CP Admin 21 Ubuntu

Veritas CloudPoint 2.
1
Administrator's Guide
Linux
Veritas CloudPoint Administrator's Guide
Last updated: 2018-10-04
Document version: 2.1 Rev 3
Legal Notice
Copyright © 2018 Veritas Technologies LLC. All rights reserved.
Veritas, the Veritas Logo, Veritas InfoScale, and NetBackup are trademarks or registered
trademarks of Veritas Technologies LLC or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.
This product may contain third-party software for which Veritas is required to provide attribution
to the third party (“Third-Party Programs”). Some of the Third-Party Programs are available
under open source or free software licenses. The License Agreement accompanying the
Software does not alter any rights or obligations you may have under those open source or
free software licenses. Refer to the third-party legal notices document accompanying this
Veritas product or available at:
https://www.veritas.com/licensing/process
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Veritas Technologies
LLC and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED

CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. VERITAS TECHNOLOGIES LLC
SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN
CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS
DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS
SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Veritas as on premises or
hosted services. Any use, modification, reproduction release, performance, display or disclosure
of the Licensed Software and Documentation by the U.S. Government shall be solely in
accordance with the terms of this Agreement.
Veritas Technologies LLC

500 E Middlefield Road
Mountain View, CA 94043
http://www.veritas.com
Technical Support
Technical Support maintains support centers globally. All support services will be delivered
in accordance with your support agreement and the then-current enterprise technical support
policies. For information about our support offerings and how to contact Technical Support,
visit our website:
https://www.veritas.com/support
You can manage your Veritas account information at the following URL:
https://my.veritas.com
If you have questions regarding an existing support agreement, please email the support
agreement administration team for your region as follows:
Worldwide (except Japan) [email protected]
Japan [email protected]
Documentation feedback
Your feedback is important to us. Suggest improvements or report errors or omissions to the
documentation. Include the document title, document version, chapter title, and section title
of the text on which you are reporting. Send feedback to:
[email protected]
You can also see documentation information or ask a question on the Veritas community site:
http://www.veritas.com/community/
Contents
Chapter 1 Getting started with CloudPoint ...................................... 9
About CloudPoint ........................................................................... 9

What kinds of assets can you protect? .............................................. 10
Understanding your CloudPoint license ............................................. 11
Section 1 Installing and configuring CloudPoint

........................................................................................... 14
Chapter 2 Preparing for installation ................................................. 15
About the deployment approach ...................................................... 15

Deciding where to run CloudPoint .................................................... 16
Meeting system requirements ......................................................... 17
Creating an instance or preparing the physical host to install CloudPoint
........................................................................................... 20
Installing Docker for Ubuntu ............................................................ 20
Installing Docker for RHEL ............................................................. 21
Creating and mounting a volume to store CloudPoint data .................... 21
Verifying that specific ports are open on the instance or physical host
........................................................................................... 22
Chapter 3 Deploying CloudPoint ...................................................... 24
Deploying CloudPoint .................................................................... 24

Configuring CloudPoint from your browser and signing in ..................... 27
Verifying that CloudPoint installed successfully ................................... 31
Chapter 4 Using plug-ins to discover assets ................................. 32

About plug-ins ............................................................................. 32
Determining the types of plug-ins and agents to install ......................... 33
Chapter 5 Configuring off-host plug-ins .......................................... 35
Configuring an off-host plug-in ........................................................ 35

Amazon Web Services plug-in configuration notes .............................. 38
Contents 5
Configuring permissions on Amazon Web Services ...................... 39

Dell EMC Unity array plug-in configuration notes ................................. 43
Google Cloud Platform plug-in configuration notes .............................. 44
Hewlett-Packard Enterprise 3PAR plug-in configuration notes ................ 46
Microsoft Azure plug-in configuration notes ........................................ 47
Configuring permissions on Microsoft Azure ................................. 47
Nutanix plug-in configuration notes .................................................. 49
Pure Storage FlashArray plug-in configuration notes ............................ 50
Huawei OceanStor array plug-in configuration notes ............................ 50
Chapter 6 Configuring the on-host agents and plug-ins ............ 51

About agents ............................................................................... 51
Preparing to install the Linux-based on-host agent .............................. 53
Optimizing your Oracle database data and metadata files ............... 54
Preparing to install the Windows-based on-host agent ......................... 54
About the installation and configuration process .................................. 54
Downloading and installing an on-host agent ..................................... 55
Configuring a Linux-based on-host agent .......................................... 58
MongoDB plug-in configuration notes ............................................... 60
Configuring a Windows-based on-host agent ..................................... 60
Configuring a Windows-based agent on a host if an agent has been
previously installed ................................................................. 63
Configuring the on-host plug-in ........................................................ 63
Configuring VSS to store shadow copies on the originating drive ............ 64
Enabling the Microsoft SQL plug-in on the Windows host ...................... 65
Running the Windows agent as a service .......................................... 66
Chapter 7 Protecting assets with CloudPoint's agentless

feature ............................................................................. 68
About the agentless feature ............................................................ 68
Configuring the agentless feature .............................................. 68
Section 2 Configuring users ...................................................... 71
Chapter 8 Setting up email and adding users ............................... 72

Configuring email ......................................................................... 72
Adding users at CloudPoint configuration time .................................... 74
Adding a user .............................................................................. 77
Deleting a user ............................................................................ 80
Contents 6
Chapter 9 Assigning roles to users for greater efficiency

........................................................................................... 81
About role-based access control ...................................................... 81

Displaying role information ............................................................. 82
Creating a role ............................................................................. 82
Editing a role ............................................................................... 86
Deleting a role ............................................................................. 87
Section 3 Protecting and managing data ......................... 88

Chapter 10 User interface basics ........................................................ 89
Signing in to CloudPoint ................................................................. 89
Focusing on an asset type .............................................................. 90
Navigating to your assets ............................................................... 91
Using the action icons ................................................................... 93
Chapter 11 Protecting your assets with policies ............................. 94

About policies .............................................................................. 94
Creating a policy .......................................................................... 96
Assigning a policy to an asset ......................................................... 99
Listing policies and displaying policy details ..................................... 102
Editing a policy ........................................................................... 104
Deleting a policy ......................................................................... 106
Chapter 12 Replicating snapshots for added protection ............ 108
About replication ......................................................................... 108

Replication of encrypted snapshots ................................................ 108
Configuring replication rules .......................................................... 109
Editing a replication rule ............................................................... 111
Deleting a replication rule ............................................................. 112
Chapter 13 Managing your assets .................................................... 113

Creating a snapshot manually ....................................................... 113
Displaying asset snapshots .......................................................... 117
Replicating a snapshot manually .................................................... 118
Restoring a snapshot .................................................................. 120
Restoring individual files within a snapshot ................................. 125
Deleting a snapshot .................................................................... 128
Contents 7
Chapter 14 Monitoring activities with notifications and the job

log ................................................................................... 131
Working with notifications ............................................................. 131
Using the job log ......................................................................... 132
Chapter 15 Indexing and classifying your assets ......................... 134
About indexing and classifying snapshots ........................................ 134

Configuring classification settings by using the Veritas Information
Classifier ............................................................................. 135
Indexing and classifying snapshots ................................................ 136
Statuses for indexing and classification ........................................... 137
Chapter 16 Protection and disaster recovery ................................ 138
About protection and disaster recovery ............................................ 138

Backing up CloudPoint ................................................................. 139
Restoring CloudPoint ................................................................... 141
Section 4 Maintaining CloudPoint ....................................... 144
Chapter 17 CloudPoint logs ................................................................ 145
CloudPoint logs .......................................................................... 145
Chapter 18 Troubleshooting CloudPoint ......................................... 148

Restarting CloudPoint .................................................................. 148
Docker may fail to start due to a lack of space .................................. 149
Some CloudPoint features do not appear in the user interface ............. 150
Chapter 19 Upgrading CloudPoint .................................................... 154
Preparing to upgrade CloudPoint ................................................... 154

Upgrading CloudPoint ................................................................. 155
Chapter 20 Working with your CloudPoint license ....................... 157

Displaying CloudPoint license and protection information .................... 157
Upgrading your CloudPoint license ................................................. 158
Contents 8
Section 5 Reference ...................................................................... 161

Chapter 21 Storage array support ..................................................... 162
Dell EMC Unity arrays ................................................................. 162
Dell EMC Unity array plug-in configuration parameters ................. 162
Supported Dell EMC Unity arrays ............................................. 163
Supported CloudPoint operations on Dell EMC Unity arrays .......... 163
Hewlett-Packard Enterprise (HPE) 3PAR array ................................. 164
Required 3PAR array configuration information ........................... 164
Supported 3PAR arrays ......................................................... 164
Supported CloudPoint operations on 3PAR array assets ............... 164
Pure Storage FlashArray .............................................................. 165
Pure Storage FlashArray plug-in configuration parameters ............ 165
Supported Pure Storage FlashArray models ............................... 165
Supported CloudPoint operations on Pure Storage FlashArray
models ......................................................................... 166
Huawei OceanStor arrays ............................................................. 166
Huawei OceanStor array plug-in configuration parameters ............ 166
Supported Huawei OceanStor arrays ........................................ 167
Supported CloudPoint operations on Huawei OceanStor array
.................................................................................... 168
Chapter 22 Working with CloudPoint using APIs ......................... 170
Accessing swagger API documentation ........................................... 170

Chapter 1
Getting started with
CloudPoint
This chapter includes the following topics:
■ About CloudPoint
■ What kinds of assets can you protect?
■ Understanding your CloudPoint license
About CloudPoint
Before you work with CloudPoint, it's helpful to have an overview. The following
figure traces your path through CloudPoint, from installation and configuration
through to data protection. Knowing this process makes getting started much easier.
Getting started with CloudPoint 10
What kinds of assets can you protect?
Figure 1-1 Your path through CloudPoint
As you review the figure, keep in mind the following.

■ Some of these tasks may only take a few minutes. You can be up and running
with CloudPoint quickly.
■ If you are managing a small environment and intend to only have one
administrator, you can skip the steps on configuring users.
■ The CloudPoint features you can use vary depending on the type of license you
have. Also some features, such as classifying snapshot data, are in the technical
preview stage. You should not use those features in a production environment.
Any technical preview features are identified as such.
What kinds of assets can you protect?

CloudPoint offers snapshot-based data protection for your cloud or on-premises
assets.
Understanding your CloudPoint license
The following table shows the types of assets CloudPoint protects. The specific
assets you can protect depends on the type of CloudPoint license you have.
Table 1-1 Supported assets
Category Supported assets
Applications ■ Amazon Relational Database Service (RDS) applications and Aurora

database clusters
■ MongoDB Enterprise Edition 3.6
■ MSSQL 2014 and 2016
■ Oracle 12c
Disks ■ Dell EMC Unity arrays

■ Hitachi Data Systems G-Series arrays
■ HPE 3PAR arrays
■ Nutanix
■ Pure Storage FlashArray arrays
File systems ■ Linux

■ Windows 2012 and 2016
Hosts ■ AWS EC2 instances

■ Azure virtual machines
■ Google virtual machines
■ Nutanix virtual machines
■ VMware virtual machines

Your CloudPoint license determines the amount of data you can protect and the
CloudPoint features you can use.
CloudPoint is distributed with a free license. It does not expire, and it gives you a
chance to try out a subset of features in your preferred cloud. This license lets you
protect up to 10 TB of front-end terabyte data (FETB).
CloudPoint also offers three paid subscription licenses. If you need more advanced
features, you can upgrade your license and unlock the bundle that is right for you.
CloudPoint offers subscription as well as perpetual licenses as follows:
■ Enterprise - This license lets you take application-consistent snapshots of your
workloads, such as Oracle, SQL, and Amazon Web Services (AWS). This license
also gives you advanced features such as snapshot replication.
■ Cloud - This license supports only cloud plug-ins. It lets you take
application-consistent snapshots of your workloads, such as AWS, GCP, and
Azure.
■ On-prem - This license supports only on-prem plug-ins. It lets you take
application-consistent snapshots of your workloads, such as array plug-ins,
hypervisor, and so on.
The perpetual licenses are based on capacity. You can buy the perpetual licenses
as per your capacity requirements. For information on how to purchase these
licenses, contact your Veritas representative.
Subscriptions are 12, 24, or 36 months, and the cost of the licenses depends on
the amount of FETB or instance that you protect. For information on how to purchase
these licenses, contact your Veritas representative.
The following table summarizes what each license provides.
Table 1-2 CloudPoint licenses and supported features
Free Enterprise Cloud On-prem
Use Case Snapshot ■ Snapshot ■ Snapshot ■ Snapshot

management management management management
and and and and
orchestration orchestration orchestration orchestration
■ Data ■ Data ■ Data
protection protection protection
■ Classification ■ Classification ■ Classification
(On-prem + (In-cloud (On-prem
Cloud) only) only)
Clouds ■ AWS Same as free Same as free N/A
■ Azure
■ GCP
Storage Arrays All supported All supported N/A All supported
Workloads ■ Hosts ■ Linux/Windows Same as Same as

FS enterprise enterprise
■ Volumes
■ Oracle
■ SQL
■ MongoDB
■ VMare
Table 1-2 CloudPoint licenses and supported features (continued)
Free Enterprise Cloud On-prem
Features ■ Crash ■ Agentless Same as Same as

consistent application enterprise enterprise
metadata consistent
search granular
■ Retention recovery
management ■ Classification
■ RBAC ■ + free edition
■ AD features
Integration
■ Replication
Support VOX community Veritas essential Veritas essential Veritas essential

support support support support
Subscription N/A 12, 24, 36 12, 24, 36 12, 24, 36

months months months
Meter FETB <=10GB Per FETB or per Per FETB Per FETB
10-pack instance
See “Displaying CloudPoint license and protection information” on page 157.

See “Upgrading your CloudPoint license” on page 158.
Section 1
Installing and configuring
CloudPoint
■ Chapter 2. Preparing for installation
■ Chapter 3. Deploying CloudPoint
■ Chapter 4. Using plug-ins to discover assets
■ Chapter 5. Configuring off-host plug-ins
■ Chapter 6. Configuring the on-host agents and plug-ins
■ Chapter 7. Protecting assets with CloudPoint's agentless feature

Chapter 2
Preparing for installation
■ About the deployment approach
■ Deciding where to run CloudPoint
■ Meeting system requirements
■ Creating an instance or preparing the physical host to install CloudPoint
■ Installing Docker for Ubuntu
■ Installing Docker for RHEL
■ Creating and mounting a volume to store CloudPoint data
■ Verifying that specific ports are open on the instance or physical host
About the deployment approach

CloudPoint is distributed as a Docker image that is built on an Ubuntu 16.04 Server
Long Term Support (LTS) base image or RHEL 7.5.
CloudPoint uses a micro-services model of installation. When you load and run the
Docker image, CloudPoint installs each service as an individual container in the
same Docker network. All containers securely communicate with each other using
REST APIs.
Two key services are RabbitMQ and MongoDB. RabbitMQ is CloudPoint's message
broker, and MongoDB stores information on all the assets CloudPoint discovers.
The following figure shows CloudPoint's micro-services model.
Preparing for installation 16
Deciding where to run CloudPoint
Figure 2-1 CloudPoint's micro-services model
This deployment approach has the following advantages:

■ CloudPoint has minimal installation requirements.
■ Deployment requires only a few commands.
Deciding where to run CloudPoint

You can deploy CloudPoint in the following ways:
■ Deploy CloudPoint on-premises and manage on-premises assets.
■ Deploy CloudPoint on-premises and manage assets in one or more clouds.
■ Deploy CloudPoint in a cloud and manage assets in that cloud.
■ Deploy CloudPoint in a cloud and manage assets in multiple clouds.
If you install CloudPoint on multiple hosts, we strongly recommend that each
CloudPoint instance manage separate resources. For example, two CloudPoint
instances should not manage the same AWS account or the same Azure
subscription. The following scenario illustrates why having two CloudPoint instances
manage the same resources creates problems:
Meeting system requirements
■ CloudPoint instance A and CloudPoint instance B both manage the assets of

the same AWS account.
■ On CloudPoint instance A, the administrator takes a snapshot of an AWS virtual
machine. The database on CloudPoint instance A stores the virtual machine's
metadata. This metadata includes the virtual machine's storage size and its disk
configuration.
■ Later, on CloudPoint instance B, the administrator restores the virtual machine
snapshot. CloudPoint instance B does not have access to the virtual machine's
metadata. It restores the snapshot, but it does not know the virtual machine's
specific configuration. Instead, it substitutes default values for the storage size
configuration. The result is a restored virtual machine that does not match the
original.

