Nom Netbackup Services

Veritas NetBackup 6.5.
2 Documentation Updates
UNIX, Windows, Linux
Veritas NetBackup NetBackup 6.5.2 Documentation Updates

Copyright 2008 Symantec Corporation. All rights reserved. NetBackup 6.5.2 Symantec, the Symantec logo, and NetBackup are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. Portions of this software are derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm. Copyright 1991-92, RSA Data Security, Inc. Created 1991. All rights reserved. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THIS DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID, SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software and commercial computer software documentation as defined in FAR Sections 12.212 and DFARS Section 227.7202. Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 www.symantec.com Printed in the United States of America.
Third-party legal notices

Third-party software may be recommended, distributed, embedded, or bundled with this Veritas product. Such third-party software is licensed separately by its copyright holder. All third-party copyrights associated with this product are listed in the accompanying release notes.
AIX is a registered trademark of IBM Corporation. HP-UX is a registered trademark of Hewlett-Packard Development Company, L.P. Linux is a registered trademark of Linus Torvalds. Solaris is a trademark of Sun Microsystems, Inc. Windows is a registered trademark of Microsoft Corporation.
Licensing and registration

Veritas NetBackup is a licensed product. See the NetBackup Installation Guide for license installation instructions.
Technical support
For technical assistance, visit http://entsupport.symantec.com and select phone or email support. Use the Knowledge Base search feature to access resources such as TechNotes, product alerts, software downloads, hardware compatibility lists, and our customer email notification service.
Contents
Chapter 1 Chapter 2
Introduction How to configure and use NetBackup for VMware

NetBackup for VMware: introduction ..............................................................23 The main features of NetBackup for VMware .........................................24 NetBackup for VMware environment ...............................................................24 NetBackup for VMware components ........................................................24 VMware backup proxy server ............................................................24 Virtual machine ....................................................................................24 ESX server .............................................................................................25 VirtualCenter server ............................................................................25 Converter server ...................................................................................25 VMware NetBackup Integration Module (VNIM) not required .....25 Environment diagram .................................................................................26 Backup type: file-level and full virtual machine .....................................27 Notes and restrictions .................................................................................28 License requirements ..................................................................................28 Configuration tasks: overview ...........................................................................29 VMware tasks ...............................................................................................29 NetBackup tasks ...........................................................................................30 Configure NetBackup ..........................................................................................31 Adding NetBackup credentials for VMware ............................................31 Adding the proxy server to NetBackup configuration ...........................32 Configuring incremental backups for VMware .......................................32 Configuring a VMware policy ....................................................................32 VMware backup options compared ...........................................................41 Backing up VMware files ....................................................................................42 Restoring VMware files .......................................................................................43 VMware restore procedures: overview .....................................................43 Individual file restore ..........................................................................43 Full VMware virtual machine restore ...............................................43 Setting up NetBackup Client Service for restore to a shared virtual machine drive ..................................................................44 Restore notes ................................................................................................44 Restoring individual folders and files .......................................................45 Restoring the full VMware virtual machine ............................................46
Best practices ....................................................................................................... 51 More information ........................................................................................ 52 VMware support matrices .................................................................................. 53 Supported VMware components ............................................................... 53 Supported operating systems for VMware backup proxy server ......... 53 Supported disk arrays ................................................................................. 53 VMware guest operating systems tested ................................................. 53 Supported file systems ................................................................................ 54 Snapshot Client support matrix ........................................................ 55 VMware logging ................................................................................................... 55 Troubleshooting ................................................................................................... 56 VMware environmentimportant! ........................................................... 56 Changing the browsing time-out for virtual machine discovery ......... 56 Notes and tips ............................................................................................... 56 Backup and restore problems .................................................................... 57 Credentials for VMware server are not valid .................................. 57 NetBackup cannot obtain the volume ID of a drive ........................ 57 The backup fails with status 156 ....................................................... 58 Terminology ......................................................................................................... 59
Chapter 3
Clustering NetBackup Operations Manager

About a NetBackup Operations Manager cluster ........................................... 61 About the NOM agent for Veritas Cluster Server on Windows and Solaris .................................................................................................... 62 Supported cluster solutions ............................................................................... 62 Installing/Upgrading to NOM 6.5.2 in a clustered mode .............................. 63 Installing NOM 6.5.2 in a clustered mode on Windows and Solaris ............ 63 Installation Prerequisites ........................................................................... 64 Installing NetBackup client software ....................................................... 65 Installing Symantec Product Authentication Service ........................... 65 Installing Symantec Product Authentication Service on Windows ........................................................................................ 65 Installing NOM 6.5.2 on a cluster .............................................................. 69 Pre-configuration checklist ....................................................................... 69 Pre-configuration checklist for a Windows cluster ........................ 70 Pre-configuration checklist for a Solaris cluster ............................ 70 Configuring NetBackup Operations Manager cluster ............................ 71 Upgrading from a standalone NOM server to NOM 6.5.2 in clustered mode .............................................................................................................. 72 Prerequisites ................................................................................................. 74 Upgrading your existing NOM installation to NOM 6.5.2 ..................... 75 Case 1: Existing NOM server is NOM 6.0 (including its maintenance packs) ..................................................................... 75
Case 2: Existing NOM server is NOM 6.5/6.5.1 ................................78 Creating a VCS cluster .................................................................................80 Installing NetBackup client software .......................................................80 Installing Symantec Product Authentication Service on the other nodes ......................................................................................................80 Installing NOM 6.5.2 on the other nodes .................................................81 Pre-configuration checklist for a NOM cluster .......................................81 Pre-configuration checklist for Windows ........................................82 Pre-configuration checklist for Solaris ............................................82 Configuring NetBackup Operations Manager cluster ............................83 Using NOM after the cluster is configured ..............................................85 Configuring the NetBackup master servers .............................................85 Adding a new node to an existing NOM cluster ..............................................86 Removing NetBackup Operations Manager from a cluster ...........................87 Uninstalling NOM 6.5.2 and rolling back to the previous standalone NOM version on Windows and Solaris .........................87 Removing NOM completely from the cluster ..........................................90 Administering a NOM cluster ............................................................................93 Limitations of a NOM cluster .............................................................................94 Troubleshooting a NetBackup Operations Manager cluster .........................94
Chapter 4
Snapshot client updates

Snapshot Client support matrix ........................................................................97 Storage lifecycle policies with Instant Recovery snapshots .........................97 Lifecycle policy example with RealTime Protection ..............................98 Configuring a lifecycle policy for snapshots ...........................................98 Troubleshooting .........................................................................................101 NetBackup RealTime Protection .....................................................................102 Advantages of NetBackup RealTime Protection ...................................102 Types of backup ..........................................................................................102 RealTime terminology in relation to NetBackup ..................................103 Snapshots, annotations and TimeImages ..............................................104 When is a TimeImage created ..........................................................105 Network diagram of NetBackup RealTime Protection .........................106 The NetBackup backup process with RealTime ....................................106 The NetBackup restore process with RealTime ....................................107 RealTime annotations and the timeline .................................................107 The timeline is finite and may slide forward .................................108 Obsolete annotations .........................................................................109 Supported operating systems ..................................................................110 Snapshot Client support matrix ......................................................110 License requirements ................................................................................110 Important notes and restrictions ............................................................110
Determine if persistent bindings are needed in HBA file (Solaris only) ....................................................................................... 111 Determining if devices are using world-wide names ................... 112 Identifying your HBA driver ............................................................ 112 Update sd.conf for import of TimeImages (Solaris only) .................... 113 Which sd.conf file to update (Solaris only) .................................... 113 Configuration tasks: overview ................................................................. 114 Configuring a NetBackup policy ..............................................................114 Performing a backup ................................................................................. 117 Performing a restore ................................................................................. 117 NetBackup RealTime logging ................................................................... 117 Troubleshooting ......................................................................................... 118 Logging ................................................................................................ 118 Policy validation fails ........................................................................ 118 Backups fail with status code 156 ................................................... 118 Cannot browse backups to restore .................................................. 119 New disk array snapshot methods in 6.5.2 ....................................................120 About the new disk array methods in 6.5.2 ........................................... 120 The disk array methods at a glance ................................................ 120 Snapshot Client support matrix ..............................................................121 Note on Instant Recovery (point-in-time) rollback .............................. 121 Array preconfiguration tasks .................................................................. 121 OS-specific configuration ......................................................................... 122 Dynamic multipathing ...................................................................... 122 HBA configuration ............................................................................. 122 Solaris sd.conf file (Hitachi arrays only) ........................................ 122 Verify NetBackup client access to array devices .......................... 123 IBM DS6000 and DS8000 arrays ..................................................................... 124 IBM DS6000 and 8000 software requirements ..................................... 124 Preconfiguration for IBM arrays ............................................................. 124 Configuring NetBackup to access the array ..........................................124 Array access for NetBackup hosts not named in a policy ........... 124 Configure the IBM array for NetBackup ................................................ 125 Obtain unique IBM identifiers ................................................................. 125 Configuring a NetBackup policy for IBM_DiskStorage_FlashCopy ... 128 For further reference ................................................................................ 129 Hitachi SMS/WMS/AMS, USP/NSC, USP-V/VM .......................................... 129 Hitachi array software requirements ..................................................... 129 Checking the RAID Manager version .............................................. 130 Preconfiguration for Hitachi ................................................................... 130 Pair status must be PSUS (SMS/WMS/AMS arrays only) ........... 130 Configure command devices on NetBackup client and alternate client ........................................................................... 130
Configuring NetBackup to access the array ...........................................130 Configure the Hitachi array for NetBackup ...........................................131 Obtain unique Hitachi identifiers ............................................................131 Configure a NetBackup policy for Hitachi_ShadowImage or Hitachi_CopyOnWrite .......................................................................132 Troubleshooting .................................................................................................133 Troubleshooting: IBM DS6000 and 8000 arrays ...................................133 Snapshot error encountered (NetBackup status code 156) .........134 Troubleshooting: Hitachi arrays .............................................................135 NetBackup policy validation fails ....................................................136 Backup or restore or image expiration fails ...................................138 New options for vxvm snapshots ....................................................................140 New vxvm backup options ........................................................................140 New vxvm restore options for Instant Recovery rollback ...................142
Chapter 5
New data at rest key management

Key Management Service .................................................................................143 KMS considerations ...................................................................................143 New NBKMS service ...........................................................................143 New nbkmsutil KMS configuration utility .....................................144 NetBackup wide changes ..................................................................144 KMS installation and deployment decisions .................................144 KMS security .......................................................................................144 Cipher types ........................................................................................144 KMS recoverability ............................................................................144 NetBackup 6.5.2 unlicensed version limits ....................................145 KMS files ..............................................................................................145 Key records ..........................................................................................145 Key groups ...........................................................................................145 Tape drives and media capabilities .................................................146 KMS with NBAC ..................................................................................146 KMS with HA clustering ....................................................................146 KMS logging ........................................................................................146 KMS with NetBackup 6.5.2 Windows uninstall .............................146 KMS principles of operation .....................................................................147 About writing an encrypted tape .....................................................147 About reading an encrypted tape ....................................................148 KMS terminology .......................................................................................148 CLI .........................................................................................................148 Host Master Key (HMK) .....................................................................149 Key ........................................................................................................149 Key group (KG) ....................................................................................149 Key group record (KGR) ....................................................................149
10
Key Management Service (KMS) ..................................................... 149 Key record (KR) .................................................................................. 149 KMS database ..................................................................................... 149 Key Protection Key (KPK) ................................................................. 149 Key file (key database) ....................................................................... 149 Key group ............................................................................................ 150 Key record ........................................................................................... 150 Key record states ................................................................................ 150 Key store .............................................................................................. 150 Passphrase .......................................................................................... 150 Quiesce ................................................................................................ 151 Tag ........................................................................................................ 151 Installing KMS .................................................................................................... 151 Using KMS with NBAC .............................................................................. 153 KMS with HA clustering ........................................................................... 154 Enabling cluster use with the KMS service .................................... 154 Enabling monitoring of the KMS service ....................................... 155 Disabling monitoring of the KMS service ...................................... 155 Removing the KMS service from monitored list ........................... 155 KMS configuration ............................................................................................ 156 Creating the key database ........................................................................ 156 Creating key groups and key records ..................................................... 157 Creating key groups ........................................................................... 158 About key records .............................................................................. 158 Key record states ....................................................................................... 159 Key record state considerations ...................................................... 160 Prelive state ........................................................................................ 161 Active state ......................................................................................... 161 Inactive state ...................................................................................... 161 Deprecated state ................................................................................ 161 Terminated state ................................................................................ 162 KMS best practices .................................................................................... 162 Backing up the KMS database files ................................................. 162 Recovering KMS by restoring all data files .................................... 163 Recovering KMS by restoring only the KMS data file .................. 163 Recovering KMS by regenerating the data encryption key ......... 163 Problems backing up the KMS data files ........................................ 165 Solutions for backing up the KMS data files ................................. 165 Creating a key record ........................................................................ 166 Listing keys ......................................................................................... 166 Configuring NetBackup to work with KMS ............................................ 166 How does NetBackup get key records from KMS .......................... 166 Setting up Netbackup to use encryption ........................................ 167
11
Using KMS ...........................................................................................................169 Run an encrypted tape backup ................................................................169 Verify an encryption backup ....................................................................170 KMS DB constituents .................................................................................171 Create an empty KMS DB ..........................................................................171 Importance of the KPK ID and HMK ID ..................................................172 Periodically updating the HMK and KPK ...............................................172 Backing up the KMS key store and admin keys .....................................172 CLI commands ....................................................................................................173 CLI usage help .............................................................................................173 Create a new key group .............................................................................174 Create a new key .........................................................................................174 Modify key group attributes .....................................................................175 Modify key attributes ................................................................................175 Get details of key groups ..........................................................................175 Get details of keys ......................................................................................176 Delete a key group ......................................................................................176 Delete a key .................................................................................................177 Recover a key ..............................................................................................177 Modify host master key (HMK) ................................................................178 Get HMK ID .................................................................................................178 Modify key protection key (KPK) .............................................................178 Get KPK ID ...................................................................................................178 Get key store statistics ..............................................................................178 Quiesce KMS DB .........................................................................................179 Unquiesce KMS DB ....................................................................................179 Key creation options ..................................................................................179 Troubleshooting KMS .......................................................................................180 Solution for backups are not encrypting ................................................181 Solution for restores are not decrypting ................................................181 Troubleshooting example - backup with no active key record ...........181 Troubleshooting example - restore with an improper key record state ......................................................................................................184 KMS error messages ..................................................................................186
Chapter 6
New database Administration tool for NetBackup relational databases

