NetBackup77 AdminGuide Cloud
NetBackup77 AdminGuide Cloud
Administrator's Guide
Release 7.7
Symantec NetBackup™ Cloud Administrator's Guide
Documentation version: 7.7
Legal Notice
Copyright © 2015 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, the Checkmark Logo, NetBackup, Veritas, and the Veritas
Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the
U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Technical Support
Symantec Technical Support maintains support centers globally. Technical Support’s
primary role is to respond to specific queries about product features and functionality.
The Technical Support group also creates content for our online Knowledge Base.
The Technical Support group works collaboratively with the other functional areas
within Symantec to answer your questions in a timely fashion. For example, the
Technical Support group works with Product Engineering and Symantec Security
Response to provide alerting services and virus definition updates.
Symantec’s support offerings include the following:
■ A range of support options that give you the flexibility to select the right amount
of service for any size organization
■ Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
■ Upgrade assurance that delivers software upgrades
■ Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
■ Premium service offerings that include Account Management Services
For information about Symantec’s support offerings, you can visit our website at
the following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.
Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates, such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade assurance and support contracts
■ Information about the Symantec Buying Programs
■ Advice about Symantec's technical support options
■ Nontechnical presales questions
■ Issues that are related to CD-ROMs, DVDs, or manuals
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:
Provider Topic
Provider Topic
Google Nearline See “About the Google Nearline cloud storage requirements”
on page 23.
Hitachi See “About the Hitachi cloud storage requirements” on page 24.
Verizon See “About the Verizon cloud storage requirements” on page 27.
Feature Details
Encryption NetBackup Cloud Storage Encryption encrypts the data inline before it is sent
to the cloud. Encryption interfaces with the NetBackup Key Management
Service (KMS) to leverage its ability to manage encryption keys.
The encryption feature uses an AES 256 cipher feedback (CFB) mode
encryption.
About NetBackup Cloud storage 11
About cloud storage features and functionality
Feature Details
Throttling NetBackup Cloud Storage throttling controls the data transfer rates between
your network and the cloud. The throttling values are set on a per NetBackup
media server basis.
In certain implementations, you want to limit WAN usage for backups and
restores to the cloud. You want to implement this limit so you do not constrain
other network activity. Throttling provides a mechanism to the NetBackup
administrators to limit NetBackup Cloud Storage traffic. By implementing a
limit to cloud WAN traffic, it cannot consume more than the allocated
bandwidth.
NetBackup Cloud Storage Throttling lets you configure and control the
following:
Metering The NetBackup Cloud Storage metering reports enable you to monitor data
transfers within NetBackup Cloud Storage.
Feature Details
Storage Symantec currently supports several cloud storage providers. More information
providers is available about each of these vendors.
See “About the Google Nearline cloud storage requirements” on page 23.
OpsCenter Monitoring and reporting of the data that is sent to cloud storage is available
Reporting through new cloud reports in OpsCenter. The cloud reports include:
■ Job Success Rate: Success rate by backup job level across domains,
clients, policies, and business level views filtered on cloud-based storage.
■ Data Expiring In Future: Data that expires each day for the next seven
days filtered on cloud-based storage.
■ Cloud Metering: Historical view of the data that is written to cloud per
cloud provider.
■ Average Data Transfer Rate: Historical view of average data transfer
rate to cloud per cloud provider.
■ Cloud Metering Chargeback: Ranking, forecast, and distribution view
of the cost that is incurred on cloud-based storage per cloud provider.
■ Saving a record of the KMS key names for NetBackup cloud storage encryption
Step 1 Create NetBackup log file directories on See “NetBackup cloud storage log files” on page 117.
the master server and the media servers
See “Creating NetBackup log file directories” on page 116.
Step 2 Review the cloud installation See “Cloud installation requirements” on page 16.
requirements
Step 3 Determine the requirements for See “About the cloud storage providers” on page 17.
provisioning and configuring your cloud
storage provider in NetBackup
Step 4 Configure the global cloud storage host See “Scalable Storage properties” on page 29.
properties as necessary
Step 5 Understand the role of the Cloud See “About the NetBackup CloudStore Service Container”
Storage Service Container on page 34.
Configuring cloud storage in NetBackup 16
Cloud installation requirements
Step 6 Provision a security certificate for See “NetBackup CloudStore Service Container security certificates”
authentication on the media servers on page 35.
Step 8 Configure the storage server See “About cloud storage servers” on page 40.
Step 9 Configure the disk pool See “About cloud storage disk pools” on page 77.
Step 10 Configure additional storage server See “NetBackup cloud storage server properties” on page 67.
properties
See “Changing cloud storage server properties” on page 66.
Step 11 Add additional media servers Adding additional media servers is optional.
Step 12 Configure a storage unit See “Configuring a storage unit for cloud storage” on page 91.
Step 13 Configure NetBackup Accelerator and Accelerator and optimzed synthetic backups are optional.
optimized synthetic backups
See “About NetBackup Accelerator and NetBackup Optimized
Synthetic backups” on page 95.
Step 14 Configure a backup policy See “Creating a backup policy” on page 99.
Requirement Details
NetBackup media For the operating systems that NetBackup supports for cloud
server platform support storage, see the NetBackup operating system compatibility list
available through the following URL:
http://www.netbackup.com/compatibility
Cloud storage provider You must have an account created with your preferred cloud storage
account provider before you configure NetBackup Cloud Storage. Please
refer to the list of available NetBackup cloud storage providers.
NetBackup cloud NetBackup cloud storage is enabled through the NetBackup Data
storage licensing Protection Optimization Option license key.
Amazon See “About the Amazon cloud storage requirements” on page 18.
AT&T See “About AT&T Synaptic cloud storage requirements” on page 20.
Google Nearline See “About the Google Nearline cloud storage requirements”
on page 23.
Hitachi See “About the Hitachi cloud storage requirements” on page 24.
Verizon See “About the Verizon cloud storage requirements” on page 27.
Requirement Details
License You must have a NetBackup Data Protection Optimization Option license
requirement key.
Configuring cloud storage in NetBackup 19
About the cloud storage providers
Requirement Details
Amazon account You must obtain an Amazon Simple Storage Service (S3) account and
requirements the associated user name and password. You also must obtain an
Amazon access ID and secure access token.
Buckets The following are the requirements for the Amazon storage buckets:
Bucket names Symantec recommends that you use NetBackup to create the buckets
that you use with NetBackup. The Amazon S3 interface may allow the
characters that NetBackup does not allow. Consequently, by using
NetBackup to create the buckets you can limit the potential problems.
The following are the NetBackup requirements for bucket names:
Note: The buckets are not available for use in NetBackup in the
following scenarios: a. If you have created the buckets in a region that
NetBackup does not support. b. The bucket name does not comply with
the bucket naming convention.
Number of disk You can create a maximum of 90 disk pools. Attempts to create more
pools than 90 disk pools generate a “failed to create disk volume, invalid
request” error message.
NetBackup supports the private clouds from the supported cloud providers.
See “About private clouds from Amazon S3-compatible cloud providers” on page 28.
More information about Amazon S3 is available from Amazon.
http://aws.amazon.com/s3/
See “About the cloud storage providers” on page 17.
Table 2-5 describes the details and requirements of Amazon GovCloud (US) in
NetBackup.
Requirement Details
Amazon GovCloud You must obtain an Amazon GovCloud account and the associated
(US) account user name and password. You also must obtain an Amazon GovCloud
requirements access ID and secure access token.
Buckets The following are the requirements for the Amazon GovCloud storage
buckets:
Bucket names Symantec recommends that you use NetBackup to create the buckets
that you use with NetBackup. The Amazon S3 interface may allow the
characters that NetBackup does not allow. Consequently, by using
NetBackup to create the buckets you can limit the potential problems.
Number of disk You can create a maximum of 90 disk pools. Attempts to create more
pools than 90 disk pools generate a “failed to create disk volume, invalid
request” error message.
Requirement Details
User account An AT&T Synaptic user ID and password are required to create the storage
server.
Storage The following are the requirements for AT&T cloud storage:
requirements
■ You must have a NetBackup Data Protection Optimization Option license
key.
■ You must use NetBackup to create the volume for your NetBackup
backups.
The volume that NetBackup creates contain a required Symantec Partner
Key. If you use the AT&T Synaptic interface to create the volume, it does
not contain the partner key. Consequently, that volume cannot accept
data from NetBackup.
■ The logical storage unit (LSU) name (that is, volume name) must be 50
or fewer characters.
You can use the following characters for the volume name:
■ Any of the 26 letters of the International Standards Organization (ISO)
Latin-script alphabet, both uppercase (capital) letters and lowercase
(small) letters. These are the same letters as the English alphabet.
■ Any integer from 0 to 9, inclusive.
■ Any of the following characters:
`#$_-',
■ You must have an AT&T Synaptic account user name and password.
NetBackup supports the private clouds from the supported cloud providers.
See “About private clouds from AT&T” on page 21.