CloudPoint supports the following applications, operating systems, and storage
platforms.
Table 2-1 Supported applications, operating systems, clouds, and storage

platforms
Category Support
Applications Oracle 12c* single node; CloudPoint has been verified on

Oracle 12c and Oracle 12cR1
Linux native file systems: ext2, ext3, ext4, and XFS
MSSQL 2014 and 2016
Operating systems Red Hat Enterprise Linux (RHEL) 7.5; Oracle has been
verified on RHEL 7.1, 7.2, and 7.3
Windows 2012 and Windows 2016
Cloud platforms Amazon Web Services
Microsoft Azure
Google Cloud
Nutanix Acropolis Hypervisor (AHV)

Table 2-1 Supported applications, operating systems, clouds, and storage

platforms (continued)
Category Support
Storage platforms Dell EMC Unity array
■ Model: Unity 600

■ Firmware: 4.2.1.9535982 (4.1 or later)
■ Software: UnityOS
Hewlett Packard Enterprise (HPE) 3PAR array
■ Model: HP_3PAR 8200

■ Firmware: 3.1.3 firmware
■ Software: HP 3PAR Management Console 4.5.0
Pure Storage FlashArray
■ Model: FA-405
■ Firmware: 4.10.6
■ Software revision: - clab-purestorage
201707072301+e0bed39
Huawei OceanStor array
■ Model: OceanStor 5600 v3

■ Firmware: V300R006C10
■ Software: SPC100
The host on which you install CloudPoint must meet the following requirements.
Table 2-2 System requirements for the CloudPoint host
Host on which Requirements

CloudPoint is installed
Amazon Web Services ■ Elastic Compute Cloud (EC2) instance type: t2.large
■ vCPUs: 2
■ RAM: 8 GB
■ Root disk: 64 GB with a solid-state drive (GP2)
■ Data volume: 50 GB Elastic Block Store (EBS) volume of
type GP2 with encryption for the snapshot asset database;
use this as a starting value and expand your storage as
needed.
Table 2-2 System requirements for the CloudPoint host (continued)
Host on which Requirements

CloudPoint is installed
Microsoft Azure ■ Virtual machine type: D2S_V3 Standard

■ CPU cores: 2
■ RAM: 8 GB
■ Root disk: 64 GB SSD
■ Data volume: 50 GB Premium SSD for the snapshot asset
database; storage account type Premium_LRS; set Host
Caching to Read/Write.
Google Cloud ■ Virtual machine type: n1-standard-2

■ vCPUs: 2
■ RAM: 8 GB
■ Boot disk: 64 GB standard persistent disk, Ubuntu 16.04
Server LTS
■ Data volume: 50 GB SSD persistent disk for the snapshot
asset database with automatic encryption
Nutanix ■ Virtual machine type: Ubuntu 16.04 Server LTS

■ vCPUs: 8
■ RAM: 16 GB
■ Root disk: 64 GB with a standard persistent disk
■ Data volume: 50 GB for the snapshot asset database
VMware ■ Virtual machine type: Ubuntu 16.04 Server LTS

■ vCPUs: 8
■ RAM: 16 GB
■ Root disk: 64 GB with a standard persistent disk
x86 physical host ■ Operating system: Ubuntu 16.04 Server LTS

■ CPUs: Single-socket, multi-core atleast 8 cpu count
■ RAM: 16 GB
■ Boot disk: 64 GB
The host on which you install CloudPoint must have enough free space to
accommodate the following components.
Creating an instance or preparing the physical host to install CloudPoint
Table 2-3 Space considerations for CloudPoint components
Component Space requirements
CloudPoint Docker container < 2 GB
On-host agent and plug-ins ~ 20 MB
The browser on which you access the CloudPoint user interface must meet the
following requirements.
Table 2-4 Supported browsers
Browser Versions
Google Chrome 57.0.2987 or higher
Mozilla Firefox 52.0.0 or higher
CloudPoint only runs on desktop devices. Mobile devices are not supported.
Creating an instance or preparing the physical

host to install CloudPoint
If you deploy CloudPoint in a public cloud, do the following:
■ Choose an Ubuntu 16.04 Server LTS or RHEL 7.5 instance image that meets
CloudPoint installation requirements.
■ Add sufficient storage to the instance to meet the installation requirements.
If you deploy CloudPoint on-premises, do the following:
■ Install Ubuntu 16.04 Server LTS or RHEL 7.5 on a physical x86 server.
■ Add sufficient storage to the server to meet the installation requirements.
Installing Docker for Ubuntu

To install Docker for Ubuntu
◆ Enter the following:
sudo apt-get install docker.io
It is recommended to install docker version 18.03 and above.

Installing Docker for RHEL
Installing Docker for RHEL

To install Docker for RHEL
◆ Enter the following:
sudo yum -y install docker
As a prerequisite, you must enable the shared mounts.

To enable shared mounts
1 In the docker.service system unit file, update MountFlags=shared
# diff -u /usr/lib/systemd/system/docker.service.old /usr

/lib/systemd/system/docker.service
--- /usr/lib/systemd/system/docker.service.old
2017-09-26 15:11:22.443742961 +0530
+++ /usr/lib/systemd/system/docker.service
2017-09-26 15:06:15.027840660 +0530
@@ -35,7 +35,8 @@
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
-MountFlags=slave
+MountFlags=shared
KillMode=process
2 Enter the following command to reload the daemon.
# systemctl daemon-reload
3 Enter the following command to restart the docker service.
# systemctl restart docker
Creating and mounting a volume to store

CloudPoint data
Before you deploy CloudPoint in a cloud environment, you must create and mount
a volume of at least 50 GB to store CloudPoint data. The volume must be mounted
to /cloudpoint.
Table 2-5 Volume creation steps for each support cloud vendor
Vendor Procedure
Amazon Web The procedure creates a volume and file system to store CloudPoint
Services (AWS) data.
1 On the EC2 dashboard, click Volumes > Create Volumes.
2 Follow the instructions on the screen and specify the following:

■ Volume type: General Purpose SSD
■ Size: 50 GB
3 Use the following instructions to create a file system and mount

the device to /cloudpoint on the instance host.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/
ebs-using-volumes.html
Google Cloud ◆ Create the disk for the virtual machine, initialize it, and mount it to
Platform /cloudpoint.
https://cloud.google.com/compute/docs/disks/add-persistent-disk
Microsoft Azure 1 Create a new disk and attach it to the virtual machine.
https://docs.microsoft.com/en-us/
azure/virtual-machines/linux/attach-disk-portal
You should choose the managed disk option.
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/
attach-disk-portal#use-azure-managed-disks
2 Initialize the disk and mount it to /cloudpoint. For details, see

the section "Connect to the Linux VM to mount the new disk" in
the following link:
https://docs.microsoft.com/en-us/
azure/virtual-machines/linux/add-disk
Verifying that specific ports are open on the

instance or physical host
On the instance or physical host, make sure that the following ports are open.
Table 2-6 Ports used by CloudPoint
Port Description
443 The CloudPoint user interface uses this port as the default HTTPS port.
Table 2-6 Ports used by CloudPoint (continued)
Port Description
5671 The CloudPoint RabbitMQ server uses this port for communications. This
port must be open to support multiple agents.
Keep in mind the following:

■ If the instance is in a cloud, configure the port information under Security Group
> Inbound.
■ If you configure SMTP on ports, 25, 465, or 587, make sure that these ports are
accessible from the CloudPoint host.
Chapter 3
Deploying CloudPoint
■ Deploying CloudPoint
■ Configuring CloudPoint from your browser and signing in
■ Verifying that CloudPoint installed successfully
The following figure shows where you are at in the CloudPoint installation and
configuration process.
Figure 3-1 You are here in the installation and configuration process
Before you complete the steps in this section, make sure that you complete the
following:
■ Decide where to install CloudPoint.
See “Deciding where to run CloudPoint” on page 16.
Note: If you plan to install CloudPoint on multiple hosts, read this section carefully
and understand the implications of this approach.
■ Ensure that your environment meets system requirements.

See “Meeting system requirements” on page 17.
Deploying CloudPoint 25
■ Create the instance on which you install CloudPoint or prepare the physical
host.
See “Creating an instance or preparing the physical host to install CloudPoint”
on page 20.
■ Install Docker for Ubuntu.
See “Installing Docker for Ubuntu” on page 20.
■ Install Docker for RHEL
See “Installing Docker for RHEL” on page 21.
■ Create and mount a volume to store CloudPoint data.
See “Creating and mounting a volume to store CloudPoint data” on page 21.
■ Verify that specific ports are open on the instance or physical host.
See “Verifying that specific ports are open on the instance or physical host”
on page 22.
Veritas distributes a Docker image with CloudPoint already installed. The image is
located on the Veritas' customer portal, MyVeritas.
Note: When you deploy CloudPoint, you may want to copy the commands below
and paste them in your command line interface. If you do, replace the information
in these examples that is different from your own: the product and build version,
the download directory path, and so on.
To deploy CloudPoint
1 Download the CloudPoint image from https://my.veritas.com.
The CloudPoint image name has the following format:
Veritas_CloudPoint_2.x.x_IE.img.gz
2 (Optional) If necessary, copy the downloaded image to the computer on which

you deploy CloudPoint.
3 Change directories to where you have downloaded the CloudPoint image.
4 Type the following command to load the image into Docker:
# sudo docker load -i Veritas_CloudPoint_2.x.x_IE.img.gz
For example:
sudo docker load -i Veritas_CloudPoint_2.0.2_IE.img.gz

788ce2310e2f: Loading layer ... 126.8 MB/126.8 MB
aa4e47c45116: Loading layer ... 15.87 kB/15.87 kB
b3968bc26fbd: Loading layer ... 14.85 kB/14.85 kB
c9748fbf541d: Loading layer ... 5.632 kB/5.632 kB
2f5b0990636a: Loading layer ... 3.072 kB/3.072 kB
d1348a46025a: Loading layer ... 214.2 MB/214.2 MB
de54ad3327fe: Loading layer ... 12.06 MB/12.06 MB
a8f411dfb821: Loading layer ... 1.35 GB/1.35 GB
dc3db1bf7ffd: Loading layer ... 25.6 kB/25.6 kB
e2344be00294: Loading layer ... 25.6 kB/25.6 kB
Loaded image: veritas/flexsnap-cloudpoint:2.0.2.5300
The last line of the output displays the image name. You specify the image
name in the next step.
5 Type the following command to run the CloudPoint container:
# sudo docker run -it --rm \

-v /full_path_to_volume_name:/full_path_to_volume_name \
-v /var/run/docker.sock:/var/run/docker.sock \
veritas/flexsnap-cloudpoint:2.x.x.#### install
For example:

-v /cloudpoint:/cloudpoint \
veritas/flexsnap-cloudpoint:2.0.2.5300 install
Configuration started at time Thu Sep 6 11:26:35 UTC 2018

CloudPoint, onhost docker version 17.*
CloudPoint doesn't support docker version.:17.*
Please upgrade your docker version to 18.* else some functionality may not
Do you wish to continue CloudPoint installation with older docker version?
(y/n): Aborting install.
In this step, CloudPoint does the following and displays the results on the
screen:
■ Creates containers for each of the CloudPoint services.
Configuring CloudPoint from your browser and signing in
■ Runs the flexsnap-api container.

■ Creates self-signed keys and certificates for nginx.
■ Runs the flexsnap-cloudpointconsole container.
When these operations complete, CloudPoint displays the following:
Please go to the UI and configure CloudPoint now.

Waiting for CloudPoint configuration to complete ................
If you have difficulty with this step, note the following:

■ If you do not specify the volume as -v
full_path_to_volume_name:/full_path_to_volume_name, the container
writes to the Docker host file system.
■ If Docker fails to start, it may be because there is not enough space available
for MongoDB.
See “Docker may fail to start due to a lack of space” on page 149.
The deployment process is complete. The next step is to launch the CloudPoint
user interface in your browser and complete the final configuration steps.
See “Configuring CloudPoint from your browser and signing in” on page 27.
Note: If you ever need to restart CloudPoint, use the docker run command so that
your environmental data is preserved.
See “Restarting CloudPoint” on page 148.
Configuring CloudPoint from your browser and

signing in
The following figure shows where you are in the CloudPoint installation and
Before you complete the steps in this section, make sure that you have deployed
CloudPoint on your instance or physical machine.
See “Deploying CloudPoint” on page 24.

The final steps to configure CloudPoint are performed in your browser. The browser
on which you access the CloudPoint user interface must meet the following
requirements.
Table 3-1 Supported browsers
Browser Versions
Google Chrome 57.0.2987 or higher
Mozilla Firefox 52.0.0 or higher
We recommend that you use Google Chrome.

To configure CloudPoint from your browser and sign in

1 Open your browser and point it to the host on which you deployed CloudPoint.
For Ubuntu:
https://ubuntu_docker_host_name
For RHEL:
https://rhel_docker_host_name
The configuration screen is displayed and the host name is added to the list
of hosts on which to configure CloudPoint.
2 Enter a username and password. They are used as the CloudPoint admin
username and password.
Note: Use a valid email address for the username. That way, if you forget the
admin password, you can recover it through the Forgot Password link.
The admin password should meet the following requirements:

■ At least six characters
■ No spaces
■ No & (ampersand) character
3 (Optional) If you want to add more hosts, enter the URL in the Hosts field and
click +. The host is added to the list of hosts to configure.
Note: Typically only one host is configured.
4 Click Configure. An installation status screen is displayed as Veritas CloudPoint

configures the remaining services. This process can take a few minutes. When
the installation completes, click Refresh browser.
5 On the Sign In screen, enter your CloudPoint username and password, and
then click Sign In.
CloudPoint is now installed and configured.

The coffee screen is displayed. After CloudPoint starts protecting your assets,
use the coffee screen to get quick status on your environment.
6 On the coffee screen, click Manage cloud and arrays.
Verifying that CloudPoint installed successfully
Your next step is to configure one or more "plug-ins." Plug-ins are the software
modules that discover assets in your cloud or on-premises environment.
See “Verifying that CloudPoint installed successfully” on page 31.
Verifying that CloudPoint installed successfully

You verify that CloudPoint installed successfully by doing one of the following on
the physical machine or instance command line:
■ Verify that the success message is displayed.
Configuration complete at time Mon Jan 22 at 29:11:02 UTC 2018
■ Verify that the following CloudPoint services are running and have UP status.
# sudo docker ps -a
CONTAINER ID IMAGE
64d8cfa67d45 veritas/flexsnap-cloudpointconsole:2.x.x.build_number
9c473d149b61 veritas/flexsnap-api:2.x.x.build_number
0b8bcda79230 veritas/flexsnap-authorization-service:2.x.x.build_number
65a2513cfd40 veritas/flexsnap-email-service:2.x.x.build_number
dde026af67ec veritas/flexsnap-identity-manager-service:2.x.x.build_number
0c77c17226d1 veritas/flexsnap-licensing:2.x.x.build_number
04e2ee045662 veritas/flexsnap-vic:2.x.x.build_number
b8c0b4701a3b veritas/flexsnap-telemetry:2.x.x.build_number
a2ef16eefb1b veritas/flexsnap-indexingsupervisor:2.x.x.build_number
2ea01c1bdde4 veritas/flexsnap-policy:2.x.x.build_number
dc9c4d876af5 veritas/flexsnap-scheduler:2.x.x.build_number
fed212873d4b veritas/flexsnap-agent:2.x.x.build_number
26587cf34a97 veritas/flexsnap-coordinator:2.x.x.build_number
3580990e16c3 veritas/flexsnap-mongodb:2.x.x.build_number
9f6a297da6dc veritas/flexsnap-rabbitmq:2.x.x.build_number
87734a3dcc0d veritas/flexsnap-auth:2.x.x.build_number
Chapter 4
Using plug-ins to discover
assets
■ About plug-ins
■ Determining the types of plug-ins and agents to install
About plug-ins
The following figure shows where you are in the CloudPoint installation and
If you have not completed the previous tasks, do so now.

See “Configuring CloudPoint from your browser and signing in” on page 27.
A CloudPoint plug-in is a low-level Python module that discovers assets in your
environment and performs operations on them.
A plug-in has the following characteristics:
■ A plug-in operates only on a particular asset type. For example, there is an AWS
plug-in, a Pure Storage FlashArray plug-in, and so on.
Using plug-ins to discover assets 33
Determining the types of plug-ins and agents to install
■ There are two types of plug-ins.

