cancel
Showing results for 
Search instead for 
Did you mean: 

SSL - Media Server to Scality S3

pmj1
Level 2

SSL  ...  Netbackup <-> Netbackup

I am unable to find the correct procedure to create an SSL connection between a Netbackup 9.1 media server and Scality S3 RING. 

I am only able to create a non-SSL connection ok and use this for backups (i.e see picture below used during the creation of storage server)

Advanced Server ConfigurationAdvanced Server Configuration

 

I can find no documentation on the procedure. A colleague gave a flippant comment suggesting I need to create a "CA .pem key" and pass to the Scality team to allow them to enable SSL, but was unable to provide any further detail.

Can anyone provide help to what steps I need to do (detailed procedure if possible??) 

The netbackup environment is isolated from the Internet so any keys would need to have the Netbackup master as the CA.

Thanks for any help

5 REPLIES 5

davidmoline
Level 6
Employee

Hi @pmj1 

While I have no experience with Scality, try unchecking the "Check Certificate Revocation" as that often helps get the connection working with SSL for other cloud vendors.

If that doesn't work, I suspect your best bet would be to log a support case and ask them for assistance. What you are trying to do is supported, so it should work.

Cheers
David

Other questions also come to mind.

  • What are you using the cloud storage for?
  • What is the operating system of the media server and is this supported for the use above?
  • Do you have all the connection details and have you verified that you have nothing blocking the connection from the media server?

David

unchecking the "Check Certificate Revocation" had no affect. I'll try to get a case raised with Scality

thanks

hi

- cloud storage will be used for long term backup retention
- media server : redhat 8
- there are no firewalls between media server & Scality.

I have checked port 443 and currently the Scality team have not enabled it as yet.

The issue is that the people managing this Scality service tell me that they will not enable the port without me first supplying CA "keys". Unfortunately, I have no documentation regarding providing this. I guess I need Scality to provide more detail.

Thanks

 

davidmoline
Level 6
Employee

Hi @pmj1 

Well - if port 443 isn't enabled that would explain matters in the first instance (with or without the certificate revocation list checked or not). 

Hopefully support will be able to help you - have you also reviewed the chapter in the NetBackup Cloud Admin guide on configuring Cloud storage (ch 3). In particular I see this note:

Data transfer to cloud storage server fails in the SSL mode
NetBackup supports only Certificate Authority (CA)-signed certificates while it
communicates with cloud storage in the SSL mode. Ensure that the cloud server
(public or private) has CA-signed certificate. If it does not have the CA-signed
certificate, data transfer between NetBackup and cloud provider fails in the SSL
mode.

This to me is indicating the problem is the other way around, NetBackup needs the CA certificate from Scality or it will fail (unless the CRL check is disabled in which case it doesn't check the CA certificate). 

Good luck - both with support and your Scality team (they seem a tad cautious in not enabling SSL. If this is for internal consumption, then they should be able to create a self-signed certificate which is then provided to NetBackup to allow SSL to operate or if the CRL check is disabled, to ignore). 

Cheers
David