More information about AT&T Synaptic is available from AT&T.
http://www.business.att.com/enterprise/Family/cloud/storage/
Specify the internal host 1 On the select media server panel of the Cloud Storage
in the Cloud Storage Configuration Wizard, click Advanced Settings.
Configuration Wizard
2 On the Advanced Server Configuration dialog box, select
Override storage server and enter the name of the host to
use as the storage server.
Specify the internal host If you specify the name of the internal host in a configuration file,
in a configuration file the Cloud Storage Configuration Wizard uses that host as the
cloud storage server.
2 In the section of the file for your cloud provider type, change
the value of the following parameter to the internal host:
DEFAULT_STORAGE_SERVER_NAME
Use the fully qualified host name or ensure that your network
environment can resolve the host name to an IP address.
CLOUD_PROVIDER_URL
Before you configure a private cloud in NetBackup, it must be set up and available.
See “Configuring a storage server for cloud storage” on page 42.
Table 2-7 describes the details and requirements of Cloudian in NetBackup. Cloudian
HyperStore uses the Amazon S3 protocol for its storage.
Requirement Details
License requirement You must have a NetBackup Data Protection Optimization Option
license key.
Cloudian account You must obtain a Cloudian Cloud Services account and the
requirements associated user name and password. You must also obtain a Cloudian
Cloud Services access ID and secure access token.
Buckets For more details on the bucket requirements (for example, the
maximum number of buckets that you can create), contact Cloudian
cloud provider.
Bucket names Symantec recommends that you use NetBackup to create the buckets
that you use with NetBackup. The Amazon S3 interface may allow
the characters that NetBackup does not allow. Consequently, by using
NetBackup to create the buckets you can limit the potential problems.
Number of disk You can create a maximum of 90 disk pools. Attempts to create more
pools than 90 disk pools generate a “failed to create disk volume, invalid
request” error message.
Note: Among the Standard, Durable Reduced Availability (DRA), and Nearline
storage classes by Google cloud, NetBackup supports only Nearline storage class.
When you create a Google cloud storage, NetBackup by default uses the Nearline
storage class.
Table 2-8 describes the details and requirements of Google Nearline in NetBackup.
Google Nearline uses the Amazon S3 protocol for its storage.
Configuring cloud storage in NetBackup 24
About the cloud storage providers
Requirement Details
Google Nearline You must obtain a Google Nearline account and the associated user
account name and password. You also must obtain a Google Nearline access
requirements ID and secure access token.
Buckets The following are the requirements for the Google Nearline storage
buckets:
■ You can delete empty buckets and then reuse the bucket name.
■ You can create buckets in any Google Nearline storage region.
Bucket names Symantec recommends that you use NetBackup to create the buckets
that you use with NetBackup. The Amazon S3 interface may allow the
characters that NetBackup does not allow. Consequently, by using
NetBackup to create the buckets you can limit the potential for
problems.
Number of disk You can create a maximum of 90 disk pools. Attempts to create more
pools than 90 disk pools generate a “failed to create disk volume, invalid
request” error message.
Requirement Details
License You must have a NetBackup Data Protection Optimization Option license
requirement key.
Hitachi account You must obtain a Hitachi Cloud Services account and the associated user
requirements name and password. You must also obtain a Hitachi Cloud Services access
ID and secure access token.
Buckets For more details on the bucket requirements (for example, the maximum
number of buckets that you can create), contact Hitachi cloud provider.
Note: Hitachi refers to buckets as namespaces.
Bucket names Symantec recommends that you use NetBackup to create the buckets that
you use with NetBackup. The Amazon S3 interface may allow the
characters that NetBackup does not allow. Consequently, by using
NetBackup to create the buckets you can limit the potential problems.
Number of disk You can create a maximum of 90 disk pools. Attempts to create more than
pools 90 disk pools generate a “failed to create disk volume, invalid request”
error message.
Requirement Details
Rackspace You must obtain a Rackspace account. The account has a user name and
Cloud Files password. You need to follow the Rackspace process to generate an access
accounts key. The user name and access key are required when you configure the
storage server.
Configuring cloud storage in NetBackup 26
About the cloud storage providers
Requirement Details
NetBackup supports the private clouds from the supported cloud providers.
See “About private clouds from Rackspace” on page 26.
More information about Rackspace Cloud Files is available from Rackspace.
http://www.rackspace.com/cloud/files
Specify the internal host 1 On the select media server panel of the Cloud Storage
in the Cloud Storage Configuration Wizard, click Advanced Settings.
Configuration Wizard
2 On the Advanced Server Configuration dialog box, select
Override storage server and enter the name of the host to
use as the storage server.
Specify the internal host If you specify the name of the internal host in a configuration file,
in a configuration file the Cloud Storage Configuration Wizard uses that host as the
cloud storage server.
2 In the section of the file for your cloud provider type, change
the value of the following parameter to the internal host:
DEFAULT_STORAGE_SERVER_NAME
Use the fully qualified host name or ensure that your network
environment can resolve the host name to an IP address.
CLOUD_PROVIDER_URL
Before you configure a private cloud in NetBackup, it must be set up and available.
See “Configuring a storage server for cloud storage” on page 42.
Requirement Details
License requirement You must have a NetBackup Data Protection Optimization Option
license key.
Configuring cloud storage in NetBackup 28
About the cloud storage providers
Requirement Details
Verizon account You must obtain a Verizon account and the associated user name
requirements and password. You also must obtain a Verizon access ID and secure
access token.
Buckets Verizon does not support creating buckets in NetBackup. For more
details on creating buckets through Verizon portal, contact Verizon
cloud provider.
While creating buckets through Verizon portal, make sure that you
take the following NetBackup requirements into consideration:
Number of disk You can create a maximum of 90 disk pools. Attempts to create more
pools than 90 disk pools generate a “failed to create disk volume, invalid
request” error message.
The Create an account with service provider link on the wizard panel opens a
cloud provider webpage in which you can create an account. If you configure a
private cloud, that webpage has no value for your configuration process.
See the NetBackup Commands Reference Guide for a complete description about
the commands. The guide is available at the following location:
http://www.symantec.com/docs/DOC5332
Property Description
Key Management Server If you configured the NetBackup Key Management Service (KMS), the name of the
(KMS) Name KMS server.
Metering Interval Determines how often NetBackup gathers connection information for reporting purposes.
NetBackup OpsCenter uses the information that is collected to create reports. The
value is set in seconds. The default setting is 300 seconds (5 minutes). If you set this
value to zero, metering is disabled.
Total Available Bandwidth Use this value to specify the speed of your connection to the cloud. The value is
specified in kilobytes per second. The default value is 102400 KB/sec.
Sampling interval The time, in seconds, between measurements of bandwidth usage. The larger this
value, the less often NetBackup checks to determine the bandwidth in use.
Configuring cloud storage in NetBackup 31
Scalable Storage properties
Property Description
Advanced Settings Click Advanced Settings to specify additional settings for throttling.
Maximum connections The default maximum number of concurrent jobs that the media server can run for the
cloud storage server.
This value applies to the media server not to the cloud storage server. If you have more
than one media server that can connect to the cloud storage server, each media server
can have a different value. Therefore, to determine the total number of connections to
the cloud storage server, add the values from each media server.
If you configure NetBackup to allow more jobs than the number of connections,
NetBackup fails any jobs that start after the number of maximum connections is reached.
Jobs include both backup and restore jobs.
You can configure job limits per backup policy and per storage unit.
Note: NetBackup must account for many factors when it starts jobs: the number of
concurrent jobs, the number of connections per media server, the number of media
servers, and the job load-balancing logic. Therefore, NetBackup may not fail jobs
exactly at the maximum number of connections. NetBackup may fail a job when the
connection number is slightly less than the maximum, exactly the maximum, or slightly
more than the maximum.
In practice, you should not need to set this value higher than 100.
Property Description
Read Bandwidth Use this field to specify the percentage of total bandwidth that read
operations can use. Specify a value between 0 and 100. If you
enter an incorrect value, an error is generated.
Property Description
Write Bandwidth Use this field to specify the percentage of total bandwidth that write
operations can use. Specify a value between 0 and 100. If you
enter an incorrect value, an error is generated.
Work time Use this field to specify the time interval that is considered work
time for the cloud connection.
Specify a start time and end time in 24-hour format. For example,
2:00 P.M. is 14:00.
Indicate how much bandwidth the cloud connection can use in the
Allocated bandwidth field. This value determines how much of
the available bandwidth is used for cloud operations in this time
window. The value is expressed as a percentage or in kilobytes
per second.
Off time Use this field to specify the time interval that is considered off time
for the cloud connection.
Specify a start time and end time in 24-hour format. For example,
2:00 P.M. is 14:00.
Indicate how much bandwidth the cloud connection can use in the
Allocated bandwidth field. This value determines how much of
the available bandwidth is used for cloud operations in this time
window. The value is expressed as a percentage or in kilobytes
per second.
Weekend Specify the start and stop time for the weekend.
