Solved: Cloning Windows client with NB 8.1.1 - Best practi...

laguns97 · ‎07-23-2019

Hi !

Our environment:

Master: AIX with NB 8.1.1

Media: Windows/Linux with NB 8.1.1

Our Windows guys, want to clone some Windows system in few week. Actually, they tried to clone one Windows server. The server is working fine but we have some problem with the client NB. When we clone, the NB client keep the client name of the original server and in the NB console, if we go in the "Host Management", we can find the original Windows server and in the "Mapped Host Name/IP Addresses", we can found the name of the cloned server. They have the same NB HOst ID, I don't think it's good !

For the other servers, we want to clone, what is the best way ? It is, just after the clone, remove the NB client and reinstall it ?

Just change the client name on the client server ?

If someone can help me about that !

Thanks !

davidmoline · ‎07-23-2019

Hi

With NetBackup 8.1+ security certificates come into play as you have found out.

You will need to follow the procedure in the Security and Encryption guide under the topic “Cleaning host ID-based certificate information from a host before cloning a virtual machine”.

After creating a virtual machine from the template or clone and setting the hostname and the NBU master server, they will need to deploy new certificates (both the master server CA certificate and the host ID certificate) into the client that’s installed in the VM. This is also covered in the Security and Encryption guide under the topic “Deploying host ID-based certificates”.

Cheers
David

View solution in original post

davidmoline · ‎07-23-2019

Hi

With NetBackup 8.1+ security certificates come into play as you have found out.

You will need to follow the procedure in the Security and Encryption guide under the topic “Cleaning host ID-based certificate information from a host before cloning a virtual machine”.

After creating a virtual machine from the template or clone and setting the hostname and the NBU master server, they will need to deploy new certificates (both the master server CA certificate and the host ID certificate) into the client that’s installed in the VM. This is also covered in the Security and Encryption guide under the topic “Deploying host ID-based certificates”.

Cheers
David

sdo · ‎07-24-2019

Before cloning :

1) on the master, add some client attributes for the new client, so that the master is aware that there is supposed to be a client of this name:

bpclient -add -client blah.blah.blah ...and also whatever other flags you want to define, like WOFB, client side dedupe, etc.

.

2) Now clone your VM / server.

.

After cloning :

...these next steps are all client based...

3) change the client name, use:

regedit, or reg add, or nbsetconfig

4) confirm client can reach/see certificate host:

nbcertcmd -ping

5) pull CA cert:

nbcertcmd -getcacertificate

6) pull certs and lists :

nbcertcmd -getcertificate

7) confirm that master will converse with (i.e. will accept application protocol comms from) client:

bpclntcmd -pn

.

You could script the client side steps of this... i.e. form the NetBackup Client "client_name" from hostname plus first DNS suffix, or pull FQHN from domain, and then as long as you test for a status zero from all of the client side commands then you should be ok.

The important part is making the master server slightly aware of the client before it first appears and thus first tries to converse with the master.

If you do not first make the Master Server aware that a new client is coming, then later you will have to mess around with re-issue tokens in order to tell the master that yes you really do trust this new client that was initially untrusted (because master wasn't pre-informed that it was due to appear).

HTH

VOX

Cloning Windows client with NB 8.1.1 - Best practice