Running the Database Administration tool on UNIX ..................................189 Select/Restart Database and Change Password option .......................190 Database Space and Memory Management option ...............................191 Report on Database Space option ....................................................191 Database Reorganize option .............................................................191 Add Free Space option .......................................................................192
12
Adjust Memory Settings option ....................................................... 193 Transaction Log Management option .................................................... 194 Truncate the Transaction Log option ............................................. 195 Toggle Transaction Log Mode option ............................................. 195 Change Temporary Directory for Truncation option .................. 195 Database Validation Check and Rebuild option .................................... 195 Standard Validation option ..............................................................196 Full Validation option ....................................................................... 196 Database Rebuild option ................................................................... 196 Move Database option ............................................................................... 197 Move Data option ............................................................................... 197 Move Index option ............................................................................. 197 Move Transaction Log option .......................................................... 198 Move/Create Mirrored Log option .................................................. 198 Stop Using Mirrored Transaction Log option ............................... 198 Unload Database option ........................................................................... 198 Schema Only option .......................................................................... 198 Data and Schema option ................................................................... 198 Change Directory option ................................................................... 198 Backup and Restore Database option ..................................................... 199 Online Backup Option ....................................................................... 199 Offline Backup option ....................................................................... 199 Restore Backup option ...................................................................... 199 Change Directory option ................................................................... 200 Running the Database Administration Tool on Windows .......................... 201 General tab .................................................................................................. 202 Data Details button ............................................................................ 202 Add Data Space button ...................................................................... 202 Add Index Space button .................................................................... 203 Refresh button .................................................................................... 203 Reorganize All button ....................................................................... 203 Validate button ................................................................................... 203 Rebuild button .................................................................................... 203 Tools tab ...................................................................................................... 204 Change button to change the password ......................................... 204 Move button ........................................................................................ 205 Export button ..................................................................................... 205 Copy button ........................................................................................ 205 Restore button .................................................................................... 205 Set button ............................................................................................ 206 Modify button ..................................................................................... 206 Truncate button ................................................................................. 206 Validation checks during a hot catalog backup ............................................ 207
13
Chapter 7
NetBackup for SharePoint Portal Server updates

Binaries ................................................................................................................209 Limitations ..........................................................................................................209 Installation requirements .................................................................................210 SharePoint Portal Server setup .......................................................210 Database agent ...................................................................................210 Installing the Utilities and SDK for Subsystem for UNIX-Based Applications ........................................................................................211 Installing Microsoft Services for NFS .....................................................212 Installing Windows Services for UNIX ...................................................212 Configuring the SharePoint agent ..................................................................213 Configuring backup policies .............................................................................213 Backup schedule types for SharePoint 2007 .................................................214 Performing user-directed backups ..................................................................214 Restoring SharePoint farm components ........................................................215 Restoring the Configuration database ....................................................215 Restoring the Search Index ......................................................................216 Restoring the farm or a collection of web applications or portals .....216 Restoring the Shared Services Provider when in a state of unprovisioning ...................................................................................216 Redirecting a web application or portal to another web application or portal ...............................................................................................217 Restoring backward-compatible document library store ....................217 Restoring Windows SharePoint Services (WSS) 3.0 .....................................218 Recovering a web application when using Network Load Balancing .........218 Performing document-level restores ..............................................................218 Disaster Recovery ..............................................................................................219
Chapter 8
NetBackup for Exchange support

Installing and configuring the NetBackup for Exchange Server agent with Exchange 2007 ...................................................................................222 Creating an Exchange 2007 user account for the NetBackup Client Service .................................................................................................222 Prerequisites .......................................................................................223 Configuring the NetBackup service account .................................223 Cluster support ...................................................................................................224 Exchange LCR/CCR support .............................................................................224 Requirements .............................................................................................225 Enabling an Exchange 2007 replication backup ...................................225 Recovering an Exchange 2007 Local Continuous Replication (LCR) environment .......................................................................................226 Recovery of an Exchange 2007 Clustered Continuous Replication
14
(CCR) environment ............................................................................ 227 Troubleshooting LCR or CCR recovery ................................................... 227 Requirements for redirected restores of Exchange 2003 or 2007 legacy (non VSS) backups to an RSG ................................................................... 228 Requirements for redirected restores of Exchange 2003 VSS backup images .......................................................................................................... 228 About redirecting restores of Exchange 2007 VSS backup images ........... 228 Redirecting the restore of a VSS backup to the Exchange 2007 recovery storage group (RSG) .......................................................... 230 Instant recovery for Exchange on Windows VSS ......................................... 231 Policy recommendations .......................................................................... 231 Configuration requirements for Exchange ............................................ 231 Limitations .................................................................................................. 232 Operational notes ...................................................................................... 232 Copy-back instant recovery restore method ......................................... 232 Troubleshooting ......................................................................................... 233 Off-host backups ................................................................................................ 233 Other operational notes .................................................................................... 234
Chapter 9
NetBackup for Microsoft SQL Server updates

SQL Server file-based checkpoint/restart ..................................................... 235 File checkpointing ..................................................................................... 235 Using automatic retries with file checkpointing .................................. 236 Resume options .......................................................................................... 237 New batchfile keywords ............................................................................ 237
Chapter 10
Storage Lifecycle Policy destination configuration changes

Alternate Read Server option enabled only for duplication destinations 240 Considerations for upgrading .......................................................... 240 Duplicating multiplexed backups with the Preserve multiplexing option 241 Best practices for duplicating multiplexed backups ............................ 241 nbstl command changes ................................................................................... 242 New value for as parameter ................................................................... 242
Chapter 11
AdvancedDisk storage option updates

New in NetBackup 6.5.2 .................................................................................... 245 Introduction ....................................................................................................... 246 File system requirements ................................................................................. 247 NFS file system requirements ................................................................. 247 Windows CIFS not supported .................................................................. 247 Installing AdvancedDisk .................................................................................. 247
15
Configuring AdvancedDisk ..............................................................................249 Configuring AdvancedDisk storage servers ..........................................249 Configuring an AdvancedDisk disk pool ................................................252 Creating a storage unit ..............................................................................254 Storage unit properties .....................................................................254 Disk pool ..............................................................................................254 Storage unit usage recommendations ............................................256 Creating a backup policy ...........................................................................257 Restores .......................................................................................................258 Managing AdvancedDisk ..................................................................................258 Managing disk pools ..................................................................................258 Changing disk pool properties .........................................................258 Adding volumes to an AdvancedDisk disk pool ............................260 Removing a volume from a disk pool ..............................................260 Changing disk pool or volume state ................................................261 Merging disk pools .............................................................................262 Deleting a disk pool ............................................................................262 Obtaining disk pool and volume status ..........................................263 Managing storage servers .........................................................................264 Viewing storage servers ....................................................................264 Viewing storage server attributes ...................................................265 Removing storage server attributes ................................................265 Removing a storage server from disk pool access ........................266 Deleting a storage server ..................................................................267 Obtaining storage server status .......................................................267 Monitoring storage capacity and usage .................................................268 Viewing disk reports ..................................................................................268 Viewing NetBackup logs ...........................................................................269 Troubleshooting AdvancedDisk ......................................................................270 Unable to access storage ...........................................................................271 Multiple storage servers on Windows ....................................................271 Volume state changes to DOWN when volume is unmounted ...........272 Disk failure ..................................................................................................272 Restore or duplication operations ...........................................................273
Chapter 12
SharedDisk storage option updates

Overview ..............................................................................................................275 New in NetBackup 6.5.2 ....................................................................................276 NetBackup Release Notes .................................................................................277 Installing SharedDisk ........................................................................................277 Preparing the SAN and the array ....................................................................278 Preparing the SAN .....................................................................................278 Installing HBAs for SharedDisk .......................................................278
16
Zoning the SAN .................................................................................. 278 Installing array software on media servers ........................................... 279 Which software and version to install ............................................ 279 Configuring the disk array ....................................................................... 280 Add array host entries ...................................................................... 280 Allocate LUNs for NetBackup .......................................................... 281 Unmask the LUNs .............................................................................. 282 Configuring device paths .......................................................................... 282 Adding LUN entries to the sd.conf file ................................................... 282 Configuring SharedDisk ................................................................................... 282 Specifying the mount point directory .................................................... 283 Configuring exclusive LUN access in NetBackup ................................. 284 Configuring LUN masking ................................................................ 284 Configuring SCSI persistent reserve ............................................... 284 Switching exclusive LUN access methods ..................................... 285 New command options ...................................................................... 288 Creating a storage server in NetBackup ................................................. 289 Adding disk array logon credentials ....................................................... 292 Formatting the LUNs in a disk array ...................................................... 294 Configuring Storage Foundation dynamic multipathing .................... 297 Creating a SharedDisk disk pool ............................................................. 297 Enclosure method of SharedDisk disk pool creation ................... 299 Volumes method of SharedDisk disk pool creation ..................... 299 Creating a storage unit ............................................................................. 301 Storage unit properties ..................................................................... 301 Storage unit usage recommendations ............................................ 304 Creating a backup policy .......................................................................... 306 Restores ....................................................................................................... 306 Managing SharedDisk ....................................................................................... 306 Managing disk pools .................................................................................. 307 Changing disk pool properties ......................................................... 307 Adding volumes to a SharedDisk disk pool .................................... 309 Changing disk pool or volume state ................................................ 312 Merging disk pools ............................................................................. 313 Deleting a disk pool ........................................................................... 314 Obtaining disk pool and volume status ..........................................315 Managing disk array logon credentials .................................................. 315 Managing storage servers ........................................................................316 Viewing storage servers .................................................................... 317 Obtaining storage server status ...................................................... 317 Viewing storage server attributes ................................................... 318 Adding a SharedDisk storage server ............................................... 318 Removing storage server attributes ............................................... 319
17
Removing a storage server from disk pool access ........................320 Deleting a storage server ..................................................................320 Monitoring storage capacity and usage .................................................321 Viewing disk reports ..................................................................................321 Viewing NetBackup logs ...........................................................................322 Troubleshooting SharedDisk ...................................................................323 SharedDisk troubleshooting checklist ............................................324 Determining masked LUNs ..............................................................332 Checking out a SharedDisk disk volume ........................................333 Disk failure ..........................................................................................334 Restore or duplication operations ...................................................334
Chapter 13
SAN Client and Fibre Transport updates

New in NetBackup 6.5.2 ....................................................................................337 Tape as a storage destination ..........................................................................337 Benefits ........................................................................................................338 Buffer size and concurrent pipe usage ...................................................338 Configuring multiplexing .........................................................................338 Configuring multistreaming ....................................................................338 Limitations ..................................................................................................339 HBA port detection on Solaris .........................................................................339 New HBAs supported .........................................................................................339
Chapter 14
Remote NDMP and disk devices updates

About remote NDMP and disk devices ...........................................................341 Configuring remote NDMP ...............................................................................342
Chapter 15
Synthetic Backup updates: Multiple copy backups

How this feature compares to previous releases ..................................346 Configuring Multiple Copy Synthetic Backups .....................................347 Configuration variables ....................................................................347 Simple configuration example .........................................................349 Advanced configuration example ....................................................349
Chapter 16
New Activity Monitor displays job state details

State Details column messages ........................................................................353 State Details for duplication and synthetic jobs ...........................................354 Addition to bpdbjobs -report -all_columns output .......................................355
Chapter 17
New Job Priority defaults and overrides

Understanding the Job Priority setting ..........................................................358
18
Default Job Priorities host properties ............................................................ 359 JOB_PRIORITY bp.conf entry .................................................................. 360 Example of JOB_PRIORITY change ................................................. 361 Activity Monitor Job Priority setting ..............................................................362 Changing the Job Priority dynamically .................................................. 362 Job Priority setting for Tape Contents report ............................................... 363 Job Priority setting for Verify, Duplicate, and Import actions ................... 365 Job Priority setting for offline catalog backups ............................................ 366 Job Priority setting for restores ....................................................................... 368 Setting the Job Priority using the command line ......................................... 369 Changes to bpdbjobs .................................................................................. 370 set_priority ......................................................................................... 370 change_priority_by ............................................................................ 370 bp and bpadm menu interface changes .................................................. 371 bpadm management interface ......................................................... 371 bp client interface .............................................................................. 371 Database agent changes ................................................................................... 372 DataStore/XBSA ......................................................................................... 372 NetBackup for DB2 .................................................................................... 372 DB2 restores ....................................................................................... 373 NetBackup for Exchange .......................................................................... 373 NetBackup for Informix ............................................................................ 373 Lotus ............................................................................................................ 373 NetBackup for Oracle ................................................................................ 374 Oracle RMAN restores ....................................................................... 374 Oracle XML import restores ............................................................. 374 Oracle restores ................................................................................... 374 NetBackup for SAP .................................................................................... 375 NetBackup for SharePoint ........................................................................ 375 NetBackup for SQL Server ........................................................................375 NetBackup for Sybase ............................................................................... 375
Chapter 18
Reverse host name lookup updates

Reverse Host Name Lookup host property ....................................................377 Allowed setting .......................................................................................... 378 Restricted setting ....................................................................................... 378 Prohibited setting ...................................................................................... 378 Changing host properties outside of the Administration Console ............ 379 REVERSE_NAME_LOOKUP entry ........................................................... 379 Setting the property on UNIX hosts ............................................... 379 Setting the property on Windows hosts ......................................... 380
Chapter 19
NetBackup High Availability updates
19
Configuring the Key Management Service (KMS) for monitoring .............381 Clustered media servers on Windows 2008 ...................................................382 Changes to the bpclusterutil command ..........................................................383 bpclusterutil (Windows) ............................................................................383 bpclusterutil (UNIX/Linux) .......................................................................387
Chapter 20
NOM updates
NOM alert enhancements .................................................................................389 Removing the dependency on NOM Alert Manager and alerts database ...............................................................................................389 Improved alert policy configuration .......................................................390 Examples .............................................................................................390 Creating email and SNMP trap recipient groups ..................................391 Duplicate names between email and SNMP recipients/recipient groups ..........................................................................................391 Configuring the SNMP trap community name for NOM .....................392 Job detail and job priority enhancements ......................................................393 State Details and Priority columns added in the Job details view ......393 Changing the priority of NetBackup jobs from NOM ...........................394 Performance enhancements for the NOM server .........................................394 Moving a NOM 6.5 or 6.5.1 database to the original default location .......394
Chapter 21
Command line interface updates

bpbackupdb .................................................................................................397 bpdbjobs ......................................................................................................397 bpduplicate ..................................................................................................397 bpimport ......................................................................................................397 bplabel ..........................................................................................................398 bpmedia .......................................................................................................398 bpmedialist ..................................................................................................398 bppldelete ....................................................................................................399 bpplinclude .................................................................................................399 bpplinfo .......................................................................................................399 bppllist .........................................................................................................399 bpplsched ....................................................................................................399 bpplschedrep ..............................................................................................400 bppolicynew ................................................................................................400 bprecover .....................................................................................................400 bprestore .....................................................................................................400 bpschedule ..................................................................................................400 bpschedulerep ............................................................................................400 bpverify .......................................................................................................401
20
nbdelete ....................................................................................................... 401 nbdevconfig ................................................................................................ 402 nbkmsutil .................................................................................................... 404 Operation descriptions ..................................................................... 404 Option descriptions ........................................................................... 405 nbpemreq .................................................................................................... 407 Operation descriptions ..................................................................... 408 Option descriptions ........................................................................... 408 nbstl ............................................................................................................. 409 New value for -uf option ................................................................... 409 New __NA__ value for many options .............................................. 410 New State field listed for -L and -l ................................................... 410 nbstlutil ....................................................................................................... 412 tpclean ......................................................................................................... 412 tpformat ...................................................................................................... 412 tpreq ............................................................................................................. 412 vmphyinv .................................................................................................... 413
Index
415
Chapter
Introduction
This guide describes changes to documentation in the NetBackup 6.5.2 release. For installation instructions, refer to the 652_README.txt file. This guide describes following features and changes:

How to configure and use NetBackup for VMware on page 23 Clustering NetBackup Operations Manager on page 61 Snapshot client updates on page 97 New data at rest key management on page 143 New database Administration tool for NetBackup relational databases on page 187 NetBackup for SharePoint Portal Server updates on page 209 NetBackup for Exchange support on page 221 NetBackup for Microsoft SQL Server updates on page 235 Synthetic Backup updates: Multiple copy backups on page 345 AdvancedDisk storage option updates on page 245 SharedDisk storage option updates on page 275 SAN Client and Fibre Transport updates on page 337 Remote NDMP and disk devices updates on page 341 Reverse host name lookup updates on page 377 New Activity Monitor displays job state details on page 351 New Job Priority defaults and overrides on page 357 Command line interface updates on page 397 NetBackup High Availability updates on page 381 NOM updates on page 375
22 Introduction
Chapter
How to configure and use NetBackup for VMware

This chapter describes how to configure and use NetBackup 6.5.2 to back up and restore VMware virtual machines. This chapter contains the following topics:

NetBackup for VMware: introduction on page 23 NetBackup for VMware environment on page 24 Configuration tasks: overview on page 29 Configure NetBackup on page 31 Backing up VMware files on page 42 Restoring VMware files on page 43 Best practices on page 51 VMware support matrices on page 53 VMware logging on page 55 Troubleshooting on page 56 Terminology on page 59
For a list of all supported combinations of platforms and snapshot methods, see the NetBackup 6.x Snapshot Client Compatibility document:
http://seer.entsupport.symantec.com/docs/279042.htm
NetBackup for VMware: introduction

NetBackup for VMware provides backup and restore of the VMware virtual machines that run on VMware ESX servers. NetBackup for VMware takes advantage of VMware Consolidated Backup (VCB) technology. The backup
24 How to configure and use NetBackup for VMware NetBackup for VMware environment
process is off-loaded from the ESX server to a separate host that is called the VMware backup proxy server.
The main features of NetBackup for VMware

NetBackup for VMware does the following:

Reduces the backup processing load on the VMware ESX server. Automatically creates quiesced snapshots using the VMware sync driver (Windows only). Uses snapshot technology to keep virtual machines 100% available to users. Backs up and restores individual files or the full virtual machine. Restores the individual files from a full virtual machine backup, by means of the NetBackup FlashBackup-Windows policy type. Backs up virtual machines even when they are powered off (requires a VirtualCenter server).
NetBackup for VMware environment

This section describes the components of NetBackup for VMware.
NetBackup for VMware components

VMware backup proxy server
NetBackup for VMware uses a special host that is called a VMware backup proxy server. The VMware backup proxy server is a NetBackup client that performs backups on behalf of the virtual machines. The proxy server can also be configured as a NetBackup master or media server. The VMware backup proxy server is the only host on which NetBackup client software is installed. No NetBackup client software is required on the VMware virtual machines.
Virtual machine
Virtual machines provide complete guest operating systems on virtualized hardware. In a NetBackup policy, a virtual machine is configured as a NetBackup client, even though NetBackup client software is not installed on the virtual machine. Alternative configurations are possible. See Best practices on page 51.
How to configure and use NetBackup for VMware NetBackup for VMware environment
25
ESX server
The VMware ESX server presents a virtualized hardware environment to multiple virtual machines; each virtual machine runs an independent operating system. Users can run applications in the virtualized OS as if the OS was installed in its own physical machine.
VirtualCenter server
The VMware VirtualCenter server coordinates multiple ESX servers and work loads by migrating virtual machines from one ESX server to another. The VirtualCenter server is optional in the NetBackup for VMware environment. It provides additional functionality such as the ability to back up powered down virtual machines.
Converter server
The VMware Converter server assists in full virtual machine restores to the ESX server. The Converter must be installed on the same host as the VMware backup proxy server.
VMware NetBackup Integration Module (VNIM) not required!

The VMware NetBackup Integration Module (VNIM) is not required for NetBackup for VMware. Conflicts can occur between NetBackup 6.5.x for VMware policies and any older script-based policies that use VNIM. See under Notes and tips on page 56.
Environment diagram
The hardware components for NetBackup for VMware are shown in Figure 2-1. Figure 2-1
NetBackup master server 1 2 5 NetBackup storage unit (disk or tape) SAN VMware virtual disk files (datastore) must be available on SAN, iSCSI, or local network to both VMware backup proxy server and VMware ESX server. VMware ESX server runs virtual machines LAN / WAN 3
NetBackup for VMware: backup environment
4 VMware backup proxy server acting as both NetBackup media server and Snapshot Client off-host client
Note: With VCB version 1.1 and ESX server 3.5, a SAN connection between the backup proxy server and the datastore is optional if you use the NBD or NBDSSL transfer type. See Configuring a VMware policy on page 32.
Basic backup process:

1 2 3 4 The NetBackup master server initiates the backup. The NetBackup client on the VMware backup proxy server initiates a VMware snapshot. The VMware sync driver synchronizes the file system on the virtual machine. The VMware backup proxy server does one of the following:
For full virtual machine backup: copies the disk files from the VMware virtual disk datastore. For file-level backup: mounts individual disk volumes from the VMware virtual disk datastore.
The NetBackup media server reads the data from the VMware snapshot on the proxy server and writes the data to the NetBackup storage unit.
How to configure and use NetBackup for VMware NetBackup for VMware environment
27
The NetBackup for VMware environment may have a VMware VirtualCenter that manages multiple ESX servers. Figure 2-2
NetBackup master server LAN / WAN VMware VirtualCenter
VirtualCenter with multiple ESX servers
NetBackup storage unit (disk or tape)
SAN
VMware virtual disk files (datastore)
VMware ESX servers
Backup type: file-level and full virtual machine

NetBackup for VMware supports two kinds of backup of virtual machines: file-level and full virtual machine.
File-level: backs up ordinary files and folders on the virtual machine.The backed up files and folders can be individually restored. Does not support restore of the guest OS or of the virtual machine. Note: a file-level backup cannot back up the following:

The VMware virtual disk files that define the virtual machine. Windows system protected files (System State). Windows system directories such as the following:
C:\WINDOWS\system C:\WINDOWS\system32
Windows system database files (such as RSM Database and Terminal Services Database).
Full virtual machine: backs up an entire virtual machine as a set of virtual disk files. The backup includes all files and folders as well as operating system files and VMware virtual disk files. Supports restore of the guest OS and of the entire virtual machine. Also supports individual file restore for a Windows guest OS if the backup was made with the 2-Mapped FullVM or 3-FullVM and file for incremental option.
Notes and restrictions

Note the following about NetBackup for VMware:
NetBackup for VMware does not work with the VMware NetBackup Integration Module (VNIM). Conflicts can occur between NetBackup 6.5.x for VMware policies and any older script-based policies that use VNIM. See under Notes and tips on page 56. NetBackup master and media servers and the VMware backup proxy server must run NetBackup 6.5.2 or later. The VMware backup proxy server must run Windows 2003. The supported hardware types are the same as for any NetBackup Windows client. Further information is available on supported guest operating systems and VMware components and versions. See VMware support matrices on page 53. NetBackup for VMware does not support a USB drive as the snapshot mount point on the backup proxy server. This support will be added in a future release. For Windows virtual machines, the snapshot mount point on the backup proxy server must be a local drive, not network mounted. Do not set compression or encryption on the mount point. NetBackup for VMware does not support the NetBackup Instant Recovery feature. For UNIX and Linux virtual machines, NetBackup for VMware supports full virtual machine backup and full virtual machine restore only. VMware does not support VCB snapshots of virtual machines if a drive is assigned to the virtual machine in raw device mapping (RDM) mode. To restore individual NTFS encrypted files, you must install a NetBackup client on the virtual machine. See Best practices on page 51.
License requirements
NetBackup for VMware requires the NetBackup Snapshot Client license, which is included in the NetBackup Enterprise Client license.
How to configure and use NetBackup for VMware Configuration tasks: overview
29
Configuration tasks: overview

VMware tasks
The VMware components including ESX servers and virtual machines must be set up before you configure NetBackup. These VMware-specific tasks are only briefly described in this guide. Further assistance with these tasks may be found in your VMware documentation. Table 2-1 VMware tasks
Tasks for the VMware administrator

1 Set up disk storage on Fibre Channel or iSCSI. The disk storage must be accessed by the VMware backup proxy server and by the ESX servers or VirtualCenter server.
Note: With VCB version 1.1 and ESX server 3.5, a SAN connection between the backup proxy server and the datastore is optional if you use the NBD or NBDSSL transfer type. 2 3 4 Install the VMware ESX server and virtual machines. Install VMware Tools on the virtual machines that you plan to back up. Optional: install a VirtualCenter server. The VirtualCenter server must not be installed on the same host as the VMware backup proxy server. 5 Install the VMware Converter server on the VMware backup proxy server. Note: the proxy server must be installed on Windows 2003. 6 Install a supported version of VMware Consolidated Backup (VCB) on the VMware backup proxy server. See VMware support matrices on page 53. Symantec recommends that the NetBackup media server and the VMware backup proxy server be installed on the same host.
Notes:
Ensure that the hardware and the SAN are configured properly. The VMware datastore where the target virtual machine files exist must be accessible to both the ESX server and the VMware backup proxy. Note that With VCB version 1.1 and ESX server 3.5, a SAN connection between the backup proxy server and the datastore is optional if you use the NBD or NBDSSL transfer type.
30 How to configure and use NetBackup for VMware Configuration tasks: overview
VMware has specific hardware and configuration requirements. VMware SAN requirements can be found in the VMware SAN Configuration guide. See http://www.vmware.com/pdf/vi3_san_guide.pdf
NetBackup tasks
Table 2-2 lists the NetBackup configuration tasks that are described later in this chapter and in other NetBackup documentation, as indicated. Table 2-2 NetBackup tasks
Tasks for the NetBackup administrator

1 Install the NetBackup 6.5.2 master server and media server. See the NetBackup 6.5 Installation Guide. Symantec recommends that the NetBackup media server and the VMware backup proxy server be installed on the same host. 2 Install the NetBackup 6.5.2 Snapshot Client license on the master server, and install Snapshot Client 6.5.2 software on the VMware backup proxy server. See the Installation chapter of the NetBackup Snapshot Client Administrators Guide. Note: the proxy server must be installed on Windows 2003. 3 Set NetBackup access credentials for the VMware VirtualCenter (if any) or VMware ESX servers. See Adding NetBackup credentials for VMware on page 31. 4 Add the VMware backup proxy server to your NetBackup configuration. See Adding the proxy server to NetBackup configuration on page 32. 5 Configure incremental backups for VMware. See Configuring incremental backups for VMware on page 32. 6 Create a NetBackup Snapshot Client policy for VMware. See Configuring a VMware policy on page 32. 7 Perform a backup or restore. See Backing up VMware files on page 42 and Restoring VMware files on page 43. 8 Recheck the configuration. See Best practices on page 51 and Troubleshooting on page 56.
How to configure and use NetBackup for VMware Configure NetBackup
31
Configure NetBackup
This section describes the NetBackup configuration procedures.
Adding NetBackup credentials for VMware

The NetBackup server requires logon credentials to access the VMware ESX servers or the VMware VirtualCenter. To add NetBackup credentials 1 Start the NetBackup Administration Console: On UNIX, enter: /usr/openv/netbackup/bin/jnbSA & On Windows, click Start > Programs > Veritas NetBackup > NetBackup Administration Console. Click Media and Device Management > Credentials > Virtual Machine Servers. Click Actions > New > New Virtual Machine Server and enter the fully qualified domain name of the virtual machine server (VirtualCenter or ESX server). In the Credentials pane of the Virtual Machine Server dialog box, enter the following: Virtual machine server type Select the type of virtual machine:
2 3
VMware VirtualCenter server: for a VirtualCenter that manages multiple VMware ESX servers. Note: if you have a VirtualCenter, do not enter logon credentials for individual ESX servers. NetBackup uses credentials for the VirtualCenter only.
VMware ESX server: for ESX servers where there is no VirtualCenter. Use this dialog box to enter credentials for each ESX server. User name Enter the user name for the virtual machine server. Password Enter the password (and confirm it) for the virtual machine server. Connect using port number Unless the port number was changed on the VMware server, no port specification is required. If the Connect using port number box is checked, deselect it. VMware Consolidated Backup software determines the port.
5 6
Click OK. If your site has multiple ESX servers but no VMware VirtualCenter, use the Virtual Machine Server dialog box to enter credentials for each ESX server.
32 How to configure and use NetBackup for VMware Configure NetBackup
Adding the proxy server to NetBackup configuration

You must add the VMware backup proxy server to your NetBackup configuration. In the NetBackup Administration Console, do the following. To add the proxy server 1 2 3 4 5 Click Host Properties > Master Server > double click NetBackup master server > Virtual Machine Proxy Servers. Click Add. In the New Server dialog box, enter the fully qualified domain name of the VMware backup proxy server, and click Add. When you are finished adding proxies, click Close. Click Apply and then OK.
Configuring incremental backups for VMware

Incremental backups of virtual machines must be based on timestamps, not on archive bit. You must configure the NetBackup client on the VMware backup proxy server as follows. To configure the client on the proxy server for incremental backups 1 Start the Backup, Archive, and Restore interface from the NetBackup client that is installed on the VMware backup proxy server. For example: click Start > Programs> Veritas NetBackup > Backup, Archive, and Restore. Click File > NetBackup Client Properties. On the General tab, make sure Perform incrementals based on archive bit is clear (unchecked).
2 3
Configuring a VMware policy

