VERITAS NetBackup 6.0 Administrator s Guide

VERITAS NetBackup

System Administrator’s Guide, Volume II

for UNIX and Linux

6.0

N15258B

September 2005

Disclaimer

The information contained in this publication is subject to change without notice. VERITAS Software Corporation makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. VERITAS Software Corporation shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual.

VERITAS Legal Notice

Copyright © 1993-2005 VERITAS Software Corporation. All rights reserved. VERITAS, the VERITAS Logo, and NetBackup are trademarks or registered trademarks of VERITAS Software Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

VERITAS Software Corporation 350 Ellis Street Mountain View, CA 94043 USA Phone 650-527-8000 Fax 650-527-2908 www.veritas.com

Third-Party Copyrights

For a list of third-party copyrights, see the NetBackup Release Notes appendix.

ii NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

Accessibility Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Comment on the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxii

Chapter 1. Access Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

NetBackup Access Management Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2

Finding NetBackup Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

▼ To access the NetBackup online glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

Accessing the VERITAS Technical Support Web Site . . . . . . . . . . . . . . . . . . . . . . . . .xx

Contacting VERITAS Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

VxSS Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Root Broker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Authentication Brokers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Security Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Order for Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Order for Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Including VxSS Databases in the NetBackup Catalog Backup . . . . . . . . . . . . . . . . . . 6

VxSS Component Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Installing and Configuring Access Control for Master Servers . . . . . . . . . . . . . . . . . . . . 8

Installing and Configuring Access Control for Media Servers . . . . . . . . . . . . . . . . . . . . 12

Installing and Configuring Access Control for Clients . . . . . . . . . . . . . . . . . . . . . . . . . .15

Establishing a Trust Relationship Between the Broker and the Windows Remote

iii

Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Installing the Authentication Service Root Broker (Root + AB) . . . . . . . . . . . . . . . . . . . 18

Configuring Authentication on the Root Broker for Use with NetBackup . . . . . . 19

Installing the Authorization Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Configuring the Authorization Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Configuring Access Control Host Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Master Server and Media Server Host Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Access Control Host Properties Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

VxSS Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Authentication Domain Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Authorization Service Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Verifying Master Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Client Host Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Access Control Host Properties Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

VxSS Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Authentication Domain Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Access Management Troubleshooting Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Windows Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Master Server Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Media Server Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Client Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

UNIX Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Master Server Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Media Server Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Client Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Verification Points in a Mixed Environment with a UNIX Master Server . . . . . . . 41

Master Server Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Media Server Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Client Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Verification Points in a Mixed Environment with a Windows Master Server . . . . 46

iv NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

Master Server Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Media Server Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Client Verification Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Other Troubleshooting Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

Expired Credentials Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Useful Debug Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

If Uninstalling VxSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

Where Credentials Are Stored . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

How System Time Affects Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

VxSS Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Stopping VxSS Daemons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

If You Lock Yourself Out of NetBackup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

nbac_cron Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Using the Access Management Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Access Management Menus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Determining Who Can Access NetBackup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Individual Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Default User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

Additional User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

User Group Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

▼ To create a new user group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

▼ To create a new user group by copying an existing user group . . . . . . . . . . . . . . . 60

Renaming User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

General Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Users Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Defining User Groups and Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Defining a User Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

▼ To add a new user to a user group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Permissions Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Contents v

Authorization Objects and Permissions List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Permissions for Default NetBackup User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Backup, Archive, and Restore (BAR) Client Interface . . . . . . . . . . . . . . . . . . . . . 65

License Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Jobs Tab in the Activity Monitor Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Permissions in the Device Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Daemons Tab Permissions in the Activity Monitor . . . . . . . . . . . . . . . . . . . . . . . 68

Reports Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Policy Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Storage Units Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Storage Unit Groups Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Catalog Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Host Properties Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Media Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Volume Group Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Volume Pools Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Robots Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Device Host Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Chapter 2. Enhanced Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . 75

Common Configuration Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

methods.txt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

methods_allow.txt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

methods_deny.txt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

names_allow.txt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

names_deny.txt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

authorize.txt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Library Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

vi NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

bpauthorize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

bpauthsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

vopie_util . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

Processes: vopied Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

vopie Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

temp File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85

Enhanced Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Using vopie Enhanced Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

