08-16-2016 04:07 AM
Hello
Currently we are taking backups of in primices Datacenter applications.
We want to extent our backup services to other remote (VPN connected) datacenters as well
Below is our Goal:
* We want to make a Single NetBackup form (1 Master & Multiple Media Servers) on our HO datacenter
* Want to share NBU console to remote IT administrators so they can Take backups, Control Backups, restore backups subjected to their own policies only
* We don’t want enable an remote IT administrator to check, touch and see backup policies for other remote locations and access backupsets that are not related to them
* Remote IT administrators should only view, polices, jobs details and backup catalogs related to their own services/polices only
Question : Can I manage all these with NBAC available in NetBackup ?
Question : Or is there any other solution from VERITAS (rather than NetBackup) that can fulfill my requirements?
Your details considerations will be highly appreciated.
Thank you
08-16-2016 05:21 AM
NBAC cannot be used to split Policy views and/or Activity Monitor.
Users and/or groups will either have read access or write access to everything.
NetBackup Self Service may be an option.
See http://www.veritas.com/docs/000024782
and some YouTube videos: https://www.youtube.com/watch?v=i4CEJ2TtX3k
08-16-2016 06:27 AM - edited 08-17-2016 05:26 AM
No - NBAC can't do what you want. NBAC is not that granular as you require. Furthermore is a product paved with issues and quirks, becuase its implemented as a product on top of Netbackup insted encoded in the product.
I recommend to wait for Netbackup 8.0, NBAC is being replaced with RBAC. RBAC will be built-in Netbackup from the start. RBAC may not even be able to solve all requirement you have, but there is a roadmap for it, and new RBAC features will follow in months (8.X.X), not years.
08-16-2016 11:10 AM
NBAC seems over kill for this. Unless you really need to manage every users role and activity I say stay as far away from NBAC as possible. I've had problems every time I've activated it, and there is only a small group of engineers available to help support it. It was easier to educate my remote techs to do the job right than to lock them down with a tool that is difficult to support.
See if setting permissions in java.conf is enough
08-16-2016 12:52 PM
08-18-2016 01:37 PM
1. They can restore data from Backup, Archive and Restore (BAR) Gui on the client
2. They can monitor jobs via OPSCenter (using "view" you can limit Plicies available for them if I'm not mistaken)
3. They can run Policy from OPSCenter