■ An off-host plug-in runs separately from the instance or host on which the
application runs. Examples of off-host plug-ins are the AWS, Microsoft Azure,
and Google plug-ins for cloud environments, and the Pure Storage
FlashArray, Dell EMC Unity, Huawei OceanStor, and HP 3PAR plug-ins for
arrays.
■ An on-host plug-in runs on the same instance or host as the application
itself. An on-host plug-in discovers the application and its underlying storage.
It also plays a key role in taking and restoring snapshots. When you take a
snapshot of an application, the on-host plug-in quiesces the application and
its underlying storage before the snapshot. It unquiesces them after the
snapshot completes. The on-host plug-in also invokes the restore operation.
Examples of on-host plug-ins are the Oracle, Linux file system, and Microsoft
Windows plug-ins.
■ You can run multiple instances of a plug-in to gather information from multiple
sources within a particular type of asset. For example, you can deploy a separate
AWS plug-in for each AWS account.
■ You can also run multiple instances of a plug-in for the same data source but
in separate processes or hosts for load-balancing or high availability purposes.
■ Each plug-in is wrapped in an agent.
See “About agents” on page 51.
See “Determining the types of plug-ins and agents to install” on page 33.
Determining the types of plug-ins and agents to

install
To determine the types of plug-ins and agents to install, use the following guidelines:
■ Install off-host plug-ins to discover virtual machines, hosts, and disks and to
manage their protection. After you install and configure off-host plug-ins, you
can take crash-consistent snapshots of the virtual machines and disks that the
plug-ins manage. The virtual machines can run any operating system. You do
not have to install on-host agents or plug-ins to take crash-consistent snapshots.
■ Install an on-host agent and one or more on-host plug-ins to discover applications
and file systems and protect them with application-consistent snapshots. (The
snapshots can be at the host or disk level.)
■ CloudPoint supports the following off-host plug-ins:
■ Amazon AWS
Using plug-ins to discover assets 34
Determining the types of plug-ins and agents to install
■ Dell EMC Unity Array

■ Google Cloud Platform
■ Hewlett-Packard Enterprise 3PAR array
■ Huawei OceanStor array
■ Microsoft Azure
■ Nutanix Acropolis Hypervisor (AHV)
■ Pure Storage FlashArray
■ CloudPoint supports the following on-host plug-ins:

■ Linux file systems ext2, ext3, ext4, and XFS
■ Microsoft Windows
■ Oracle
■ MongoDB
■ MSSQL
Chapter 5
Configuring off-host
plug-ins
■ Configuring an off-host plug-in
■ Amazon Web Services plug-in configuration notes
■ Dell EMC Unity array plug-in configuration notes
■ Google Cloud Platform plug-in configuration notes
■ Hewlett-Packard Enterprise 3PAR plug-in configuration notes
■ Microsoft Azure plug-in configuration notes
■ Nutanix plug-in configuration notes
■ Pure Storage FlashArray plug-in configuration notes
■ Huawei OceanStor array plug-in configuration notes
Configuring an off-host plug-in

At a minimum, you must configure off-host plug-ins to create crash-consistent
snapshots of your assets. However, If you want to create application-consistent
snapshots of your assets, you must also configure the appropriate on-host plug-ins.
The steps to configure an off-host plug-in are the same, regardless of the particular
asset. However, the configuration parameters vary.
Before you complete the steps in this section, make sure that you gather the
information you need to configure your particular plug-in.
See “Amazon Web Services plug-in configuration notes” on page 38.
Configuring off-host plug-ins 36
See “Dell EMC Unity array plug-in configuration notes” on page 43.
See “Google Cloud Platform plug-in configuration notes” on page 44.
See “Hewlett-Packard Enterprise 3PAR plug-in configuration notes” on page 46.
See “Microsoft Azure plug-in configuration notes” on page 47.
See “Nutanix plug-in configuration notes” on page 49.
See “Pure Storage FlashArray plug-in configuration notes” on page 50.
The following procedure configures an AWS plug-in.
To configure an off-host plug-in

1 On the dashboard, in the Administration widget, locate Clouds/Array, and
click Manage.
2 On the Clouds and Arrays page, select the plug-in to configure. (This example
configures an Azure plug-in. When you select the plug-in, the Details page for
the plug-in is displayed.
3 On the Details page, click Add configuration.

Amazon Web Services plug-in configuration notes
4 On the Add a New Configuration page, enter the configuration parameters

you gathered for the plug-in. This Azure example specifies the Tenant ID,
Client ID, and Secret Key.
Note: If you configure a Google Cloud plug-in, make sure you that format the
private key data properly before you enter it in the Private Key field.
See “Google Cloud Platform plug-in configuration notes” on page 44.
5 After you complete the configuration screen, click Save.

After you configure the plug-in, return to the dashboard. The statistics for
applications, hosts, file systems, and disks are updated as appropriate. This update
indicates the new plug-in has discovered assets.

The Amazon Web Services (AWS) plug-in lets you take create, restore, and delete
snapshots of the following assets in an Amazon cloud:
■ Elastic Compute Cloud (EC2) instances
■ Elastic Block Store (EBS) volumes
■ Amazon Relational Database Service (RDS) instances
■ Aurora clusters
This plug-in has the following limitations:
■ You cannot delete automated snapshots of RDS instances and Aurora clusters
through CloudPoint.
■ All automated snapshot names start with the pattern rds:.
Note: Before you configure the AWS plug-in, make sure that you have configured
the proper permissions so CloudPoint can work with your AWS assets.
When you configure on the AWS plug-in on the CloudPoint user interface, specify
the information in the following table.
Table 5-1 AWS plug-in configuration parameters
CloudPoint AWS equivalent term and description

configuration parameter
Access key The access key ID, when specified with the secret access
key, authorizes CloudPoint to interact with the AWS APIs.
Secret key The secret access key.
Regions One or more AWS regions in which to discover cloud assets.
Note: CloudPoint encrypts credentials using AES-256 encryption.
When CloudPoint connects to AWS, it uses the following endpoints. You can use
this information to create a whitelist on your firewall.
■ ec2.*.amazonaws.com
■ sts.amazonaws.com
■ rds.*.amazonaws.com
■ kms. *.amazonaws.com
In addition, you must specify the following resources and actions:
■ ec2.SecurityGroup.*
■ ec2.Subnet.*
■ ec2.Vpc.*
■ ec2.createInstance
■ ec2.runInstances
See “Configuring an off-host plug-in” on page 35.
Configuring permissions on Amazon Web Services

Before CloudPoint can protect your Amazon Web Services (AWS) assets, it must
have access to them. You must associate a permission policy with each CloudPoint
user who wants to work with AWS assets.
AWS permission policy lists the policy that you should use with CloudPoint.
KMS permission policy lists the policy that you should use with CloudPoint.
To configure permissions on Amazon Web Services
1 Create or edit an AWS user account from Identity and Access Management
(IAM).
2 Do one of the following.
■ To create a new AWS user account, do the following:
■ From IAM, select the Users pane and click Add user.
■ In the User name field, enter a name for the new user.
■ Select the Access type. This value determines how AWS accesses the
permission policy. (This example uses Programmatic access).
■ Select Next: Permissions.
■ On the Set permissions for username screen, select Attach existing
policies directly.
■ Select the previously created permission policy (shown below) and
select Next: Review.
■ On the Permissions summary page, select Create user.
■ Obtain the Access Key and Secret Key for the newly created user.
■ To edit an AWS user account, do the following:

■ Select Add permissions.
■ On the Grant permissions screen, select Attach existing policies
directly.
■ Select the previously created permission policy (shown below), and
select Next: Review.
■ On the Permissions summary screen, select Add permissions.
3 See “Amazon Web Services plug-in configuration notes” on page 38. to

configure the AWS plug-in for the created or edited user.
AWS permission policy

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DetachVolume",
"ec2:AttachVolume",
"ec2:RebootInstances",
"ec2:DeleteSnapshot",
"ec2:DeleteTags",
"ec2:CreateTags",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:CreateVolume",
"ec2:DeleteVolume",
"ec2:ModifySnapshotAttribute",
"ec2:StartInstances",
"ec2:CreateSnapshot"
],
"Resource": [
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*::image/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:CopySnapshot",
"ec2:DescribeInstances",
"ec2:MonitorInstances",
"ec2:DescribeVolumesModifications",
"ec2:CreateImage",
"ec2:CopyImage",
"ec2:DescribeSnapshots",
"ec2:DescribeVolumeStatus",
"ec2:ModifySnapshotAttribute",
"ec2:DescribeVolumes",
"rds:ModifyDBInstance",
"rds:ModifyDBClusterSnapshotAttribute",
"ec2:ImportImage",
"ec2:ResetImageAttribute",
"ec2:ImportKeyPair",
"rds:DescribeDBSnapshots",
"ec2:DescribeSnapshotAttribute",
"ec2:RegisterImage",
"ec2:RunInstances",
"rds:DeleteDBSnapshot",
"ec2:DescribeVolumeAttribute",
"ec2:DescribeImportSnapshotTasks",
"ec2:CreateNetworkInterface",
"ec2:CreateDefaultVpc",
"rds:CreateDBSnapshot",
"rds:RestoreDBInstanceFromDBSnapshot",
"rds:ModifyDBCluster",
"rds:CreateDBClusterSnapshot",
"ec2:CreateSubnet",
"ec2:DescribeSubnets",
"rds:ModifyDBSnapshotAttribute",
"ec2:CreateVpnConnection",
"ec2:DeregisterImage",
"ec2:ImportVolume",
"ec2:DeleteSnapshot",
"rds:RestoreDBClusterFromSnapshot",
"rds:DescribeDBSubnetGroups",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeRegions",
"ec2:CreateVpc",
"ec2:ModifyImageAttribute",
"ec2:CreateDefaultSubnet",
"ec2:DescribeAvailabilityZones",
"rds:CreateDBInstance",
"ec2:CreateSnapshot",
"rds:DescribeDBInstances",
"rds:RestoreDBClusterToPointInTime",
"ec2:DescribeInstanceStatus",
"ec2:ImportInstance",
"ec2:AttachVpnGateway",
"rds:CopyDBSnapshot",
"ec2:ResetSnapshotAttribute",
"ec2:ImportSnapshot",
"rds:DescribeDBSnapshotAttributes",
"ec2:DescribeHosts",
"ec2:DescribeImages",
Dell EMC Unity array plug-in configuration notes
"rds:DeleteDBClusterSnapshot",
"rds:ListTagsForResource",
"rds:CreateDBSecurityGroup",
"rds:CreateDBCluster",
"ec2:DescribeVpcs",
"rds:DescribeDBClusterSnapshots",
"ec2:AttachNetworkInterface",
"sts:GetCallerIdentity",
"rds:DescribeDBClusters",
"rds:RestoreDBInstanceToPointInTime"
],
"Resource": "*"
}
]
}
KMS permission policy

"Effect": "Allow",
"Action": [
"kms:ListKeys",
"kms:ListAliases"
],
Dell EMC Unity array plug-in configuration notes

Table 5-2 Dell EMC Unity array plug-in configuration parameters
CloudPoint Description
Array IP Address The IP address of the array.
Username The username to access the array.
Password The password to access the array.
For more information, see the EMC Unity™ Quick Start Guide.
Google Cloud Platform plug-in configuration notes

The Google Cloud Platform plug-in lets you create, delete, and restore disk
snapshots in all zones where Google Cloud is present.
Table 5-3 Google Cloud Platform plug-in configuration parameters
CloudPoint Google equivalent term and description

Project ID The ID of the project from which the resources are managed.
Listed as project_id in the JSON file.
Client ID The Client ID that is used for operations. Listed as

client_id in the JSON file.
Client Email The email address of the Client ID. Listed as client_email
in the JSON file.
Private Key ID The ID of the private_key. Listed as private_key_id

in the JSON file.
Private Key The private key. Listed as private_key in the JSON file.
Note: You must enter this key without quotes (neither single
quotes nor double quotes). Do not enter any spaces or return
characters at the beginning or end of the key.
Zones A list of zones in which the plug-in operates.
To prepare for plug-in configuration

1 Gather the CloudPoint configuration parameters that are described in Table 5-3.
Do the following:
■ From the Google Cloud console, navigate to IAM & admin > Service
accounts.
■ Click the assigned service account. Click the three vertical buttons on the
right side and select Create key.
■ Select JSON and click CREATE.
■ In the dialog box, click to save the file. This file contains the parameters
you need to configure the Google Cloud plug-in. The following is a sample
JSON file showing each parameter in context. The private-key is truncated
for readability.
{
"type": "service_account",
"project_id": "fake-product",
"private_key_id": "somelogguid1234567890",
"private_key": "-----BEGIN PRIVATE KEY-----\n
N11EvA18ADAN89kq4k199w08AQEFAA5C8KYw9951A9EAAo18AQCnvpuJ3oK974z4\n
.
.
.
weT9odE4ryl81tNU\nV3q1XNX4fK55QTpd6CNu+f7QjEw5x8+5ft05DU8ayQcNkX\n
4pXJoDol54N52+T4qV4WkoFD5uL4NLPz5wxf1y\nNWcNfru8K8a2q1/9o0U+99==\n
-----END PRIVATE KEY-----\n",
"client_email": "[email protected]",
"client_id": "000000000000001",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com \
/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1 \
/metadata/x509/ email%40xyz-product.iam.gserviceaccount.com"
}
2 Using a text editor, reformat the private_key so it can be entered in the

CloudPoint user interface. When you look in the file you created, each line of
the private key ends with \n. You must replace each instance of \n with an
actual carriage return. Do one of the following:
■ If you are a UNIX administrator, enter the following command in vi. In the
following example, the ^ indicates the Ctrl key. Note that only the ^M is
visible on the command line.
:g/\\n/s//^V^M/g
Hewlett-Packard Enterprise 3PAR plug-in configuration notes
■ If you are a Windows administrator, use WordPad or a similar editor to

search on \n and manually replace each instance.
3 When you configure the plug-in from the CloudPoint user interface, copy and
paste the reformatted private key into the Private Key field. The reformatted
private_key should look similar to the following:
-----BEGIN PRIVATE KEY-----\

N11EvA18ADAN89kq4k199w08AQEFAA5C8KYw9951A9EAAo18AQCnvpuJ3oK974z4
.
.
.
weT9odE4ryl81tNU\nV3q1XNX4fK55QTpd6CNu+f7QjEw5x8+5ft05DU8ayQcNkX
4pXJoDol54N52+T4qV4WkoFD5uL4NLPz5wxf1y\nNWcNfru8K8a2q1/9o0U+99==
-----END PRIVATE KEY-----
Hewlett-Packard Enterprise 3PAR plug-in

configuration notes
The Hewlett-Packard Enterprise (HPE) 3PAR plug-in lets you create and delete
snapshot disks on a 3PAR Array. The plug-in supports the clone and copy-on-write
(COW) snapshot types.
Note: You can restore a COW snapshot, but not a clone snapshot.
Table 5-4 HPE 3PAR plug-in configuration parameters
Array IP address The IP address of the array.
Username The user name to access the array.
Password The password to access the array.

Microsoft Azure plug-in configuration notes

The Microsoft Azure plug-in lets you create, delete, and restore snapshots at the
virtual machine level and the managed disk level.
Before you configure the Azure plug-in, complete the following preparatory steps:
■ Use the Microsoft Azure Portal to create an Azure Active Directory (AAD)
application for the Azure plug-in.
■ Assign the service principal to a role to access resources.
For more details, follow the steps in the following Azure documentation:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/
resource-group-create-service-principal-portal
Table 5-5 Microsoft Azure plug-in configuration parameters
CloudPoint Microsoft equivalent term and description

Tenant ID The ID of the AAD directory in which you created the

application.
Client ID The application ID.
Secret Key The secret key of the application.
The Azure plug-in has the following limitations:

■ The current release of the plug-in does not support snapshots of blobs.
■ CloudPoint currently supports creating and restoring snapshots of
Azure-managed disks and the virtual machines that are backed up by managed
disks.
Configuring permissions on Microsoft Azure

Before CloudPoint can protect your Microsoft Azure assets, it must have access to
them. You must associate a custom role that CloudPoint users can use to work
with Azure assets.
The following custom role is a JSON file that gives a CloudPoint admin the ability
to:
■ Configure the Azure plug-in and discover assets.
■ Create host and disk snapshots.
■ Restore snapshots to the original location or to a new location.

■ Delete snapshots.
{ "Name": "CloudPoint Admin",

"IsCustom": true,
"Description": "Necessary permissions for
Azure plug-in operations in CloudPoint",
"Actions": [
"Microsoft.Storage/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/delete",
"Microsoft.Compute/images/write",
"Microsoft.Compute/images/delete",
"Microsoft.Compute/snapshots/delete",
"Microsoft.Compute/snapshots/write",
"Microsoft.Compute/virtualMachines/capture/action",
"Microsoft.Compute/virtualMachines/write",
"Microsoft.Compute/virtualMachines/delete",
"Microsoft.Compute/virtualMachines/generalize/action",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Compute/virtualMachines/runCommand/action",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/vmSizes/read",
"Microsoft.Network/*/read",
"Microsoft.Network/networkInterfaces/delete",
"Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/securityRules/write",
"Microsoft.Network/networkSecurityGroups/write",
"Microsoft.Network/publicIPAddresses/delete",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/write",
"Microsoft.Network/routeTables/join/action",
"Microsoft.Network/virtualNetworks/delete",
"Microsoft.Network/virtualNetworks/subnets/delete",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/write",
"Microsoft.Resources/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
Nutanix plug-in configuration notes
"Microsoft.Resources/subscriptions/resourceGroups/ \
validateMoveResources/action",
"Microsoft.Resources/subscriptions/tagNames/tagValues/write",
"Microsoft.Resources/subscriptions/tagNames/write",
"Microsoft.Subscription/*/read",
"Microsoft.Authorization/*/read" ],
"NotActions": [ ],
"AssignableScopes": [
"/subscriptions/subscription_GUID",
"/subscriptions/subscription_GUID/ \
resourceGroups/myCloudPointGroup" ] }
To create a custom role using power shell, follow the steps in the following Azure
documentation:
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell
For example:
New-AzureRmRoleDefinition -InputFile "C:\CustomRoles\ReaderSupportRole.json"
To create a custom role using Azure CLI, follow the steps in the following Azure
documentation:
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-cli
For example:
az role definition create --role-definition "~/CustomRoles/

ReaderSupportRole.json"
Note: You must copy the json in the input file like ReaderSupportRole.json
To use this role, do the following:

■ Assign the role to an application running in the Azure environment.
■ In CloudPoint, configure the Azure off-host plug-in with the application's
credentials.
See “Microsoft Azure plug-in configuration notes” on page 47.
Nutanix plug-in configuration notes

The Nutanix Acropolis HyperVisor (AHV) plug-in for CloudPoint lets you do the
following:
■ Snapshot a combination of a virtual machine and its attached disks.
Pure Storage FlashArray plug-in configuration notes
■ Restore a snapshot to the original virtual machine.