▼ To use the vopie enhanced authentication method . . . . . . . . . . . . . . . . . . . . . . . . . 86

vopie Enhanced Authentication Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Using noauth Rather than vopie Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

Troubleshooting Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95

Enhanced Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Enhanced Authorization Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Gaining Access to a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Gaining Access to a Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Configuring NetBackup Enhanced Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Enabling NetBackup Enhanced Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Adding an Authorized User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

▼ To create a list of authorized users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Using the Administration Console to Specify Preferred Groups (Optional) . . . 99

▼ To specify a preferred group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Example Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101

Chapter 3. Additional Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Multiplexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

When to Use Multiplexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

How to Configure Multiplexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Maximum Multiplexing Per Drive for Storage Unit . . . . . . . . . . . . . . . . . . . . . . 105

Contents vii

Media Multiplexing for a Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Other Configuration Settings to Consider Using Multiplexing . . . . . . . . . . . . 108

Demultiplexing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Using Multiple NetBackup Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Configuring a Master and Media Server Grouping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Software on Each Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

NetBackup Catalogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Adding a Media Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

▼ To add a media server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

NetBackup Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Syntax Rules for bp.conf Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

bp.conf Options for Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

ALLOW_MEDIA_OVERWRITE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

ALLOW_MULTIPLE_RETENTIONS_PER_MEDIA . . . . . . . . . . . . . . . . . . . . . 118

ALLOW_NON_RESERVED_PORTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

AUTHENTICATION_DOMAIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

AUTHORIZATION_SERVICE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

BPBRM_VERBOSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

BPDBJOBS_COLDEFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

BPDBM_VERBOSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

BPRD_VERBOSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

BPTM_VERBOSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

BPEND_TIMEOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

BPSTART_TIMEOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

CHECK_RESTORE_CLIENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

CLIENT_CONNECT_TIMEOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

CLIENT_PORT_WINDOW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

CLIENT_READ_TIMEOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

CLIENT_RESERVED_PORT_WINDOW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

CONNECT_OPTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

viii NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

DEFAULT_CONNECT_OPTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

DISABLE_JOB_LOGGING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

DISABLE_STANDALONE_DRIVE_EXTENSIONS . . . . . . . . . . . . . . . . . . . . . . 132

DISABLE_SCSI_RESERVE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

DISALLOW_BACKUPS_SPANNING_MEDIA . . . . . . . . . . . . . . . . . . . . . . . . . . 133

DISALLOW_CLIENT_LIST_RESTORE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133

DISALLOW_CLIENT_RESTORE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

EMMSERVER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

ENABLE_ROBUST_LOGGING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

FAILOVER_RESTORE_MEDIA_SERVERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134

FORCE_RESTORE_MEDIA_SERVER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

GENERATE_ENGLISH_LOGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

INCOMPLETE_JOB_CLEAN_INTERVAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

INITIAL_BROWSE_SEARCH_LIMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136

LIMIT_BANDWIDTH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

MEDIA_ID_PREFIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139

MEDIA_UNMOUNT_DELAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139

MEDIA_REQUEST_DELAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

MEDIA_SERVER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140

MPX_RESTORE_DELAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140

MUST_USE_LOCAL_DRIVE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

NBRB_CLEANUP_OBSOLETE_DBINFO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

NBRB_ENABLE_OPTIMIZATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

NBRB_FORCE_FULL_EVAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

NBRB_REEVAL_PENDING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

NBRB_REEVAL_PERIOD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

NBRB_RETRY_DELAY_AFTER_EMM_ERR . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