Indicate how much bandwidth the cloud connection can use in the
Allocated bandwidth field. This value determines how much of
the available bandwidth is used for cloud operations in this time
window. The value is expressed as a percentage or in kilobytes
per second.
Configuring cloud storage in NetBackup 34
About the NetBackup CloudStore Service Container
Property Description
Read Bandwidth This field displays how much of the available bandwidth the cloud
(KB/s) storage server transmits to a NetBackup media server during each
restore job. The value is expressed in kilobytes per second.
Write Bandwidth This field displays how much of the available bandwidth the
(KB/s) NetBackup media server transmits to the cloud storage server
during backup jobs. The value is expressed in kilobytes per second.
Security certificates The NetBackup media server on which the CloudStore Service
Container runs must be provisioned with a security certificate.
Security modes The CloudStore Service Container can run in different security modes.
NetBackup 7.7 and The NetBackup Authentication Service generates certificates for
later media server authentication, which is the certificate that the
CloudStore Service Container uses. You must use a command to
install a certificate on a media server that you use for cloud storage.
Where the media server security certificates reside depend on the release level of
NetBackup, as follows:
NetBackup 7.7 and The certificate name is the host name that you used when you
later configured the NetBackup media server software on the host. The
path for the certificate is as follows, depending on operating system:
■ UNIX/Linux: /usr/openv/var/vxss/credentials
■ Windows:
install_dir\Veritas\NetBackup\var\VxSS\credentials
If a certificate does not exist, create one from the NetBackup master
server.
Configuring cloud storage in NetBackup 36
About the NetBackup CloudStore Service Container
NetBackup releases The following are the pathnames to the certificate, depending on
earlier than 7.7 operating system:
■ UNIX/Linux: /usr/openv/lib/ost-plugins/cssc.crt
■ Windows:
install_path\Veritas\NetBackup\bin\ost-plugins\cssc.crt
Secure mode In the default secure mode, the client components must authenticate
with the CloudStore Service Container. After authentication,
communication occurs over a secure HTTPS channel.
You can use the CSSC_IS_SECURE attribute of the cloudstore.conf file to set the
security mode. The default value is 1, secure communication.
See “NetBackup cloudstore.conf configuration file” on page 36.
See “About the NetBackup CloudStore Service Container” on page 34.
Note: You must stop the nbcssc service before you modify any of the parameters
in the cloudstore.conf file. Once you modify the parameters, restart the nbcssc
service.
Parameter Description
Specifies the path where NetBackup cloud storage plug-ins are installed.
The default path is as follows:
On Windows:
install_path\Veritas\NetBackup\bin\ost-plugins
On UNIX: /usr/openv/lib/ost-plugins
CSSC_PORT Specifies the port number where nbcssc service is running. The default
value is 5637.
CSSC_LOG_DIR Specifies the directory path where nbcssc generates log files. The
default path is as follows:
On Windows: install_path\Veritas\NetBackup\logs\nbcssc
On UNIX: /usr/openv/netbackup/logs/nbcssc
CSSC_LOG_FILE Specifies the file name that the nbcssc service uses to write its logs.
The default value is empty, which means that the NetBackup logging
mechanism determines the log file name.
CSSC_LOG_LEVEL Specifies the log level for nbcssc logging. Value 0 indicates that the
logging is disabled and non-zero value indicates that the logging is
enabled. The default value is 0.
CSSC_MASTER_PORT Specifies the port number of NetBackup master server host where the
nbcssc service runs. The default value is 5637.
Configuring cloud storage in NetBackup 38
Generating a security certificate for a media server
Parameter Description
CSSC_MASTER_NAME Specifies the NetBackup master server name. This entry indicates that
the nbcssc service runs on this host. It processes all cloud
provider-specific requests based on the CloudProvider.xml and
CloudInstance.xml files that reside at the following location:
On Windows:
install_path\Veritas\NetBackup\bin\ost-plugins
On UNIX: /usr/openv/lib/ost-plugins
symmetric key management service. The service runs on the NetBackup master
server. An additional license is not required to use the KMS functionality.
See “About key management for encryption of NetBackup cloud storage”
on page 39.
The NetBackup Cloud Storage Server Configuration Wizard and the Disk Pool
Configuration Wizard include the steps that configure key management and
encryption.
More information about data-at-rest encryption and security is available.
See the NetBackup Security and Encryption Guide:
http://www.symantec.com/docs/DOC5332
Key Description
Host Master Key The Host Master Key protects the key database. The Host Master
Key requires a pass phrase and an ID. KMS uses the pass phrase
to generate the key.
Key Protection Key A Key Protection Key protects individual records in the key
database. The Key Protection Key requires a pass phrase and an
ID. KMS uses the pass phrase to generate the key.
The following table describes the encryption keys that are required for each storage
server and volume combination. If you specified encryption when you configured
the cloud storage server, you must configure a pass phrases for the key group for
Configuring cloud storage in NetBackup 40
About cloud storage servers
the storage volumes. You enter the pass phrase for these keys when you use the
Disk Pool Configuration Wizard.
Table 2-16 Encryption keys and key records for each storage server and volume
combination
Item Description
Key group key A key group key protects the key group. Each storage server and volume
combination requires a key group, and each key group key requires a
pass phrase. The key group name must use the format for the storage
type that is described as follows:
storage_server_name:volume_name
The following items describe the requirements for the key group name
components for cloud storage:
Key record Each key group that you create requires a key record. A key record
stores the actual key that protects the data for the storage server and
volume.
A name for the key record is optional. If you use a key name, you can
use any name. Symantec recommends that you use the same name
as the volume name. The Disk Pool Configuration Wizard does not
prompt for a key record key; it uses the volume name as the key name.
More information about KMS is available in the NetBackup Security and Encryption
Guide:
http://www.symantec.com/docs/DOC5332
data. Your storage vendor provides the name of the storage server. Use that name
when you configure cloud storage in NetBackup.
When you configure a cloud storage server, it inherits the NetBackup Scalable
Storage properties.
See “Scalable Storage properties” on page 29.
After you configure the storage server, you can change the properties of the storage
server.
See “NetBackup cloud storage server properties” on page 67.
Only one storage servers exists in a NetBackup domain for a specific storage
vendor.
The NetBackup data movers back up the clients and move the data to the storage
server.
See “About cloud storage data movers” on page 41.
On the Select cloud provider panel, either select the cloud provider or in the
search box type the cloud provider name that you want to select. If the cloud
provider that you have entered exists in the list, the wizard selects it.
Click Next; a wizard panel for the selected cloud provider appears.
Configuring cloud storage in NetBackup 44
Configuring a storage server for cloud storage
4 On the wizard panel for your cloud provider, select or enter the appropriate
information. The information that is required depends on the cloud vendor.
Descriptions of the information that is required for each provider is provided in
other topics. Those topics also include examples of the wizard panels.
Note: The provider information topics may include notes, caveats, or warnings.
Ensure that you review the topics before you complete the fields in the wizard
panel.
5 To encrypt your backups, select Encrypt data using AES-256 before writing
to cloud storage on the Specify Encryption Settings panel. Then, enter the
information to protect the KMS database.
The following is an example of the panel:
If not OK, click Back until you reach the panel on which you need to make
corrections.
If OK, click Next. The wizard creates the storage server, and the Storage
Server Creation Confirmation panel appears.
7 On the Storage Server Creation Confirmation panel, do one of the following:
■ To continue to the Disk Pool Configuration Wizard, click Next.
See “Configuring a disk pool for cloud storage” on page 78.
■ To exit from the wizard, click Finish.
If you exist, you can still create a disk pool.
See “Configuring a disk pool for cloud storage” on page 78.
Configuring cloud storage in NetBackup 47
Configuring a storage server for cloud storage
Figure 2-2 Cloud Storage Server Configuration Wizard panel for Amazon
Table 2-17 describes the storage server configuration options for Amazon S3.
Service host Displays the service host from the drop-down list.
The service host is the host name of the cloud service end point of Amazon S3.
Configuring cloud storage in NetBackup 48
Configuring a storage server for cloud storage
Storage server name Displays the default Amazon storage server, which is amazon.com. You can select a storage
server other than the default one.
The drop-down list displays only those names that are available for use.
You can type a different storage server name in the drop-down list, which can be a logical
name for the cloud storage. You can create multiple storage servers with the different names
that refer to the same physical service host for Amazon. If there are no names available in
the list, you can create a new storage server name by typing the name in the drop-down list.
Note: Symantec recommends that a storage server name that you add while configuring
an Amazon S3-compatible cloud provider should be a logical name and should not match
a physical host name. For example: While you add an Amazon GovCloud storage server,
avoid using names like ‘amazongov.com’ or ‘amazon123.com’. These servers may be
physical hosts, which can cause failures during cloud storage configuration. Instead, use
storage server names like ‘amazongov1’ or ‘amazonserver1’ and so on.
Note: The Add Cloud Storage option is disabled, because Amazon S3 does not support
private cloud deployments.