■ Delete a snapshot.
To configure the plug-in, specify the following parameters. They are all mandatory.
■ The IP address of Nutanix AHV Prism.
■ The user name to access Prism.
■ The password to access Prism.
Pure Storage FlashArray plug-in configuration

notes
Table 5-6 Pure Storage FlashArray configuration parameters
IP address of Pure Storage The IP address of the array.
Username to access Pure The username to access the array.

Storage
Password to access Pure The password to access the array.

Storage
Huawei OceanStor array plug-in configuration

notes
Table 5-7 Huawei OceanStor array plug-in configuration parameters
CloudPoint configuration parameter Description
Array IP Address The IP address of the array.
Username The username to access the array.
Password The password to access the array..

Chapter 6
Configuring the on-host
agents and plug-ins
■ About agents
■ Preparing to install the Linux-based on-host agent
■ Preparing to install the Windows-based on-host agent
■ About the installation and configuration process
■ Downloading and installing an on-host agent
■ Configuring a Linux-based on-host agent
■ MongoDB plug-in configuration notes
■ Configuring a Windows-based on-host agent
■ Configuring a Windows-based agent on a host if an agent has been previously

installed
■ Configuring the on-host plug-in
■ Configuring VSS to store shadow copies on the originating drive
■ Enabling the Microsoft SQL plug-in on the Windows host
■ Running the Windows agent as a service
About agents
CloudPoint agents do the following:
Configuring the on-host agents and plug-ins 52
About agents
■ Translate between the message protocol and the plug-in interface.

■ Ensure secure communication between the plug-ins and the rest of the
CloudPoint components.
■ Provide a common implementation of certain tasks such as polling for asset
changes (if the plug-in does not support pushing updates).
■ Handle authentication.
There are two types of agents: on-host agents and off-host agents. An on-host
agent must be installed and configured on a host where an application is running.
The on-host agent manages one or more on-host plug-ins. You need on-host agents
and on-host plug-ins to take snapshots of an Oracle application or a Linux file
system.
In contrast, off-host agents and off-host plug-ins do not need a separate host on
which to run. You use off-host agents and off-host plug-ins to take snapshots of
public cloud assets and on-premises storage arrays.
CloudPoint has an off-host agent known as parent agent which manages all
configurations. Each configuration has a separate agent container which manages
a particular configuration and is treated as a child agent. The child agent is also an
off-host type. There can be multiple child agents for each parent agent. All the
operations on plug-in like GET, PUT, DELETE, work on the off-host (parent) agent.
When a new configuration is added in CloudPoint, it is added to a child agent
container which handles the configuration. The new configuration starts the
registration with CloudPoint and it restarts automatically when the registration is
finished. During this time, the child agent goes offline and comes back online after
the restart of the container is completed.
See “About plug-ins” on page 32.
The following table shows you the type of agent required for each type of asset
snapshot.
Table 6-1 Asset types and the type of agent required
Asset type and vendors On-host agent Off-host agent

required required
Application x
■ Amazon Relational Database Service (RDS)

applications and Aurora database clusters
■ MongoDB Enterprise Edition 3.6
■ MSSQL 2014 and 2016
■ Oracle 12c
Preparing to install the Linux-based on-host agent
Table 6-1 Asset types and the type of agent required (continued)
Asset type and vendors On-host agent Off-host agent

required required
File system x
■ Linux
■ Windows 2012 and 2016
Public cloud (host snapshot or disk snapshot) x
■ Amazon Web Services (AWS) EC2 instances

■ Google Cloud Platform virtual machines
■ Microsoft Azure virtual machines
■ Nutanix Acropolis Hypervisor (AHV)
On-premises storage array x
■ Dell EMC Unity arrays

■ Hewlett-Packard Enterprise (HPE) 3PAR
■ Pure Storage Flash Array
Preparing to install the Linux-based on-host agent

Before you install the Linux-based on-host agent, make sure that you install the
following dependencies.
■ Type the following command to install Linux networking tools:
# yum install -y net-tools
■ Type the following command to install the python2-pika package:
# yum install \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y
# yum install python2-pika -y
■ Type the following command to install the Open SSL version 1.0.2k or higher:
# yum update -y openssl
If you are installing the Linux-based agent to discover Oracle applications, optimize
your Oracle database files and metadata files.
See “Optimizing your Oracle database data and metadata files” on page 54.
Preparing to install the Windows-based on-host agent
See “About the installation and configuration process” on page 54.
Optimizing your Oracle database data and metadata files

CloudPoint takes disk snapshots. For better backup and recovery, you should
optimize your Oracle database data and metadata files.
Each Oracle database instance has a control file. The control file contains information
about managing the database for each transaction. For faster and efficient backup
and recovery, Oracle recommends that you put the control file in the same file
system as the database redo log file. If the database control file resides on the file
system that is created on top of the boot disk or root disk, contact your database
administrator to move the control file to the appropriate location. For more information
on control files and how to move them, contact your database administrator, or see
the Oracle documentation.
https://docs.oracle.com/cd/B10500_01/server.920/a96521/control.htm#3545
After you use a snapshot to restore an application, do not perform any operations.
Allow some time for Oracle to read new data and bring up the database. If the
database does not come up, contact the database administrator to determine the
cause of the problem.
Preparing to install the Windows-based on-host

agent
Before you install the Windows-based on-host agent, do the following on the
Windows host:
■ Enable port 5671 (both inbound and outbound) with a priority of approximately
900.
■ Disable the firewall.
■ Connect to the host through Remote Desktop.
See “About the installation and configuration process” on page 54.
About the installation and configuration process

To install and configure an on-host agent and plug-in, you perform tasks on the
CloudPoint user interface in your browser and on the command line of your local
computer or instance.
Downloading and installing an on-host agent
Figure 6-1 Your path through the installation and configuration process
See “Downloading and installing an on-host agent” on page 55.

Before you complete the steps in this section, do the following:
■ Make sure you have a CloudPoint Enterprise license installed. The Basic (Free)
license and the CloudPoint Express license do not support on-host agents.
■ Make sure you have administrative privileges on the host on which you want to
install the agent.
■ Complete the preparatory steps for your particular agent.
See “Preparing to install the Linux-based on-host agent” on page 53.
See “Preparing to install the Windows-based on-host agent” on page 54.
Whether you install the Linux-based on-host agent or the Windows-based on-host
agent, the steps are similar.
To download and install an agent

1 Make sure you install all agent dependencies.
See “Preparing to install the Windows-based on-host agent” on page 54.
See “Preparing to install the Linux-based on-host agent” on page 53.
2 On the CloudPoint dashboard, under the Environment, locate the Hosts area,
and click Manage.
3 On the Asset Management page, select the host on which you want to install
an agent.
4 On the Details page, click Connect.
5 On the Connect dialog box, make sure the RPM tab is selected. Do one of
the following:
■ To download the Linux-based agent, click Download RPM.
■ To download the Windows-based agent, click Download EXE.
Do not close the Connect dialog box. When you configure the agent, you will
return to this dialog box to get a token.
Note: You can also download the agent software by clicking the Settings
(gear) icon at the top of the dashboard and selecting Download Agent PRM
or Download Agent EXE.
6 (Optional) If necessary, copy the agent package to the computer or instance

on which you want to run.
■ For the Linux-based agent use SCP.
■ For the Windows-based agent, copy the package to C:\Program
Files\Veritas\CloudPoint.
7 Do one of the following:

■ Type the following command to install the Linux-based agent:
# rpm -Uvh CloudPoint_agent_RPM_name
For example:
Configuring a Linux-based on-host agent
# rpm -Uvh VRTScloudpoint-agent-2.1-RHEL7.x86_64.rpm
■ Type the following command to unzip the Windows-based agent file:
C: unzip CloudPoint_agent_EXE_name
You are ready to configure the on-host agent.

See “Configuring a Linux-based on-host agent” on page 58.
See “Configuring a Windows-based on-host agent” on page 60.

Before you complete the steps in this section, make sure you have downloaded
and installed the agent.
To complete the steps in this section, you need root privileges.
To configure a Linux-based on-host agent
1 (Optional) If a Linux-based agent was configured on this host before, remove
the keys directory. Type the following command on that host where the agent
runs:
# rm -rf /opt/VRTScloudpoint/keys
2 Type the following command in the /etc directory to create a configuration file
called flexsnap.conf.
# vi /etc/flexsnap.conf
3 Add the following lines to the file and save it.
[global]
target = IP_address_where_CloudPoint_is_installed
4 On the CloudPoint dashboard, return to the Connect dialog box. If you closed
the dialog box, do the following:
■ On the dashboard, in the Host area, click Manage.
■ On the Asset Management page, select the host.
5 On the Connect dialog box, on the RPM tab, click Create Token. This token
is used to authorize the host to CloudPoint.
Note: The token is only valid for 60 seconds.
6 Click Copy Token.

7 Type the following command to copy the token and start the flexsnap-agent:
# flexsnap-agent copied_token
Note: If you encounter an error, contact Veritas Customer Support.
8 Type the following command to enable the agent service:
# systemctl enable flexsnap-agent
9 Type the following command to start the agent service:
# systemctl start flexsnap-agent

MongoDB plug-in configuration notes
You are now ready to configure the on-host plug-in.

See “Configuring the on-host plug-in” on page 63.
MongoDB plug-in configuration notes

Beginning in CloudPoint Release 2.0.1, you can configure a MongoDB plug-in to
discover and protect your MongoDB database applications with disk-level and
host-level snapshots. Before you configure the MongoDB plug-in, make sure that
your environment meets the following requirements:
■ The Linux on-host must be installed and running in a Red Hat Enterprise Linux
(RHEL) 7.4 environment.
■ You must be running MondoDB enterprise 3.6.
■ Discovery of a MongoDB standalone instance is supported.
■ Databases and journals must be stored on the same volume.
■ If you want to create application-consistent snapshots, journaling must be turned
on.
When you configure the plug-in, have the following information ready:
■ The location of the MongoDB conf file
■ A MongoDB user name with administrator privileges
■ The password of the MongoDB user
Note: During configuration, when the plug-in tries to load pymongo for the first time,
the Linux on-host agent crashes. Restart the on-host agent. You can then configure
the MongoDB plug-in successful and begin to take snapshots.
Configuring a Windows-based on-host agent

This section describes how to configure a Windows-based agent on a host for the
first time. If the host you are using has had an agent installed on it before, the
configuration steps are slightly different.
See “Configuring a Windows-based agent on a host if an agent has been previously
installed” on page 63.
Before you complete the steps in this section, make sure you have downloaded
and installed the agent.
To complete the steps in this section, you need administrative privileges.

To configure a Windows-based on-host agent
1 On the host that runs the agent, create a configuration file, flexsnap.conf.
Navigate to C:\ProgramData\Veritas\Cloudpoint\etc and enter the following:
dir > flexsnap.conf
2 Using Notepad, open flexsnap.conf, add the following lines, and save the
file:
[global]
target = CloudPoint_Public_Name or
IP_address_where_CloudPoint_is_installed
3 On the CloudPoint dashboard, return to the Connect dialog box. If you closed
the dialog box, do the following:
■ On the dashboard, in the Host area, click Manage.
■ On the Asset Management page, select the host.
4 On the Connect dialog box, on the RPM tab click Create Token. This token
is used to authorize the host to CloudPoint.
Note: The token is only valid for 60 seconds.
5 Click Copy Token.

6 Copy the token and start the flexsnap-agent. Navigate to where you installed
the .zip file, and type the following command:
flexsnap-agent_name.exe jointoken
7 Run the same .exe file without any arguments.
flexsnap-agent_name.exe

Configuring a Windows-based agent on a host if an agent has been previously installed
Configuring a Windows-based agent on a host if

an agent has been previously installed
If a Windows-based agent has been configured on a host before, The configuration
steps are slightly different from a fresh configuration.
To configure a Windows-based agent on a host if an agent has been previously
installed
1 Navigate to C:\Program Files\Veritas\CloudPoint and delete the unzipped
exe folder. (Even if you do not remove the folder, remember to execute the
flexsnap-agent_name.exe command from the latest .exe file.)
2 Download the agent EXE again. Unzip this file to C:\Program

Files\Veritas\CloudPoint.

3 Edit the configuration file
C:\ProgramData\Veritas\CloudPoint\etc\flexsnap.conf. The previous
installation of the on-host added extra lines to this file. Remove those lines and
add or edit following. Make sure to have correct IP address.
[global]
target = CloudPoint_Public_Name or
IP_address_where_CloudPoint_is_installed
4 From the Connect dialog box on the CloudPoint user interface copy the token.
5 Copy the token and start the flexsnap-agent. Navigate to where you installed
the .zip file, and enter the following:
flexsnap-agent_name.exe jointoken
6 Run the same .exe file without any arguments.
flexsnap-agent_name.exe

Configuring the on-host plug-in

Before you complete the steps in this section, make sure you configure the on-host
agent.
Configuring VSS to store shadow copies on the originating drive
See “Configuring a Linux-based on-host agent” on page 58.

See “Configuring a Windows-based on-host agent” on page 60.
To configure an on-host plug-in
1 Review the configuration requirements for the on-host plug-in you want to
configure.
See “MongoDB plug-in configuration notes” on page 60.
2 After you configure the on-host agent, return to the CloudPoint user interface.
3 Navigate back to the asset on which you installed and configured on the on-host
agent. On the Details page, the Configuration button is enabled.
4 Click Configuration.
5 From the drop-down list, select the on-host plug-in you want to configure.
6 Click Configure.
After a few minutes, the statistics on the CloudPoint dashboard update to indicate
new assets have been discovered. You can list these assets by clicking the Manage
link in the Applications widget or File Systems widget as appropriate.
Configuring VSS to store shadow copies on the

originating drive
The Microsoft Volume Shadow Copy Service (VSS) lets you take volume snapshots
while applications continue to write to the volume. If you want to take disk-level,
application-consistent Windows snapshots of a Windows file system or SQL
application, you must configure VSS.
When you configure VSS, keep in mind the following;
■ CloudPoint currently has a limitation that you must manually configure the
shadow copy creation location to the same drive or volume as the originating
drive. This approach ensures that an application consistent-snapshot is created.
■ If shadow storage already exists on an alternate drive or dedicated drive, you
must disable that storage and replace it with the configuration in the following
procedure.
Enabling the Microsoft SQL plug-in on the Windows host
To configure VSS to store shadow copies on the originating drive

1 On the Windows host, open a command prompt. Depending on the User
Account Control setting on the server, you may need to launch the command
prompt with run as administrator rights.
2 For each drive letter on which you want to take disk-level, application-consistent
snapshots in CloudPoint, enter a command similar to the following. The caret
(^) is in the Windows command line continuation character.
vssadmin add shadowstorage /for=drive1 /on=drive1 ^

/maxsize=percent-free-space
vssadmin add shadowstorage /for=drive2 /on=drive2 ^
/maxsize=percent-free-space
Where maxsize equals the maximum free space usage on the shadow storage
drive.
For example:
vssadmin add shadowstorage /for=c: /on=c: /maxsize=70%

vssadmin add shadowstorage /for=d: /on=d: /maxsize=70%
vssadmin add shadowstorage /for=e: /on=e: /maxsize=70%
3 Verify your changes. Enter the following:
vssadmin list shadowstorage
Enabling the Microsoft SQL plug-in on the

Windows host
The Microsoft SQL (MS SQL) on-host plug-in lets you create disk-level and host-level
snapshots of your Microsoft SQL application. When you use this plug-in, keep in
mind the following:
■ This plug-in is supported in Azure and AWS environments, but not in Google
Cloud Platform or VMware environments.
■ If you want to discover SQL applications, you cannot run the Windows agent
as a service.
To enable the SQL plug-in on the Windows host
1 On the CloudPoint dashboard, in the Hosts widget, click Manage.
2 On the Asset Management page, find and select the Windows host.
Running the Windows agent as a service
3 Click Configure and select the MS SQL plug-in from the drop-down list.
4 Return to the dashboard.
5 In the Applications widget, click Manage.
The Asset Management page lists the Microsoft SQL databases on the
Windows host. If the databases are not displayed, wait for a minute and refresh
your browser.