NBRB_MPX_GROUP_UNLOAD_DELAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

RANDOM_PORTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

RE_READ_INTERVAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143

Contents ix

REQUIRED_INTERFACE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

REQUIRED_NETWORK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

SERVER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

SERVER_PORT_WINDOW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

SERVER_RESERVED_PORT_WINDOW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

SKIP_RESTORE_TO_SYMLINK_DIR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

SERVER_CONNECT_TIMEOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

UNLINK_ON_OVERWRITE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

USE_VXSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

VERBOSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

VXSS_NETWORK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

bp.conf Options for UNIX Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

ALLOW_NON_RESERVED_PORTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

AUTHENTICATION_DOMAIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

BPARCHIVE_POLICY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

BPARCHIVE_SCHED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

BPBACKUP_POLICY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

BPBACKUP_SCHED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

BUSY_FILE_ACTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

BUSY_FILE_DIRECTORY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

BUSY_FILE_NOTIFY_USER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

BUSY_FILE_PROCESSING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

CLIENT_NAME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

CLIENT_PORT_WINDOW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

CLIENT_READ_TIMEOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

CLIENT_RESERVED_PORT_WINDOW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

COMPRESS_SUFFIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

CRYPT_CIPHER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

CRYPT_KIND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

CRYPT_OPTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

x NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

CRYPT_STRENGTH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158

CRYPT_LIBPATH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

CRYPT_KEYFILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

DISALLOW_SERVER_FILE_WRITES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

DO_NOT_RESET_FILE_ACCESS_TIME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

GENERATE_ENGLISH_LOGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

IGNORE_XATTR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160

INFORMIX_HOME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

INITIAL_BROWSE_SEARCH_LIMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161

KEEP_DATABASE_COMM_FILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

KEEP_LOGS_DAYS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

LIST_FILES_TIMEOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161

LOCKED_FILE_ACTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

MEDIA_SERVER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162

MEGABYTES_OF_MEMORY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

NFS_ACCESS_TIMEOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

RANDOM_PORTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

RESTORE_RETRIES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163

REQUIRED_INTERFACE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163

SERVER_PORT_WINDOW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

SERVER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

SYBASE_HOME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164

USE_CTIME_FOR_INCREMENTALS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

USE_FILE_CHG_LOG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164

USE_VXSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

USEMAIL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

VERBOSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

VXSS_NETWORK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

UNIX Client Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Example /usr/openv/netbackup/bp.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Contents xi

Example $HOME/bp.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Dynamic Host Name and IP Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Setting up Dynamic IP Addresses and Host Names . . . . . . . . . . . . . . . . . . . . . . . . 168

Configuring the NetBackup Master Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Configuring a Dynamic Microsoft Windows Client . . . . . . . . . . . . . . . . . . . . . . . . 171

Configuring a Dynamic UNIX NetBackup Client . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Busy-File Processing (UNIX Clients Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Modifying bp.conf to Configure Busy-File Processing . . . . . . . . . . . . . . . . . . . . . . 174

BUSY_FILE_PROCESSING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

BUSY_FILE_DIRECTORY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

BUSY_FILE_ACTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Creating Action Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Logs Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Modifying bpend_notify_busy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Configuring E-mail Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Specifying the Locale of the NetBackup Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Adjusting Time Zones in the NetBackup-Java Console . . . . . . . . . . . . . . . . . . . . . . . . 181

▼ To set the time zone and Daylight Savings Time . . . . . . . . . . . . . . . . . . . . . . . . . 182

Chapter 4. Using bpadm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Starting bpadm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Defining and Managing Storage Units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

Adding a Removable or Robotic Storage Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187

▼ To add a removable or robotic storage unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Adding a Disk Type Storage Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

▼ To add a disk type storage unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

Displaying and Changing Storage Unit Configurations . . . . . . . . . . . . . . . . . . . . . 194

▼ To use the Storage Unit Management menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

Defining and Managing Storage Unit Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

xii NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

Adding a Storage Unit Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

▼ To add a storage unit group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

Displaying and Changing Storage Unit Group Configurations . . . . . . . . . . . . . . . 197

▼ To view or change storage unit group configurations . . . . . . . . . . . . . . . . . . . . . . 197

Defining and Managing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

Adding a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

▼ To add a policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199

Displaying and Changing Policy Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

▼ To view or change policy configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Defining and Managing the Client List for a Policy . . . . . . . . . . . . . . . . . . . . . . . . .204

Adding Clients to a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

▼ To add clients to a policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204