Media server name Select NetBackup media server from the drop-down list. The drop-down list displays only
NetBackup 7.7 and later media servers.
Only those media servers that are enabled for cloud storage appear in the list, as follows:
■ The media server operating system must be supported for cloud storage.
For the operating systems that NetBackup supports for cloud storage, see the NetBackup
operating system compatibility list available through the following URL:
http://www.netbackup.com/compatibility
■ The NetBackup Cloud Storage Service Container (nbcssc) must be running.
■ The cloud storage binary files must be present in the ost-plugins directory.
The host that you select queries the storage vendor’s network for its capabilities and for the
available storage. The media server also becomes a data mover for your backups and
restores.
If you do not have an account, click Create an account with the service provider link.
Advanced Settings To change SSL, proxy, or HTTP header settings for Amazon S3, click Advanced Settings.
Configuring cloud storage in NetBackup 49
Configuring a storage server for cloud storage
Figure 2-3 Cloud Storage Server Configuration Wizard panel for Amazon
GovCloud
Table 2-18 describes the storage server configuration options for Amazon GovCloud.
Service host Select the host name of one of the cloud service service host
endpoints of Amazon GovCloud, as follows:
■ s3-us-gov-west-1.amazonaws.com
■ s3-fips-us-gov-west-1.amazonaws.com (FIPS region)
Configuring cloud storage in NetBackup 50
Configuring a storage server for cloud storage
Storage server Displays the default Amazon GovCloud storage server, which is
name amazongov.com. You can select a storage server other than the
default one.
The drop-down list displays only those names that are available for
use.
You can type a different storage server name in the drop-down list,
which can be a logical name for the cloud storage. You can create
multiple cloud storage servers with the different names that refer to
the same physical service host for Amazon. If there are no names
available in the list, you can create a new storage server name by
typing the name in the drop-down list.
Note: Symantec recommends that a storage server name that you
add while configuring an Amazon S3-compatible cloud provider should
be a logical name and should not match a physical host name. For
example: While you add an Amazon GovCloud storage server, avoid
using names like ‘amazongov.com’ or ‘amazon123.com’. These
servers may be physical hosts, which can cause failures during cloud
storage configuration. Instead, use storage server names like
‘amazongov1’ or ‘amazonserver1’ and so on.
http://www.symantec.com/docs/DOC5332
Configuring cloud storage in NetBackup 51
Configuring a storage server for cloud storage
Add Cloud Storage The Add Cloud Storage option lets you add customized cloud
deployment details for NetBackup to communicate with the cloud
storage. The customized cloud deployment refers to the cloud
instances that are not already listed in the Service Host drop-down
list.
Click the Add Cloud Storage option to open the Add Cloud Storage
dialog box. Use the dialog box to configure the general settings and
region settings of Amazon GovCloud.
Once the cloud storage is added, you cannot modify or delete it using
the NetBackup Administration Console. However, you can modify
or delete a storage server by using the csconfig command.
Note: You can use the NetBackup csconfig -a command to create
custom cloud instances for an Amazon S3-compatible cloud provider.
You must run the csconfig command before you run the
nbdevconfig and tpconfig commands.
http://www.symantec.com/docs/DOC5332
Media server name Select NetBackup media server from the drop-down list. The
drop-down list displays only NetBackup 7.7 and later media servers.
Secret access key Enter your Amazon GovCloud secret access key.
Advanced Settings To change SSL, proxy, or HTTP header settings for Amazon
GovCloud, click Advanced Settings.
Note: The FIPS region of Amazon GovCloud cloud provider (that is
s3-fips-us-gov-west-1.amazonaws.com) supports only secured mode
of communication. Therefore, if you disable the Use SSL option while
you configure Amazon GovCloud cloud storage with the FIPS region,
the configuration fails.
Figure 2-4 Cloud Storage Server Configuration Wizard panel for AT&T
Media Server Select a NetBackup media server. The host that you select queries the
Name storage vendor’s network for its capabilities and for the available storage.
The media server also becomes a data mover for your backups and
restores.
Only those media servers that are enabled for cloud storage appear in
the list, as follows:
After you configure the storage server, you cannot change the media
server that you specify here. This behavior is the result of the
OpenStorage plugin design. Attempts to change the media server
generate an authorization error.
Create an If you do not have an account with AT&T, click Create an account with
account with the the service provider link. A web browser opens in which you can create
service provider an account with AT&T.
I have an AT&T Select I have an AT&T Synaptic storage account to enter the required
Synaptic storage account information.
account
If you do not have an account, click Create an account with the service
provider link.
Advanced To change the default storage server for your cloud vendor or specify
the maximum number of network connections, click Advanced.
Figure 2-5 Cloud Storage Server Configuration Wizard panel for Cloudian
HyperStore
Table 2-20 describes the storage server configuration options for Cloudian.
Configuring cloud storage in NetBackup 55
Configuring a storage server for cloud storage
Service host Displays the host name of the cloud service end point of Cloudian.
Initially, the drop-down list does not contain any service hosts. You
need to add a service host by clicking the Add Cloud Storage
option.
Storage server name Displays the default Cloudian storage server. Initially, the
drop-down list does not contain any storage server names.
The drop-down list displays only those storage server names that
are available for use.
Note: Symantec recommends that a storage server name that
you add while configuring an Amazon S3-compatible cloud provider
should be a logical name and should not match a physical host
name. For example: While you add an Amazon GovCloud storage
server, avoid using names like ‘amazongov.com’ or
‘amazon123.com’. These servers may be physical hosts, which
can cause failures during cloud storage configuration. Instead, use
storage server names like ‘amazongov1’ or ‘amazonserver1’ and
so on.
Configuring cloud storage in NetBackup 56
Configuring a storage server for cloud storage
Add Cloud Storage The Add Cloud Storage option lets you add customized cloud
deployment details for NetBackup to communicate with the cloud
storage. The customized cloud deployment refers to the cloud
instances that are not already listed in the Service Host drop-down
list.
Click the Add Cloud Storage option to open the Add Cloud
Storage dialog box. Use the dialog box to configure the general
settings and region settings of Cloudian.
http://www.symantec.com/docs/DOC5332
Media server name Select NetBackup media server from the drop-down list. The
drop-down list displays only NetBackup 7.7 and later media servers.
In the case of private cloud deployments, the link leads you to the
product help or contact page of your cloud provider. To create an
account, you need to access Cloud Storage administration console
of your private cloud storage.
Advanced Settings To change SSL, proxy, or HTTP header settings for Cloudian, click
Advanced Settings.
Configuring cloud storage in NetBackup 57
Configuring a storage server for cloud storage
Figure 2-6 Cloud Storage Server Configuration Wizard panel for Google Nearline
Table 2-21 describes the storage server configuration options for Google Nearline.
Service host Select the host name of the cloud service end point of Google
Nearline.
Configuring cloud storage in NetBackup 58
Configuring a storage server for cloud storage
Storage server name Displays the default storage server, which is Google Nearline.
You can select a storage server other than the default one.
The drop-down list displays only those names that are available
for use.
Media server name Select NetBackup media server from the drop-down list. The
drop-down list displays only NetBackup 7.7 and later media
servers.
Secret access key Enter your Google Nearline secret access key
Advanced Settings To change SSL, proxy, or HTTP header settings for Google
Nearline, click Advanced Settings.
Figure 2-7 Cloud Storage Server Configuration Wizard panel for Hitachi
Table 2-22 describes the storage server configuration options for Hitachi.
Service host Displays the host name of the cloud service end point of Hitachi.
Initially, the drop-down list does not contain any service hosts. You
need to create a service host by clicking the Add Cloud Storage
option.
Storage server Displays the default Hitachi storage server. Initially, the drop-down
name list does not contain any storage server names.
The drop-down list displays only those storage server names that are
available for use.
Note: Symantec recommends that a storage server name that you
add while configuring an Amazon S3-compatible cloud provider should
be a logical name and should not match a physical host name. For
example: While you add an Amazon GovCloud storage server, avoid
using names like ‘amazongov.com’ or ‘amazon123.com’. These
servers may be physical hosts, which can cause failures during cloud
storage configuration. Instead, use storage server names like
‘amazongov1’ or ‘amazonserver1’ and so on.
Add Cloud Storage The Add Cloud Storage option lets you add customized cloud
deployment details for NetBackup to communicate with the cloud
storage. The customized cloud deployment refers to the cloud
instances that are not already listed in the Service Host drop-down
list.
Click the Add Cloud Storage option to open the Add Cloud Storage
dialog box. Use the dialog box to configure the general settings and
region settings of Hitachi.
Once the cloud storage is added, you cannot modify or delete it using
the NetBackup Administration Console. However, you can modify
or delete a storage server by using the csconfig command.
Note: You can use the NetBackup csconfig -a command to create
custom cloud instances for an Amazon S3-compatible cloud provider.
