
    134.  
      nbhostmgmt
    135.  
      nbhypervtool
    136.  
      nbinstallcmd
    137.  
      nbjm
    138.  
      nbkmsutil
    139.  
      nboraadm
    140.  
      nborair
    141.  
      nbpem
    142.  
      nbpemreq
    143.  
      nbperfchk
    144.  
      nbplupgrade
    145.  
      nbrb
    146.  
      nbrbutil
    147.  
      nbregopsc
    148.  
      nbreplicate
    149.  
      nbrepo
    150.  
      nbrestorevm
    151.  
      nbseccmd
    152.  
      nbsetconfig
    153.  
      nbsnapimport
    154.  
      nbsnapreplicate
    155.  
      nbsqladm
    156.  
      nbstl
    157.  
      nbstlutil
    158.  
      nbstop
    159.  
      nbsu
    160.  
      nbsvrgrp
    161.  
      resilient_clients
    162.  
      restoretrace
    163.  
      stopltid
    164.  
      tl4d
    165.  
      tl8d
    166.  
      tl8cd
    167.  
      tldd
    168.  
      tldcd
    169.  
      tlhd
    170.  
      tlhcd
    171.  
      tlmd
    172.  
      tpautoconf
    173.  
      tpclean
    174.  
      tpconfig
    175.  
      tpext
    176.  
      tpreq
    177.  
      tpunmount
    178.  
      verifytrace
    179.  
      vltadm
    180.  
      vltcontainers
    181.  
      vlteject
    182.  
      vltinject
    183.  
      vltoffsitemedia
    184.  
      vltopmenu
    185.  
      vltrun
    186.  
      vmadd
    187.  
      vmchange
    188.  
      vmcheckxxx
    189.  
      vmd
    190.  
      vmdelete
    191.  
      vmoprcmd
    192.  
      vmphyinv
    193.  
      vmpool
    194.  
      vmquery
    195.  
      vmrule
    196.  
      vmupdate
    197.  
      vnetd
    198.  
      vssat
    199.  
      vwcp_manage
    200.  
      vxlogcfg
    201.  
      vxlogmgr
    202.  
      vxlogview
    203.  
      W2KOption

Name

nbkmsutil — run the NetBackup Key Management Service utility

SYNOPSIS

nbkmsutil [-createkey] [-createkg] [-deletekey] [-deletekg] [-export] [-gethmkid] [-getkpkid] [-import] [-ksstats] [-listkeys] [-listkgs] [-modifyhmk] [-modifykey] [-modifykg] [-modifykpk] [-quiescedb] [-recoverkey] [-unquiescedb]

nbkmsutil -createkey [ -nopphrase ] -kgname key_group_name -keyname key_name [ -activate ] [ -desc description ]

nbkmsutil -createkg -kgname key_group_name [ -cipher type ] [ -desc description ]

nbkmsutil -deletekey -keyname key_name -kgname key_group_name

nbkmsutil -deletekg -kgname key_group_name

nbkmsutil -export -path secure_key_container [-key_groups key_group_name_1 ... | -key_file key_file_name]

nbkmsutil -gethmkid

nbkmsutil -getkpkid

nbkmsutil -import -path secure_key_container [-preserve_kgname] [-desc description] [-preview]

nbkmsutil -ksstats [-noverbose]

nbkmsutil -listkeys -kgname key_group_name [ -keyname key_name | -activekey ] [ -verbose ]

nbkmsutil -listkgs [ -kgname key_group_name | -cipher type | -emptykgs | -noactive ] [ -verbose ]

nbkmsutil -modifyhmk [ -nopphrase ]

nbkmsutil -modifykey -keyname key_name -kgname key_group_name [ -state new_state | -activate ] [ -name new_keyname ] [ -desc new_description ]

nbkmsutil -modifykg -kgname key_group_name [ -name new_key_group_name ] [ -desc new_description ]

nbkmsutil -modifykpk [ -nopphrase ]

nbkmsutil -quiescedb

nbkmsutil -recoverkey -keyname key_name -kgnamekey_group_name -tag key_tag [-desc description]

nbkmsutil -unquiescedb

On UNIX systems, the directory path to this command is /usr/openv/netbackup/bin/admincmd/

On Windows systems, the directory path to this command is install_path\NetBackup\bin\admincmd\

DESCRIPTION

The nbkmsutil command performs the following operations:

-createkey

Create a new key. The default state of the new key is Prelive.