Displaying Client Lists and Deleting Clients from a Policy . . . . . . . . . . . . . . . . 206

▼ To view client lists or delete clients from a policy . . . . . . . . . . . . . . . . . . . . . . . . .206

Defining and Managing the Selections List for a Policy . . . . . . . . . . . . . . . . . . . . . . 207

Adding to a Selections List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

▼ To add entries to a selections list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Displaying and Changing a File List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

▼ To view file lists or delete files from a policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209

Defining and Managing Schedules for a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209

Adding a Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

▼ To add either an automatic or user-directed schedule . . . . . . . . . . . . . . . . . . . . . . 209

Displaying and Modifying a Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

▼ To view or modify schedules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Defining NetBackup Global Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

▼ To list or modify Global attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

Installing NetBackup Software on All Trusting Client Hosts . . . . . . . . . . . . . . . . . . . . 220

Displaying Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221

▼ To view reports or change report parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

▼ To view media reports or change report parameters . . . . . . . . . . . . . . . . . . . . . . . 223

Contents xiii

Managing bprd (NetBackup Request Daemon) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

▼ To manage the request daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

Redefining Retention Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

▼ To redefine retention levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

Performing Manual Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

▼ To perform manual backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

Backing Up the NetBackup Catalog Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

Listing Catalog Backup Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Modifying Offline Catalog Backup Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Deleting Offline Catalog Backup Media ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Performing Manual Offline Catalog Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Adding Backup File Paths to an Offline Catalog Backup . . . . . . . . . . . . . . . . . . . . 235

▼ To add an offline catalog backup path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Removing Offline Catalog Backup File Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Configuring an Online Catalog Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

▼ To create an online catalog backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Chapter 5. Reference Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Rules for Using Host Names in NetBackup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Qualifying Host Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

How NetBackup Uses Host Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Server and Client Name on UNIX Servers and Clients . . . . . . . . . . . . . . . . . . . 242

Host Names on Windows Servers and PC Clients . . . . . . . . . . . . . . . . . . . . . . . 243

Policy Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Image Catalog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Error Catalog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Catalog Backup Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

How to Update NetBackup After a Host Name Changes . . . . . . . . . . . . . . . . . . . . 244

Special Considerations For Domain Name Service (DNS) . . . . . . . . . . . . . . . . . . . 245

Reading Backup Images with tar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

xiv NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

Effects of Using a Non-NetBackup tar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

▼ To restore files using a non-NetBackup tar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Possible Files Generated By tar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Factors Affecting Backup Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Total Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Transfer Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251

Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Device Delays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252

Determining NetBackup Transfer Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Network Transfer Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252

Network Transfer Plus End-of-Backup-Processing Rate . . . . . . . . . . . . . . . . . . . . . 253

Total Transfer Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .253

How NetBackup Builds a Worklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Building the Worklist (Queue) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Prioritizing Queued Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Determining Backup Media Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

NetBackup Notify Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258

backup_notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259

backup_exit_notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

bpstart_notify (UNIX clients only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

bpstart_notify.bat (Microsoft Windows clients only) . . . . . . . . . . . . . . . . . . . . . 262

bpend_notify (UNIX clients only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

bpend_notify.bat (Microsoft Windows clients only) . . . . . . . . . . . . . . . . . . . . . . 267

dbbackup_notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

diskfull_notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

mail_dr_info.sh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

parent_end_notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

parent_start_notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

restore_notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Contents xv

session_notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

session_start_notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

userreq_notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Chapter 6. Using NetBackup With AFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Server and Client Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

General Policy Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Client List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Backup Selections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Backup Selection List Directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

Exclude and Include Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Backups and Restores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Automatic Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Manual Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Restores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Restore From the NetBackup for AFS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Restore From the NetBackup Master Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Notes About Restores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Troubleshooting Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Troubleshooting Restores . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Chapter 7. Intelligent Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

Changes for NetBackup 6.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

Supported Windows Editions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

Requirements for IDR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

xvi NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

Overview of IDR Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

About the DR Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

Configuring NetBackup Policies for IDR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

Backing Up the System to be Protected . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Creating IDR Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288

Choosing the Bootable Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Creating Bootable Diskettes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