Note: If you want to discover SQL applications, you cannot run the Windows agent
as a service. If you want to discover SQL applications, you must run the
flexsnap-agent.exe executable from a command prompt that is running with run
as administrator rights.
To run the Windows agent as a service

1 Make sure that the flexsnap-agent.exe process is not running. If it is, press
CTRL+C in the command prompt to stop it.
2 Verify that the flexsnap-agent.exe is not running in memory. Open the Task
Manager check the Processes tab.
3 Open a command prompt. If User Account Control is enabled, enter the

following command with run as administrator rights. The caret (^) is in the
Windows command line continuation character.
cd C:\Program Files\Veritas\CloudPoint\ ^
flexsnap-windows-svc.exe --startup=delayed install
If you want to run the service under a domain or other (non-system) account,
use the following command instead:
cd C:\Program Files\Veritas\CloudPoint\ ^
flexsnap-windows-svc.exe --username=DOMAIN\username ^
--password=password --startup=delayed install
4 Start the service. Enter the following:
sc start CloudPointService
If the operation succeeds, the Windows Task Manager displays the following
processes:
flexsnap-agent.exe
flexsnap-windows-svc.exe (x2)
Chapter 7
Protecting assets with
CloudPoint's agentless
feature
■ About the agentless feature
About the agentless feature

If you want CloudPoint to discover and protect on-host assets, but you want to
minimize vendor software on your hosts, consider CloudPoint's agentless feature.
This feature is available in the CloudPoint Enterprise license.
Typically, when you use an agent, the software remains on the host at all times. In
contrast, the agentless feature works as follows:
■ The CloudPoint software accesses the host through SSH.
■ CloudPoint performs the specified task, such as creating a snapshot.
■ When the task completes, CloudPoint software deletes itself from the host.
See “Configuring the agentless feature” on page 68.
Configuring the agentless feature

CloudPoint's agentless feature is only available if you have the CloudPoint Enterprise
license.
Protecting assets with CloudPoint's agentless feature 69
Before you configure the agentless feature on a host, have the following information
ready:
■ The host user name
■ The host password or SSH key
■ On the Azure RHEL machine enter the following command with sudo user:
/etc/sudoers file
cpuser ALL=(ALL) NOPASSWD: ALL
You need to provide this information so that CloudPoint can gain access to the
host.
To configure the agentless feature
1 On the CloudPoint dashboard, in the Environment card, locate the Hosts
area, and click Manage.
2 On the Asset Management page, select the host on which you want to use
the agentless feature.
3 On the Details page, click Connect
Protecting assets with CloudPoint's agentless feature 70
4 On the Connect dialog box, select the SSH chip.
5 Enter the SSH user name, and either the SSH password or SSH key.
6 Click Save.
Section 2
Configuring users
■ Chapter 8. Setting up email and adding users
■ Chapter 9. Assigning roles to users for greater efficiency

Chapter 8
Setting up email and
adding users
■ Configuring email
■ Adding users at CloudPoint configuration time
■ Adding a user
■ Deleting a user
Configuring email
The following figure shows where you are in the CloudPoint user configuration
process.
Figure 8-1 You are here in the user configuration process
The first part of configuring CloudPoint users is to configure an email address that
is the source of CloudPoint communications. For example, if the status of an asset
changes, and CloudPoint notifies users from this address. When you specify this
address, you can use an existing email address.
You configure the email address using one the following email services:
■ Amazon Web Services Simple Email Service (AWS SES)
Setting up email and adding users 73
Configuring email
■ SendGrid email delivery service

■ Simple Mail Transfer Protocol (SMTP)
Before you configure the email ID, gather the following information based on the
email service you select. You specify this information on the Email Configuration
page.
Table 8-1 Email configuration parameters
Email service Required parameters
AWS SES ■ Access Key ID

■ Secret Access Key
■ Region
SendGrid SendGrid API key
SMTP ■ SMTP Host

■ SMTP Port
■ Username
■ Password
Adding users at CloudPoint configuration time
To configure email
1 On the CloudPoint dashboard, click the Settings (gear) icon, and select Email
Settings from the drop-down list.
2 On the Email Configuration page, select the email service to use.
3 Complete the form using the email service-specific parameters you compiled.
If you use AWS SES or SendGrid, verify your email ID.
4 Click Finish.

This topic describes how to add users when you first configure CloudPoint.
When you add users to CloudPoint, you have the following options:
■ Import user data from a Lightweight Directory Access Protocol (LDAP) directory.
This approach enables you to quickly and accurately create a large number of
CloudPoint users.
Note: You cannot auto-import LDAP users in to CloudPoint 2.1
■ Create user accounts manually on CloudPoint. This approach is called creating

users locally.
Depending on which method you use, gather the information that is specified in the
following table.
Table 8-2 LDAP configuration methods and required information
Configuration method Information to gather
Importing users from LDAP ■ The name and password of the LDAP administrator
account
■ The LDAP base domain
■ The LDAP URL
■ The network port used by the LDAP server
■ The search base that is used for LDAP searches
■ The LDAP email domain
Creating users locally For each user you want to add, obtain:
■ First and last name

■ Email address
■ CloudPoint role
To add users using LDAP

1 From the top of any Veritas CloudPoint page, click the Settings icon (gear)
and select LDAP settings.
Adding a user
2 On the LDAP Configuration page, Select Import from LDAP.
3 Complete the page with the information that you gathered in the table above.
4 Click Finish.
5 On the Changing LDAP Setting dialog box, click Proceed.
CloudPoint gathers a list of available users from the LDAP search base.
6 On the Add LDAP users page, you can select one or more users and click
Assign Selected or click Assign All.
The Assigned Users column is updated with your selections.
7 When you are done, click Save.
See “Adding a user” on page 77. to add users locally.
Adding a user
process.
Adding a user
Before you can add a user to CloudPoint, you must configure an email address.
This address sends out all CloudPoint related emails.
See “Configuring email” on page 72.
Adding a user
To add a user
1 On the dashboard, in the Administration card, locate Users, and click Manage.
2 On the User Management page, click New User.

3 Complete the New User dialog box and click Save.
The user receives an email that they have been added to CloudPoint. The
email includes a temporary password they can use to access the product.
The email is sent from the address you specified when you configured email
earlier.
Deleting a user
Deleting a user
To delete a user
1 On the dashboard, in the Administration widget, locate Users, and click
Manage.
2 On the User Details page, click Delete.
3 On the Please confirm ... dialog box, click Delete.
CloudPoint displays a message that the user has been removed.
4 On the LDAP Users page, verify that the user is no longer displayed.
Chapter 9
Assigning roles to users
for greater efficiency
■ About role-based access control
■ Displaying role information
■ Creating a role
■ Editing a role
■ Deleting a role
About role-based access control

process.
If your organization uses CloudPoint to manage a large number of assets or asset

types, it may not be practical to have one CloudPoint admin account.
CloudPoint offers role-based access control which lets the administrator assign a
user certain assets and privileges. With this feature, you can do the following:
■ Delegate certain tasks to the people with the most expertise.
Assigning roles to users for greater efficiency 82
Displaying role information
■ Have multiple people in a role so there is no single point of failure.

■ Control access for multiple users simultaneously.
■ Clearly define ownership of assets for users.
See “What kinds of assets can you protect?” on page 10.
Displaying role information

To display role information
1 On the dashboard, in the Administration widget, locate Roles, and click
Manage.
2 On the Roles page, select the check box for the role you want to view.
You can also use the Roles page to create a new role.
See “Creating a role” on page 82.
3 Review the Role Details page. It includes the following tabs:
Tab Description
Users The users who can perform this role.
Permissions One or more sets of permissions that

define the tasks users can perform.
Assets The assets that are associated with the

role.
You can also use the Role Details page to edit or delete the role.
See “Editing a role” on page 86.
See “Deleting a role” on page 87.
Creating a role
Only the CloudPoint admin or a user with Role management permission can create
a role.
Creating a role
To create a role
1 On the dashboard, in the Administration card, locate Roles, and click Manage.
2 On the Role Management page, click New Role.

3 On the New Role page, specify the name of the new role, and optionally give
it a description.
4 Select information from the following tabs:
■ Users
This tab displays a list of CloudPoint users and their email addresses. To
assign a user to the role, select the corresponding check box. Select one
or more users.
■ Permissions
Creating a role
This tab displays a list of preconfigured permissions. Select one or more

permissions.
■ Assets
The left side of this tab displays a list of all available CloudPoint assets.
The right side displays the assets that are assigned to the role. When you
first assign assets to a role, the right side of the tab is blank.
Note: As the CloudPoint admin, you see all assets, regardless of whether
they are appropriate for the permissions you set. The asset list is not
automatically filtered based on the permission you select. If you are a
non-admin user with Role management permission, you only see the
assets assigned to you.
In the available list, select assets you want to add to the role, and click
Assigned Selected. You can also use the buttons Assign Selected,
Assign All, Remove All, and Remove Selected to create your assigned
asset list.
Creating a role
At a minimum, you must specify the following:

■ One user and one permission
■ One user and one asset
■ One user, one permission, and one asset
5 Click Save.
CloudPoint displays a message that the role is added.
6 Note the new entry on the Role Management page.
Editing a role
Editing a role
To edit a role
1 On the dashboard, in the Administration card, locate Roles, and click Manage.
2 On the Roles page, select the check box for the role you want to view.
Deleting a role
3 Click Edit.
The Edit Role page displays with the Users tab shown by default.
4 Modify the role values.

The remaining steps this procedure are the same as creating a new role.
See “Creating a role” on page 82.
5 After you edit the role, click Save.
CloudPoint displays a message that the changes have been applied.
Deleting a role
You can delete one or more CloudPoint roles in a single operation.
To delete a role
1 On the dashboard, in the Administration widget, locate Roles, and click
Manage.
2 On the Roles page, select the check boxes for the roles you want to delete.
The Role Details page is displayed. If you select one role to delete, it displays
the Users tab, Permissions tab, and Assets tab. If you select multiple roles
to delete, the page displays the number of roles you selected.
3 On the Role Details page, click Delete.
CloudPoint displays a message that the role has been deleted.
5 Note that the role is no longer on the Roles page.
Section 3
Protecting and managing
data
■ Chapter 10. User interface basics
■ Chapter 11. Protecting your assets with policies
■ Chapter 12. Replicating snapshots for added protection
■ Chapter 13. Managing your assets
■ Chapter 14. Monitoring activities with notifications and the job log
■ Chapter 15. Indexing and classifying your assets
■ Chapter 16. Protection and disaster recovery

Chapter 10
User interface basics
■ Signing in to CloudPoint
■ Focusing on an asset type
■ Navigating to your assets
■ Using the action icons
Signing in to CloudPoint
After you configure CloudPoint, the sign in screen is automatically displayed. It is
also displayed any time you point your browser to the URL of the host running
CloudPoint.
User interface basics 90
Focusing on an asset type
To sign in to CloudPoint
1 On the sign in screen, enter your CloudPoint user name and password.
2 Click Sign In.

If this is the first time you have signed in to CloudPoint, verify that CloudPoint was
installed successfully.
See “Verifying that CloudPoint installed successfully” on page 31.
Focusing on an asset type

By default, the dashboard displays statistics on all the clouds in your environment.
You can use the Viewing drop-down list to select a particular asset type. Then, the
dashboard only displays statistics on that type.
Navigating to your assets
The Viewing drop-down list has the following options:

■ All clouds
■ Amazon Web Services (AWS)
■ Microsoft Azure
■ Google Cloud
■ OnPrem

Many CloudPoint tasks consist of navigating to an asset and performing an action.
Actions can include taking a snapshot, viewing a snapshot, or associating an asset
with a policy.
The Asset Management page is the starting point for all these activities. You can
filter the information on the Asset Management page to display the following:
■ Everything (all asset types)

■ Disks
■ Hosts
■ Applications
■ File systems
The following example shows the Asset Management page listing only applications.
You can filter your results further by entering a string in the Filter field.
Note: If the string you filter on includes enter includes a hyphen, put the string in
double quotes. For example, to show only the assets that include the string
prod-pipeline, you would enter "prod-pipeline".
From here, you can select an application and perform a number of tasks.
The following table lists the ways you can navigate to the Asset Management page
and what is displayed.
Table 10-1 Navigating to your assets
When you The Asset Management page displays ...

click here ...
Snapshots > Everything (default) or the last asset type displayed

Manage
Protection
Summary >
Manage
Protect Everything
Assets
Using the action icons
Table 10-1 Navigating to your assets (continued)
When you The Asset Management page displays ...

click here ...
Applications The specified asset type

> Manage
Hosts >
Manage
File Systems
> Manage
Disks >
Manage
Using the action icons

The top of every CloudPoint page includes the following icons. Click an icon to
display a screen with status or important information on CloudPoint operations.
After you view a screen, click anywhere outside the screen to close it.
Table 10-2 CloudPoint icons
Click this icon ... To display ...
Notifications
Recent CloudPoint activity, including creating, restoring, and

deleting snapshots.
Settings
The CloudPoint online Help. The online Help displays

information on CloudPoint deployment and administration.
Your CloudPoint admin user name. You can click links on

this screen to change the CloudPointadmin password and to
display the CloudPoint version number. You can also use
this screen to sign out of CloudPoint.
Chapter 11
Protecting your assets with
policies
■ About policies
■ Creating a policy
■ Assigning a policy to an asset
■ Listing policies and displaying policy details
■ Editing a policy
■ Deleting a policy
About policies
A policy lets you automate your asset protection. When you create a policy, you
define the following:
■ The type of snapshot to take, either a crash-consistent snapshot (the default)
or an application-consistent snapshot.
■ Whether or not to replicate the snapshot. For added protection, you can specify
that CloudPoint stores a copy of the snapshot at another physical location.
Note: You cannot replicate any encrypted asset, including encrypted Elastic
Block Store (EBS) snapshots and encrypted Amazon Machine Images (AMIs).
Protecting your assets with policies 95
About policies
■ Whether or not to analyze snapshot using CloudPoint's classification feature. If

you enable classification, CloudPoint analyzes your snapshots and alerts you
if they contain sensitive data such as personally identifiable information (PII).
■ The number of snapshots to retain or how long to retain them before they are
deleted.
■ The frequency with which the policy runs.
You can then assign the policy to your assets to ensure regular, consistent
protection.
You can assign more than one policy to an asset. For example, you can create a
policy that snapshots assets weekly, and another that snapshots assets daily. You
can associate the same asset with both of them.
When you create a policy, keep in mind the following:
Note: If you have an asset in multiple policies and the policy run times overlap, one
of the policies may fail. For example, suppose an asset is in both Policy 1 and Policy
2. If Policy 1 is running when Policy 2 starts, Policy 2 may fail. It takes an average
of 10 minutes to create an Oracle snapshot. Allow at least a 10 minute gap between
two policies that have the same asset.
See “Creating a policy” on page 96.

See “Assigning a policy to an asset” on page 99.
See “Listing policies and displaying policy details” on page 102.
Creating a policy
Creating a policy
To create a policy
1 On the dashboard, in the Administration widget, locate Policies, and click
Manage.
2 On the Policies page, click New Policy.

3 Complete the New Policy page.
Enter the following

■ Policy Information
Name and describe the policy, and enable features.
Creating a policy
Field Description
Policy Name A 2- to 13-character string.
The name can only contain lower case

letters, numbers, and hyphens. The
name should begin and end with a letter.
Note: In Google Cloud, a policy name
cannot contain an underscore.
Note: If policy contains any on premise

array disk, then policy name must be
1-12 char string and must not contains
"_" (underscore) in case of pure storage.
Description (optional) A short description to remind you about

what the policy does.
Storage level The level at which the snapshot is taken:

Disk, Host, or Application
Application Consistent Snapshot In an application consistent snapshot,

CloudPoint notifies the application that it
is about to take a snapshot. The
application completes its transactions
and writes data to memory. It is then
briefly frozen and CloudPoint takes the
snapshot. The application resumes
activity.
The default is to create a

crash-consistent snapshot. This snapshot
type does not capture data in memory or
pending operations.
An application snapshot is recommended

for database applications. A
crash-consistent snapshot is acceptable
for other types of assets.
Enable Replication Click the check box to enable replication.

Note: You cannot replicate any
encrypted asset, including encrypted
Elastic Block Store (EBS) snapshots and
encrypted Amazon Machine Images
(AMIs).
Creating a policy
Field Description
Enable Classification Click the check box to enable

classification.
Note: This option is only available if you
have a CloudPoint Enterprise license.
■ Retention
Use the up and down arrows and the retention tabs to specify how many
snapshots of the asset you want to retain or for how long. The following
table shows some sample settings.
Number Tab Description
5 Copies Retains the last five

snapshots.
Note: An asset may
have more total
snapshots than the
number specified here. If
an asset is associated
with multiple policies, it
has snapshots with each
policy. Also, the
snapshots you create
manually do not count
toward the retention total.
Manual snapshots are not
automatically deleted.
7 Days Retains all snapshots for

a week.
3 Months Retains all snapshots for

3 months.
■ Scheduling
Use this part of the page to determine how often the policy runs.
Tab Description
Hourly Use the up and down arrows to specify the

hour or minute interval at which the policy
runs.
Assigning a policy to an asset
Tab Description
Daily Click the clock icon to specify the time the

policy runs each day.
Weekly Use the clock icon and day buttons to

specify the day of the week and the time
the policy runs.
Monthly Use the clock icon and calendar to specify

the time and the date each month on which
the policy runs.
The following example takes application consistent snapshots each Monday

at 12:00 AM. CloudPoint four snapshots before it discards the earliest one.
4 Click Save.
CloudPoint displays a message that the new policy is created.
5 Note the new entry on the Policies page.

After you create a policy, you assign it to one or more assets. For example, you
can create a policy to create weekly snapshots and assign the policy to all your
database applications. Also, an asset can have more than one policy. For example,
in addition to weekly snapshots, you can assign a second policy to your database
applications to snapshot them once a month.
When you complete the steps in this section, keep in mind the following:
■ The steps for assigning a policy are the same regardless of the type of asset
you assign it to.
■ Also use these steps when you want to change the policy that is associated with
an asset.
Note: If you have an asset in multiple policies and the policy run times overlap, one
of the policies may fail. For example, suppose an asset is in both Policy 1 and Policy
2. If Policy 1 is running when Policy 2 starts, Policy 2 may fail. It takes an average
of 10 minutes to create an Oracle snapshot. Allow at least a 10 minute gap between
two policies that have the same asset.
To assign a policy to an asset

1 On the CloudPoint dashboard, in the Environment area, find the asset type
you want to protect, and click Manage. This example protects an application.
2 On the Asset Management page, select the application you want to protect.
On the Details page, click Policies.
3 On the Policies for asset name screen assign one or more policies to the
asset. In the Available Policies column, select the policy you want to assign
and click Assign Selected.
You can also assign or remove multiple policies at the same time.
4 Click Save.
Listing policies and displaying policy details

To list policies and display policy details
1 On the dashboard, in the Administration card, locate Policies, and click
Manage.
The Policies page displays with a list of policies.
From the Policies page, you can create a new policy.