The following procedure describes how to create a policy for VMware backup. You can also use the Snapshot Policy Configuration wizard to create a policy. To configure a VMware policy 1 Start the NetBackup Administration Console as follows: On UNIX, enter: /usr/openv/netbackup/bin/jnbSA & On Windows, click Start > Programs > Veritas NetBackup > NetBackup Administration Console. Click on Policies and select Actions > New > New Policy.
33
Select the policy type: MS-Windows-NT or FlashBackup-Windows
Select storage unit or group
Click Perform snapshot backups and Perform off-host backup. Click Use virtual machine proxy and select the VMware proxy.
Select one of the following policy types: MS-Windows-NT For backup of individual drives or individual folders and files (Windows only). Cannot back up the entire virtual machine. For a backup of the entire virtual machine, choose FlashBackup-Windows. FlashBackup-Windows For backup of individual drives (Windows), or backup of the entire virtual machine (any supported virtual machine). For UNIX and Linux virtual machines, FlashBackup-Windows is the only supported policy type. The FlashBackup-Windows policy type has the following advantages:
Increases the backup speed as compared to standard file-order backup methods, if the virtual machine is heavily populated with small files.
Can create a backup from which you can restore either individual files or the full virtual machine.
Select a policy storage unit or storage unit group. Storage unit groups are described in the NetBackup Administrators Guide, Volume I. Select Perform snapshot backups. If Bare Metal Restore is installed, you must deselect Collect disaster recovery information for Bare Metal Restore to select Perform snapshot backups. The FlashBackup-Windows policy type automatically selects Perform snapshot backups. Select Perform off-host backup and Use virtual machine proxy. In the Virtual Machine Proxy Server field (Off-host backup machine on Windows): select the name of the VMware backup proxy server from the pull-down list. If the proxy server does not appear in the pull-down, make sure it was added to the Host Properties setting. See Adding the proxy server to NetBackup configuration on page 32. You may have to close and reopen the policy for the added proxy server to appear in the list. Click Snapshot Options.
6 7
35
Automatically selected when you choose Use virtual machine proxy on Attributes tab. Specify these options
Specify these values for the VMware snapshot method: Snapshot mount point A folder on the VMware backup proxy server. An example mount point is:
G:\mnt
If the folder does not exist on the VMware backup proxy, NetBackup creates it. This folder is used in one of two ways, depending on the Virtual Machine Backup parameter value you choose:
For file-level backups (0-File), the VMware backup proxy server mounts snapshots of individual virtual disk volumes in this folder. These snapshots are links to the virtual datastore. No virtual machine data is copied to this folder. For full virtual machine backups (1-FullVM or 2-Mapped FullVM), the VMware backup proxy server creates a snapshot of the entire virtual machine in this folder. This snapshot contains copies of all virtual disk files on the virtual datastore that constitute a point-in-time image of the entire virtual machine. Enough space must be available in this folder to contain the snapshot.
NOTE: For Windows virtual machines, the mount point must be a local drive, not network mounted. Also, do not set compression or encryption on the mount point. See The backup fails with status 156 on page 58. Virtual Machine Backup options 0-File: Backs up either of the following:
Individual folders and files, individual drives, or all local drives, with the MS-Windows-NT policy type.
Individual drives or all local drives, with the FlashBackup-Windows policy type. The 0-File option cannot be used to back up Windows system files or VMware virtual disk files. See Backup type: file-level and full virtual machine on page 27. 1-FullVM: Backs up the entire virtual machine. This option works with the FlashBackup-Windows policy type only. Individual files cannot be restored from this backup. 2-Mapped FullVM: Backs up the entire virtual machine. This option works with the FlashBackup-Windows policy type only. Two kinds of restore are possible: restore of the entire virtual machine or of individual folders and files. A tabular presentation of these parameters is available. See VMware backup options compared on page 41. 3-FullVM and file for incremental: A combination of options 2 and 0. Backs up the entire virtual machine for full backups, and backs up individual files, folders, or drives for incrementals. This option works with the FlashBackup-Windows policy type only. For incremental backups, this option saves time when transferring data to the backup proxy. Transfer type These options require VCB 1.1 and ESX server 3.5 or later. The transfer types determine how the snapshot data is sent from the VMware datastore to the VMware backup proxy. The appropriate option depends in part on the type of network that connects the VMware datastore to the VMware backup proxy.
0-SAN
For unencrypted transfer over Fibre Channel (SAN) or iSCSI. This value is the default. For unencrypted transfer over a local network that is using the Network Block Device (NBD) driver protocol. This type of transfer is usually slower than over Fibre Channel.
1-NBD
37
2-NBDSSL
For encrypted transfer (SSL) over a local network that is using the Network Block Device (NBD) driver protocol. This type of transfer is usually slower than over Fibre Channel. Provides transfer redundancy if the VMware datastore is available on both a SAN and a local network. With option 3, NetBackup attempts an unencrypted transfer over Fibre Channel (SAN) or iSCSI. If that fails, it transfers the snapshot data using the Network Block Device (NBD) driver protocol over the local network. Provides transfer redundancy if the VMware datastore is available on both a SAN and a local network. NetBackup attempts an unencrypted transfer over Fibre Channel (SAN) or iSCSI. If that fails, it transfers the snapshot data with SSL encryption using the Network Block Device (NBD) driver protocol over the local network.
3-SAN then NBD
4-SAN then NBDSSL
VMDK type This option requires VCB 1.1 and ESX server 3.5 or later. It determines whether the virtual disk files are optimized for transmission to the backup proxy.
0-Optimized The virtual disk (vmdk) files are optimized so that only the necessary blocks are transferred. If a virtual machine has a 200 GB disk but only 10 GB are used, the vmdk file sent to the proxy is 10 GB plus the grain tables that describe the optimized vmdk files. 0-optimized is the default. If the policy storage unit is not PureDisk, accept the default. The virtual disk (vmdk) files are not optimized. The full vmdk file is sent. This option is needed only if the policy specifies a PureDisk storage unit. If the snapshot data is optimized, PureDisk cannot employ deduplication on it.
1-Full
To save these settings, click OK and then Apply.
10 Use the Schedules tab to define a schedule. 11 On the Clients tab, click New to specify virtual machines to back up.
ESX server or VirtualCenter
Select a VirtualCenter or ESX server, or select individual virtual machines. To discover virtual servers on the network, click the Browse Virtual Machines box. Use the Find field to locate a virtual machine in the list. To enter the name of a virtual machine manually, uncheck the Browse Virtual Machines box. The format of the virtual machine name depends on your system. It may be the fully qualified name or another name, depending on your network configuration and how the name is defined in the guest OS. If NetBackup cannot find the name you enter, policy validation fails. The machine names that are listed may be derived from a cache file. Using the cache file is faster than rediscovering the machines on the network if your site has a large number of virtual machines. To update the cache file and re-display virtual machines, click the refresh option to the right of the Last Update field. This field shows the date and time of the most recent cache file that contains the names of virtual machines. For NetBackup to access the virtual machines, the following are required:
39
The VMware VCB must be installed on the VMware backup proxy server. The NetBackup master server must have credentials for the VMware VirtualCenter or ESX server(s). See Adding NetBackup credentials for VMware on page 31.
The browsing time-out value must not be set too low. See Changing the browsing time-out for virtual machine discovery on page 56. The virtual machines you selected are listed in the Clients tab.
12 Use the Backup Selections tab to specify the virtual machine files to back up. Click New. You can make entries manually, or click on the pull-down (UNIX) or hand icon (Windows) to select from available directives. Note: for VMware snapshot backup, the System_State directive (Windows 2000) and the ShadowCopy Components directive (Windows 2003) are not supported.
Enter any of the following and then click Add (on UNIX) or press Enter (Windows):
Individual Windows folders and files, if the policy type is MS-Windows-NT. Individual drive letters. The drive letter format depends on the policy type: MS-Windows-NT policy type Enter the drive letter as follows (for example): E:\ The drive letter must not be a network (shared) drive: it must specify a drive on the virtual machine. For MS-Windows-NT policies, you cannot back up the following: Windows System State, Windows ShadowCopy Components, Windows system files (such as on the C: drive), or VMware virtual disk files. To back up these files, use the ALL_LOCAL_DRIVES directive in a FlashBackup-Windows policy. FlashBackup-Windows policy type Enter the drive letter as follows (for example): \\.\E: The drive must be designated exactly as shown (E:\ is not correct). The ALL_LOCAL_DRIVES directive backs up all local drives on the virtual machines that are selected on the Clients tab. This entry is the only one supported for UNIX and Linux virtual machines. IMPORTANT: the kinds of files that are included in an ALL_LOCAL_DRIVES backup depend on the policy type and the VMware snapshot options, as follows.
MS-Windows-NT policy: the ALL_LOCAL_DRIVES directive backs up all data files on the virtual machines that are selected on the Clients tab. This directive does not back up the following: Windows System State, Windows system files (such as on C:), or VMware virtual disk files. FlashBackup-Windows policy: the ALL_LOCAL_DRIVES directive backs up all data files on the virtual machines. The ALL_LOCAL_DRIVES directive also backs up the following, if the snapshot option is 1-FullVM, 2-Mapped FullVM, or 3-FullVM and file for incremental: Windows System State files, Windows OS partitions that contain the Windows system files (usually C:), and VMware virtual disk files. See VMware backup options compared on page 41 for more details. For FlashBackup-Windows: if you chose value 1 or 2 for the Virtual Machine Backup parameter, ALL_LOCAL_DRIVES is the only entry allowed under Backup Selections.
41
13 On the policy Attributes tab: if you click Apply or OK, a validation process checks the policy and reports any errors. If you click Close, no validation is performed.
VMware backup options compared

Table 2-3 describes the backup options for MS-Windows-NT policies. Table 2-3 VMware backup options for MS-Windows-NT policies Virtual Machine What is backed up Backup parameter
0-File Specified folders and files only, excluding Windows system files All data files and folders in specified drives, excluding Windows system files
Backup Selections entry

Individual folders and files
What can be restored

Individual drives For example: E:\ ALL_LOCAL_DRIVES directive
0-File
0-File
All data files and folders on all Individual folders and files local virtual machine drives, excluding Windows system files
Table 2-4 describes the backup options for FlashBackup-Windows policies. Table 2-4 VMware backup options for FlashBackup-Windows policies Virtual Machine What is backed up Backup parameter
0-File Individual drives as raw devices.

Individual drives For example: \\.\E:

Individual folders and files, or entire drive (not including operating system or VMware virtual disk files) Individual folders and files, or entire drives (not including operating system or VMware virtual disk files)
ALL_LOCAL_DRIVES directive
0-File
All individual drives in virtual machine as raw devices.
1-FullVM
VMware virtual disk files. Backup Entire virtual machine only is raw partition type.
42 How to configure and use NetBackup for VMware Backing up VMware files
Table 2-4
VMware backup options for FlashBackup-Windows policies Virtual Machine What is backed up Backup parameter
2-Mapped FullVM

VMware virtual disk files. Backup Entire virtual machine or is raw partition type. individual folders and files
Note that backup type 3-FullVM and file for incremental is a combination of types 2 and 0.
Backing up VMware files

You can initiate a VMware backup in the same manner as any NetBackup backup. NetBackup for VMware does not support user backups: only manual or scheduled backups are allowed. To back up files manually 1 Click on the Policies node in the NetBackup Administration Console, select the policy, and click Actions > Manual Backup.
How to configure and use NetBackup for VMware Restoring VMware files
43
See the NetBackup Backup, Archive, and Restore Getting Started Guide for further instructions.
Restoring VMware files

You can use the NetBackup Backup, Archive, and Restore interface to restore from NetBackup for VMware backups, as explained in this section.
VMware restore procedures: overview

Individual file restore
The following restore procedures are supported.
One-stage process: restore individual files to the virtual machine by restoring to the backup proxy. The VMware virtual machine drives to which restores are to be directed must be configured in one of two ways:
The virtual machine drives must be shared through the guest operating system on the virtual machine.
NetBackup client software must be installed on the VMware virtual machine. See Setting up NetBackup Client Service for restore to a shared virtual machine drive on page 44.
Two-stage process: 1, Restore individual files from the VMware backup proxy server to a NetBackup Windows client (not to the virtual machine). See the NetBackup Backup, Archive, and Restore Getting Started Guide on how to restore to different locations. 2, Manually copy the restored files to the Windows virtual machine. (NetBackup does not perform this step.)
Full VMware virtual machine restore

The following restore procedure is supported. Restore all virtual machine files to the VMware backup proxy server, which is used as a staging machine. Then do one of the following:
Let NetBackup issue a VMware-provided script to restore the virtual machine to a designated virtual machine server. The virtual machine files are then removed from the staging machine. Use the VMware Converter application on your own to restore the virtual machine from the staging machine to the virtual machine server.
44 How to configure and use NetBackup for VMware Restoring VMware files
Setting up NetBackup Client Service for restore to a shared virtual machine drive
To restore individual files to a Windows virtual machine which has a shared drive, note: the NetBackup Client Service must be logged on as the Administrator account (not as the Local System account). The Administrator account lets NetBackup write to the directories on the virtual machine to which the data is restored. If you try to restore files while the NetBackup Client Service is logged on as the Local System account, the restore fails. To log on the NetBackup Client Service as Administrator 1 2 3 4 5 In Windows Services on the VMware backup proxy server, double-click the NetBackup Client Service. Check the Log On tab: if the service is not logged in as Administrator, stop the service. Change the logon to the Administrator account in the domain in which both the virtual machine and the proxy server reside. Restart the service. Retry the restore.
Restore notes
Note the following.
Unless a NetBackup client is installed on the virtual machine, NetBackup for VMware backups do not support user-directed restore. Only server-directed restores performed by the administrator are allowed. In the NetBackup Backup, Archive, and Restore interface, restore types labeled proxy restore do not apply to VMware backups. An example of such a restore type is from Normal Backup as a Proxy. These restore types do not refer to the VMware backup proxy server. Use the restore procedures that are described in this chapter. For VMware files that were encrypted on the virtual machine using Windows NTFS encryption, you must install a NetBackup client on the virtual machine.
45
Restoring individual folders and files

If the VMware backup was made with either of the following, you can restore individual files:

An MS-Windows-NT policy. A FlashBackup-Windows policy with a Virtual Machine Backup parameter set to 0-File, 2-Mapped FullVM, or 3-FullVM and file for incremental.
To restore individual folders or files 1 Start the NetBackup Backup, Archive, and Restore interface. On UNIX servers, you can start the interface from the NetBackup Administration Console. On Windows, you must start the Backup, Archive, and Restore interface separately. Specify the source client and destination client and type of policy: UNIX: on the Restore Files tab, click Windows: click Files > Specify NetBackup Machines and Policy Type. Specify the following:
Server to use for backup and restores: the NetBackup master server that directed the backup. Source client for restores: the VMware virtual machine that was backed up. Destination client for restores: specify one of the following:
The VMware virtual machine that was originally backed up, if NetBackup client software has been installed on the virtual machine. The VMware backup proxy server. Note that NetBackup Client Service must be logged on as Administrator. See Setting up NetBackup Client Service for restore to a shared virtual machine drive on page 44.
Policy type for restores: the type of policy that made the backup (MS-Windows-NT or FlashBackup-Windows).
Select the type of restore: UNIX: on the Restore Files tab, select Normal Backups. Windows: click Files > Select Files and Folders to Restore > from Normal Backup UNIX: enter the Browse directory that contains the folders or files to restore.
6 7
Click the files you want to restore. Start the restore: UNIX: click Restore. Windows: click Actions > Restore... Windows: if NetBackup client software is not installed on the virtual machine, select one of the following:

Restore everything to a different location
Restore individual folders and files to different locations Destinations must be entered as UNC path names that refer to shared drives on the virtual machine. For example, to restore the file E:\folder1\file1 on virtual machine vm1, enter the following destination:
\\vm1\e$\folder1\file1
Restoring the full VMware virtual machine

If the VMware backup was made with both of the following, you can restore the entire virtual machine:

A FlashBackup-Windows policy. The Virtual Machine Backup parameter was set to any of the following:

1-FullVM 2-Mapped FullVM 3-FullVM and file for incremental, and the policy schedule was a full backup type.
To restore the full virtual machine 1 2 Start the NetBackup Backup, Archive, and Restore interface as described under Restoring individual folders and files on page 45. Specify the source client and destination client and type of policy: UNIX: On the Restore Files tab, click Windows: click Files > Specify NetBackup Machines and Policy Type. Specify the following:
Server to use for backup and restores: the NetBackup master server that directed the backup. Source client for restores: the VMware virtual machine that was backed up. Destination client for restores: the VMware backup proxy server. Policy type for restores: FlashBackup-Windows.
47
Select the type of restore: UNIX: on the Restore Files tab, select Restore type > Virtual Machine Backups. Windows: click the down arrow on the option to select Restore from Virtual Machine Backup. A restore window displays the backups available for restore. Select the virtual machine backup to restore. UNIX:
On the Restore Files tab, specify the Start date and End date within which to search for the backup. Click either of these options: Specify root (/) in the Browse directory field and press Enter. Click on the root folder that is displayed under Directory Structure.
Windows: In the NetBackup History pane, click on the VMware backup, then click on the item that is displayed under All Folders. You cannot select individual files. You must select the entire virtual machine.
Select restore options. UNIX: click Restore. Windows: click Actions > Restore.
49
Select from the following options on the Restore Marked Files dialog box:
Restore Options
Restore all virtual machine files to a virtual machine server automatically using VMware Converter Restores all virtual machine files to the staging machine that is specified on this dialog box. NetBackup then issues a VMware-provided script to restore the virtual machine to the virtual machine server you specify. After the restore is complete, the restored virtual machine is powered off. The virtual machine files are then removed from the staging machine. Note: If the virtual machine display name already exists on the Virtual machine server, the restore fails.
Note the following options:
Perform identity restore to Select this option if you want to retain the restore UUID (Universal Unique UUID of the original virtual machine (note that Identifier) the UUID is a globally unique identifier). The virtual machine is restored with the same UUID that it had before the restore. This option requires that the previous virtual machine (the one that was backed up) has been deleted, so that the UUID is free. Note: if the UUID exists, the restore fails. The default (do not perform identify restore) checks to make sure that the display name of the new virtual machine (the one created by the restore) does not already exist. The virtual machine created by the restore is given a new UUID. Strip network information from Select this option to make sure that the virtual the virtual machine that has machine created for the restore does not have been restored the same IP address as the virtual machine that was backed up. The network information is deleted at the time of the restore. The default is to retain the IP information. Use the default if you have already deleted the virtual machine that was backed up and you want the virtual machine created by the restore to keep the same IP information as the original machine. Remove backing information for Select this option if you do not want to restore devices like DVD/CD-ROM hardware backing information from the drives, serial or parallel ports original image. Default settings will be substituted.
Restore all virtual machine files to the staging machine Restores all virtual machine files to the staging machine. NetBackup does not restore the files to the virtual machine server. You can use the VMware Converter application to restore the entire virtual machine from the staging machine to the Virtual machine server. See your VMware documentation. Restore Destination Choices

Virtual machine server:
How to configure and use NetBackup for VMware Best practices
51
Select or enter the virtual machine server to which to restore the files. The list includes only the machines for which NetBackup has credentials. The default server is the one stored in the backup image information.
Staging machine for restoration: Select or enter the VMware backup proxy server to which the VMware files are temporarily restored. If you chose Restore the entire virtual machine, the files are then restored to the Virtual machine server and deleted from this staging server. The default is the VMware backup proxy server that was used for the backup. The name of that proxy server is stored in the backup image information. On this dialog box, the pull-down list for staging machines includes the VMware backup proxy servers that are defined in existing NetBackup policies. Restore staging location: Enter a Windows file path on the staging machine to which the virtual machine files are temporarily restored. The default is the VMware backup proxy server mount point that was stored in the backup image information.
Click Start Restore.
Best practices
For an in-depth treatment on best practices, see the following: For a more efficient backup, the NetBackup media server and the VMware backup proxy server should be installed on the same host. VMware recommends that you run no more than four simultaneous backups of virtual machines that reside on the same datastore. On the VMware backup proxy server, the file system that contains the snapshot mount point undergoes extensive I/O during full virtual machine backup. For this reason, the file system should reside on a high performance device. On the VMware backup proxy server, the file system that contains the snapshot mount point should be reserved for snapshots only. It should also be on a dedicated SCSI or Fibre Channel bus. The file system that contains the snapshot mount point should be routinely defragmented. A heavily fragmented file system can adversely affect the performance of a FlashBackup-based backup.
http://www.symantec.com/business/products/whitepapers.jsp?pcid=2244&pvid=2_1
52 How to configure and use NetBackup for VMware Best practices
To increase backup throughput on the VMware backup proxy, define multiple snapshot mount points. Each mount point should be created on a disk that is connected on its own disk bus (such as SCSI or IDE). Thus, I/O activity that one policy creates can be isolated from I/O activity that other policies create. Successful VMware snapshots depend on the following:
The amount of I/O that occurs on the virtual machine datastore. Backups should be scheduled when relatively little I/O activity is expected. Reducing the number of simultaneous backups can also help. (Use the Limit jobs per policy attribute in the NetBackup policy.) The design of the I/O substructure that is associated with each virtual machine datastore. For correct I/O design and implementation, consult your VMware documentation.
Include in a single NetBackup policy those virtual machines that use the same datastore. This practice lets you control the amount of backup-related I/O that occurs per datastore and thus limit the backup impact on the target virtual machines. NetBackup supports multiple VMware backup proxy servers. When a single backup proxy is saturated with a backup process, another proxy can be added to increase backup throughput. Upgrade to the latest version of VMware Virtual Infrastructure, which includes the latest version of ESX server, VirtualCenter Server, and VCB.
More information
More information about VMware and NetBackup for VMware can be found in the following:
VMware Inc. provides an extensive set of manuals on VMware products. See the VMware ESX Server and VirtualCenter documentation at:
http://www.vmware.com/support/pubs/
For an in-depth treatment on best practices, see the following: Veritas NetBackup 6.5 for VMware 3.x Best Practices Guide (Symantec white paper). Veritas NetBackup 6.5 for VMware 3.x Implementation Guide (Symantec white paper).
http://www.symantec.com/business/products/whitepapers.jsp?pcid=2244&pvid=2_1
How to configure and use NetBackup for VMware VMware support matrices
53
VMware support matrices

This section describes support information for NetBackup for VMware.
Supported VMware components

NetBackup for VMware supports the following. Table 2-5 Supported VMware components and versions Version
3.0, 3.0.1, 3.0.2, 3.5, and 3i. 1.x
VMware component
ESX server (including VMware Tools) VMware Consolidated Backup (VCB)
Supported operating systems for VMware backup proxy server

The VMware backup proxy server must be installed on Windows 2003 (32 or 64 bit).
Supported disk arrays

NetBackup for VMware can be used with any storage array that VMware Consolidated Backup (VCB) supports. Make sure the datastore for the ESX server is on storage that VCB supports.
VMware guest operating systems tested

The following table lists VMware guest operating systems that tested successfully with NetBackup 6.5.2. Table 2-6 VMware guest operating systems tested Notes
Requires ESX server 3.5 and VCB 1.1 Windows XP 64bit requires VMware Tools 3.0.1 (not supported with 3.0.2) Requires ESX server 3.5 and VCB 1.1
VMware guest OS
Windows Vista Windows XP 32bit/64bit
Windows 2008 32bit/64bit Windows 2003 32bit/64bit Windows 2000 32bit Windows NT 4.0
54 How to configure and use NetBackup for VMware VMware support matrices
Table 2-6
VMware guest operating systems tested Notes
VMware guest OS
RHEL 2.1 RHEL 3.0 RHEL 4 32bit/64bit RHEL 5 32bit/64bit SLES 9 32bit/64bit SLES 10 32bit/64bit Solaris 10 64bit
Requires VMware Converter version 3.0.2 or later.
Supported file systems

Table 2-7 lists supported file systems (left column). The supported backup types are shown for each policy type and file system combination. The backup types are described following the table. Table 2-7 Supported file systems Supported backup types per NetBackup policy type MS-Windows-NT
NTFS (Windows NT) NTFS (Windows 2000 and later) FAT (all Windows versions) Other (Any VMware guest OS) Not supported 1-FullVM Policy backup selections must specify
ALL_LOCAL_DRIVES
File system
FlashBackup-Windows
1-FullVM
Notes
0-File
0-File
0-File 1-FullVM 2-Mapped FullVM
All features of NetBackup for VMware are supported.
0-File
1-FullVM
Description of backup types:
How to configure and use NetBackup for VMware VMware logging
55
0-File: For backup of individual files. Cannot back up Windows system files or VMware virtual disk files. 1-FullVM: For backup of the entire virtual machine only. 2-Mapped FullVM: For backup of the entire virtual machine. Allows restore of the entire virtual machine or of individual files. 3-FullVM and file for incremental (not included in Table 2-7): A combination of options 2 and 0. Backs up the entire virtual machine for full backups, and backs up individual files, folders, or drives for incrementals.
More information is available on these backup types. See Virtual Machine Backup options on page 36.
Snapshot Client support matrix

For a list of supported platforms, file systems, and other components, see the NetBackup 6.x Snapshot Client Compatibility document:
VMware logging
For log messages about VMware backup or restore, see the following NetBackup log folders. Table 2-8 Log folder The NetBackup logs that contain VMware messages Contains Resides on
install_path\NetBackup\logs\bpfis Messages on snapshot creation VMware backup proxy server and backup install_path\NetBackup\logs\bpcd Messages on snapshot creation VMware backup proxy server and backup Messages on restore NetBackup master server
install_path\NetBackup\logs\bprd
Note: These log folders must already exist in order for logging to occur. If these folders do not exist, create them. More detail is available on snapshot logs, logging levels, and the required folders. See the NetBackup 6.5 Snapshot Client Administrators Guide. A broader discussion of NetBackup logging is available. See the NetBackup Troubleshooting Guide.
56 How to configure and use NetBackup for VMware Troubleshooting
Troubleshooting
This section covers a variety of troubleshooting topics.
VMware environmentimportant!
Unsupported equipment can cause many problems. Ensure that your VMware environment (including ESX servers, SAN devices, and backup proxy) conforms to all requirements and recommendations that are spelled out by VMware. For instance, if VMware does not support your HBAs, device drivers, or guest operating systems, NetBackup cannot work. For support details, see VMware documentation at the VMware support site (for example, the VMware compatibility guides).
Changing the browsing time-out for virtual machine discovery

You can adjust the time available for browsing for virtual machines in the NetBackup policy. To change the browsing time-out value 1 2 3 4 In the NetBackup Administration Console, click on the Policies node. From the main menu, click View > Options, then click the Policies tab. Adjust the VMware connect timeout value. Click OK.
Notes and tips
Make sure you have the latest version of the VMware Consolidated Backup (VCB) on the VMware backup proxy server. NetBackup for VMware does not work with the VMware NetBackup Integration Module (VNIM). Note the following:
If VNIM is installed, do not configure a NetBackup for VMware policy (with the VMware snapshot method) to call any scripts that use VNIM. Such a policy results in a backup that fails. Do not run any NetBackup for VMware policy at the same time as a script-based policy that calls VNIM. If the two policies require access to the same virtual machine, a conflict may result and the backup may fail.
For incremental backups, make sure the VMware backup proxy server is correctly configured. Otherwise, NetBackup performs only full backups.
How to configure and use NetBackup for VMware Troubleshooting
57
See Configuring incremental backups for VMware on page 32.
You cannot restore Windows operating system files from a file-level backup of a virtual machine. You can restore standard data files only. A restore of the operating system requires a full virtual machine backup. Make sure the VMware Tools are installed on each virtual machine. Otherwise, communication problems and other problems can result. You cannot restore VMware files onto the virtual machine itself, except under certain conditions. See VMware restore procedures: overview on page 43. Backups using the 1-FullVM, 2-Mapped FullVM, or 3-FullVM and file for incremental option are not supported if the snapshot staging area in VMware backup proxy has compression or encryption enabled. See under The backup fails with status 156 on page 58.
Backup and restore problems

Credentials for VMware server are not valid
A number of possible problems can prevent NetBackup gaining access to the ESX server or VirtualCenter. NetBackups Add Virtual Machine Server dialog has a Validate Credentials box that directs NetBackup to verify the credentials when you click OK. If the credentials do not pass validation, a pop-up message appears. Problems can result for a variety of reasons, including the following:
An incorrect virtual machine server name. Make sure that the server name is entered correctly. An invalid user name or password. Make sure that a valid user name and password were entered correctly. An incorrect port number. Make sure that the port number is correct, or you can uncheck the Connect using port number box. In most cases, no port specification is required. VMware Consolidated Backup software determines the port.
NetBackup cannot obtain the volume ID of a drive

If NetBackup cannot obtain the volume ID of a drive that is listed in the policys Backup Selections list, note: none of the drives that are listed in the policy for the client are backed up. The backup fails with NetBackup status code 156. Try one of the following:
58 How to configure and use NetBackup for VMware Troubleshooting
Use the ALL_LOCAL_DRIVES directive in the Backup Selections list, instead of listing individual drives. A drive letter that is specified in the policys Backup Selections list may be incorrect, or the drive may be down. Update the clients include list (Exceptions to exclude list), and fix or remove the drive entry in the Backup Selections list.
The backup fails with status 156