▼ To create bootable diskettes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Modifying Diskette Sets for Use with Multiple Windows 2000 Computers . . 291

Creating a Bootable CD Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

▼ To create a bootable CD image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Creating IDR Diskettes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

▼ To create IDR diskettes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Updating IDR Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Updating a Bootable CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .295

Updating Bootable Diskettes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .295

▼ To update IDR bootable diskettes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Updating IDR Diskettes Only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296

▼ To update IDR diskettes using IDR Preparation Wizard . . . . . . . . . . . . . . . . . . . 296

Using drfile.exe to Create or Update a DR File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

Recovering Your Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

Step 1: Boot Your Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

▼ To boot a computer using a bootable diskette . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298

▼ To boot from a bootable CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Step 2: Windows Setup in IDR Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

▼ To use Windows setup in IDR recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Step 3: Disaster Recovery Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300

▼ To use the Disaster Recovery Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Notes on Altering Hard Drive Partition Sizes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .304

Notes on Recovering Specific Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .304

Contents xvii

Recovering the Dell PowerEdge 6100/200 with RAID . . . . . . . . . . . . . . . . . . . . . . 304

▼ Use the following steps with your IDR recovery diskette set . . . . . . . . . . . . . . . . 304

Recovering IBM Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Recovering Compaq Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

IDR Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

xviii NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

Preface

This guide describes how to configure and manage the operation of VERITAS NetBackup™ Server and VERITAS NetBackup Enterprise Server for UNIX and Linux platforms. See the NetBackup Release Notes for a list of the hardware and operating system levels that NetBackup supports.

To determine the version and release date of installed software, see the version file located here in /usr/openv/netbackup

Getting Help

You can find answers to questions and get help from the NetBackup documentation and from the VERITAS technical support web site.

Finding NetBackup Documentation

A list of the entire NetBackup documentation set appears as an appendix in the NetBackup Release Notes. All NetBackup documents are included in PDF format on the NetBackup

Documentation CD.

For definitions of NetBackup terms, consult the online glossary.

▼ To access the NetBackup online glossary

1. In the NetBackup Administration Console, click Help > Help Topics.

2. Click the Contents tab.

3. Click Glossary of NetBackup Terms.

Use the scroll function to navigate through the glossary.

xix

Getting Help

Accessing the VERITAS Technical Support Web Site

The address for the VERITAS Technical Support Web site is http://support.veritas.com.

The VERITAS Support Web site lets you do any of the following:

◆ Obtain updated information about NetBackup, including system requirements,

supported platforms, and supported peripherals

◆ Contact the VERITAS Technical Support staff and post questions to them

◆ Get the latest patches, upgrades, and utilities

◆ View the NetBackup Frequently Asked Questions (FAQ) page

◆ Search the knowledge base for answers to technical support questions

◆ Receive automatic notice of product updates

◆ Find out about NetBackup training

◆ Read current white papers related to NetBackup

From http://support.veritas.com, you can complete various tasks to obtain specific types of support for NetBackup:

1. Subscribe to the VERITAS Email notification service to be informed of software alerts,

newly published documentation, Beta programs, and other services.

a. From the main http://support.veritas.com page, select a product family and a

product.

b. Under Support Resources, click Email Notifications.

Your customer profile ensures you receive the latest VERITAS technical information pertaining to your specific interests.

2. Locate the telephone support directory at http://support.veritas.com by clicking the

Phone Support icon. A page appears that contains VERITAS support numbers from around the world.

Note Telephone support for NetBackup is only available with a valid support

contract. To contact VERITAS for technical support, dial the appropriate phone number listed on the Technical Support Guide included in the product box and have your product license information ready for quick navigation to the proper support group.

3. Contact technical support using e-mail.

xx NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

a. From the main http://support.veritas.com page, click the E-mail Support icon.

A wizard guides you to do the following:

◆ Select a language of your preference

◆ Select a product and a platform

◆ Provide additional contact and product information, and your message

◆ Associate your message with an existing technical support case

b. After providing the required information, click Send Message.