2 To display a policy's details, select it from the list.
The Policy Details page displays the following information:

■ The policy name
■ The description (if available)
■ The retention count; that is, number of snapshots that are kept for each
asset before the oldest one is removed
■ When the policy is scheduled to run
From Policy Details page, you can do the following:

■ Edit a policy.
■ Delete a policy.
See “About policies” on page 94.
See “Deleting a policy” on page 106.
See “Editing a policy” on page 104.
Editing a policy
Editing a policy
To edit a policy
1 On the dashboard, in the Administration widget, locate Policies, and click
Manage.
2 On the Policies page, select the check box for the policy you want to modify.
3 On the Policy Details page, click Edit.

Editing a policy
4 Modify the policy values.
The remaining steps this procedure are the same as creating a new policy.
5 After you edit the policy, click Save.
CloudPoint displays a message that the policy is updated.
Deleting a policy
Deleting a policy
To delete a policy
1 On the dashboard, in the Administration card, locate Policies, and click
Manage.
2 On the Policies page, select the check box for the policy you want to delete.
You can select multiple policies.
3 On the Policy Details page, click Delete.

Deleting a policy
5 CloudPoint displays a message that the policy has been deleted.

6 Note that the policy is no longer on the Policies page.

Chapter 12
Replicating snapshots for
added protection
■ About replication
■ Replication of encrypted snapshots
■ Configuring replication rules
■ Editing a replication rule
■ Deleting a replication rule
About replication
When you replicate a snapshot, you save a copy of it to another physical location.
For example, suppose that you administer an Amazon Web Services (AWS) cloud
and your assets are in the region us-east-1. Your asset snapshots are also be
stored in us-east-1. However, you can also replicate the snapshots to the region
us-west-1 for an added level of protection. In CloudPoint terminology, the original
location (us-east-1) is the replication source, and the location where snapshots
are replicated (us-west-1) is the replication destination.
As an administrator, you can configure up to three replication targets for each source
region. When you create a policy, you can specify whether replication is enabled.
You can also replicate a snapshot manually.
Replication of encrypted snapshots

Prerequisites for replicating encrypting snapshots:
Replicating snapshots for added protection 109
Configuring replication rules
■ You must allow following permission/action on KMS resource:

■ Effect: Allow
■ Action:
kms:ListKeys
Kms.ListAliases
■ Encryption key (KMS key) used for encryption in both region must have same
name; that is alias (in terms of AWS)
■ If encryption key with same name is not present then replication fails with the
following error:
KMS key <encryption_key_arn> not present in target region:
<target_region>

A replication rule consists of the following:
■ The original location of your assets and snapshots
■ One or more alternate physical locations where snapshots are replicated
You can configure up to three replication destination for each source.
You can use a replication rule in the following ways:
■ You can automate replication. On a snapshot policy, select Enable Replication.
When the policy runs, snapshots are automatically replicated to the targets that
are configured in the rule.
■ You can replicate a snapshot manually. On the Snapshot Details page, select
Replicate.
To create a replication rule

1 On the CloudPoint dashboard, click the Settings (gear) icon, and select
Replication Settings from the drop-down list.
2 On the Replication Settings page, click New Rule.

3 On the New Replication Rule page, use the drop-down lists to configure your
rule.
Drop-down list Description
Platform Specify the asset vendor. Currently,

CloudPoint supports Amazon Web
Services (AWS).
Location/Region The choices here are based on what you

select on the Platform list. The location
you select becomes the Source Name on
the Replication Settings page.
Destination 1, Destination 2, Destination Use these drop-down lists to select one or

3 more alternate physical locations where
replicated snapshots are stored.
Note: For AWS, you cannot replicate
snapshots between two accounts. You can
only replicate snapshots between locations
in the same account.
4 Click Save.
CloudPoint displays a message that a new rule has been created.
5 Note that the Replication Settings screen displays the new rule.
Editing a replication rule
Editing a replication rule

You can edit a replication rule to change the location where snapshots are replicated
or the order of the locations. You cannot edit the vendor platform or source location.
To edit a replication rule
2 Review the Replication Setting page.

This page lists each replication source in your environment. It includes the
following information for each source:
■ The source name
■ The source server
■ The source platform type, such as Amazon Web Services (AWS)
■ The regions to which the snapshots are replicated
3 Select the source location whose replication rules you want to edit.
4 Click Edit.
5 Use the drop-down lists to change the replication locations or the order of the
locations.
6 Click Save.
CloudPoint displays a message that a new rule has been updated.
Deleting a replication rule
Deleting a replication rule

To delete a replication rule
2 Select the replication rules you want to delete. You can select more than one
rule.
3 Click Delete.
CloudPoint displays a message that the rule has been deleted
Chapter 13
Managing your assets
■ Creating a snapshot manually
■ Displaying asset snapshots
■ Replicating a snapshot manually
■ Restoring a snapshot
■ Deleting a snapshot
Creating a snapshot manually

One of CloudPoint's most important features is the ability to create snapshot policies.
These policies let you take snapshots of specific assets on a regular schedule.
However, you can also take a snapshot of an asset manually. That is, you can
navigate to a particular asset at any time and create a snapshot.
The types of snapshots you can create vary depending on the asset type. Before
you complete this section, review the following table.
Table 13-1 Assets and supported snapshot types
Asset Supported snapshot types
Dell EMC Unity array Copy-on-write (COW) snapshots on LUNs

Managing your assets 114
Table 13-1 Assets and supported snapshot types (continued)
Asset Supported snapshot types
Hewlett Packard Enterprise 3PAR array COW and clone snapshot types
Note the following:
■ HP 3PAR Virtual Copy Software is responsible

for the snapshot operation.
■ You can have 500 snapshots per volume. 256
can be read/write.
■ When a volume is involved in a Remote Copy
with a secondary array, the operation fails.
Hitachi HDS array COW snapshots; Hitachi Thin Image (HTI) volumes
P-VOL or S-VOL
The following are not supported:
■ Clone snapshots; Multi Raid Coupling Facility

(MRCF): ShadowImage volume P-VOL or
S-VOL
■ The VVol volume type
Pure Storage FlashArray Clone snapshots of volumes
Regardless of the asset type you work with, the steps for creating a snapshot are
the same. Depending on the asset, some parameters you enter may be slightly
different. They are explained in the procedure.
To create a snapshot manually
1 Navigate to your list of assets.
On the CloudPoint dashboard, in the Environment card, select the asset type
you want to work with, and click Manage. This example creates an application
snapshot.
2 On the Asset Management page, select the application you want to snapshot.
You can select multiple applications.
3 On the asset's Details page, click Create Snapshot
4 On the Create Snapshot page, complete the following fields.
Field Description
Snapshot name A 2- to 32-character string.
Cloud vendors have additional restrictions

on the snapshot name.
■ In Amazon Web Services, an RDS

snapshot or Aurora cluster snapshot
name has the following restrictions:
■ The name cannot be null, empty, or
blank.
■ The first character must be a letter.
■ The name cannot end with a
hyphen or contain two consecutive
hyphens.
■ In Google Cloud, an application
snapshot name has the following
restrictions:
■ The name can only contain lower
case letters, numbers, and hyphens.
You cannot use an underscore.
■ The name should begin and end
with a letter.
Description This field is optional. You can create a

summary to remind you of the snapshot
content.
Field Description
Storage level This option only displayed for application

snapshots.
host takes a snapshot of all the disks that

are associated with the instance. You
cannot restore an application snapshot that
has the host protection level.
disk takes a snapshot of the disks the

application uses.
The following example creates a disk level snapshot with application

consistency.
5 Click Save.
CloudPoint displays a message that the snapshot is created.
By default, AWS allows up to 100 RDS manual snapshots per region. If you try to
take more than 100 snapshots, you may get an error. As a workaround, you can
either:
■ Contact AWS support and ask them to increase the number of snapshots
allowed. Once they do that, you will not get an error unless you reach the new
limit.
■ Or reduce the retention in your policies.
Displaying asset snapshots
Displaying asset snapshots

You can display all the snapshots for an asset, when they were created, and the
region they are located in.
In addition, displaying an asset's snapshots is your gateway to other activities,
including the following:
■ Restoring a snapshot
■ Replicating a snapshot manually
■ Deleting a snapshot
To display an asset's snapshots
you want to work with, and click Manage. This example displays the snapshots
for an application.
2 On the Asset Management page, select the application whose snapshots you
want to view. You can select multiple applications.
3 On the Details page click View Snapshots.

The Snapshot Management page lists all the snapshots. You can filter and
sort the list to find the snapshot you are interested in.
Replicating a snapshot manually
From this page, you can select a snapshot and perform the following actions:
■ Restore a snapshot
See “Restoring a snapshot” on page 120.
■ Replicate a snapshot
See “Replicating a snapshot manually” on page 118.
■ Classify a snapshot
■ Delete a snapshot
See “Deleting a snapshot” on page 128.

When you replicate a snapshot, you save a copy of it to another physical location.
Replication gives your data extra protection in case of a disaster at the original site.
The most efficient way to use replication is to define replication rules and then apply
the rules to your snapshot policies. That way, replication takes on a regular schedule.
Setting up replication rules is described in "Replicating snapshots for added
protection."
However, you can also take a snapshot manually. That is, you can navigate to a
particular snapshot at any time, specify an alternate location, and replicate it.
Regardless of the asset type you work with, the steps for deleting a snapshot are
the same.
To replicate a snapshot manually

you want to work with, and click Manage. This example replicates an application
snapshot.
2 On the Asset Management page, select the application whose snapshot you
want to replicate. You can select multiple applications.
3 On the Details page click View Snapshots
Restoring a snapshot
4 On the Snapshot Management page, select the snapshot you want to replicate.
You can only select one.
5 Depending on the structure for the snapshot, do one of the following:

■ If the snapshot does not have any sub-assets, click Replicate.
■ If the snapshot has sub-assets, a Snapshot Assets page is displayed. By
default, all sub-assets are checked. Select the sub-assets you want to
restore and click Replicate.
6 On the Replicate page, use the Target Destination drop-down list to select
an alternate physical location.
7 Click Replicate.
8 On the Please Confirm ... dialog box, click Replicate.
CloudPoint displays a message that replication has started.
The types of snapshots you can restore and where you can restore them varies
depending on the asset type. Before you complete this section, review the following
table.
Table 13-2 Assets and supported restore options
Asset Supported restore options
Dell EMC Unity array Restore a copy-on-write (COW) LUN snapshot to

the same LUN with the Overwrite Existing option.
Hewlett Packard Enterprise 3PAR array Restore a COW volume snapshot to the same
volume with the Overwrite Existing option.
Note the following:
■ Although you can take a clone snapshot, you

cannot restore it.
■ When a volume has both COW and clone
snapshot type, restore operations fail on that
volume.
■ When a volume is involved in a Remote Copy
with a secondary array, the operation fails.
■ When the array operation begins, the array
creates a backup point for the volume.
Pure Storage FlashArray Restore a clone volume snapshot to the same

volume with the Overwrite Existing option.
When you restore a snapshot, keep in mind the following:

■ You can restore an encrypted snapshot. To enable the restoring of encrypted
snapshots, add a Key Management Service (KMS) policy, and grant the
CloudPoint user access to KMS keys so that they can restore encrypted
snapshots.
■ As a prerequisite, create key-pair with the same name as the source or import
the key pair from the source to the target region .
After restoring, change the security group of the instance post restore of a
replicated snapshot.
■ When you have created a snapshot of a disk of supported storage arrays from
'Disk' section in CloudPoint dashboard, which has a file system created and
mounted on it, you must first stop any application that is using the file system
and then unmount the file system and perform restore.
For AWS/Azure/GCP cloud disk/volume snapshots, you must first detach the
disk from the instance and then restore the snapshot to original location.
■ When you restore a snapshot of a Windows instance, you can log in to the newly
restored instance using original instance's username/password/pem file.
By default, AWS disables generating a random encrypted password after
launching the instance from AMI. You must set Ec2SetPassword to Enabled in
config.xml to generate new password every time. For more information on

how to set the password, see the following link.
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/
ec2config-service.html#UsingConfigXML_WinAMI
■ Volume type of newly created volume for replicated snapshots is according
region default. If volume type is not specified the following default values are
used.
Region Default volume type
■ us-east-1 standard
■ eu-west-1
■ eu-central-1
■ us-west-2
■ us-west-1
■ sa-east-1
■ ap-northeast-1
■ ap-northeast-2
■ ap-southeast-1
■ ap-southeast-2
■ ap-south-1
■ us-gov-west-1
■ cn-north-1
All other regions gp2
To restore a snapshot
you want to work with, and click Manage. This example restores an application
snapshot.
want to restore. You can select multiple applications.
4 On the Snapshot Management page, select the snapshot you want to restore.
5 On the Restore page, complete the following.

■ Specify a Restore Job Name and Description.
■ Select one of the following restore options, depending on the snapshot
type:
Snapshot type Option Description
Cloud snapshot Restore to original Restores the snapshot to

location original location without
overwriting the existing
asset.
Snapshot type Option Description
Restore to a different This option displays a

location drop-list of available
hosts.
Note: Currently, you
cannot restore an Oracle
snapshot to a new
location.
New location Restores the snapshot to

a different physical
computer.
Array snapshot Overwrite existing Replaces the current

asset with the snapshot.
This option is supported

on AWS only.
Following is the behavior
for this option:
■ When this option is
selected, it creates
EBS volumes from
VM (disk) snapshots
and stops the original
instance. It detaches
existing volume and
attaches them to the
stopped instance to
start the instance and
older volumes are
deleted.
■ VM/Instance ID are
same in this case but
as new disks are
created from
snapshots, disk ID is
different.
■ Tags of Instance as
well as volume are
copied properly.
■ Policies applied to
hosts are preserved.
6 Click Restore.
Note: Beginning in Release 2.0.2, you can restore an Azure instance snapshot to
a private network. The instance does not require a public IP address.
Restoring individual files within a snapshot

If you have a CloudPoint Enterprise license, beginning in Release 2.0.1 you can
restore individual files within a snapshot. This process is also known as "granular
restore." However, if you use this feature, keep in mind the following:
■ To restore individual files within a snapshot, you must first index or classify it.
Indexing creates an index of the files in a snapshot. Having an index of the files
enables you to restore a single file. Classification goes deeper into the data than
indexing. During classification, indexing is performed automatically before the
classification process identifies items that contain tags from the Veritas
Information Classifier. Tags indicate the type of data that is in a file, such as a
credit card number, but not the actual data. For any snapshot, you can choose
to index without classifying or to index and classify.
See “Indexing and classifying snapshots” on page 136.
■ It is Technical Preview Software and should not be used in a production
environment. Restoring individual files is included in this release to introduce
you to the concept and functionality. Veritas is under no obligation to develop,
modify, improve, maintain, or market the Technical Preview Software or to
release production or general availability versions.
■ This feature is supported only for file system snapshots that you take at the disk
level.
■ The snapshot must be indexed or classified.
■ This feature is supported only for Amazon Web Services assets and Microsoft
Azure assets.
To restore individual files within a snapshot

1 On the CloudPoint dashboard, in the File Systems area, click Manage.
2 On the Asset Management page, select the file system whose snapshots you
want to view.
3 On the Details page, click View Snapshots.

4 On the Snapshot Management page, click View Granules.

Deleting a snapshot
5 On the Granule Management page, select one or more files to restore, and
Restore Selected Granules.
6 On the Confirm Restore page, select Restore.
Note: If you restore the same granule multiple times, then the existing copy is
overwritten.
Deleting a snapshot
Regardless of the asset type you work with, the steps for deleting a snapshot are
the same.
Deleting a snapshot
To delete a snapshot
On the CloudPoint dashboard, in the Environment card, locate the asset type
you want to work with and click its Manage link. This example deletes an
application snapshot.
want to restore. You can select multiple applications.

Deleting a snapshot
4 On the Snapshot Management page, select the snapshot (or snapshots) you
want to delete. You can select multiple snapshots.
5 Depending on the structure of the snapshot, do one of the following:

■ If the snapshot does not have any sub-assets, click Delete.
■ If the snapshot has sub-assets, a Snapshot Assets page is displayed. By
default, all sub-assets are checked. Select the sub-assets you want to
delete and click Delete.
6 On the Please Confirm ... dialog box, click Delete.