A backup failure with status 156, snapshot error encountered, can occur for several reasons:
You cannot run more than one backup per virtual machine at a time. If you start a second backup of the same virtual machine while the first backup is active, the second job fails with a status 156. If the VMware backup proxy server has insufficient space in which to mount a snapshot of the virtual machine, the backup fails with status 156. The bpfis log on the VMware backup proxy server may contain a message such as the following:
13:35:37.859 [5536.1276] <2> onlfi_vfms_logf: [2007-09-21 13:35:34.578 'vcbMounter' 2204 error] Error: Failed to export the disk: There is not enough space on the disk
Free up additional space on the proxy server and rerun the backup.
If the VMware backup proxy server does not have access to the VMware datastore (VMware virtual disk files), the backup fails with status 156. The bpfis log on the VMware backup proxy server may contain messages such as the following:
12:23:29.998 [3892.3332] <2> onlfi_vfms_logf: [2008-05-07 12:23:26.279 'App' 3668 trivia] Attempting to open LVID:46a9ed36-ca235c12-1236-00001a1a24e4/46a9ed35-aa804fd4-6b99 -00001a1a24e4/1. 12:23:29.998 [3892.3332] <2> onlfi_vfms_logf: [2008-05-07 12:23:26.279 'App' 3668 error] No path to device LVID:46a9ed36-ca235c12-1236-00001a1a24e4/46a9ed35-aa804fd4-6b99 -00001a1a24e4/1 found. 12:23:29.998 [3892.3332] <2> onlfi_vfms_logf: 12:23:26.279 'BlockList' 3668 error] [2008-05-07
12:23:29.998 [3892.3332] <2> onlfi_vfms_logf: [2008-05-07 12:23:26.279 'SOAP' 3668 trivia] Sending soap request to [TCP:namur:443]: release 12:23:29.998 [3892.3332] <2> onlfi_vfms_logf: [2008-05-07 12:23:26.560 'BlockList' 3668 info] Closing connection namur:443:root
How to configure and use NetBackup for VMware Terminology
59
12:23:29.998 [3892.3332] <2> onlfi_vfms_logf: [2008-05-07 12:23:26.560 'SOAP' 3668 trivia] Sending soap request to [TCP:namur:443]: logout 12:23:29.998 [3892.3332] <2> onlfi_vfms_logf: [2008-05-07 12:23:26.638 'vcbMounter' 3668 error] Error: Failed to open the disk: Cannot access a SAN/iSCSI LUN backing this virtual disk. (Hint: Option "-m ndb" swtiches vcbMounter to network base disk access if this is what you want.) 12:23:29.998 [3892.3332] <2> onlfi_vfms_logf: [2008-05-07 12:23:26.638 'vcbMounter' 3668 error] An error occurred, cleaning up...
A disk was mounted on a virtual machine but the disk is assigned to the virtual machine in raw mode. As a result, the attempt to create a snapshot of the virtual machine fails. The bpfis log on the VMware backup proxy server may contain a message such as the following:
12:46:27.175 [2636.5628] <2> onlfi_vfms_logf: [2007-10-17 12:46:27.019 'App' 1976 verbose] Fault Msg: "Virtual machine is configured to use a device that prevents the snapshot operation: Device '' is a raw disk, which is not supported."
Backups that use the 1-FullVM, 2-Mapped FullVM, or 3-FullVM and file for incremental option are not supported if the snapshot mount point on the VMware backup proxy server has compression or encryption enabled. For the backup, the VMware backup proxy server copies the space-optimized VMware virtual machine images to its snapshot mount point. The Windows NTFS file system allocated for the snapshot mount point should not have the Compression or Encryption attribute set. If either attribute is set, backups succeed but single file restores cannot be performed from the backups.
Terminology
For further explanations of VMware terminology, refer to your VMware documentation.
datastore
In NetBackup for VMware, the datastore is a disk that contains the virtual machines files. The datastore must be available to both the VMware backup proxy server and the ESX server.
guest OS
An operating system that runs on a virtual machine.
60 How to configure and use NetBackup for VMware Terminology
hypervisor
A software virtualization layer that lets different operating systems run simultaneously on the same physical machine.
sync driver
Flushes OS buffers (Windows only) before VMware snapshots are initiated. The sync driver is installed by means of VMware Tools.
VCB
See VMware Consolidated Backup.
virtual machine
An execution environment that is created by the computer hardware and the hypervisor. The resulting virtualized environment allows different operating systems to run simultaneously on the same physical machine.
vmdk file
In a VMware ESX server, one or more vmdk files make up the disk image or virtual drive in a virtual machine. The .vmdk files contain the operating system, applications, and data in the virtual machine.

An off-host backup server in a NetBackup for VMware environment. The VMware backup proxy server performs backups on behalf of virtual machines. At a minimum, the VMware VCB software and a NetBackup client must be installed on the backup proxy.
VMware Consolidated Backup

An off-host backup application programming interface (API) created by VMware. Designed to off load backups from the ESX server.
VMware Tools
Installed inside each VMware virtual machine. Enhances the virtual machine performance and adds backup-related functionality.
Chapter
Clustering NetBackup Operations Manager

This chapter contains the following topics:

About a NetBackup Operations Manager cluster Supported cluster solutions Installing/Upgrading to NOM 6.5.2 in a clustered mode Adding a new node to an existing NOM cluster Removing NetBackup Operations Manager from a cluster Administering a NOM cluster Limitations of a NOM cluster Troubleshooting a NetBackup Operations Manager cluster
About a NetBackup Operations Manager cluster

Clusters provide high availability of applications and data to users. In a cluster, two or more nodes are linked in a network and work collectively as a single system. Each node can access the shared disks with the help of cluster software. All nodes in a cluster are constantly aware of the status of resources on the other nodes. If a node becomes unavailable, resources running on that node migrate to an available node (this is called failover). NetBackup Operations Manager (NOM) operates in an active/passive failover configuration. NOM 6.5.2 must be installed on the active node and the passive (or failover nodes). When a failover occurs in a NOM cluster, NOM is shut down on the active node and starts on one of the failover nodes in the cluster. During failover, users experience only a short interruption in service. This failover provides high availability for NOM.
62 Clustering NetBackup Operations Manager Supported cluster solutions
You can cluster all the components of NetBackup Operations Manager. Installing NOM in a clustered environment makes NOM a highly available application.
About the NOM agent for Veritas Cluster Server on Windows and Solaris
A NOM cluster may comprise of two or more nodes. The active node (where the NOM application runs) is monitored with active checks to ensure that the system is operating correctly. The NOM agent for Veritas Cluster Server (VCS) monitors and controls specific hardware and software resources for NOM. The agent determines the status of these resources and starts or stops NOM according to external events. The NOM agent for VCS is installed when you install NOM 6.5.2. When the agent detects an application failure, the NOM resource group is failed over to another system in the cluster. Specific agent functions include the following:
Online Offline Monitor Clean Starts the NOM services. Stops the NOM services. Verifies the status of the NOM services. Stops all NOM services/daemons after detecting an unexpected offline operation or an ineffective online operation.
Supported cluster solutions

For NetBackup Operations Manager 6.5.2 to be clustered, you must have Veritas Cluster Server (VCS) installed. VCS 4.1 and later versions and VCS 5.0 are supported on both Windows and Solaris platforms in a NOM cluster. Veritas Cluster Server is a high-availability solution for cluster configurations. With Veritas Cluster Server you can monitor systems and application services, and restart services on a different system when hardware or software fails. For more information about VCS, see the Veritas Cluster Server User's Guide. Note: NOM 6.5.2 supports Veritas Cluster Server as a cluster solution. Other solutions like Microsoft Cluster Server may be supported in later releases.
Clustering NetBackup Operations Manager Installing/Upgrading to NOM 6.5.2 in a clustered mode
63
Installing/Upgrading to NOM 6.5.2 in a clustered mode

This section describes how to install and configure NetBackup Operations Manager on Windows and Solaris, in a clustered mode. If you want to install NOM 6.5.2 as a new installation, see the following topic. See Installing NOM 6.5.2 in a clustered mode on Windows and Solaris on page 63. If you have an existing NOM installation and want to upgrade to NOM 6.5.2 in a clustered mode, see the following topic. See Upgrading from a standalone NOM server to NOM 6.5.2 in clustered mode on page 72.
Installing NOM 6.5.2 in a clustered mode on Windows and Solaris

Table 3-1 lists the steps needed to install and configure NOM 6.5.2 on a Windows and Solaris cluster. Table 3-1 Step
1 2
Sequence of steps for installing NOM 6.5.2 in a clustered mode See this Topic
Description
Perform preinstallation checks. See Installation Prerequisites on page 64. Install NetBackup client See Installing NetBackup client software on software on all the nodes of the page 65. cluster. Install Symantec Product Authentication Service on all the nodes of the cluster. Install NetBackup Operations Manager 6.5.2 on all the nodes of the cluster. Enter details for the pre-configuration checklist. Configure the NOM cluster See Installing Symantec Product Authentication Service on page 65.
See Installing NOM 6.5.2 on a cluster on page 69.
See Pre-configuration checklist for a Solaris cluster on page 70. See Configuring NetBackup Operations Manager cluster on page 71. See Using NOM after the cluster is configured on page 85.
Read this topic to know the changes after configuration.
64 Clustering NetBackup Operations Manager Installing NOM 6.5.2 in a clustered mode on Windows and Solaris
Table 3-1 Step

8
Sequence of steps for installing NOM 6.5.2 in a clustered mode See this Topic
Description
Configure the Netbackup See Configuring the NetBackup master master servers so that they can servers on page 85. be monitored by NOM.
Note: These instructions assume that you want to install NOM 6.5.2 on all the nodes of a cluster. In case you want to install NOM only on some nodes, use these steps to install and configure NOM on the specific nodes.
Installation Prerequisites
This section contains information about the requirements that must be met before you install and configure NOM in a clustered mode.
Ensure that your hardware and software is supported by VCS and NOM 6.5.2. To know the list of platforms supported by NOM, see the NetBackup version compatibility matrix posted on the Support Web site (http://entsupport.symantec.com). To know if your hardware or software is supported by VCS, consult the VCS documentation. Set up a VCS cluster. Ensure that VCS is correctly installed and configured (VCS 4.1 and later versions and VCS 5.0 are supported with NOM 6.5.2). NOM 6.5.2 can be installed on as many nodes as VCS supports. Symantec recommends that the virtual name of the NOM cluster should not contain an underscore ( _ ) character. For example, a virtual name like nom_cluster is not recommended. For a Windows cluster, you must install a patch after you have setup a VCS cluster. You should install this patch before installing NetBackup Operations Manager. The patch along with the instructions is available at the following location: http://seer.entsupport.symantec.com/docs/278307.htm For a Windows cluster, verify that the cluster disk group(s) and dynamic volume(s) for NOM have been created on the shared storage. Refer to the Veritas Storage Foundation Administrators Guide for details on how to create these. For a Solaris cluster, make sure that each node in the cluster, on which you want to install NOM, is rsh equivalent. ssh must also be enabled on each node so that the NOMCAdmin utility can work properly. See Administering a NOM cluster on page 93.
Clustering NetBackup Operations Manager Installing NOM 6.5.2 in a clustered mode on Windows and Solaris
65
For a Solaris cluster, ensure that the shared disk is not mounted on any node in the cluster. If applicable, unmount the NOM shared mount point. Stop the volume the mount point is on and stop the disk group for that volume on all nodes. Ensure that you have an IP address and host name (virtual name) to be assigned to the NOM cluster. You must have administrator rights to the VCS cluster. The shared disk must be configured and accessible to all cluster nodes on which you want to install NOM. Ensure that you are installing a supported configuration of authentication service. See Installing Symantec Product Authentication Service on page 65.
Installing NetBackup client software

Install NetBackup client software shipped with NOM 6.5 on all the nodes. You can install the software from the Client CD/DVD. See the appropriate client sections of the NetBackup Installation Guide for instructions.
Installing Symantec Product Authentication Service

NOM requires that Symantec Product Authentication Service is installed and running before it can be clustered. You must install the version of Symantec Product Authentication Service shipped with NOM 6.5. Note: Symantec Product Authentication Service is installed when you install Veritas Cluster Server. You must upgrade to the version of authentication service shipped with NOM 6.5.
Installing Symantec Product Authentication Service on Windows

Symantec Product Authentication Service must be installed remotely on a Windows cluster. Both clustered and non-clustered modes are supported in a remote configuration. All cluster nodes must use the same remote host or remote authentication cluster.
Note: Installing the authentication service locally on the NOM cluster is not supported on Windows. Symantec Product Authentication Service can be installed remotely in the following ways on Windows:
Remote authentication service in a non-clustered mode Authentication service is installed on a remote host in Root+AB mode. Installing the authentication service remotely means that you install the client APIs locally on the NOM server and install the authentication server component in Root + AB mode on a remote computer. The procedure to install authentication service remotely has been explained in the installation chapter in the Veritas NetBackup Operations Manager 6.5 Guide. Remote authentication service in a clustered mode Authentication service is installed as a clustered service on a remote host in Root+AB mode. This means that you install the client APIs locally on the NOM server and install the authentication server component as a clustered service (in Root + AB mode) on a remote server. Consult the Symantec Product Authentication Service Installation Guide to know the procedure to install authentication service remotely in a clustered mode. Figure 3-1 shows the supported configuration of authentication service on Windows.
67
Figure 3-1
Supported configuration of authentication service on Windows
Installing Symantec Product Authentication Service on Solaris

Symantec Product Authentication Service can be installed both locally and remotely on a Solaris cluster. If you are installing authentication service locally on the NOM server, you must install authentication service in a clustered mode. If you are installing authentication service remotely, you can install authentication service in a clustered or non-clustered mode. Note: In a remote configuration, all cluster nodes must use the same remote host or remote authentication cluster. Symantec Product Authentication Service can be installed in the following ways on Solaris:
Local authentication service in a clustered mode Authentication service is installed as a clustered service locally on the NOM server on each node in the cluster. Consult the Symantec Product Authentication Service Installation Guide to know the procedure.
Remote authentication service in a clustered mode Authentication service is installed as a clustered service on a remote host in Root+AB mode. This means that you install the client APIs locally on the NOM server and install the authentication server component as a clustered service (in Root + AB mode) on a remote server. Consult the Symantec Product Authentication Service Installation Guide to know the procedure to install authentication service remotely in a clustered mode. Remote authentication service in a non-clustered mode Authentication service is installed on a remote host in Root+AB mode. Installing the authentication service remotely means that you install the client APIs locally on the NOM server and install the authentication server component in Root + AB mode on a remote computer. The procedure to install authentication service remotely has been explained in the installation chapter in the Veritas NetBackup Operations Manager 6.5 Guide. Figure 3-2 shows the supported remote configurations for authentication service in a Solaris cluster. Supported remote configurations for Symantec Product Authentication Service
Figure 3-2
69
After you complete the installation, ensure that Symantec Product Authentication Service is functional and works as expected.
Installing NOM 6.5.2 on a cluster