Contacting VERITAS Licensing

For license information, you can contact us as follows:

◆ Call 1-800-634-4747 and select option 3

◆ Fax questions to 1-650-527-0952

◆ In the Americas, send e-mail to amercustomercare@veritas.com.

In the Asia and Pacific areas, send email to apaccustomercare@veritas.com.

In all other areas, send email to internationallicense@veritas.com.

Accessibility Features

NetBackup contains features that make the user interface easier to use by people who are visually impaired and by people who have limited dexterity. Accessibility features include:

◆ Support for assistive technologies such as screen readers and voice input (Windows

servers only)

◆ Support for keyboard (mouseless) navigation using accelerator keys and mnemonic

keys

For more information, see the NetBackup Installation Guide.

Preface xxi

Comment on the Documentation

Let us know what you like and dislike about the documentation. Were you able to find the information you needed quickly? Was the information clearly presented? You can report errors and omissions or tell us what you would find useful in future versions of our manuals and online help.

Please include the following information with your comment:

◆ The title and product version of the manual on which you are commenting

◆ The topic (if relevant) on which you are commenting

◆ Your c omme nt

◆ Your n ame

Email your comment to NBDocs@veritas.com.

Please only use this address to comment on product documentation. See “Getting Help” in this preface for information on how to contact Technical Support about our software.

We appreciate your feedback.

xxii NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

Access Management

Access to NetBackup can be controlled by defining user groups and granting explicit permissions to these groups. Configuring user groups and assigning permissions is done using Access Management in the NetBackup Administration Console.

This chapter discusses how to set up and manage access to NetBackup. It contains the following sections:

◆ “NetBackup Access Management Components” on page 2

◆ “Installation Overview” on page 5

◆ “Installing and Configuring Access Control for Master Servers” on page 8

◆ “Installing and Configuring Access Control for Media Servers” on page 12

◆ “Installing and Configuring Access Control for Clients” on page 15

◆ “Installing the Authentication Service Root Broker (Root + AB)” on page 18

◆ “Installing the Authorization Server” on page 21

◆ “Configuring Access Control Host Properties” on page 23

◆ “Access Management Troubleshooting Guidelines” on page 28

◆ “Using the Access Management Utility” on page 54

◆ “Determining Who Can Access NetBackup” on page 56

Note Access Management and Enhanced Authorization and Authentication (see Chapter 2) are

independent methods of Access Control. Access Management is the newest and will be the preferred method in future NetBackup releases. If both Access Management and Enhanced Authorization and Authentication are configured, Access Management takes precedence.

Note If some media servers are not configured with access control,

non-root/non-administrator users will not be able to manage those servers.

NetBackup Access Management Components

NetBackup uses the VERITAS Security Services (VxSS) to help implement core security. VxSS is a set of shared VERITAS infrastructure services, installed from one of the infrastructure common services CDs containing VxSS for your platform. The CDs are packaged as part of NetBackup.

Note NetBackup Access Management relies on the use of home directories. Please see the

documentation for your operating system for more information on home directories.

Note In order for members of the NBU_Operator user group to continue viewing media

and device information, run the following command:

bpnbaz -UpGrade60

Running this command brings the NetBackup 5.x permissions for the NBU_Operator user group up to the expected configuration for 6.0.

VxSS Components

When you install VxSS, you’re installing and configuring the following services and client software:

◆ Authentication (At Server, At Client)

Authentication is the process of proving your identity to the VxSS system. Authentication is accomplished by communicating with the daemon which, in turn, validates your identity with the operating system.

For more information on authentication or the authentication daemon (vxatd), see the VERITAS Security Services Administrator’s Guide found on one of the infrastructure common services CDs containing VxSS for your platform.

◆ Authorization (Az Server, Az Client)

Authorization is the process of verifying that an identity has permission to perform the desired action. NetBackup verifies permissions with the authorization daemon for most actions. In many cases, NetBackup alters what information is accessible from the command line and Administration Console.

For more information on authorization or the authorization daemon (vxazd), see the VERITAS Security Services Administrator’s Guide found on one of the infrastructure common services CDs containing VxSS for your platform.

