cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

How to access AWS Master Server Admin Console?

Go to solution
andrew_mcc1
Level 6
   VIP   

‎07-17-2019 03:03 AM

Does anyone have a reliable method of accessing AWS Master Server Admin Console from outside AWS? I have had it working via a Windows "bastion host" running the Java Console as AWS supports RDP but I now have a customer who has deployed a Linux bastion. Any thoughts? Thanks, Andrew

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
RiaanBadenhorst
Moderator
Moderator
Partner    VIP    Accredited Certified
In response to andrew_mcc1

‎07-21-2019 04:31 AM

Hi Andew,

If your client's only way to get into the VPC is a bastion, then that bastion, or another one, would need to be setup to run the JAVA console. 

Alternatively, you have the following options;

  1. Your customer makes holes in the firewall for JAVA to connect (this is not really best practice and will surely be shot down)
  2. Your customer sets up a VPN to get into the VPC.

Like I said before, don't get off track because it's AWS (or AZURE, or whatever cloud provider), treat it as a data center you need access and your customer needs to provide it. 

View solution in original post

0 Kudos
8 REPLIES 8

Go to solution
RiaanBadenhorst
Moderator
Moderator
Partner    VIP    Accredited Certified

‎07-17-2019 03:10 AM

I'm guessing your NBU Master is on Windows right? You can try install the netbackup linux server binaries. Don't configure it. You can then try launch jnbSA and point it at the other master.

Go to solution
andrew_mcc1
Level 6
   VIP   
In response to RiaanBadenhorst

‎07-17-2019 03:59 AM

Sorry the Master is (or will be) Linux. My concern is there doesn't seem to be a reliable way to access a Linux based GUI from outside AWS, at least in my experience. Also I don't believe we will be allowed to install NBU on the bastion for security reasons.

Thanks, Andrew

0 Kudos

Go to solution
RiaanBadenhorst
Moderator
Moderator
Partner    VIP    Accredited Certified
In response to andrew_mcc1

‎07-17-2019 09:39 AM

Hi Andrew,

AWS, or the VPC in AWS is really just a data center. Yes, it is virtual and you can't go in the building but the same rules apply really as if it was hosted in some DC on prem. Your customer should really have a direct connect or VPN connection from their offices to the VPC. If there only way of getting into their VPC is via the bastion, then they make sure that bastion can facilitate the connection to where you need to go. 

I'm going assume their bastion is shell only so you can't run any GUIs?

So, this is really not a question about the console, but a question about what type of connections they're allowing in through the bastion, or the secuirty groups/NACL in general.

 

0 Kudos

Go to solution
andrew_mcc1
Level 6
   VIP   
In response to RiaanBadenhorst

‎07-18-2019 01:20 AM

I'm going assume their bastion is shell only so you can't run any GUIs?

Yes this is correct but I believe this is a general AWS limitation and not specific to my customer. From what I understand, AWS only provides ready access to a GUI via RDP on Windows; there are a number of examples of getting xrdp to work on Ubuntu within AWS but I've not been able to get these working on RHEL for NetBackup support.

Given all the publicity around NetBackup support for AWS I find it rather disappointing this key requirement doesn't seem to be addressed. In my case we are going to use RDP to the AWS OpsCenter server which is Windows.

Thanks, Andrew

0 Kudos

Go to solution
RiaanBadenhorst
Moderator
Moderator
Partner    VIP    Accredited Certified
In response to andrew_mcc1

‎07-18-2019 11:41 AM

Hi Andrew,

This is not accurate "From what I understand, AWS only provides ready access to a GUI via RDP on Windows;" 

AWS does not dictate what you can't and can't do on your instances. Your customer is free to install RHEL with what ever configuration they please, GUI or no GUI. They can install one, two, five, linux, or windows hosts. You customer is also free to open what ever ports they want to the internet. If they wished to, they could open up a connection direct from the internet to the JAVA GUI on their master server, but this is all up to them and does not aling with security best practices.

As I mentioned previously, AWS in just a "data center" and your customer controls what can get in or out.

If you want some more guidance on AWS, feel free to reach out. 

0 Kudos

Go to solution
andrew_mcc1
Level 6
   VIP   
In response to RiaanBadenhorst

‎07-19-2019 01:53 AM

Riaan, thanks for this.

I was advised by an AWS architect (OK, not an Amazon empoyee) it would be best to use RDP to a Windows bastion for GUI access but the summary is I am reaching out for methods to run the NBU Admin Console locally to manage NBU within AWS (without Windows RDP).

I guess it can be done via tunnelling and port forwarding; but does anyone have any examples or experience of doing this?

Thanks again, Andrew

0 Kudos

Go to solution
RiaanBadenhorst
Moderator
Moderator
Partner    VIP    Accredited Certified
In response to andrew_mcc1

‎07-21-2019 04:31 AM

Hi Andew,

If your client's only way to get into the VPC is a bastion, then that bastion, or another one, would need to be setup to run the JAVA console. 

Alternatively, you have the following options;

  1. Your customer makes holes in the firewall for JAVA to connect (this is not really best practice and will surely be shot down)
  2. Your customer sets up a VPN to get into the VPC.

Like I said before, don't get off track because it's AWS (or AZURE, or whatever cloud provider), treat it as a data center you need access and your customer needs to provide it. 

0 Kudos

Go to solution
andrew_mcc1
Level 6
   VIP   
In response to RiaanBadenhorst

‎07-24-2019 01:46 AM

Riaan, Thanks for this. I'll mark this as the solution and push back on the customer if he wants access via a Linux bastion. Doesn't sound as if there is much real-world experience of doing this sort of thing out there yet...

Thanks again, Andrew 

0 Kudos