You must run the csconfig command before you run the
nbdevconfig and tpconfig commands.
http://www.symantec.com/docs/DOC5332
Media server name Select NetBackup media server from the drop-down list. The
drop-down list displays only NetBackup 7.7 and later media servers.
Configuring cloud storage in NetBackup 61
Configuring a storage server for cloud storage
Advanced Settings To change SSL, proxy, or HTTP header settings for Hitachi, click
Advanced Settings.
Figure 2-8 Cloud Storage Server Configuration Wizard panel for Rackspace
Media Server Name Select a NetBackup media server. The host that you select queries the storage vendor’s
network for its capabilities and for the available storage. The media server also becomes a
data mover for your backups and restores.
Only those media servers that are enabled for cloud storage appear in the list, as follows:
■ The media server operating system must be supported for cloud storage.
For the operating systems that NetBackup supports for cloud storage, see the NetBackup
operating system compatibility list available through the following URL:
http://www.netbackup.com/compatibility
■ The NetBackup Cloud Storage Service Container (nbcssc) must be running.
The NetBackup Cloud Storage Service Container requires an authentication certificate
to run.
See “About the NetBackup CloudStore Service Container” on page 34.
■ The cloud storage binary files must be present in the ost-plugins directory.
The NetBackup master server always has a certificate. If it meets the other two criteria, it
appears in the Media Server Name drop-down list.
After you configure the storage server, you cannot change the media server that you specify
here. This behavior is the result of the OpenStorage plugin design. Attempts to change the
media server generate an authorization error.
Create an account If you do not have an account with Rackspace, click Create an account with the service
with the service provider link. A web browser opens in which you can create an account with Rackspace.
provider
I have a Rackspace Select I have a Rackspace Cloud Files account to enter the required account information.
Cloud Files account
User Name Enter your Rackspace Cloud Files account user name.
If you do not have an account, click Create an account with the service provider link.
Access Key Enter your Rackspace Cloud Files account access key.
Advanced Settings To change the default storage server for your cloud vendor or specify the maximum number
of network connections, click Advanced Settings.
Figure 2-9 Cloud Storage Server Configuration Wizard panel for Verizon
Service host Select the host name of the cloud service end point of Verizon.
Storage server name Displays the default Verizon storage server. You can select a storage
server other than the default one.
The drop-down list displays only those names that are available for
use.
You can type a different storage server name in the drop-down list,
which can be a logical name for the cloud storage. You can create
multiple storage servers with the different names that refer to the
same physical service host for Amazon. If there are no names
available in the list, you can create a new storage server name by
typing the name in the drop-down list.
Note: Symantec recommends that a storage server name that you
add while configuring an Amazon S3-compatible cloud provider
should be a logical name and should not match a physical host
name. For example: While you add an Amazon GovCloud storage
server, avoid using names like ‘amazongov.com’ or
‘amazon123.com’. These servers may be physical hosts, which can
cause failures during cloud storage configuration. Instead, use
storage server names like ‘amazongov1’ or ‘amazonserver1’ and
so on.
Add Cloud Storage The Add Cloud Storage option lets you add customized cloud
deployment details for NetBackup to communicate with the cloud
storage. The customized cloud deployment refers to the cloud
instances that are not already listed in the Service Host drop-down
list.
Click the Add Cloud Storage option to open the Add Cloud Storage
dialog box. Use the dialog box to configure the general settings and
region settings of Verizon.
http://www.symantec.com/docs/DOC5332
Configuring cloud storage in NetBackup 65
Configuring a storage server for cloud storage
Media server name Select NetBackup media server from the drop-down list. The
drop-down list displays only NetBackup 7.7 and later media servers.
Advanced Settings To change SSL, proxy, or HTTP header settings for Verizon, click
Advanced Settings.
KMS Server Name This field displays the name of your NetBackup master server. You can only configure
KMS on your master server. This field cannot be changed.
Host Master Key (HMK) Enter the key that protects the database. In KMS terminology, the key is called a
Passphrase passphrase.
Host Master Key ID The ID is a label that you assign to the master key. The ID lets you identify the
particular host master key. You are limited to 255 characters in this field.
To decipher the contents of a keystore file, you must identify the correct Key
Protection Key and Host Master Key. These IDs are stored unencrypted in the
keystore file header. You can select the correct ones even if you only have access
to the keystore file. To perform a disaster recovery you must remember the correct
IDs and the pass phrases that are associated with the files.
Configuring cloud storage in NetBackup 66
Changing cloud storage server properties
Key Protection Key (KPK) Enter the password that protects the individual records within the KMS database.
Passphrase In KMS terminology, the key is called a passphrase.
Key Protection Key ID The ID is a label that you assign to the key. The ID lets you identify the particular
key protection key. You are limited to 255 characters in this field.
To decipher the contents of a keystore file, you must identify the correct Key
Protection Key and Host Master Key. These IDs are stored unencrypted in the
keystore file header. You can select the correct ones even if you only have access
to the keystore file. To perform a disaster recovery you must remember the correct
IDs and the pass phrases that are associated with the files.
After you configure the storage server and disk pool, Symantec recommends that
you save a record of the key names.
See “Saving a record of the KMS key names for NetBackup cloud storage
encryption” on page 87.
4 In the Change Storage Server dialog box, select the Properties tab.
The following is an example of the Properties for Amazon S3 storage server
of type amazon_raw:
5 To change a property, select its value in the Value column and then change
it.
See “NetBackup cloud storage server properties” on page 67.
See “NetBackup storage server cloud connection properties” on page 68.
See “NetBackup cloud storage server encryption properties” on page 76.
6 Repeat step 5 until you have finishing changing properties.
7 Click OK.
8 Restart the NetBackup Remote Manager and Monitor Service (nbrmms) by
using the NetBackup Administration Console Activity Monitor.
AMZ Amazon
HT Hitachi
VER Verizon
ATT AT&T
CRYPT Encryption
METER Metering
RACKS Rackspace
THR Throttling
■ Cloudian: CLD
■ Google Nearline: GOOG
■ Hitachi: HT
■ Rackspace: RACKS
■ Verizon: VER
Property Description
METER:DIRECTORY This read-only field displays the directory in which to store data stream
metering information.
METER:INTERVAL The interval at which NetBackup gathers connection information for reporting
purposes.
To change this property, use the Cloud Settings tab of the Scalable Storage
host properties.
PREFIX:CURL_CONNECT_TIMEOUT The amount of time that is allocated for the media server to connect to the
cloud storage server. This value is specified in seconds. The default is 300
seconds or five minutes.
This only limits the connection time, not the session time. If the media server
cannot connect to the cloud storage server in the specified time, the job fails.
Property Description
PREFIX:CURL_TIMEOUT The maximum time in seconds to allow for the completion of a data operation.
This value is specified in seconds. If the operation does not complete in the
specified time, the operation fails. The default is 900 seconds (15 minutes).
To disable this timeout, set the value to 0 (zero).
PREFIX:LOG_CURL Determines if cURL activity is logged. The default is NO which means log
activity is disabled.
Default value: NO
PREFIX:PROXY_IP The TCP/IP address of the proxy server. If you do not use a proxy server,
leave this field blank.
PREFIX:PROXY_PORT The port number that is used to connect to the proxy server. The default is
70000 which indicates you do not use a proxy server.
PREFIX:PROXY_TYPE Used to define the proxy server type. If a firewall prevents access to your
cloud vendor, use this value to define your proxy server type. If you do not
use a proxy server, leave this field blank.
Property Description
PREFIX:READ_BUFFER_SIZE The size of the buffer to use for read operations. READ_BUFFER_SIZE is
specified in bytes.
To enable the use of the buffer, set this value to a non-zero number.
Symantec recommends that this value be a multiple of 256.
The READ_BUFFER_SIZE determines the size of the data packets that the
storage server transmits during each restore job. An increase in the value
may increase performance when a large amount of contiguous data is
accessed. If insufficient bandwidth exists to transmit the specified amount
of data within a few minutes, restore failures may occur due to timeouts.
When you calculate the required bandwidth, consider the total load of
simultaneous backup jobs and restore jobs on multiple media servers.
Default value for cloud providers other than Amazon S3-compatible providers:
0
PREFIX:USE_SSL Determines if Secure Sockets Layer encryption is used for the control APIs.
The default value is YES, meaning SSL is enabled.
PREFIX:USE_SSL_RW Determines if Secure Sockets Layer encryption is used for read and write
operations. The default value is YES, meaning SSL is enabled.
PREFIX: WRITE_BUFFER_NUM This parameter is not applicable for Amazon S3-compatible cloud providers.
This read-only field displays the total number of write buffers that are used
by the plug-in. The WRITE_BUFFER_SIZE value defines the size of the
buffer. The value is set to 1 and cannot be changed.
Default value: 1
Possible values: 1
Configuring cloud storage in NetBackup 72
NetBackup cloud storage server properties
Property Description
PREFIX:WRITE_BUFFER_SIZE The size of the buffer to use for write operations. WRITE_BUFFER_SIZE is
specified in bytes.