2 NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

NetBackup Access Management Components

Root Broker

A Root Broker is a NetBackup server that has VxSS Authentication Server installed and is configured to be a Root Broker. There is always one Root Broker in every NetBackup Access Management configuration.

The Root Broker acts as the most trusted certificate authority, implementing a registration authority for Authentication Brokers, as well as itself.

While a Root Broker can authenticate an Authentication Broker, an Authentication Broker cannot authenticate a Root Broker.

In many cases, the Root Broker will also be an Authentication Broker. This chapter describes installing VxSS services, then it describes configuring the NetBackup server to be a Root Broker and an Authentication Broker (Root Broker + AB). For more information on the authentication Root Broker, see the VERITAS Security Services Administrator’s Guide found on one of the infrastructure common services CDs containing VxSS for your platform.

Authentication Brokers

An Authentication Broker is a server that has VxSS Authentication Server installed. This machine is part of the Root Broker’s private Access Management domain. An Authentication Broker can authenticate clients, but not other brokers.

The member of the NetBackup Security Administrator user group can choose which Authentication Broker a client should contact for authentication. (See “Example

Configuration Containing Windows Systems Only” on page 29 or “Example Configuration Containing UNIX Systems Only” on page 35 for a depiction of this

configuration.)

For example:

◆ A Windows 2000 client uses a Windows Authentication Broker for authentication.

◆ A UNIX client uses a UNIX Authentication Broker for authentication.

◆ For more information on authentication brokers, see the VERITAS Security Services

Administrator’s Guide found on one of the infrastructure common services CDs containing VxSS for your platform.

Security Administrator

The user who installs and configures VxSS software for use with NetBackup Access Management is, by default, a member of the NBU_Security Admin user group. This chapter will refer to a member of the NBU_Security Admin group as a Security Administrator. Users can be added to the group, but there are usually few members.

Chapter 1, Access Management 3

NetBackup Access Management Components

Members of the NBU_Security Admin user group are the only users who can view the contents of Access Management > Users and Access Management > NBU User Groups in the NetBackup Administration Console. Security Administrators are the only users allowed to create user groups, assign users to the groups, and define permissions for the groups. However, Security Administrators, by default, do not have permission to perform any other NetBackup administration activities. (See “Security Administrator

(NBU_Security Admin)” on page 58.)

4 NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

Installation Overview

For a detailed installation description, see “Installing and Configuring Access Control

for Master Servers” on page 8.

Order for Installation

1. Complete all NetBackup master server installations:

a. Complete Root + AB installation of VxSS Authentication server.

b. Complete VxSS Authorization server installation.

c. Configure master servers for NetBackup Access Control. See “Installing and

Configuring Access Control for Master Servers” on page 8.

2. Complete all NetBackup media server installations, then configure media servers for

NetBackup Access Control. See “Installing and Configuring Access Control

for Media Servers” on page 12.

3. Complete all NetBackup client installations, then configure clients for NetBackup

Access Control. See “Installing and Configuring Access Control for Clients” on page 15.

Installation Overview

Order for Upgrade

Use the following order for upgrading any NetBackup machine that uses NetBackup Access Control.

1. Stop NetBackup.

2. Upgrade VxSS.

3. Configure Access Control on the NetBackup machines. See:

◆ “Installing and Configuring Access Control for Master Servers” on page 8.

◆ “Installing and Configuring Access Control for Media Servers” on page 12.

◆ “Installing and Configuring Access Control for Clients” on page 15.

Chapter 1, Access Management 5

Installation Overview

Including VxSS Databases in the NetBackup Catalog Backup

In NetBackup environments which use the online, hot catalog backup method, no additional configuration is needed in order to include the VxSS Authorization and Authentication databases in the catalog backup.

