Recent Discussions
NB 10.4.0.1 bpnbat vs nboracmd
Hi communities, our environment is Linux with NB 10.1.1. We have scripts to manage RMAN instances and we use a lot of home-made scripts in CLI with Netbackup commands like nboraadm. In our scripts, we can register instances and delete them, all from within our scripts. We installed a new Linux environment with NB 10.4.0.1. We found that the nboraadm command is no longer exists under NB 10.4.0.1 and has been replaced by nboracmd. This command is different from the old one and I'd like to adapt our scripts with the new command. I find that if I simply want to list instances with this command: “nboracmd list instances”, it returns this: “A web login is required. Run the 'bpnbat' command to login.”. I wasn't familiar with this command (bpnbat) and to my surprise, it dates back to a few versions of NB and we've never needed to use this. My question.... am I obliged to use this command (bpnbat) or is there a way around this? If there's no way, will I have to add the “bpnbat” command to all my scripts with a response file that will contain a clear text password? I'm trying to find the logic to this... Veritas wants to secure certain commands but the possibility of automating this is to have a file containing a logon and pwd in clear text. If I'm wrong, please let me know!!! I'd like to migrate my scripts with as little impact as possible Sorry for my english !!!laguns9713 hours agoLevel 417Views0likes2CommentsNetBackup 10.5 Automatic Malware Scanning of Malware-Tagged Imported Images
One of the biggest challenges for malware scanning of backup images is deciding if and when to commit the resources to do it. Many data protection domains simply don’t have enough resources to scan every image. Plus, only images to be restored really need to be scanned. I wrote a paper on these issues here: The Smart Use of Malware Scanning in NetBackup In enterprise data protection there’s another situation that complicates things even further - malware hopping domains through backup images. The danger that image replications/duplications could spread malware during restores. That’s a potential disaster with DR and Independent Recovery Environments (IREs). Release 10.5 solves this with a new feature that provides automated malware scans based on backup time anomaly detection. If an image gets tagged as probably infected in a production domain, it can be automatically scanned after importation into a secondary, DR, or IRE domain. This feature works as follows: Activate automated scanning on a second domain using current local automated malware settings Scan imported images on the secondary domain based on user-defined configuration parameters. These parameters are the ones already available for automatic scanning on a primary server before the 10.5 release. Once an image gets replicated to a secondary domain, the secondary domain’s current automated scan schedule is modified to find imported images matching user-defined criteria. This criterion includes images with a probable infection score of 10 or higher by default. Once these images are identified, the rest of the configured automated malware scanning workflow gets triggered. NOTE: Source domain anomaly detection takes a maximum of fifteen minutes after the original backup is completed. If during this time an image gets replicated to a secondary target domain, there are no anomaly tags on that image for criteria matching.Such images without malware tagging do not active this feature on the secondary domain. Plan the use of this feature accordingly. Anomaly_config.conf Configuration The first half of activating this new feature is performing these general secondary primary server steps. The second half of activation is configuring malware scanning in the WebUI: 1. Copy the anomaly_config.conf.template file on the secondary primary server to anomaly_config.conf if this has not already been done. 2. Review the configuration file’s contents. Explanations for all setting options are stored as comments in this file. 3. Activate the configuration option ENABLE_SCAN_FOR_IMPORTED_COPY as per the comment instructions in that file. 4. If desired, configure any other scanning settings related to client, scan host pool, severity, and detection scores common to the ENABLE_SCAN_FOR_IMPORTED_COPY and ENABLE_AUTOMATED_SCAN options. 5. Add the new configuration setting lines to the end of the file after the commented lines. 