CloudPoint displays a message that the snapshot has been deleted.
The snapshot is removed from the Snapshot Management page.
Chapter 14
Monitoring activities with
notifications and the job
log
■ Working with notifications
■ Using the job log
Working with notifications

CloudPoint notifies you if any of the following occur:
■ Your role changes; for example if any of your permissions are added, deleted,
or changed.
■ The assets that are assigned to you change; for example, if assets are added,
removed, or their policies change.
■ If an operation on one of your assigned assets fails; for example, if a snapshot,
restore, or replication fails.
CloudPoint writes notifications to the Notifications panel. To access the
Notifications panel, click the bell icon at the top of the CloudPoint dashboard. The
bell icon also indicates how many messages are in the log.
CloudPoint displays notifications for the last 7 days.
Monitoring activities with notifications and the job log 132
Using the job log
Using the job log

The right side of the CloudPoint dashboard the Last 24 Hours panel lists the most
recent CloudPoint activity. It also displays the following:
■ Number of running tasks
■ Number of successfully completed tasks
■ Number of issues
The bottom of the list includes a link to the job log where you can display detailed
task information.
To use the jog log
1 On the CloudPoint dashboard, in the Last 24 Hours panel, click Explore Job
Log.
2 Review the Job Monitor page.
Each log entry includes the following:

■ An icon indicating the job status: Completed successfully, completed with
errors, failed, and in progress
■ The job name
■ The job type
■ The job start time and the ending time (if applicable)
3 Use the filter and sorting tools as needed to locate the job you are interested
in.
4 Click a job to display detailed information about it.
Monitoring activities with notifications and the job log 133
Using the job log
The Details page displays the following:

■ A description of the job
■ Its start time
■ Its stop time (if the job is completed)
■ A summary of the underlying tasks
Chapter 15
Indexing and classifying
your assets
■ About indexing and classifying snapshots
■ Configuring classification settings by using the Veritas Information Classifier
■ Indexing and classifying snapshots
■ Statuses for indexing and classification
About indexing and classifying snapshots

Taking a snapshot protects your asset data, but does not give you insight into the
data itself. You know the time that you created the snapshot and the asset that was
protected, but little else. Knowing the content of the snapshot can be crucial. A
snapshot may contain personally identifiable information (PII) and other sensitive
data. If a snapshot contains sensitive data, you might treat it differently, or even
delete it.
The classification feature lets you analyze your snapshot content, flag sensitive
data, and take further actions as necessary.
Note: Classification is supported in CloudPoint Release 2.0.1 and later, and it is

only available through the CloudPoint Enterprise license. It is Technical Preview
Software and should not be used in a production environment. Classification is
included in this release to introduce you to the concept and functionality. Veritas is
under no obligation to develop, modify, improve, maintain, or market the Technical
Preview Software or to release production or general availability versions.
Indexing and classifying your assets 135
Configuring classification settings by using the Veritas Information Classifier
Indexing, which is also Technical Preview software, creates an index of the files in
a snapshot. Having an index of the files enables you to restore a single file from a
snapshot. Classification goes deeper into the data than indexing. During
classification, indexing is performed automatically before the classification process
identifies items that contain tags from the Veritas Information Classifier. Tags indicate
the type of data that is in a file, such as a credit card number, but not the actual
data. For any snapshot, you can choose to index without classifying or to index and
classify.
After a snapshot has been classified, you can reclassify it. Reclassifying is useful
if you have changed the settings in the Veritas Information Classifier since the last
classification of a snapshot. By reclassifying, CloudPoint can locate any new tags
that you added to the Veritas Information Classifier.
If you want to work with classification, but do not have an Enterprise license, please
upgrade your license.
Considerations for indexing and classifying snapshots

When you work with indexing and classification, keep in mind the following items:
■ Indexing and classification options are not available for file systems that were
discovered from a Windows system.
■ Indexing and classification are supported only in an Amazon Web Services
(AWS) cloud, and in the same region and the same cloud account as the
CloudPoint server.
■ Indexing and classification are supported only for file system snapshots that
you take at the disk level.
■ Only one classification or index job at a time is supported. Additional snapshots
are put in a queue until the previous classification or indexing job completes.
■ A snapshot that is in the process of being indexed cannot be classified. The
indexing process must complete before classification can start.
Configuring classification settings by using the

Veritas Information Classifier
The Veritas Information Classifier lets you classify items based on their content and
metadata. The classification tags that are configured in the Veritas Information
Classifier are used when you select the Classify option or the Index and Classify
option in CloudPoint.
Indexing and classifying snapshots
To configure classification settings by using the Veritas Information Classifier

1 On the CloudPoint dashboard, click the Settings (gear) icon, and then select
Classification Settings.
2 When prompted to confirm that you want to leave CloudPoint and go to the
Veritas Information Classifier, click Leave.
3 Set up the tags in Veritas Information Classifier.
Indexing and classifying snapshots

This section describes how you can index and classify snapshots manually.
Before you attempt to index or classify a snapshot, review the considerations for
using these features.
See “About indexing and classifying snapshots” on page 134.

To index and classify a snapshot

1 Navigate to the asset that contains the snapshots you want to index or classify.
2 On the snapshots page, select the snapshot, and then do one of the following:
■ To index the snapshot without classifying it, click Index Only.
After the snapshot is indexed, you can select the option to classify it.
■ To index and classify the snapshot in one step, click Index and Classify.
3 (Optional) If you selected the Index Only option in step 2, click Classify if you
want to classify this snapshot.
4 (Optional) If you want to reclassify this snapshot, click Reclassify.
Reclassifying is useful if you have changed the settings in the Veritas
Information Classifier since the last classification of a snapshot.
See “Statuses for indexing and classification” on page 137.
Statuses for indexing and classification
Statuses for indexing and classification

The following indexing and classification statuses may appear for snapshots.

Table 15-1 Statuses for indexing and classification
Status Description
Classified The classification process is complete. No

tags were found.
Classified - Tags Found The classification process is complete. Tags

that are configured in the Veritas Information
Classifier were found in the selected
snapshot. These tags may require your
attention or additional action.
Classifying The classification process is in progress.
Classifying Failed The classification process cannot be

completed.
Indexed The indexing process is complete.
Indexing The indexing process is in progress.
Indexing - Classification Queued The indexing process is in progress. The

classification process begins when the
indexing progress is complete. This status
appears only if you selected Index and
Classify.
Indexing Failed The indexing process failed.
Unindexed The selected snapshot has not been indexed

yet. Click Index or Index and Classify to
index the snapshot.

Chapter 16
Protection and disaster
recovery
■ About protection and disaster recovery
■ Backing up CloudPoint
■ Restoring CloudPoint
About protection and disaster recovery

As of CloudPoint 2.0.x, CloudPoint cannot protect itself from disaster scenarios.
This section describes how to backup and recover CloudPoint in case of a disaster.
Protection and disaster recovery 139
Backing up CloudPoint
To backup CloudPoint when it is deployed in a cloud
1 Log out of CloudPoint.
2 Stop CloudPoint services. Use the following format:
$ docker run -it --rm

-v /full_path_to_volume_name:\
/full_path_to_volume_name \
veritas/flexsnap-cloudpoint:2.x.x.#### stop
For example:
$ docker run -it --rm -v /cloudpoint:/cloudpoint \

veritas/flexsnap-cloudpoint:2.0.1.5300 stop
Use the following API to determine CloudPoint version installed and configured
on user setup
curl -H "Content-Type: application/json" -H

"Authorization: Bearer $token" -X GET -k
https://localhost:443/cloudpoint/api/v2/version
{ "Version": "2.1.0.7425",
"Commit": "b3916cd6fd62039f8f6dbf0dc1afd625f2066431" }
3 Make sure that all CloudPoint containers are stopped. This step is important
because all activity and connections to and from CloudPoint must be stopped
to get a consistent CloudPoint backup. Enter the following:
$ docker ps | grep veritas
This command should not return any actively running CloudPoint containers.
4 (Optional) If there are still active containers, repeat step 3. If that does not
work, run the following command on each active container:
$ docker kill container_name
For example:
$ docker kill flexsnap-api

5 After all the containers are stopped, take a snapshot of the volume on which
you installed CloudPoint. Use the cloud provider's snapshot tools.
6 When the snapshot completes start CloudPoint services. Use the following
format:
$ docker run -it --rm -v /full_path_to_volume_name:\

/full_path_to_volume_name \
veritas/flexsnap-cloudpoint:2.x.x.#### start
For example:

veritas/flexsnap-cloudpoint:2.0.1.5300 start
To backup CloudPoint when it is on-premises

1 Log out of CloudPoint.
2 Stop CloudPoint services. Use the following format:
$ docker run -it --rm

-v /full_path_to_volume_name:/full_path_to_volume_name \
veritas/flexsnap-cloudpoint:2.x.x.#### stop
For example:

veritas/flexsnap-cloudpoint:2.0.1.5300 stop
3 Make sure that all CloudPoint containers are stopped. This step is important
because all activity and connections to and from CloudPoint must be stopped
to get a consistent CloudPoint backup. Enter the following
$ docker ps | grep veritas
This command should not return any actively running CloudPoint containers.
Restoring CloudPoint
4 (Optional) If there are still active containers, repeat step 3. If that does not
work, run the following command on each active container:
$ docker kill container_name
For example:
$ docker kill flexsnap-api
5 Backup the folder /cloudpoint. Use any backup method you prefer. For
example:
$ tar czf cldpt_dr.tar.gz /cloudpoint
To restore CloudPoint, you can do one of the following:
■ Recover CloudPoint using a snapshot you have in the cloud
■ Recover CloudPoint using a backup on-premises
To recover CloudPoint using a snapshot you have in the cloud
1 Using your cloud provider's dashboard or console, create a volume from the
existing snapshot.
2 Create a new virtual machine with specifics equal to or better than your previous
CloudPoint server.
3 Install docker on the new server.
4 Attach the newly-created volume to this CloudPoint server instance.
5 Create the CloudPoint installation directory on this server. Use the following
syntax:
$ mkdir /full_path_to_cloudpoint_installation_directory
For example:
$ mkdir /cloudpoint
6 Mount the attached volume to the installation directory you just created. Use
the following syntax:
$ mount /dev/device-name /full_path_to_cloudpoint_installation_directory
For example:
$ mount /dev/xvdb /cloudpoint
7 Verify that all CloudPoint related configuration data and files are in the directory.
Enter the following:
$ ls -l /cloudpoint
8 Download or copy the CloudPoint installer binary to the new server.

9 Install CloudPoint. The installation program detects an existing version of
CloudPoint and re-install all CloudPoint services without over-writing existing
content. In the following output, not the line that indicates that the operation is
a re-install.

Configuration started at time Fri May 4 22:20:47 UTC 2018

This is a re-install.
Checking if a 1.0 release container exists ...
10 When the installation completes, you can resume working with CloudPoint with
your existing credentials.
To recover CloudPoint using a backup on-premises

1 Copy the existing CloudPoint backup to the new CloudPoint server and extract
it to the CloudPoint installation directory. In the following example, because
/cloudpoint was backed up, the command creates a new /cloudpoint
directory.
$ tar zxf cldpt_dr.tar.gz -C /cloudpoint/
2 Download or copy the CloudPoint installer binary to the new server.

3 Install CloudPoint. The installation program detects an existing version of
CloudPoint and re-install all CloudPoint services without over-writing existing
content. In the following output, not the line that indicates that the operation is
a re-install.

Configuration started at time Fri May 4 22:20:47 UTC 2018

This is a re-install.
Checking if a 1.0 release container exists ...
Note: If you are using CloudPoint version 2.1.0.x then you must install the licenses
manually. When CloudPoint recovers, no licenses are installed. Hence, you must
install the licenses manually.
Section 4
Maintaining CloudPoint
■ Chapter 17. CloudPoint logs
■ Chapter 18. Troubleshooting CloudPoint
■ Chapter 19. Upgrading CloudPoint
■ Chapter 20. Working with your CloudPoint license

Chapter 17
CloudPoint logs
■ CloudPoint logs
CloudPoint logs
CloudPoint maintains the following logs to monitor activity and troubleshoot issues.
The logs are stored on the path installation_path/cloudpoint/logs. CloudPoint
retains multiple versions of each log, with a number appended to the log name; for
example, flexsnap-agent.log.2.
Table 17-1 CloudPoint logs
Log Description
flexsnap-agent-<agnet-id>.log The log file for storing specific child agent

configuration.
There can be multiple child agent log files. The log

file is generated after a new configuration is
validated and the child agent is spawned to handle
that configuration.
The log file for the agents that stores all the error
logs related to agent and the plugins that the agent
is managing. The offhost-agent only deals with
offhost plugins like AWS, Azure, GCP, or array
plugins. All the tasks like discovering the assets,
creating, restoring, and deleting snapshots which
are done by the agent and the plugin are stored in
this log file. The flexsnap-coordinator requests the
agent services based on the asset type to create,
restore, delete, or find asset in the cloud.
CloudPoint logs 146
CloudPoint logs
Table 17-1 CloudPoint logs (continued)
Log Description
flexsnap-api.log The log for the service that translates RESTful API
requests into JSON-formatted requests. These
requests are sent to the coordinator.
flexsnap-auth.log The log for the authentication service. It records

authentication requests coming through RabbitMQ
when other services connect. Typically, you do not
need to examine this file. This log is primarily for
support use.
flexsnap-coordinator.log The log for the service that manages a database

of assets. The coordinator also routes requests
from the API service to the appropriate agents.
flexsnap-telemetry.log The log file for the telemetry service which contains
information about service life cycle including
successful telemetry operations as well as any
errors related to that service.
init.log The log for recording the installation activities.
flexsnap-classifier.log The log file for storing the error logs related to the
classification and indexing activity performed on
the snapshot. As the flexsnap-classifier interfaces
with VIC and MongoDB you can also find logs
related to connection to these containers.
Note: This log file is available in CloudPoint
Release 2.0.1 and later.
flexsnap-agent-offhost.log The log file for the parent offhost agent that stores
the error logs related to the new plugins
configuration addition. This log file is generated by
parent agent. Parent agent is a stand alone agent
which validate to new plugin configuration which
is not owned any configuration. It does not contain
any specific plugin discovery log. This file contains
initial configuration validation log before spawning
child agent. Once child agent is spawned to handle
plugin configuration, the configuration log is
redirected to new log file with the name
flexsnap-agent-<agentid>.log
CloudPoint logs 147
CloudPoint logs
Table 17-1 CloudPoint logs (continued)
Log Description
flexsnap-agent-onhost.log The log file for the agents that stores all the error
logs related to agent and the plugins that the agent
is managing. The onhost-agent deals with plugins
that can run inside a host like the application
plugins like Oracle, Linux, Mongo, and so on.
All the tasks like discovering the assets, creating,

restoring, deleting snapshots which are done by
the agent and the plugin are stored in this log file.
The flexsnap-coordinator requests the agent
services based on the asset type to create, restore,
delete, or find asset in the cloud.
email_service.log The log file for storing the logs related to the email
service. The log file stores the start up information
of the service, the RabbitMQ calls made to the
service, connection issues while setting up
RabbitMQ. and any errors during an internal call.
identity_manager_service.log The log file for the Identity Management Service

(IDM). It stores the logs for any REST call received
by IDM (create user, modify user, login), any
requests over RabbitMQ received by IDM (create
prebake user, validate token), errors on IDM
(unauthorized), step by step information of certain
operations done by IDM.
flexsnap-indexingsupervisor.log The log file for storing the logs related to

coordinating the workflow for indexing and
classification. The indexing supervisor service
cooperates with the flexsnap-coordinator and
flexsnap-classifier service to index and/or classify
snapshots. The indexing supervisor is responsible
for queuing and subsequently running indexing
and classification jobs.
nginx_access.log The log file is generated by nginx web-server.
nginx_error.log The log file is generated by the nginx web-server.
api-gateway.log The log file for storing the details of the proxy that
routes requests/responses between the
application's web console and back-end services.
This log file is configured by the API and not from
the flexsnap.conf file.
Chapter 18
Troubleshooting
CloudPoint
■ Restarting CloudPoint
■ Docker may fail to start due to a lack of space
■ Some CloudPoint features do not appear in the user interface
Restarting CloudPoint
If you need restart CloudPoint after an error, it's important that you restart it correctly
so your environmental data is preserved.
Warning: Do not use commands such as docker restart or docker stop and
docker start. Use the docker run command described below,
Troubleshooting CloudPoint 149
Docker may fail to start due to a lack of space
To restart CloudPoint
◆ On the instance where CloudPoint is installed, enter the following command
format:
# sudo docker run -it --rm -v

/cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock
veritas/flexsnap-cloudpoint:version.build_number restart
For example:
# sudo docker run -it --rm -v

/cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock
veritas/flexsnap-cloudpoint:2.0.2.4815 restart
Docker may fail to start due to a lack of space

During CloudPoint deployment, the Docker image may fail to start if there is not
enough space for the MongoDB database. The failure occurs after you enter the
docker run command.
The following procedure shows the steps to take if the image fails to start.
1 Check the log file /mount-point-from-host/logs/init.log. Note that
MongoDB starts, then immediately stops. (See the information messages in
bold.)
# sudo cat /mount-point-from-host/logs/init.log

Oct 03 11:24:45 init: INFO - Veritas CloudPoint init process starting up.
Oct 03 11:24:45 init: INFO - Veritas CloudPoint init process starting up.
Oct 03 11:24:45 init: INFO - Started mongodb[9]
Oct 03 11:24:45 init: INFO - Started mongodb[9]
Oct 03 11:24:45 init: INFO - mongodb already stopped, 100
Oct 03 11:24:45 init: INFO - mongodb already stopped, 100
2 Verify the amount of available space on the host boot disk. MongoDB needs
about 4 GB of space. In the example below, only 1.6 GB is available.
# sudo df -kh /
Filesystem Size Used Avail Use% Mounted on
/dev/xvda1 7.7G 6.2G 1.6G 80% /
Some CloudPoint features do not appear in the user interface
3 Free up space on the book disk.