In order to cluster NOM and make it highly available, you must install and configure NOM. NOM 6.5.2 should be installed separately on each node in a cluster. To install NOM 6.5.2 on a Windows and Solaris cluster 1 Install NOM 6.5 on all the nodes in the cluster. See Installing NOM software section for your platform in the Veritas NetBackup Operations Manager Guide for specific instructions. Ensure that you meet the following requirements during NOM installation:
The Authentication Service Host Name must be the same for all the nodes in a cluster. You need to enter a value for the Authentication Service Host Name while installing NOM on the Veritas Netbackup Operations Manager Security Options screen. In case you have installed authentication service as a clustered service, the Authentication Service Host Name must be the virtual name of the authentication service cluster for all the nodes of a cluster. If the authentication service has been installed remotely, the Authentication Service Host Name must be the name of the remote host for all the nodes of the cluster. Custom password must be the same for all the nodes of a NOM cluster. The NOM database must be installed at the default location for all the nodes in a cluster. The default location for the NOM database on Windows is INSTALL_PATH\NetBackup Operations Manager\db\data and on Solaris is /opt/VRTSnom/db/data.
Install the NOM 6.5.2 release update on all the nodes. Use the instructions in the NOM 6.5.2 ReadMe for your platform to upgrade from NOM 6.5 to NOM 6.5.2.
Pre-configuration checklist
The configuration script requests certain details during installation. Fill the checklist for your platform before configuring the NOM cluster. Note: Ensure that virtual name of the NOM cluster does not contain an underscore ( _ ) character.
Pre-configuration checklist for a Windows cluster

Fill the following details before configuring the Windows cluster. Examples are listed on the right hand side. Configuration details Example
Shared drive letter __________________________ N: Shared drive path ___________________________ \nom_cluster Virtual name of the NOM cluster______________ nomvcswin Virtual IP address___________________________ 10.209.14.132 Subnet mask________________________________ 255.255.252.0 Network connection name___________________ LAN Node names on which NOM is installed________ SIGWINVCS1 SIGWINVCS2
Note: Symantec recommends that you do not use L: as a shared drive letter. L: is used by the NOMCAdmin command for administering a NOM cluster.
Pre-configuration checklist for a Solaris cluster

Fill the following details before configuring the Solaris cluster. All configurations
Node names on which NOM is installed Network Device Name (NIC) IP Address Subnet mask Virtual name for the NOM cluster _____________________________________ _____________________________________ _____________________________________ _____________________________________ _____________________________________
Shared disk drive information

You can opt for a disk group configuration if you are using VxVM or configure a mount if you are using a physical disk. You must have the following details depending on your configuration. Scenario 1 - Disk group configuration (using VxVM) Disk group resource Example
71
Disk Group_________________________________ nom_group1 Start Volumes_______________________________ 0 or 1 Stop Volumes_______________________________ 0 or 1
Volume resource (optional)

Volume Name_______________________________ vol_nom
Mount resource
Mount point________________________________ /opt/VRTSnomclus (default) Block device________________________________ /dev/vx/dsk/nom_group1/vol File system type_____________________________ ufs fsck options________________________________ (if you add other options, -y is also required)
Scenario 2- Configuring a mount (using physical disk) Mount resource Example
Mount point________________________________ /opt/VRTSnomclus (default) Block device________________________________ /dev/dsk/c3t2d1s6 File system type_____________________________ ufs
Mount option (optional)

fsck options________________________________ (if you add other options, -y is also required)
Configuring NetBackup Operations Manager cluster

In order to cluster NOM and make it highly available, you must configure the NOM cluster. To configure the NOM cluster on Windows 1 Stop the NOM services on all the nodes. Run the following command:
INSTALL_PATH\NetBackup Operations Manager\bin\admincmd\NOMAdmin.bat -stop_service
Configure NetBackup Operations Manager cluster by running the following command from the active node:
INSTALL_PATH/NetBackup Operations Manager/bin/nomclusterconfig.exe
72 Clustering NetBackup Operations Manager Upgrading from a standalone NOM server to NOM 6.5.2 in clustered mode
3 4
Answer the questions based on the information gathered in the pre-configuration checklist for Windows. Read the following topic to know the changes after the NOM cluster has been configured. See Using NOM after the cluster is configured on page 85. Note: You must configure your managed NetBackup master servers to allow server access and data collection by NOM. See Configuring the NetBackup master servers on page 85.
To configure the NOM cluster on Solaris Note: Before starting this procedure, ensure that the shared disk is not mounted on any node in the cluster. If applicable, unmount the NOM shared mount point. Stop the volume the mount point is on and stop the disk group for that volume on all nodes. 1 2 Stop the NOM services on all the nodes. Run the following command:
/opt/VRTSnom/bin/NOMAdmin -stop_service
Configure NetBackup Operations Manager cluster by running the following command from any node where NOM 6.5.2 is installed:
/opt/VRTSnom/bin/cluster/cluster_config -s nom
The configuration utility mounts the NOM database on the shared disk. 3 4 Answer the questions based on the information gathered in the pre-configuration checklist for Solaris. Read the following topic to know the changes after the NOM cluster has been configured. See Using NOM after the cluster is configured on page 85. Note: You must configure your managed NetBackup master servers to allow server access and data collection by NOM. See Configuring the NetBackup master servers on page 85.
Upgrading from a standalone NOM server to NOM 6.5.2 in clustered mode

You can upgrade to NetBackup Operations Manager 6.5.2 in clustered mode from the previous versions.
Clustering NetBackup Operations Manager Upgrading from a standalone NOM server to NOM 6.5.2 in clustered mode
73
Table 3-2 lists the steps to upgrade to NOM 6.5.2 on a Windows or Solaris cluster. Table 3-2 Step
1
Sequence of steps to upgrade to NOM 6.5.2 in a clustered mode See this Topic
See Prerequisites on page 74.
Description
Perform checks prior to upgrade. Upgrade your existing NOM installation to NOM 6.5.2. Create a VCS cluster. Install the NetBackup client software on all nodes of the cluster except the existing NOM server. Install Symantec Product Authentication Service on all nodes of a cluster except the existing NOM server. Install NetBackup Operations Manager 6.5.2 on the other nodes except the existing NOM server. Enter details for the pre-configuration checklist. Configure the NOM cluster.
See Upgrading your existing NOM installation to NOM 6.5.2 on page 75. See Creating a VCS cluster on page 80. See Installing NetBackup client software on page 80.
3 4
See Installing Symantec Product Authentication Service on the other nodes on page 80.
See Installing NOM 6.5.2 on the other nodes on page 81.
7.
See Pre-configuration checklist for a NOM cluster on page 81. See Configuring NetBackup Operations Manager cluster on page 83. See Using NOM after the cluster is configured on page 85.
Read this topic to know the changes after configuration.
10
Configure the Netbackup See Configuring the NetBackup master master servers so that they can servers on page 85. be monitored by NOM.
Note: These instructions assume that you want to install NOM 6.5.2 on all the nodes of a cluster. In case you want to install NOM 6.5.2 only on some nodes, use these steps to install and configure NOM on the specific nodes.
Prerequisites
This section contains information about the requirements that must be met before you install and configure NOM in a clustered mode.
Before upgrading to NOM 6.5.2, ensure that the NOM database is installed at the default location on the existing NOM server. The default location for the NOM database on Windows is INSTALL_PATH\NetBackup Operations Manager\db\data and on Solaris is /opt/VRTSnom/db/data. Instructions for moving the NOM database from a custom location to the default location are available. See Moving a NOM 6.5 or 6.5.1 database to the original default location on page 394. Ensure that your hardware and software is supported by VCS and NOM 6.5.2. To know the list of platforms supported by NOM, see the NetBackup version compatibility matrix posted on the Support Web site (http://www.symantec.com/business/support/index.jsp). To know if your hardware or software is supported by VCS, consult the VCS documentation. Ensure that VCS is correctly installed and configured (VCS 4.x and 5.0 are supported with NOM 6.5.2). NOM 6.5.2 can be installed on as many nodes as VCS supports. Symantec recommends that the virtual name of the NOM cluster should not contain an underscore ( _ ) character. For example, a virtual name like nom_cluster is not recommended. For a Windows cluster, you must install a patch after you have setup a VCS cluster. You should install this patch before installing NetBackup Operations Manager. The patch is available at the following location: http://seer.entsupport.symantec.com/docs/278307.htm For a Windows cluster, verify that the cluster disk group(s) and dynamic volume(s) for NOM have been created on the shared storage. Refer to the Veritas Storage Foundation Administrators Guide for details on how to create these. For a Solaris cluster, make sure that each node in the cluster, on which you want to install NOM, is rsh equivalent. ssh must also be enabled on these nodes so that the NOMCAdmin utility can work properly. See Administering a NOM cluster on page 93. For a Solaris cluster, ensure that the shared disk is not mounted on any node in the cluster.
75
If applicable, unmount the NOM shared mount point. Stop the volume the mount point is on and stop the disk group for that volume on all nodes of the cluster.
Ensure that you have an IP address and host name (virtual name) to be assigned to the NOM cluster. You must have administrator rights to the VCS cluster. Ensure that the other nodes use the same Authentication Service Host Name that is used by the existing NOM server. All the nodes in a cluster must use the same Authentication Service Host Name. Ensure that you are installing a supported configuration of authentication service. In a remote configuration of Symantec Product Authentication Service, all cluster nodes must use the same remote host. See Installing Symantec Product Authentication Service on page 65.
Upgrading your existing NOM installation to NOM 6.5.2

Use the following instructions to upgrade your existing NOM installation to NOM 6.5.2.
Case 1: Existing NOM server is NOM 6.0 (including its maintenance packs)
If you have an earlier NOM version installed on the existing NOM server like NOM 6.0 (including the maintenance packs), first upgrade to NOM 6.5. When you upgrade to NOM 6.5, you must install Symantec Product Authentication Service in a supported configurations.
Installing Symantec Product Authentication Service on Windows

Symantec Product Authentication Service must be installed remotely on a Windows cluster. Both clustered and non-clustered modes are supported in a remote configuration. All cluster nodes must use the same remote host or remote authentication cluster. Note: Installing the authentication service locally on the NOM cluster is not supported on Windows. Symantec Product Authentication Service can be installed remotely in the following ways:
Remote authentication service in a non-clustered mode
Authentication service is installed on a remote host in Root+AB mode. Installing the authentication service remotely means that you install the client APIs locally on the NOM server and install the authentication server component in Root + AB mode on a remote computer. The procedure to install authentication service remotely has been explained in the installation chapter in the Veritas NetBackup Operations Manager 6.5 Guide.
Remote authentication service in a clustered mode Authentication service is installed as a clustered service on a remote host in Root+AB mode. This means that you install the client APIs locally on the NOM server and install the authentication server component as a clustered service (in Root + AB mode) on a remote server. Consult the Symantec Product Authentication Service Installation Guide to know the procedure to install authentication service remotely in a clustered mode. After completing the installation, ensure that Symantec Product Authentication Service is functional and works as expected. Figure 3-3 explains how authentication service works in a remote configuration. Supported remote installation types for authentication service
Figure 3-3
77
Installing Symantec Product Authentication Service on Solaris

Symantec Product Authentication Service can be installed both locally and remotely on a Solaris cluster. If you are installing authentication service locally on the NOM server, you must install authentication service in a clustered mode. If you are installing authentication service remotely, you can install authentication service in clustered or non-clustered modes. Note: In a remote configuration, all cluster nodes must use the same remote host or remote authentication cluster. Symantec Product Authentication Service can be installed in the following ways on Solaris:
Local authentication service in a clustered mode Authentication service is installed as a clustered service locally on the NOM server on each node in the cluster. Consult the Symantec Product Authentication Service Installation Guide to know the procedure. Remote authentication service in a clustered mode Authentication service is installed as a clustered service on a remote host in Root+AB mode. This means that you install the client APIs locally on the NOM server and install the authentication server component as a clustered service (in Root + AB mode) on a remote server. Consult the Symantec Product Authentication Service Installation Guide to know the procedure to install authentication service remotely in a clustered mode. Remote authentication service in a non-clustered mode Authentication service is installed on a remote host in Root+AB mode. Installing the authentication service remotely means that you install the client APIs locally on the NOM server and install the authentication server component in Root + AB mode on a remote computer. The procedure to install authentication service remotely has been explained in the installation chapter in the Veritas NetBackup Operations Manager 6.5 Guide. Figure 3-4 explains how authentication service works in a remote configuration.
Figure 3-4
Supported remote installation types for authentication service
See the following links for upgrading to NOM 6.5 on Windows and Solaris respectively: http://seer.entsupport.symantec.com/docs/295109.htm http://seer.entsupport.symantec.com/docs/295110.htm Use the NOM 6.5.2 ReadMe of your platform for installing NOM 6.5.2. After installing NOM 6.5.2, ensure that NOM is functional and is working as expected.
Case 2: Existing NOM server is NOM 6.5/6.5.1

If you have NOM 6.5/6.5.1 installed on the existing NOM server, upgrade to NOM 6.5.2. See the NOM 6.5.2 ReadMe of your platform for installation instructions. For installing NOM 6.5.2 on a Windows cluster, you must install Symantec Product Authentication Service on a remote host in a clustered or non-clustered mode. See Installing Symantec Product Authentication Service on page 65. Note: Installing the authentication service locally on the NOM cluster is not supported on Windows.
79
For installing NOM 6.5.2 on a Solaris cluster, you should install Symantec Product Authentication Service on a remote host or locally on the NOM cluster nodes. If you are installing authentication service locally on the NOM server, you must install authentication service in a clustered mode. If you are installing authentication service remotely, you can install authentication service in clustered or non-clustered modes. See Installing Symantec Product Authentication Service on page 65. If your NOM server already uses a supported configuration on Windows and Solaris, see the following topic. See Creating a VCS cluster on page 80. If your NOM server does not use a supported configuration, review the following text. If you want to use clustered authentication service (local or remote), cluster the existing Symantec Product Authentication Service. Consult the Symantec Product Authentication Service documentation for the procedure. After this, configure the authentication service parameters using the following procedure. See To configure Symantec Product Authentication Service after installing NOM 6.5.2 on page 79. If you want to use remote configuration in a non-clustered mode (supported for both Windows and Solaris), configure the authentication server parameters by using the following procedure. See To configure Symantec Product Authentication Service after installing NOM 6.5.2 on page 79. Use the following procedure to configure Symantec Product Authentication Service in the supported configuration. To configure Symantec Product Authentication Service after installing NOM 6.5.2 1 Enter the following command:
NOMAdmin -change_NOM_AT_parameters
The authentication server parameters appear one by one. The current values of the parameters are specified in brackets. 2 Enter the new values next to the respective parameter. If you do not enter a new value for a parameter, the value of the parameter will not change. In case you want a remote configuration, enter the FQDN of the remote host as Authentication Service Host Name. In case you want to install authentication service as a clustered service, enter the virtual name of the authentication service cluster as the Authentication Service Host Name. You must restart the NOM services for these changes to be effective. Answer y to restart the NOM services.
After following this procedure, ensure that NOM is functional and is working as expected.
Creating a VCS cluster

Set up a VCS cluster using the existing NOM server and some other nodes. Consult the VCS documentation for the exact procedure. See Supported cluster solutions on page 62. Ensure that the cluster setup is functional and is working as expected.
Installing NetBackup client software