-createkg

Create a new key group. The default cipher of the new key group is AES_256.

-deletekey

Delete a key. Only keys in Prelive and Terminated states can be deleted.

-deletekg

Delete an empty key group.

To force the delete of a key group that is not empty, use the -force option.

# nbkmsutil -deletekg -kgname key_group_name -force

-export

Exports keys and keys groups across domains

-gethmkid

Return the current HMK ID.

-getkpkid

Returns the current KPK ID.

-import

Imports keys and keys groups across domains

To preview the results of the import option, use -preview.

# nbkmsutil -import -path secure_key_container -preview

-ksstats

Returns the keystore statistics. The statistics consist of the number of key groups, the total number of keys, and the outstanding quiesce calls.

-listkeys

Get the details of keys.

-listkgs

Get the details of the key groups. If no option is specified, retrieve the details of all the key groups.

-modifyhmk

Modify the host master key (HMK). HMK is used to encrypt the keystore. To modify the HMK, provide an optional seed (passphrase) and an HMK ID which can remind the user of the specified passphrase. The passphrase and the HMK ID are both read interactively.

-modifykey

Modify key attributes.

-modifykg

Modify key group attributes.

-modifykpk

Modify the key protection key (KPK). KPK is used to encrypt KMS keys. KPK is per keystore. To modify the KPK, provide an optional seed (passphrase) and a KPK ID which can remind the user of the specified passphrase. The passphrase and the KPK ID are both read interactively.

-quiescedb

Sends a quiesce request to KMS. If the command succeeds, the current outstanding quiesce count is returned (as multiple backup jobs might quiesce the KMS DB to back it up)

-recoverkey

Restore could fail if a key used in encrypting the backup data is lost. Such Keys can be recovered (re-created) with the knowledge of the original Key's attributes (tag and passphrase).

-unquiescedb

Sends an unquiesce request to KMS. If the command succeeds, the current outstanding quiesce count is returned. A count of zero (0) means that the KMS database is completely unquiesced.

OPTIONS

The nbkmsutil command uses the following options:

-activate

Sets the state of the specified key to active. The default state is prelive.

-activekey

Retrieves the details of a specific key group's active key.

-cipher

The type of cipher that the key group supports. All keys that belong to a key group support the same cipher type. Supported cipher types are BLOW, AES_128, AES_192, and AES_256 (default cipher).

-emptykgs

Retrieves the details of all the key groups with zero keys in it.

-keyname

key_name specifies the name of a key. This name should be unique within a key group. The key group name and key name uniquely identify a key in the keystore.

-kgname

key_group_name specifies the name of a key group. Within a keystore, the key group name uniquely identifies the key group.

-name

Specifies the new name of the key group when used with -modifykg or the new name of the key when used with -modifykey. The new key group name must not conflict with other names in the keystore.

-noactive

Retrieves the details of all the key groups in which there are no active keys.

-nopphrase

Disables the utility function that prompts you for a pass phrase. Instead, the utility creates the key. The default condition is the use of the pass phrase to create a key with a seed. A lengthy seed and a strong seed results in a strong key.

-noverbose

Disables verbosity. The default condition is verbosity, which prints the details in readable format.

-state

new_state specifies the new state of the Key. Possible states are Prelive, Active, Inactive, Deprecated, and Terminated.

Key states can be changed only in the following ways:

  • Prelive to Active

  • Transition between Active and Inactive

  • Transition between Inactive and Deprecated

  • Transition between Deprecated and Terminated

-tag

key_tag specifies a random unique identifier that is created for the key record that the utility creates. The listkey option can display this tag. If you need to recover (recreate) the key record, you need to use the original tag value, hence the - tag option for these recovery options.