Authentication across multipl domains and vCenters
Hi,
I have been playing with netbackup 7.5 for a few weeks and I'm trying to figure out how I can work with multiple domains and multiple vCenters from an Authentication perspective.
Multiple vCenters
We have multiple vCenters, I can see that under "Media and Device Management" I can go to Credentials, Virtual Machine Servers and add all vCenters. However, when I create a new backup job policy tyoe "VMWare". there is no option to tell the policy which vcenter to use.
Multiple Domains - Agent Based.
My understanding is that I should create a backup account for each domain example "domain1\backupsvc1", "domain2\backupsvc2" and run the netbackup client service on each box in that domain with this user. However, where do I add these accounts on my master/media servers so that these user accounts from the different domains can write backups to my media servers?
Thanks.
However, when I create a new backup job policy tyoe "VMWare". there is no option to tell the policy which vcenter to use.
You can see which vCenter credential will be used on the Clients tab. You can see it easier if you use "select manually" instead of using the Query Builder to select the VMs. This is basically what the Captain said.
As for the domains, know that unlike other backup solutions (even Backup Exec), NetBackup does not really depend on domains and domain accounts.
NetBackup primarily operates under the Local System account, which in the Windows world has the highest security access level to the system, even higher than the local administrator account.By default, the Nbu client service on clients run under the Local System account, unless you change it to something else, such as a domain admin account. You would normally only need to change its account to give it access rights to applications. E.g., you have to do this with SQL, Exchange and Sharepoint backups.
Even then, the Master and Media Servers still do not need to be part of the client's domain/forest. All that really matters is that the Nbu client service on that client is already running a domain account that allows it access to the application data.
Once the Nbu client service has read all that it wanted to from the application, it will send this data to whoever it wants, and to whoever accepts. This "whoever" just so happens to be a Nbu Master/Media server on the network that doesn't even need to be a member in that domain, or any domains.
In a way, the Nbu client is like a... mischievous ware (with the highest credentials!). Once you let it in, it grabs all your things then send them off somewhere.