In environments which use the offline, cold catalog backup method, one additional step is required:

Within the NetBackup Catalog Wizard or on the Files tab of the offline catalog configuration dialog, add the following directives for each host in the NBAC domain:

Note If the master server using

[

host

:]nbat

[

host

:]nbaz

NBAC is a UNIX machine, VERITAS recommends that you do not include the NetBackup master server configuration file (/usr/openv/netbackup/bp.conf) in the offline catalog backup file list. If bp.conf is included in the list, it must not be recovered until all other catalog recovery is completed.

VxSS Component Distribution

The VxSS components can be distributed throughout a configuration, just as NetBackup can distribute master servers, media servers and clients.

Note Although the Authentication broker and Authorization broker can technically be

placed on any machine, VERITAS currently recommends that the root Authentication broker and Authorization broker be placed on the NetBackup master server. At a minimum, the root Authentication broker must reside on the master server.

6 NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

Installation Overview

For specific VxSS installation information, refer to the VERITAS Security Services Installation Guide, found on the VxSS installation CD.

NetBackup Installation Required Authentication Required Authorization

Component Component

Master server At server Az server

Media server At client Az client

Client At client None

Windows Remote Administration At client Az client Console (only)

Java Windows Display Console (only)* At client None

Java Display Console At client None

*The At client is required for all Java consoles. Concerning the Java Windows Display Console, the At client must be installed on the Windows host before installing the Java Windows Display Console. This ensures that the Windows Display Console is configured correctly to use the VxSS component successfully.

Note While it is possible to share the Enterprise Media Manager server between multiple

master servers, this configuration is not supported when using Access Control. The EMM server must be bound to one master server.

The following sections describe some actions you can take to verify that the components are correctly installed in a mixed environment:

◆ “Windows Verification Points” on page 28

◆ “UNIX Verification Points” on page 35

◆ “Verification Points in a Mixed Environment with a UNIX Master Server” on page 41

◆ “Verification Points in a Mixed Environment with a Windows Master Server” on

page 46

◆ “UNIX Verification Points” on page 35

Chapter 1, Access Management 7

Installing and Configuring Access Control for Master Servers

The following steps describe configuring NetBackup Access Control for the master server in a NetBackup configuration. A master server requires Authentication Server and Client software and Authorization Server and Client software.

Throughout this chapter, in the configuration examples we’ll refer to the following host names:

Windows UNIX

Master Servers win_master unix_master

Media Servers win_media unix_media

Clients win_client unix_client

1. If this is an upgrade installation, stop NetBackup.

2. Using one of the infrastructure common services CDs containing VxSS for your

platform, install both the VxSS Authentication Server and Client software on the master server. This master server will be a Root + AB (Authentication Broker).

See “Installing the Authentication Service Root Broker (Root + AB)” on page 18 and the VERITAS Security Services Installation Guide on the VxSS installation CD.

3. Using one of the infrastructure common services CDs containing VxSS for your

platform, install the VxSS Authorization Server and Client software on the master server. To do this, you must perform a custom installation.

See “Installing the Authorization Server” on page 21 and the VERITAS Security Services Installation Guide on one of the infrastructure common services CDs containing VxSS for your platform.

4. Complete all NetBackup master server installations or upgrades.

5. Create a machine account for the master server. Make sure that the Authentication

and the Authorization services are running. See “UNIX Verification Points” on page 35 or “Windows Verification Points” on page 28.

The command in this step must be run as either root (UNIX) or as a member of the local Administrator group (Windows) on the Root+AB Authentication broker. For more information about this step, see “Configuring Authentication on the Root Broker

for Use with NetBackup” on page 19.

8 NetBackup System Administrator’s Guide for UNIX and Linux, Volume II

+ 308 hidden pages

VERITAS NetBackup 6.0 Administrator s Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Preface

Getting Help

Finding NetBackup Documentation

Accessing the VERITAS Technical Support Web Site

Contacting VERITAS Licensing

Accessibility Features

Comment on the Documentation

Access Management

NetBackup Access Management Components

VxSS Components

Root Broker

Authentication Brokers

Security Administrator

Installation Overview

Order for Installation

Order for Upgrade

Including VxSS Databases in the NetBackup Catalog Backup

VxSS Component Distribution

Installing and Configuring Access Control for Master Servers