Default value for cloud providers other than Amazon S3-compatible cloud
providers: 10485760 (10 MB)
HTTP:x-amz-server-side-encryption This is applicable only for the following cloud providers: Amazon S3 and
Amazon GovCloud
Use this property to enable the server-side encryption of the data that you
need to transfer to the cloud storage.
Set this property to NONE to disable the server-side encryption for the cloud
provider.
Note: You should not enable this property, if you have already enabled the
media server-side encryption option while configuring cloud storage server
using the NetBackup Administration Console.
Property Description
THR:storage_server Shows maximum number of concurrent jobs that can be run for a
specific cloud storage server.
THR:AVAIL_BANDWIDTH This read-only field displays the total available bandwidth value for the
cloud feature. The value is displayed in bytes per second. You must
specify a number greater than zero. If you enter zero, an error is
generated.
Property Description
THR:DEFAULT_MAX_CONNECTIONS The default maximum number of concurrent jobs that the media server
can run for the cloud storage server.
This value applies to the media server not to the cloud storage server.
If you have more than one media server that can connect to the cloud
storage server, each media server can have a different value. Therefore,
to determine the total number of jobs that can run on the cloud storage
server, add the values from each media server.
You can configure job limits per backup policy and per storage unit.
http://www.symantec.com/docs/DOC5332
Note: NetBackup must account for many factors when it starts jobs:
the number of concurrent jobs, the number of
THR:DEFAULT_MAX_CONNECTIONS per media server, the number
of media servers, and the job load-balancing logic. Therefore,
NetBackup may not fail jobs exactly at the maximum number of
connections. NetBackup may fail a job when the connection number is
slightly less than the maximum, exactly the maximum, or slightly more
than the maximum.
In practice, you should not need to set this value higher than 100.
Default value: 10
THR:OFF_TIME_BANDWIDTH_PERCENT This read-only field displays the bandwidth percent that is used during
off time.
Property Description
THR:OFF_TIME_END This read-only field displays the end of off time. Specify the time in
24-hour format. For example, 8:00 A.M. is 8 and 6:30 P.M. is 1830.
Default value: 8
THR:OFF_TIME_START This read-only field displays the start of off time. Specify the time in
24-hour format. For example, 8:00 A.M. is 8 and 6:30 P.M. is 1830.
Default value: 18
THR:READ_BANDWIDTH_PERCENT This read-only field displays the read bandwidth percentage the cloud
feature uses. Specify a value between 0 and 100. If you enter an
incorrect value, an error is generated.
THR:SAMPLE_INTERVAL This read-only field displays the rate at which backup streams sample
their utilization and adjust their bandwidth use. The value is specified
in seconds. When this value is set to zero, throttling is disabled.
Default value: 0
THR:WEEKEND_BANDWIDTH_PERCENT This read-only field displays the bandwidth percent that is used during
the weekend.
THR:WEEKEND_END This read-only field displays the end of the weekend. The day value is
specified with numbers, 1 for Monday, 2 for Tuesday, and so on.
Default value: 7
Possible values: 1 to 7
THR:WEEKEND_START This read-only field displays the start of the weekend. The day value is
specified with numbers, 1 for Monday, 2 for Tuesday, and so on.
Default value: 6
Possible values: 1 to 7
Configuring cloud storage in NetBackup 76
NetBackup cloud storage server properties
Property Description
THR:WORK_TIME_BANDWIDTH_PERCENT This read-only field displays the bandwidth percent that is used during
the work time.
THR:WORK_TIME_END This read-only field displays the end of work time. Specify the time in
24-hour format. For example, 8:00 A.M. is 8 and 6:30 P.M. is 1830.
Default value: 18
THR:WORK_TIME_START This read-only field displays the start of work time. Specify the time in
24-hour format. For example, 8:00 A.M. is 8 and 6:30 P.M. is 1830.
Default value: 8
THR:WRITE_BANDWIDTH_PERCENT This read-only field displays the write bandwidth percentage the cloud
feature uses. Specify a value between 0 and 100. If you enter an
incorrect value, an error is generated.
Property Description
CRYPT:KMS_SERVER This read-only field displays NetBackup server that hosts the
KMS service. When you set the storage server properties, enter
the name of the KMS server host. By default, this field contains
the NetBackup master server name. You cannot change this
value.
Default value: 16
CRYPT:LOG_VERBOSE This read-only field displays if logs are enabled for encryption
activities. The value is either YES for logging or NO for no logging.
Default value: NO
CRYPT:VERSION This read-only field displays the encryption version. You cannot
change this value.
http://www.symantec.com/docs/DOC5332
3 On the Welcome panel, the types of disk pools that you can configure depend
on the types of storage servers that exist in your environment.
The following is an example of the wizard panel:
Read the information on the welcome panel of the wizard. Then, select the
appropriate storage server type and click Next.
The Storage Server Selection panel appears.
Configuring cloud storage in NetBackup 80
Configuring a disk pool for cloud storage
4 On the Storage Server Selection panel, the storage servers that you
configured for the selected storage server type appear.
The following is an example of the wizard panel:
5 On the Volume Selection panel, the wizard displays the volumes that have
been created already under your account within the vendor's cloud storage.
The following is an example of the wizard panel:
To add a volume, click Add New Volume. A dialog box appears that contains
the information that is required for a volume for your cloud vendor. In that dialog
box, enter the required information. Information is available about the
requirements for the volume names.
See “About the cloud storage providers” on page 17.
To select a volume, click the check box for the volume. You can select one
volume only.
After you select the volume for the disk pool, click Next. The behavior of the
wizard depends on whether you configured encryption for the storage server,
as follows:
Go to step 7.
Configuring cloud storage in NetBackup 82
Configuring a disk pool for cloud storage
6 For encrypted storage, enter a pass phrase for the key group key in the
Settings dialog box, then click OK.
See “About key management for encryption of NetBackup cloud storage”
on page 39.
Click Next. The Additional Disk Pool Information wizard panel appears.
Configuring cloud storage in NetBackup 83
Configuring a disk pool for cloud storage
7 The Additional Disk Pool Information panel is the panel on which you enter
or select the properties for this disk pool.
The following is an example of the wizard panel:
Enter or select the values for the properties for this disk pool.
See “Cloud storage disk pool properties” on page 101.
Click Next. The Summary panel appears.
Configuring cloud storage in NetBackup 84
Configuring a disk pool for cloud storage
9 After NetBackup creates the disk pool, a wizard panel describes the successful
action.
The following is an example of the wizard panel:
After NetBackup creates the disk pool, you can do the following:
Configure a storage unit Ensure that Create a storage unit using the disk pool that
you have just created is selected and then click Next. The
Storage Unit Creation wizard panel appears. Continue to
the next step.
10 On Storage Unit Creation wizard panel, enter the appropriate information for
the storage unit.
The following is an example of the wizard panel:
2 For each key group, write all of the keys that belong to the group to a file. Run
the command on the master server. The following is the command syntax:
UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkeys -kgname
key_group_name > filename.txt
Windows: install_path\Program
Files\Veritas\NetBackup\bin\admincmd\nbkmsutil.exe -listkeys
-kgname key_group_name > filename.txt
Number of Keys: 1
3 Include in the file the pass phrase that you used to create the key record.
4 Store the file in a secure location.
Note: For Amazon S3-compatible cloud providers, only NetBackup 7.7 and
later media servers are available for selection.
6 Click OK.
7 For AT&T and Rackspace cloud providers only, do the following:
a Copy the appropriate configuration file from the media server that you specified
when you configured the storage server. The file name depends on your storage
vendor. The following is the format:
libstspiVendorName.conf
The file resides in the following directory, depending on operating system:
b Save the file to the appropriate directory on the media server or servers that you
added, as follows:
Property Description
Storage unit A unique name for the new storage unit. The name can describe the
name type of storage. The storage unit name is the name used to specify a
storage unit for policies and schedules. The storage unit name cannot
be changed after creation.
Configuring cloud storage in NetBackup 93
Configuring a storage unit for cloud storage
Property Description
Disk type Select Cloud Storage (type) for the disk type. type represents the disk
pool type, based on storage vendor, encryption, and so on.
Disk pool Select the disk pool that contains the storage for this storage unit.
All disk pools of the specified Disk type appear in the Disk pool list.
If no disk pools are configured, no disk pools appear in the list.
Media server The Media server setting specifies the NetBackup media servers that
can backup clients and move the data to the cloud storage server. The
media servers can also move the data for restore or duplication
operations.
Specify the media server or servers as follows:
NetBackup selects the media server to use when the policy runs.
Maximum The Maximum concurrent jobs setting specifies the maximum number
concurrent jobs of jobs that NetBackup can send to a disk storage unit at one time.
(Default: one job. The job count can range from 0 to 256.) This setting
corresponds to the Maximum concurrent write drives setting for a Media
Manager storage unit.