6. Update your server config documentation to include the above steps. Here’s an example of what the last lines of a modified anomaly_config.conf file might look like after activating the malware import scanning feature: [AUTOMATED_MALWARE_SCAN_SETTINGS] ENABLE_SCAN_FOR_IMPORTED_COPY=1 TRIGGER_SCAN_FOR_MEDIUM_SEVERITY=0 TRIGGER_SCAN_FOR_SCORE_GREATER_THAN=2.5 SCAN_HOST_POOL_NAME=main-scanhost-pool ENABLE_ALL_CLIENTS=0 NUM_CLIENTS_BATCH_SPECIFIED=1 ENABLE_SCAN_ON_SPECIFIC_CLIENT_1=someclient.someplace.somewhere.com NOTE: The TRIGGER_SCAN_FOR_RANSOMWARE_EXT_IMAGES setting is not supported for imported images, it’s only for locally created images. WebUI Configuration Once the above is completed, the rest of the automatic import scanning is configured through the WebUI as shown below. 1. If it’s not already done, install, configure, and test thesource NetBackup primary server that will be replicating images to the target (DR, IRE, etc.) primary server. 2. Perform the following on the targetsecondary domain as shown below. Go to Detection and Reporting -> Anomaly detection -> Anomaly detection settings -> Backup anomaly detection settings. Edit the Backup anomaly detection settings to Enable automatic scan for imported copy as shown here. Note the informational notice callout (highlighted in blue) for the anomaly_config.conf file. If this file has not been modified as discussed earlier, editing the imported copy settings has no effect. 3. Make all other needed scanning configuration settings. The most commonly modified ones are used by both imported and locally made backup images of a domain (severity, pool score, ransomware extension, etc.). Notify your Security Team of the choices you select so they know what protections you put in place. 4. When anomalies are detected in imported backups, use the logging below on the secondary primary server verify that malware scanning is triggered for these imported anomalies. Log Location on Red Hat Linux Location on Windows nbwebservice /usr/openv/logs/nbwebservice/ C:\Program Files\Veritas\NetBackup\logs\nbwebservice nbanomalymgmt /usr/openv/netbackup/logs/nbanomalymgmt/ C:\Program Files\Veritas\NetBackup\logs\nbanomalymgmt Update your server config documentation to include the above steps and administrative monitoring procedures.14Views0likes0CommentsNutanix backup with NBU
Hi All, First time performing an integration of a Nutanix cluster to NBU and was wondering how does it work ? In other backup vendors, you have to install a VM inside the cluster to work as a proxy, which then mounts the VM Disks to be backed up and sends the backup data to MediaServer equivalent. In NBU documentation, I see that you need a "Backup Host" but it is not specified if it has to be implemented inside the cluster. If not, how the backup process works ? How VMs disks are mounted ? An overall architecture on how it works would be nice. Also, what has to be configured in the Netbackup Web UI ? Other vendors tend to use PRISM Central, while in NBU doc I see that you have to connect to the Nutanix Cluster (No mention of PRISM). Thanks in advance for any guidance provided.BackupExecAdmin2 days agoLevel 227Views0likes2CommentsIT Analitycs 11.5 report for jobs running more then 10 hours
Hello, I need daily report to display backup jobs running more then 10 hours. It will be nice if any one can halo me to create report with the following fields: Client Name Policy Name Policy Type Job Duration(Hours) I try to create customer report from IT Analitics web UI but I did't successed. Also report library web portal does't covers any report that I need. Thanks Regardsturhan_sensoy2 days agoLevel 59Views0likes0CommentsBMR Master Server on Netbackup Flex Appliance
Hi, Im trying to configure BMR master server. My NetBackup server are running on Flex Appliance. I could not find a clear guide or manual to do this. Googling around I only manage to find guide for NetBackup Appliance, not Flex Appliance. Can someone please guide me.7Views0likes0CommentsNetbackup upgrade 10.2 to 10.2.0.1 fails
Hello, Has anyone seen or have a resolution to the following error when upgrading to 10.2.0.1 on Windows 2016 x64? Error comes during nbcheck.exe Gathering host data, then a window pop-ups: Errors were encountered while assessing the state of catalog backups: nbcheck.exe returned unexpected status code [5]. I click on "OK" Netbackup Installation Summary: Ignore Missing catalog Backups: Unexpected error I goto my Netbackup 10.2 goodies folder and run: nbcheck.exe --test=last_catalog_backup_check ok last_catalog_backup_check: Last catalog backup run on this primary server was less than 24 hours ago.Asher-nbu2 days agoLevel 351Views0likes6CommentsWas about to upgrade to NetBackup 10.5 but guess we need to upgrade our RHEL environment?
