I'm planning on refreshing the hardware for our master and media servers (all running NetBackup 8.1.1). The Security and Encryption guide has specifics on which data to save for reinstall on non-master servers (for host based ID-certificates). However, I'm not able to find much information about steps for master server. Can anyone point me to the relevant documentation, if any?
Our setup has /usr/openv mounted from a SAN volume. So during hardware refresh, we install NetBackup normally (media servers are down during the downtime) on the new server and then blow the /usr/openv directory and mount the volume at /usr/openv (and some other configuration done manually on the system). So, as the data on /usr/openv/ will be the same as was on the old hardware, would this even warrant any special consideration to save/restore CA certs or any other keys?
I would not think so, you may want to log a call with Veritas to confirm that this approach is viable and maybe even try this out in a lab with two master server, a media servers and 2 client. Perform the swap i the lab and see what happens.
NB: new master server must have the same name and IP when migrated to new role as master server to ease migration, else old cached DNS records may cause havoc.
I have opened a case with Veritas support for this query. The Tech Note talks about catalog recovery when doing a hardware refresh, but it does not take into account the security certificates for the 8.1.x version. Waiting on Vertias support to provide more details.
Edit 1: And yes, the IP and hostname will remain the same to keep the hardware refresh process simple.
Edit 2: URL correction
Veritas support gave me the expected answer (supported solution) of using the DRpkg file during install and then recovery catalog. This is mostly standard process with the exception that one has to choose "Disaster Recovery" during install and then provide the location of the DR pacakage file. Only once DR package is deployed, catalog recovery should by attempted.
Further discussion with support about the /usr/openv mount point be remouned on the new hardware - support said that it should normally work as all certificates and private keys for the CA are contained under /usr/openv.
The only other variable is that the old hardware is RHEL 6.9 and new is RHEL 7.x.