NetBackup queues jobs until the storage unit is available. If three backup
jobs are scheduled and Maximum concurrent jobs is set to two,
NetBackup starts the first two jobs and queues the third job. If a job
contains multiple copies, each copy applies toward the Maximum
concurrent jobs count.
The number to enter depends on the available disk space and the
server's ability to run multiple backup processes.
Warning: A Maximum concurrent jobs setting of 0 disables the
storage unit.
Configuring cloud storage in NetBackup 94
Configuring a storage unit for cloud storage
Property Description
Maximum For normal backups, NetBackup breaks each backup image into
fragment size fragments so it does not exceed the maximum file size that the file
system allows. You can enter a value from 20 MBs to 51200 MBs.
Note: NetBackup uses storage units for media server selection for write activity
(backups and duplications) only. For restores, NetBackup chooses among all media
servers that can access the disk pool.
Note: In the case of Hitachi cloud configuration, the True Image Restore (TIR) or
synthetic backups do not work, if you have enabled the encryption option. To
successfully run the TIR or synthetic backups, you need to enable the versioning
option for buckets (or namespaces) through the Hitachi cloud portal. For more
details on how to enable the versioning option, contact Hitachi cloud provider.
Configuring cloud storage in NetBackup 98
Enabling optimized synthetic backups with cloud storage
Enabling Optimized Synthetic backups for use with NetBackup Cloud Storage
1 In the NetBackup Administration Console, select NetBackup Management >
Policies > policy_name. Select Edit > Change, and select the Attributes
tab.
2 Select Collect true image restore information and with move detection.
3 Confirm the Policy storage option is a valid Cloud storage unit.
The storage unit that is specified under Policy storage must be one of the
supported Cloud vendors. You can’t set Policy storage to Any Available.
Note: Do not use the Policy Configuration Wizard to configure policies for Replication
Director.
Property Description
Disk volumes The disk volume that comprises the disk pool.
Total size The total amount of space available in the disk pool.
Total raw size The total raw, unformatted size of the storage in the disk pool.
The storage host may or may not expose the raw size of the storage.
High water mark The High water mark setting is a threshold that triggers the following actions:
■ When an individual volume in the disk pool reaches the High water mark,
NetBackup considers the volume full. NetBackupchooses a different volume in the
disk pool to write backup images to.
■ When all volumes in the disk pool reach the High water mark, the disk pool is
considered full. NetBackup fails any backup jobs that are assigned to a storage
unit in which the disk pool is full. NetBackup also does not assign new jobs to a
storage unit in which the disk pool is full.
■ NetBackup begins image cleanup when a volume reaches the High water mark;
image cleanup expires the images that are no longer valid. For a disk pool that is
full, NetBackup again assigns jobs to the storage unit when image cleanup reduces
any disk volume's capacity to less than the High water mark.
Low water mark The Low water mark is a threshold at which NetBackup stops image cleanup.
TheLow water mark setting cannot be greater than or equal to the High water mark
setting.
Property Description
Limit I/O streams Select to limit the number of read and write streams (that is, jobs) for each volume in
the disk pool. A job may read backup images or write backup images. By default, there
is no limit.
When the limit is reached, NetBackup chooses another volume for write operations, if
available. If not available, NetBackup queues jobs until a volume is available.
Too many streams may degrade performance because of disk thrashing. Disk thrashing
is excessive swapping of data between RAM and a hard disk drive. Fewer streams
can improve throughput, which may increase the number of jobs that complete in a
specific time period.
A starting point is to divide the Maximum concurrent jobs of all of the storage units
by the number of volumes in the disk pool.
per volume Select or enter the number of read and write streams to allow per volume.
Many factors affect the optimal number of streams. Factors include but are not limited
to disk speed, CPU speed, and the amount of memory.
For the disk pools that are configured for Snapshot and that have a Replication source
property:
■ Always use increments of 2 when you change this setting. A single replication job
uses two I/O streams.
■ If more replication jobs exist than streams are available, NetBackup queues the
jobs until streams are available.
■ Batching can cause many replications to occur within a single NetBackup job.
Another setting affects snapshot replication job batching.
Chapter 3
Monitoring and Reporting
This chapter includes the following topics:
NetBackup OpsCenter The NetBackup OpsCenter provides the most detailed reports of
NetBackup cloud storage activity. See the NetBackup OpsCenter
Administrator’s Guide for details on cloud monitoring and
reporting:
http://www.symantec.com/docs/DOC5332
The NetBackup The Disk Pools window displays the values that were stored
Administration Console when NetBackup polled the disk pools. NetBackup polls the disk
Disk Pools window pools every five minutes.
NetBackup disk reports See “Viewing NetBackup cloud storage disk reports” on page 105.
Report Description
Images on Disk The Images on Disk report generates the image list present on the disk
storage units that are connected to the media server. The report is a
subset of the Images on Media report; it shows only disk-specific
columns.
Disk Logs The Disk Logs report displays the media errors or the informational
messages that are recorded in the NetBackup error catalog. The report
is a subset of the Media Logs report; it shows only disk-specific columns.
Disk Storage Unit The Disk Storage Unit Status report displays the state of disk storage
Status units in the current NetBackup configuration.
Multiple storage units can point to the same disk pool. When the report
query is by storage unit, the report counts the capacity of disk pool
storage multiple times.
Disk Pool Status The Disk Pool Status report displays the state of disk pool storage units.
This report displays only when a Data Protection Optimization Option
license is installed.
See “About monitoring and reporting for cloud backups” on page 104.
To view disk reports
1 In the NetBackup Administration Console, in the left pane, expand
NetBackup Management > Reports > Disk Reports.
2 Select the name of a disk report.
3 In the right pane, select the report settings.
4 Click Run Report.
Note: Symantec recommends that you keep a record key information. The key tag
that is listed in the output is necessary if you need to recover keys.
nbkmsutil -listkgs
Windows: install_path\Veritas\NetBackup\bin\admincmd\nbkmsutil
-listkeys -kgname AdvDiskServer1.example.com:
Note Description
Use either the -stype option or Use either the -stype option or the -storageserverprefix option to constrain
the -storageserverprefix the bpstsinfo command to list storage server information. If you do not, the
command searches all providers, which may be time consuming and may result
in a timeout.
Specify the correct -stype The plug-in that requests the information affects the information that is returned.
Therefore, use the correct -stype with the bpstsinfo command. To determine
the -stype, use the following command:
Note Description
Encrypted and non-encrypted When you use the bpstsinfo command to display the encrypted logical storage
storage units are displayed in unit (LSU) information, the output shows both encrypted and non-encrypted LSUs
bpstsinfo command output if both types exist. That output is the expected result. The bpstsinfo command
operates on the level of the storage plug-in, which is not aware of any higher-level
detail, such as encryption.
Your only options in the wizard are to click Cancel or Back. If you click Back, there
are no configuration changes that allow the wizard to continue.
You must use the correct procedure if you want multiple media servers in your cloud
environment. More information is available in a different topic.
See “Adding backup media servers to your cloud environment” on page 90.
NetBackup generates this error message because the user does not have sufficient
rights within NetBackup Access Control. The user account that configures the cloud
storage server must be a member of the NBU_KMS Admin Group.
See the NetBackup Security and Encryption Guide for more information about
NetBackup Access Control and account setup:
http://www.symantec.com/docs/DOC5332
Windows install_path\NetBackup\logs
UNIX /usr/openv/logs
vxlogmgr Manages the log files that the products that support unified logging
generate.
See the NetBackup Commands Reference Guide for a complete description about
these commands. The guide is available through the following URL:
http://www.symantec.com/docs/DOC5332
These commands are located in the following directory:
Windows install_path\NetBackup\bin
UNIX /usr/openv/netbackup/bin
UNIX /usr/openv/logs
Windows install_path\NetBackup\logs
Unlike the files that are written in legacy logging, unified logging files cannot be
easily viewed with a text editor. The unified logging files are in binary format, and
Troubleshooting 114
About unified logging
You can use vxlogview to view NetBackup log files as well as PBX log files.
To view PBX logs using the vxlogview command, do the following:
■ Ensure that you are an authorized user. For UNIX and Linux, you must have
root privileges. For Windows, you must have administrator privileges.
■ To specify the PBX product ID. enter -p 50936 as a parameter on the vxlogview
command line.
vxlogview searches all the files, which can be a slow process. Refer to the following
topic for an example of how to display results faster by restricting the search to the
files of a specific process.
Item Example
Display specific Display the log messages for NetBackup (51216) that show only
attributes of the log the date, time, message type, and message text:
messages
vxlogview --prodid 51216 --display D,T,m,x
Display the latest log Display the log messages for originator 116 (nbpem) that were
messages issued during the last 20 minutes. Note that you can specify -o
nbpem instead of -o 116:
Display the log Display the log messages for nbpem that were issued during the
messages from a specified time period:
specific time period
# vxlogview -o nbpem -b "05/03/05 06:51:48 AM"
-e "05/03/05 06:52:48 AM"
Troubleshooting 115
About legacy logging
Item Example
Display results faster You can use the -i option to specify an originator for a process:
# vxlogview -i nbpem
The vxlogview -i option searches only the log files that the
specified process (nbpem) creates. By limiting the log files that it
has to search, vxlogview returns a result faster. By comparison,
the vxlogview -o option searches all unified log files for the
messages that the specified process has logged.