Hello We currently have a single server RedHat Linux 7.9 ( Red Hat Enterprise Linux Server release 7.9 (Maipo)) that is both our MASTER/MEDIA server currently running NetBackup Enterprise version 10.0.0.1. We have a current openssl vulnerability in which Veritas doesnt have an EEB for. They have recently informed us that the openssl has been updated in NetBackup version 10.5 "NetBackup 10.5 has dropped OpenSSL 1.0.2 versions in favor of OpenSSL 3.x. Specifically 10.5 has OpenSSL 3.0.14+SL_CCS-2.1.2+b 23 Aug 2024" This would clear are vulnerability that has been lagging on our environment. So we were about to perform an upgrade from 10.0.0.1 to 10.5. According to the SORT Compatibility charts etc. Version 10.5 is compatible with RHEL 7.9 enterprise linux. But reviewing the 10.5 upgrade guide a second time I noticed that on page 35 the following - not sure how I missed it the first time: Minimum operating system versions: The minimum operating system that is required for NetBackup is changed. Starting with NetBackup 10.5, the minimum operating system is as shown: - RedHat Linux x86: 4.18.0-372 I opened a ticket with support and they said the following: Conclusion: Given the kernel version requirement specified in the upgrade guide, your current kernel version (3.10.0-1160.119.1.el7.x86_64) does not meet the minimum requirement of 4.18.0-372 for NetBackup 10.5. Therefore, you cannot upgrade to NetBackup 10.5 with your current RHEL version and kernel. Im not a guru Linux admin but I don't believe RHEL 7.9 enterprise can have the kernel upgraded to 4.18.0-372. Waiting to hear back from our Linux admin. We have the intention in the near future to upgrade the NetBackup Linux OS version to "Red Hat Enterprise Linux 8.10 (Ootpa)" which is running a kernel of 4.18.0x..... Just didn't think we would need to do this now. So wanted to see if anyone has some good advise on upgrading a NetBackup Linux OS from RHEL 7.9 to RHEL 8.10. I don't really see any hits on the web regarding tech notes etc.. I found this but doesn't give me much - veritas.com/support/en_US/article.100047178 Any help on what to watch out for etc. would be appreciated Such as do all the Netbackup packages get carried over to the new OS etc. Thank you very Much! BCbc14104 days agoLevel 647Views0likes4CommentsNew NetBackup 10.5 Plug-In Gives DNAS Protection to Azure Files
A new plug-in allows NetBackup 10.5 to protect Azure Files as if it was a NAS filer. It does this through the new NetBackup Snapshot Manager (NBSM) NAS plug-in for Azure Files. NBSM uses Azure’s Software Developer Kit (SDK) storage API to connect with and move data to/from Azure Files. You can select this plug-in like all the other NetBackup plug-ins as shown below. The new plug-in can use Network File System (NFS) and Server Message Block (SMB) protocols to access Azure Files data. This lets you select the protocol(s) that meet your organization’s transport and security requirements. As of SMB version 4.X, NFS has a slight performance advantage over older SMB versions. See the NetBackup™ Snapshot Manager Install and Upgrade Guide version 10.5 for detailed plug-in installation and configuration instructions. NetBackup Snapshot Manager (NBSM) establishes a connection with Azure Files Storage using the REST client. It then discovers whatever resource groups, storage accounts, file shares, and file share snapshots are available. This discovery gives NetBackup 10.5+ the following Azure File snapshot operations: Creating file share snapshots Exporting snapshots Restoring snapshots Deporting snapshots Deleting snapshots A NetBackup Storage Lifecycle Policy (SLP) is required to run the snapshot and call a NAS-Data-Protection policy to coordinate the backup. The new Azure Files plug-in also offers the same great DNAS features available in previous versions. See these links for more information on these features: My DNAS backup tech paper: NetBackup Dynamic Network Attached Storage (DNAS) Filer Protection Version 10.4 Update: NetBackup 10.4+ DNAS Multi-Mount Capability Greatly Improves Snapshot Backup Performance23Views0likes0CommentsNetBackup 10.5 Offers High-Speed Multi-Streamed Snapshot/Replica NAS Recovery
