cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Master server hardware refresh 8.1.1 - Certs question

X2
Moderator
Moderator
   VIP   

‎09-06-2018 02:04 PM

I'm planning on refreshing the hardware for our master and media servers (all running NetBackup 8.1.1). The Security and Encryption guide has specifics on which data to save for reinstall on non-master servers (for host based ID-certificates). However, I'm not able to find much information about steps for master server. Can anyone point me to the relevant documentation, if any?

Our setup has /usr/openv mounted from a SAN volume. So during hardware refresh, we install NetBackup normally (media servers are down during the downtime) on the new server and then blow the /usr/openv directory and mount the volume at /usr/openv (and some other configuration done manually on the system). So, as the data on /usr/openv/ will be the same as was on the old hardware, would this even warrant any special consideration to save/restore CA certs or any other keys?

0 Kudos
3 REPLIES 3

Nicolai
Moderator
Moderator
Partner    VIP   

‎09-07-2018 05:03 AM

I would not think so, you may want to log a call with Veritas to confirm that this approach is viable and maybe even try this out in a lab with two master server, a media servers and 2 client. Perform the swap i the lab and see what happens.

NB: new master server must have the same name and IP when migrated to new role as master server to ease migration, else old cached DNS records may cause havoc.

X2
Moderator
Moderator
   VIP   
In response to Nicolai

‎09-07-2018 01:17 PM - edited ‎09-07-2018 01:24 PM

Thanks @Nicolai

I have opened a case with Veritas support for this query. The Tech Note talks about catalog recovery when doing a hardware refresh, but it does not take into account the security certificates for the 8.1.x version. Waiting on Vertias support to provide more details.

Edit 1: And yes, the IP and hostname will remain the same to keep the hardware refresh process simple.

Edit 2: URL correction

0 Kudos

X2
Moderator
Moderator
   VIP   
In response to X2

‎09-11-2018 08:30 AM - edited ‎09-11-2018 02:17 PM

Veritas support gave me the expected answer (supported solution) of using the DRpkg file during install and then recovery catalog. This is mostly standard process with the exception that one has to choose "Disaster Recovery" during install and then provide the location of the DR pacakage file. Only once DR package is deployed, catalog recovery should by attempted.

Further discussion with support about the /usr/openv mount point be remouned on the new hardware - support said that it should normally work as all certificates and private keys for the CA are contained under /usr/openv.

The only other variable is that the old hardware is RHEL 6.9 and new is RHEL 7.x.

Helpful links:

Disaster Recovery

Catalog recovery after DR package is recovered