Note: If you use the -i option with a process that is not a service,
vxlogview returns the message "No log files found." A process
that is not a service has no originator ID in the file name. In this
case, use the -o option instead of the -i option.
The -i option displays entries for all OIDs that are part of that
process including libraries (137, 156, 309, etc.).
Search for a job ID You can search the logs for a particular job ID:
When searching for a job ID, you can use any vxlogview
command option. This example uses the -i option with the name
of the process (nbpem). The command returns only the log entries
that contain the job ID. It misses related entries for the job that do
not explicitly contain the jobid=job_ID.
See the NetBackup Commands Reference Guide for a complete description of the
vxlogview command. The guide is available through the following URL:
http://www.symantec.com/docs/DOC5332
Windows install_path\NetBackup\logs
install_path\Volmgr\debug
UNIX /usr/openv/netbackup/logs
/usr/openv/volmgr/debug
These top-level directories can contain a directory for each NetBackup process that
uses legacy logging. By default, NetBackup creates only a subset of all of the
possible log directories (the bpbrm, bpcd, bpdm, and bptm directories). To enable
logging for all NetBackup processes that use legacy logging, you must create the
log file directories that do not exist already.
You can use the following batch files to create all of the debug log directories at
once:
■ Windows: install_path\NetBackup\Logs\mklogdir.bat
■ UNIX: usr/openv/netbackup/logs/mklogdir
See the NetBackup Commands Reference Guide for a complete description about
the mklogdir command. The guide is available at the following location:
http://www.symantec.com/docs/DOC5332
After the directories are created, NetBackup creates log files in the directory that
is associated with each process. A debug log file is created when the process
begins.
To enable debug logging for the NetBackup Status Collection Daemon (vmscd),
create the following directory before you start nbemm.
Windows install_path\Volmgr\debug\vmscd\
UNIX /usr/openv/volmgr/debug/vmscd
and on each media server that you use for your feature. The log files reside in the
following directories:
■ UNIX: /usr/openv/netbackup/logs/
■ Windows:install_path\NetBackup\logs\
More information about NetBackup logging is available in the NetBackup
Troubleshooting Guide, available through the following URL:
http://www.symantec.com/docs/DOC5332
To create log directories for NetBackup commands
◆ Depending on the operating system, run one of the following scripts:
UNIX: /usr/openv/netbackup/logs/mklogdir
Windows: install_path\NetBackup\logs\mklogdir.bat
To create the tpconfig command log directory
◆ Depending on the operating system, create the debug directory and the
tpcommand directory (by default, the debug directory and the tpcommand directory
do not exist). The pathnames of the directories are as follows:
UNIX: /usr/openv/volmgr/debug/tpcommand
Windows: install_path\Veritas\Volmgr\debug\tpcommand
Warning: The higher the log level, the greater the affect on NetBackup performance.
Use a log level of 5 (the highest) only when directed to do so by a Symantec
representative. A log level of 5 is for troubleshooting only.
Specify the NetBackup log levels in the Logging host properties on the NetBackup
master server. The log levels for some processes specific to certain options are set
in configuration files as described in Table 5-2.
Backups and N/A Messages appear in the log files for the following processes:
restores
■ The bpbrm backup and restore manager.
■ The bpdbm database manager.
■ The bpdm disk manager.
■ The bptm tape manager for I/O operations.
The log files reside in the following directories:
■ UNIX: /usr/openv/netbackup/logs/
■ Windows:install_path\NetBackup\logs\
Cloud connection N/A The bpstsinfo utility writes information about connections to the cloud storage server
operations in its log files.
Cloud account 222 The Remote Manager and Monitor Service is the process that creates the cloud storage
configuration accounts. RMMS runs on media servers.
Cloud Storage N/A The NetBackup Cloud Storage Service Container (nbcssc) writes log files to the
Service Container following directories:
Credentials N/A The tpconfig utility. The tpconfig command writes log files to the tpcommand
configuration directory.
Device 178 The Disk Service Manager process that runs in the Enterprise Media Manager (EMM)
configuration process.
Device 202 The Storage Server Interface process that runs in the Remote Manager and Monitor
configuration Service. RMMS runs on media servers.
Device 230 The Remote Disk Service Manager interface (RDSM) that runs in the Remote Manager
configuration and Monitor Service. RMMS runs on media servers.
The CloudStore Service The CloudStore Service Container configuration file resides
Container configuration file in the following directories:
■ UNIX: /usr/openv/java/cloudstorejava.conf
■ Windows:
install_path\Veritas\NetBackup\bin\cloudstorewin.conf
[NBCSSC]
NBCSSC_PORT=5637
If you change the value in the CloudStore Service Container configuration file also
change the value in the services file.
By default, the NetBackup CloudStore Server Container port is 5637.
See “Connection to the NetBackup CloudStore Service Container fails” on page 121.
Error Description
The wizard is not able to The error message appears in the Disk Configuration Wizard.
obtain Storage Server
The Disk Configuration Wizard query to the cloud vendor host timed-out.
information. Cannot connect
The network may be slow or a large number of objects (for example, buckets
on socket. (25) on Amazon S3) may exist.
http://www.symantec.com/docs/DOC5332
Data transfer to cloud storage server may fail in the SSL mode
NetBackup supports only Certificate Authority (CA)-signed certificates while it
communicates with cloud storage in the SSL mode. Ensure that the cloud server
(public or private) has CA-signed certificate. If it does not have the CA-signed
certificate, data transfer between NetBackup and cloud provider may fail in the SSL
mode.
This error may occur in the environments that have more than one cloud storage
server. It indicates that NetBackup Accelerator backups of a client to one cloud
storage server were later directed to a different cloud storage server.
For Accelerator backups to cloud storage, ensure the following:
Troubleshooting 124
Troubleshooting cloud storage operational issues
■ Always back up each client to the same storage server. Do so even if the other
storage server represents storage from the same cloud storage vendor.
■ Always use the same backup policy to back up a client, and do not change the
storage destination of that policy.
This error indicates that the volume was created by using the cloud storage vendor’s
interface.
You must use the NetBackup Disk Pool Configuration Wizard to create the volume
on the cloud storage. The wizard applies a required partner ID to the volume. If you
use the vendor interface to create the container, the partner ID is not applied.
To resolve the problem, use the cloud storage vendor’s interface to delete the
container. In NetBackup, delete the disk pool and then recreate it by using the Disk
Pool Configuration Wizard.
See “Viewing cloud storage job details” on page 105.
See “NetBackup cloud storage log files” on page 117.
close error). Change the AIX ulimit size to unlimited to resolve this issue. Be sure
to stop and restart the NetBackup services or daemons after you change the ulimit
value.
The following are examples:
ulimit -m unlimited
ulimit -d unlimited
ulimit -s unlimited
NetBackup 7.7 and If a certificate does not exist, create one from the NetBackup master
later server.
NetBackup releases If the certificate becomes corrupt or expires, delete the old certificate
earlier than 7.7 and restart the services to regenerate a new certificate.
C D
cloud Deduplication storage unit
storage unit properties 92 Only use the following media servers 93
cloud disk pool Use any available media server 93
changing properties 100 disk pool
Cloud Settings tab 29 changing the state 86
cloud storage Disk type 93
configuring 15
cloud storage Amazon GovCloud 19
cloud storage Cloudian HyperStore 22 E
cloud storage Google Nearline 23 encryption
cloud storage provider properties 76
Amazon 18 see also 39
Hitachi 24
cloud storage server F
about 41 Features and functionality 10
bandwidth properties 73
Index 128
M S
Maximum concurrent jobs 93 Scalable Storage host properties 29, 31–32
Maximum fragment size 94 Scalable Storage host properties unavailable 121
Media Server Deduplication Pool Scalable Storage, NetBackup 31–32
changing the state 86 security certificates
mklogdir.bat 116 for cloud storage 35
Monitoring 104 generating 38
server
NetBackup debug logs 116
N Status Collection Daemon 116
NetBackup Accelerator storage provider
about 95 AT&T 20
NetBackup CloudStore Service Container. See Rackspace 25
CloudStore Service Container storage server. See cloud storage server
NetBackup Scalable Storage 31–32 changing properties for cloud 66
NetBackup Scalable Storage host properties storage unit
unavailable 121 configuring for deduplication 91
properties for cloud 92
O Storage unit name 92
Optimized Synthetic backups Storage unit type 93
about 95
U
P unified logging 112
policies format of files 114
changing properties 100 location 112
creating 99
Index 129
V
Verizon
requirements 27
vmscd 116
vmscd directory 116
vxlogview command 113
with job ID option 115
W
wizards
Policy Configuration 99
write buffer size
about 72