In NetBackup 10.5 we’re introducing parallel recovery from NAS snapshots and replication copy backups. In previous releases we offered parallel recoveries from NAS backup images. Now we have this feature for NAS snapshot and replication images as well. To use the parallel recovery from snapshot feature, users need to set the snapshot or replication copy to be restored as the primary copy. They then run a restore job with a “number of streams” value set to be greater than “1”. An example number of “7” is shown in the figure below. A matching number of streams are produced and sent to the filer. These streams are spread as evenly as possible across the pre-configured backup (mount) hosts available (backup host pools or individual backup hosts). If only one backup host exists, all streams will come from that host and may cause disk and network I/O resource contentions if the number entered is too large. Multiple backup hosts offer better throughout and eliminate single points of failure. You’ll want to test your restore configuration accordingly. If you need to add backup hosts, see the backup host creation/configuration information in the NetBackup Snapshot Client Administrator’s Guide. NetBackup 10.5 also adds Checkpoint Restart (CPR) to NAS restores. CPR is supported for both single- and multi-stream restores. This means NetBackup administrators can now manually suspend and resume their restore jobs when necessary. (This is a critically important feature on production filers performing work and being restored at the same time.) Failed jobs can also be resumed after the failure causes are eliminated. CPR is supported for the backup copy only. It is not supported for restoring from snapshots or replica copies. NetBackup automatically maintains check point intervals as restore jobs progress. Architecture The graphic below shows the NetBackup processes used in a parallel NAS/DNAS recovery job from snapshot or replica copy images. The primary server coordinates the job between the mount hosts reading the image and destination filer host TAR-writing the recovery data. Each mount host mounts the snapshot(s) required and then streams the data to the NAS filer. TAR on the filer then writes the recovery data to the filer’s storage. Each stream is shown in Activity Monitor as a separate job under the parent restore job. Requirements and Prerequisites The following are needed to use NAS parallel recovery streams and CPR restores: Any supported NetBackup 10.5 primary server, media server, and NAS filer(s) Each restore host operating system must be RHEL, SUSE, or Windows A NetBackup 10.5 Snapshot Manager server-supported operating system with the following or newer: - Ubuntu 16.04 and 18.04 Server LTS - RHEL 8.2 and 7.x 10.5 Performance Increases As shown in the table below, parallel multi-stream NAS recoveries produce a significant restore performance improvement over single stream restores. The following example test was performed in our labs on a volume having close to 600K files of almost 26GB. Backing up the volume using DNAS with five streams took about eight minutes. A single-stream NAS restore required 27 minutes to finish the restore. A multi-stream NAS restore with five streams took close to nine minutes. That’s barely one minute more than the original backup, and almost unheard of with previous NAS restores. This means this new feature makes the restore time almost the same as the backup time using the same computing resources. Conclusion This great new NetBackup NAS multi-stream snap/replica restore feature can really save DR time and headaches. Administrators no longer have to dread filer restores if they use this feature. And all that’s required is using the right primary copy and specifying the number of mount hosts you have available for the job. Upgrade to NetBackup 10.5 today and lose that filer restore anxiety.41Views0likes0Comments