4 After the boot disk has more than 4.0 GB of available space, restart the
container.
# sudo docker restart container-id
Some CloudPoint features do not appear in the

user interface
If certain CloudPoint features do not appear in the user interface, the first step is
to verify which CloudPoint license you have. The license type determines which
features you can access.
To display your CloudPoint license type

1 From the top of any CloudPoint page click the Settings icon (gear) and select
Licensing.
2 On the Licensing page, not the type of license you have.

3 Review the features supported by your license.

See Table 18-1 on page 152.
4 If your license does not support the feature you want, consider upgrading your
license.
Table 18-1 CloudPoint licenses and supported features
Category Basic license Express license Enterprise license

(free)
Use cases Snapshot Same as Basic ■ Snapshot management

management and and orchestration
orchestration ■ Data protection
Clouds ■ Amazon Web Same as Basic Same as Basic

Services (AWS)
■ Google Cloud
Platform
■ Microsoft Azure
Workloads ■ Hosts Same as Basic ■ Amazon Aurora database

■ Volumes ■ Amazon RDS
■ Linux file system
■ Microsoft Windows file
system
■ Oracle
■ SQL
Storage arrays All supported Same as Basic ■ Agentless

arrays ■ Application-consistent
snapshots
■ Snapshot replication
■ Granular restore
■ Indexing and classification
Note: Both granular restore

and indexing and
classification are available as
Technical Preview features in
version 2.0.1 and later.
Support VOX CloudPoint Veritas Essential Same as Express

Community forum Support
Table 18-1 CloudPoint licenses and supported features (continued)
Category Basic license Express license Enterprise license

(free)
Subscription N/A 12, 24, or 36 Same as Express

months
Meter FETB <= 10 TB One of the Same as Express

following:
■ Per FETB
subscription
■ Per instance
subscription (a
bundle 10)

Chapter 19
Upgrading CloudPoint
■ Preparing to upgrade CloudPoint
■ Upgrading CloudPoint
Preparing to upgrade CloudPoint

Note: Before you upgrade CloudPoint, make sure that your virtual machine or
physical host meets the requirements of the new version.

When you upgrade CloudPoint, all the snapshot data and configuration data from
your previous version is maintained in the external /cloudpoint volume. This
information is external to the container and the image, so it is preserved during the
upgrade.
When you upgrade CloudPoint, we strongly recommend that you upgrade it on the
same host or on a different host to which the CloudPoint data volume of the previous
version is attached. Two versions of CloudPoint on two different hosts should not
manage the same resources.
The following scenario illustrates why having two versions of CloudPoint on two
different hosts manage the same resources creates problems:
■ CloudPoint 1.0 on host A and CloudPoint 1.0.2 on host B both manage the
assets of the same AWS account.
■ On CloudPoint 1.0, the administrator takes a snapshot of an AWS virtual
machine. The database on CloudPoint instance A stores the virtual machine's
metadata. This metadata includes the virtual machine's storage size and its disk
configuration.
Upgrading CloudPoint 155
■ Later, on the CloudPoint 1.0.2 host, the administrator restores the virtual machine
snapshot. CloudPoint 1.0.2 does not have access to the virtual machine's
metadata. It restores the snapshot, but it does not know the virtual machine's
specific configuration. Instead, it substitutes default values for the storage size
configuration. The result is a restored virtual machine that does not match the
original.
In the following upgrade steps, you replace the container that runs your current
version of CloudPoint with a new container.
To upgrade CloudPoint
1 Make sure that your virtual machine or physical host meets the requirements
of the new version.
2 From your browser, navigate to the CloudPoint trial page.
3 On the trial page, register and click Submit.
4 On the CloudPoint download page, click Download Now.
The CloudPoint image name has the following format:
docker load -i Veritas_CloudPoint_new_version.IE.img.gz
5 (Optional) If necessary, copy the downloaded image to the computer on which

you want to deploy CloudPoint.
6 Make sure that there are no protection policy snapshots or other operations in
progress.
7 Log out from the CloudPoint user interface.
8 Run the following command as root to stop CloudPoint.
# docker run --rm -it -v /cloudpoint:/cloudpoint -v \

/var/run/docker.sock:/var/run/docker.sock \
veritas/flexsnap-cloudpoint:current_version stop
9 Run the following command as root.
# docker run --rm -it -v /cloudpoint:/cloudpoint -v \

/var/run/docker.sock:/var/run/docker.sock \
veritas/flexsnap-cloudpoint:new_version install
Upgrading CloudPoint 156
10 The installation of the new CloudPoint container detects old CloudPoint running
containers and asks for confirmation before removing it.
Press Y to remove the old CloudPoint container.
11 Refresh your web browser and log in to the CloudPoint user interface.
12 Verify the CloudPoint version. Click on Settings and select About. The Current
Version field should indicate the new version you just installed.
13 Verify that your CloudPoint data is still present.
Chapter 20
Working with your
CloudPoint license
■ Displaying CloudPoint license and protection information
■ Upgrading your CloudPoint license
Displaying CloudPoint license and protection

information
To display CloudPoint license and protection information
1 From the Settings drop-down list, select Licensing.
2 Review the Licensing page. Note the following:

Working with your CloudPoint license 158
Upgrading your CloudPoint license
■ Under the License summary you can view the type of license in effect and
the amount of license used.
■ Under License summary, you can, view the license metering type; Instance
or FETB, current license in effect, current consumption, number of remaining
ronths in case of subscription based licensing, and the last date.
When you upgrade from free license to paid license, your free license
consumption is transferred to the paid license.
See “Understanding your CloudPoint license” on page 11.


CloudPoint is distributed with a free license. It does not expire, and it gives you a
chance to try out a subset of features in your preferred cloud. This license lets you
protect up to 10 TB of front-end terra byte data (FETB).
CloudPoint also offers three paid subscription licenses. If you need more advanced
features, you can upgrade your license and unlock the bundle that is right for you.
CloudPoint's paid licenses are the following:
■ Enterprise - This license lets you take application-consistent snapshots of your
workloads, such as Oracle, SQL, and Amazon Web Services (AWS). This license
also gives you advanced features such as snapshot replication.
■ Cloud - This license supports only cloud plug-ins. It lets you take
application-consistent snapshots of your workloads, such as AWS, GCP, and
Azure.
■ On-prem - This license supports only on-prem plug-ins. It lets you take
application-consistent snapshots of your workloads, such as array plug-ins,
hypervisor, and so on.
Your Veritas representative can help you decide which paid license is right for you.
A CloudPoint license is an XML file, with an .slf (Symantec License File) file type.

To upgrade your CloudPoint
1 Use the download link that is provided by your Veritas representative to
download the license file to your local machine. If necessary, copy the file to
the machine on which your display the CloudPoint user interface. The following
example upgrades the CloudPoint Basic license to an Enterprise license.
2 Sign in to the CloudPoint user interface.
See “Signing in to CloudPoint” on page 89.
3 From the Settings drop-down list, select Licensing.
4 On the Licensing page, click Upload License.

5 On the Upload License dialog box, click Select File.
6 Navigate to your license file and click Open.
7 On the Upload License dialog box, click Upload File.
8 The License page lists the new license. The following example shows that the
Enterprise license is active and in effect. The license is measure in terms of
front-end terra byte (FETB) data. You can also purchase an Enterprise license
based on the number of instances to protect.

See “Displaying CloudPoint license and protection information” on page 157.
Section 5
Reference
■ Chapter 21. Storage array support
■ Chapter 22. Working with CloudPoint using APIs

Chapter 21
Storage array support
■ Dell EMC Unity arrays
■ Hewlett-Packard Enterprise (HPE) 3PAR array
■ Pure Storage FlashArray
■ Huawei OceanStor arrays
Dell EMC Unity arrays

This section describes the following:
■ The parameters you must supply to configure the Dell EMC Unity array plug-in
■ The Dell EMC Unity arrays that CloudPoint supports
■ The CloudPoint operations you can perform on Dell EMC Unity array assets
Dell EMC Unity array plug-in configuration parameters

When you configure the Dell EMC Unity array plug-in, specify the parameters shown
in the following table.
Table 21-1 Dell EMC Unity array plug-in configuration parameters
Array IP Address The array's IP address
Username The user name used to access the array
Password The password used to access the array

Storage array support 163
Dell EMC Unity arrays
Supported Dell EMC Unity arrays

You can use CloudPoint to discover and protect the following Dell EMC Unity array
models.
Table 21-2
Category Supported
Array model Unity 600
Theoretically, other models will work also because CloudPoint

does not include any model-specific coding. Other models
include the following:
■ Unity 300 and Unity 300F ("F" indicates that it is a flash

array)
■ Unity 400 and Unity 400F
■ Unity 500 and Unity 500F
■ Unity 600F
Firmware version 4.2.1.9535982
Library storops
Supported CloudPoint operations on Dell EMC Unity arrays

You can perform the following CloudPoint operations on supported Dell EMC Unity
arrays:
■ List all the disks.
■ Create a copy-on-write (COW) snapshot of a LUN.
Following naming conventions must be followed while creating a snapshot.
■ Name can be lowercase or uppercase.
■ Name can use any ASCII character.
■ Name can include special characters.
■ Delete a COW snapshot of a LUN.

■ Restore a LUN using a COW snapshot. The snapshot overwrites the original
object.
Note: You cannot snapshot LUNs which are under a consistency group. The reason
for this limitation is that to restore a single LUN snapshot would restore the entire
consistency group.
Hewlett-Packard Enterprise (HPE) 3PAR array
Hewlett-Packard Enterprise (HPE) 3PAR array

■ The information you must supply to configure the 3PAR array plug-in
■ The 3PAR arrays that CloudPoint supports
■ The CloudPoint operations you can perform on 3PAR array assets
Required 3PAR array configuration information

Array IP Address The IP address of the 3PAR array
Username The user name that is used to log in to the array
Password The password that is used to log in to the array
Supported 3PAR arrays

Table 21-3
Category Supported
Array model HP_3PAR 8200
Firmware version 3.1.3 firmware
Required software HP 3PAR Management Console 4.5.0

development kit
Library hpe3parclient
Supported CloudPoint operations on 3PAR array assets

You can perform the following operations on supported 3PAR array assets:
■ List all the disks.
■ Create a copy-on-write (COW) virtual copy or clone (physical copy) snapshots
of a volume.
Note: Snapshot name must be between 1 through 31 characters in length. For

a snapshot of a volume set, use name patterns that are used to form the
snapshot volume name. See, VV Name Patterns in the HPE 3PAR Command
Line Interface Reference, available from the HPE Storage Information Library.
■ Delete a COW virtual copy or clone physical snapshots of a volume.

■ Restore COW virtual copy snapshots of a volume, overwriting the original object.

■ The parameters you must supply to configure the Pure Storage FlashArray
plug-in
■ The FlashArray models that CloudPoint supports
■ The CloudPoint operations you can perform on FlashArray assets
Pure Storage FlashArray plug-in configuration parameters

When you configure the Pure Storage FlashArray plug-in, specify the parameters
shown in the following table.
Table 21-4 Pure Storage FlashArray plug-in configuration parameters
IP Address The array's IP address
Supported Pure Storage FlashArray models

You can use CloudPoint to discover and protect the following Pure Storage
FlashArray models.
Table 21-5 Supported Pure Storage FlashArray models
Category Supported
Array model FA-405

Huawei OceanStor arrays
Table 21-5 Supported Pure Storage FlashArray models (continued)
Category Supported
Firmware version 4.10.6
Supported CloudPoint operations on Pure Storage FlashArray models

You can perform the following CloudPoint operations on supported Pure Storage
FlashArray models:
■ Discover and list all volumes.
■ Create a clone snapshot of a volume.
Note: A snapshot name comprises of "Diskname+ snapshotname". Snapshot

suffix must be between 1 through 63 characters in length and can be
alphanumeric. The snapshot name must begin and end with a letter or number.
The suffix must include at least one letter or '-'.
■ Delete a clone snapshot.

■ Restore the original volume from a snapshot. The snapshot overwrites the
original volume.

■ The parameters you must supply to configure the Huawei OceanStor Storage
Array plug-in
■ The Huawei OceanStor models that CloudPoint supports
■ The CloudPoint operations you can perform on assets Huawei OceanStor plug-in
configuration parameters
Huawei OceanStor array plug-in configuration parameters

When you configure the Huawei OceanStor plug-in, specify the parameters shown
in the following table.
Table 21-6 Huawei OceanStor array plug-in configuration parameters
configuration
parameter
Array IP Address The array's IP address
Supported Huawei OceanStor arrays

You can use CloudPoint to discover and protect the following Huawei array models.
Table 21-7
Category Supported
Array model OceanStor 5600 v3
Version V300R006C10
Patch SPC100
Table 21-8 List of supported model on Huawei array plugin by CloudPoint
Series Model
OceanStor V3 series ■ OceanStor 2200 V3

■ OceanStor 2600 V3
Table 21-8 List of supported model on Huawei array plugin by CloudPoint

(continued)
Series Model
OceanStor V3 Flash series ■ OceanStor 2600F V3

■ OceanStor 5500F V3
OceanStor V5 series ■ OceanStor 2800 V5

■ OceanStor 5500 V5 Elite
OceanStor V5 Flash series ■ OceanStor 5300F V5

OceanStor Dorado V3 series ■ OceanStor Dorado5000 V3

■ OceanStor Dorado6000 V3
■ OceanStor Dorado18000 V3
Supported CloudPoint operations on Huawei OceanStor array

You can perform the following CloudPointoperations on supported Huawei
OceanStor models:
■ Discover and list all luns.
■ Create a snapshot of a lun.
Note: Snapshot name must be between 1 through 63 characters in length and

can be alphanumeric. Snapshot name can contain, integers, letters, hyphen'-',
underscore '_', and dot'.'
■ Delete a snapshot.
■ Restore the original lun from a snapshot. The snapshot overwrites the original
lun.
Chapter 22
Working with CloudPoint
using APIs
■ Accessing swagger API documentation
Accessing swagger API documentation

You can access theCloudPoint API documentation using the swagger URL.
To access swagger url from browser
◆ Open your browser and point it to the following url:
https://docker_host_name/CloudPoint/docs

CP Admin 21 Ubuntu

Uploaded by

Document Informationclick to expand document information

Document Informationclick to expand document information

Copyright:

Available Formats

CP Admin 21 Ubuntu

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CP Admin 21 Ubuntu

Uploaded by

Copyright:

Available Formats

Veritas CloudPoint 2.

Document version: 2.1 Rev 3

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED

Veritas Technologies LLC

Worldwide (except Japan) [email protected]

Chapter 1 Getting started with CloudPoint ...................................... 9

About CloudPoint ........................................................................... 9

Section 1 Installing and configuring CloudPoint

Chapter 2 Preparing for installation ................................................. 15

About the deployment approach ...................................................... 15

Chapter 3 Deploying CloudPoint ...................................................... 24

Deploying CloudPoint .................................................................... 24

Chapter 4 Using plug-ins to discover assets ................................. 32

Chapter 5 Configuring off-host plug-ins .......................................... 35

Configuring an off-host plug-in ........................................................ 35

Configuring permissions on Amazon Web Services ...................... 39

Chapter 6 Configuring the on-host agents and plug-ins ............ 51

Chapter 7 Protecting assets with CloudPoint's agentless

Section 2 Configuring users ...................................................... 71

Chapter 8 Setting up email and adding users ............................... 72

Chapter 9 Assigning roles to users for greater efficiency

About role-based access control ...................................................... 81

Section 3 Protecting and managing data ......................... 88

Chapter 11 Protecting your assets with policies ............................. 94

Chapter 12 Replicating snapshots for added protection ............ 108

About replication ......................................................................... 108

Chapter 13 Managing your assets .................................................... 113

Chapter 14 Monitoring activities with notifications and the job

Chapter 15 Indexing and classifying your assets ......................... 134

About indexing and classifying snapshots ........................................ 134

Chapter 16 Protection and disaster recovery ................................ 138

About protection and disaster recovery ............................................ 138

Section 4 Maintaining CloudPoint ....................................... 144

Chapter 17 CloudPoint logs ................................................................ 145

CloudPoint logs .......................................................................... 145

Chapter 18 Troubleshooting CloudPoint ......................................... 148

Chapter 19 Upgrading CloudPoint .................................................... 154

Preparing to upgrade CloudPoint ................................................... 154

Chapter 20 Working with your CloudPoint license ....................... 157

Section 5 Reference ...................................................................... 161

Chapter 22 Working with CloudPoint using APIs ......................... 170

Accessing swagger API documentation ........................................... 170

■ What kinds of assets can you protect?

■ Understanding your CloudPoint license

Figure 1-1 Your path through CloudPoint

As you review the figure, keep in mind the following.

What kinds of assets can you protect?

Table 1-1 Supported assets

Category Supported assets

Applications ■ Amazon Relational Database Service (RDS) applications and Aurora

Disks ■ Dell EMC Unity arrays

File systems ■ Linux

Hosts ■ AWS EC2 instances

Understanding your CloudPoint license

Table 1-2 CloudPoint licenses and supported features

Free Enterprise Cloud On-prem

Use Case Snapshot ■ Snapshot ■ Snapshot ■ Snapshot