Install NetBackup client software shipped with NOM 6.5 on all the nodes except your existing NOM server. You can install the software from the Client CD/DVD. See the appropriate client sections of the NetBackup Installation Guide for instructions.
Installing Symantec Product Authentication Service on the other nodes

NOM requires that Symantec Product Authentication Service is installed and running before it can be clustered. You must install the version of Symantec Product Authentication Service shipped with NOM 6.5. Note: Symantec Product Authentication Service is installed when you install Veritas Cluster Server. You must upgrade to the version of authentication service shipped with NOM 6.5. Install Symantec Product Authentication Service in the same configuration that has been used for the existing NOM server. For example, if you have installed authentication service locally as a clustered service on the existing NOM Solaris server, install the authentication service locally as a clustered service on all the Solaris nodes. If you have installed authentication service remotely on the existing NOM server (supported on both Windows and Solaris), install authentication service remotely on all the nodes and use the same remote host for all the nodes. Consult the Symantec Product Authentication Service Installation Guide to know the procedure for installing Symantec Product Authentication Service as a clustered service. The procedure to install authentication service remotely has been explained in the installation chapter in the Veritas NetBackup Operations Manager 6.5 Guide.
81
After you complete the installation, ensure that Symantec Product Authentication Service is functional and works as expected.
Installing NOM 6.5.2 on the other nodes

In order to cluster NOM and make it highly available, you must install and configure NOM. NOM 6.5.2 should be installed separately on all the nodes except your existing NOM server. To install NOM 6.5.2 on all the other nodes on Windows and Solaris 1 Install NOM 6.5 on the other nodes in the cluster. See Installing NOM software section for your platform in the Veritas NetBackup Operations Manager Guide for specific instructions. You must meet the following requirements during NOM installation:
The Authentication Service Host Name must be the same for all the nodes in a cluster. You need to enter a value for the Authentication Service Host Name while installing NOM on the Veritas Netbackup Operations Manager Security Options screen. In case you have installed authentication service as a clustered service, the Authentication Service Host Name is the virtual name of the AT (Symantec Product Authentication Service) cluster. If the authentication service has been installed remotely (supported for both Windows and Solaris), the Authentication Service Host Name is the name of the remote host for all the nodes of the cluster. Custom password must be the same for all the nodes of a NOM cluster. The NOM database must be installed at the default location for all the nodes in a cluster. The default location for the NOM database on Windows is INSTALL_PATH\NetBackup Operations Manager\db\data and on Solaris is /opt/VRTSnom/db/data. See Moving a NOM 6.5 or 6.5.1 database to the original default location on page 394.
Install the NOM 6.5.2 release update on the other nodes in the cluster. Use the instructions in the NOM 6.5.2 ReadMe for Windows and Solaris to upgrade from NOM 6.5 to NOM 6.5.2. After the installation is complete, verify to see if NOM is working properly.
Pre-configuration checklist for a NOM cluster

The configuration utility requests certain details during installation. Fill the checklist for your platform before configuring the NOM cluster.
Note: Ensure that virtual name of the NOM cluster does not contain an underscore ( _ ) character.
Pre-configuration checklist for Windows

Fill the following details before configuring the Windows cluster. Examples are listed on the right hand side. Configuration details Example
Shared drive letter__________________________ N: Shared drive path___________________________ \nom_cluster Virtual name of the NOM cluster______________ nomvcswin Virtual IP address___________________________ 10.209.14.132 Subnet mask_______________________________ 255.255.252.0 Network connection name___________________ LAN Node names on which NOM is installed________ SIGVCS1 SIGVCS2
Note: Symantec recommends that you do not use L: as a shared drive letter. L: is used by the NOMCAdmin command for administering a NOM cluster.
Pre-configuration checklist for Solaris

Fill the following details before configuring the Solaris cluster. All configurations
Node names on which NOM is installed Network Device Name (NIC) IP Address Subnet mask Virtual name of the NOM cluster _____________________________________ _____________________________________ _____________________________________ _____________________________________ _____________________________________
Shared disk drive information for Solaris

You can opt for a disk group configuration if you are using VxVM or configure a mount using physical disk. You must have the following details depending on your configuration.
83
Scenario 1 - Configuring a disk group (using VxVM) Disk group resource Example
Disk Group_________________________________ nom_group1 Start Volumes_______________________________ 0 or 1 Stop Volumes_______________________________ 0 or 1
Volume resource (optional)

Volume_____________________________________ vol_nom
Mount resource
Mount point________________________________ /opt/VRTSnomclus (default) Block device________________________________ /dev/vx/dsk/nom_group1/vol File system type_____________________________ ufs fsck options________________________________ (if you add other options, -y is also required)
Scenario 2- Configuring a mount (using physical disk) Mount resource Example
Mount point________________________________ /opt/VRTSnomclus (default) Block device________________________________ /dev/vx/dsk/nom_group1/vol File system type_____________________________ ufs Mount option_______________________________ (optional) fsck options________________________________ (if you add other options, -y is also required)
Configuring NetBackup Operations Manager cluster

In order to cluster NOM and make it highly available, you must configure the NOM cluster. The configuration utility requires you to enter details about your cluster setup. To configure the NOM cluster on Windows 1 Stop the NOM services on all the nodes. Run the following command:
INSTALL_PATH\NetBackup Operations Manager\bin\admincmd\NOMAdmin.bat -stop_service
Configure NetBackup Operations Manager cluster by running the following command from the active node:
INSTALL_PATH\NetBackup Operations Manager\bin\nomclusterconfig.exe
3 4
Answer the questions based on the information gathered in the pre-configuration checklist. Read the following topic to know the changes after the NOM cluster has been configured. See Using NOM after the cluster is configured on page 85. Note: You must configure your managed NetBackup master servers to allow server access and data collection by NOM. See Configuring the NetBackup master servers on page 85.
To configure the NOM cluster on Solaris Note: Before starting this procedure, ensure that the shared disk is not mounted on any node in the cluster. If applicable, unmount the NOM shared mount point. Stop the volume the mount point is on and stop the disk group for that volume on all nodes. 1 2 Stop the NOM services on all the nodes. Run the following command:
Configure NetBackup Operations Manager cluster by running the following command from the node which has the existing NOM server (with the database):
/opt/VRTSnom/bin/cluster/cluster_config -s nom
The configuration utility mounts the NOM database on the shared disk. 3 4 Answer the questions based on the information gathered in the pre-configuration checklist. Read the following topic to know the changes after the NOM cluster has been configured. See Using NOM after the cluster is configured on page 85. Note: You must configure your managed NetBackup master servers to allow server access and data collection by NOM. See Configuring the NetBackup master servers on page 85.
85
Using NOM after the cluster is configured

To access NOM after configuring the cluster, type the following address on the address bar of a browser: http://virtual name.domain:8181/nom virtual name.domain is the virtual name of the NOM cluster. This can also be the virtual IP address of the NOM cluster. After configuring the NOM cluster, ensure that you configure the NetBackup master server to allow data collection and monitoring by NOM. See Configuring the NetBackup master servers on page 85. After the NOM cluster is configured, you will see the following things:

NOM database files are moved to the shared disk. The Connected To pane in the NOM UI shows the virtual name of the NOM cluster instead of the local hostname of the machine on which NOM is installed. NOMCAdmin must be used for administering a NOM cluster instead of NOMAdmin. Running NOMAdmin in a clustered environment gives an error. See Administering a NOM cluster on page 93.
Configuring the NetBackup master servers

After installing a cluster, make sure that you configure the NetBackup master servers to allow server access and data collection by NOM. You must add the virtual name of the NOM cluster and hostnames of all the nodes where NOM is installed to the trusted SERVER list on each of the master servers. To configure the Netbackup master server 1 Make sure the NetBackup master server recognizes all the server names associated with the clustered NOM server. It is necessary that the master server can do both a successful forward and reverse name lookup for the virtual name and all the node names. Once the name lookups are working properly, it is necessary to add SERVER entries for the virtual name and all the node names. From the NetBackup administration console of each managed server, use the Host Properties node of NetBackup Management to add the virtual name of the NOM cluster and all the NOM nodes. Alternatively on UNIX based managed servers, you can also update the bp.conf file located in /usr/openv/netbackup directory.
86 Clustering NetBackup Operations Manager Adding a new node to an existing NOM cluster
Adding a new node to an existing NOM cluster

Use the following procedure to add a new node to an existing cluster. To add a new node to an existing NOM cluster on Windows 1 2 Add the new node to the VCS cluster. Consult the VCS documentation for more details. Install the NetBackup Client software shipped with NOM 6.5 on the new node. You can install the software from the Client CD/DVD. See the appropriate client sections of the NetBackup Installation Guide for instructions. Install Symantec Product Authentication Service on the new node. The installation type/configuration for the authentication service for the new node must be the same as the existing NOM cluster. For example, if authentication service has been installed remotely on the existing NOM cluster, then install authentication service in a remote configuration on the new node. This means that you install the authentication client on the new node and use the same remote host that is used by the NOM cluster. See Installing Symantec Product Authentication Service on page 65. Install NetBackup Operations Manager 6.5 software and then upgrade to NOM 6.5.2. See Installing NOM 6.5.2 in a clustered mode on Windows and Solaris on page 63. Note: The Authentication Service Host Name for the additional node must be the same as the other nodes in a cluster. If a custom password has been configured for the clustered nodes, the same custom password must be configured for the new node. 5 Run the following command from the new node that is to be added:
INSTALL_PATH\NetBackup Operations Manager\bin\nomclusterconfig -addnode -g <NOM_Resource_Group_Name>
To add a new node to an existing NOM cluster on Solaris 1 2 Add the new node to the VCS cluster. Consult the VCS documentation for more details. Install the NetBackup client software shipped with NOM 6.5 on the new node. You can install the software from the Client CD/DVD. See the appropriate client sections of the NetBackup Installation Guide for instructions.
Clustering NetBackup Operations Manager Removing NetBackup Operations Manager from a cluster
87
Install Symantec Product Authentication Service on the new node. The installation type/configuration for the authentication service for the new node must be the same as the existing NOM cluster. For example, if authentication service has been installed remotely on the existing NOM cluster, then install authentication service in a remote configuration on the new node. This means that you install the authentication client on the new node and use the same remote host that is used by the NOM cluster. See Installing Symantec Product Authentication Service on page 65. Install NetBackup Operations Manager 6.5 software and then upgrade to NOM 6.5.2. See Installing NOM 6.5.2 in a clustered mode on Windows and Solaris on page 63. Note: The Authentication Service Host Name for the additional node must be the same as the other nodes in a cluster. If a custom password has been configured for the clustered nodes, the same custom password must be configured for the new node.
From an existing clustered node (where NOM is installed), run the following command:
/opt/VRTSnom/bin/cluster/cluster_config s nom o add_node n <new_node_name>
Removing NetBackup Operations Manager from a cluster

You can choose to uninstall NOM 6.5.2 and rollback to your previous NOM version which is unclustered. You can also choose to remove NOM completely from the NOM cluster. Instructions that accomplish both the cases are available. See Uninstalling NOM 6.5.2 and rolling back to the previous standalone NOM version on Windows and Solaris on page 87. See Removing NOM completely from the cluster on page 90.
Uninstalling NOM 6.5.2 and rolling back to the previous standalone NOM version on Windows and Solaris
Use the following instructions to uninstall NOM 6.5.2 and rollback to your previous version (unclustered) which may be 6.5 or 6.5.1.
88 Clustering NetBackup Operations Manager Removing NetBackup Operations Manager from a cluster
To uninstall NOM 6.5.2 and rollback to your previous version on Windows 1 Bring the NOM resource group online on the node which you want to use as the standalone NOM server.
hagrp -switch <NOM_Resource_Group_Name> -to <system name>
2 3 4 5
Stop the NOM resource group and take its resources offline.
hagrp -offline <NOM_Resource_Group_Name> -any
Bring the mount resource online.

hares -online <Mount_Resource_Name>
Move the data folder from the shared disk to INSTALL_PATH\NetBackup Operations Manager\db directory. Offline all the NOM resources that are online.
hares -offline <Resource Name>
where <Resource Name> is the Mount resource name if a physical disk is configured. If a shared disk is configured using VxVM, the <Resource Name> includes mount, volume, and disk-group resource names. 6 7 8 9 Set the VCS configuration file to read/write mode.
haconf -makerw
Delete all the resources.

hares -delete <resource name>
Delete the NOM resource group.

hagrp -delete <NOM_Resource_Group _Name>
Delete the NetBackupNOM resource type.

hatype -delete NetBackupNOM
10 Save this configuration.

haconf -dump -makero
The option -makero sets the configuration to read-only. 11 Use the following commands to configure the local hostname:
INSTALL_PATH\NetBackup Operations Manager\bin\admincmd\NOMCAdmin -changeDBS <hostname of the system> INSTALL_PATH\NetBackup Operations Manager\bin\admincmd\NOMCAdmin -changeHostName <hostname of the system>
where <hostname of the system> is the local hostname. 12 Open the Registry Editor. Open HKEY_LOCAL_MACHINE\SOFTWARE\Veritas\NetBackup Operations Manager\CurrentVersion\Config. Change the value of VXDBMS_NOM_DATA to INSTALL_PATH\NetBackup Operations Manager\db\data.
89
13 In the Registry Editor, open HKEY_LOCAL_MACHINE\SOFTWARE\Veritas\NetBackup Operations Manager\CurrentVersion. Change the value of DB Data to INSTALL_PATH\NetBackup Operations Manager\db\data. 14 In the Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Veritas\NetBackup Operations Manager\CurrentVersion\Cluster. Right click on the Cluster key and click Delete. 15 Navigate to INSTALL_PATH\NetBackup Operations Manager\db\conf directory. Open the databases.conf file. Change the content of the databases.conf file to reflect the path of the NOM database. For example, if the content is "Z:\nom_cluster\db\data\vxpmdb.db", then change it to INSTALL_PATH\NetBackup Operations Manager\db\data\vxpmdb.db 16 Restart all the NOM services.
INSTALL_PATH\NetBackup Operations Manager\bin\admincmd\NOMAdmin -start_service
17 Uninstall NOM 6.5.2. See the uninstall instructions in the NOM 6.5.2 ReadMe for Solaris. You can also uninstall NOM 6.5.2 from the remaining nodes. To uninstall NOM 6.5.2 and rollback to previous version on Solaris 1 Bring the NOM resource group online on the node which you want to use as the standalone NOM server.
hagrp -switch <NOM_Resource_Group_Name> -to <system name>
2 3
Stop the NOM resource group and take its resources offline.
hagrp -offline <NOM_Resource_Group_Name> -any
Unlink the data directory located in /opt/VRTSnom/db. Enter the following command:
unlink /opt/VRTSnom/db/data
4 5 6
Bring the mount resource online.

Browse to the NOM database on the shared drive (default location is /opt/VRTSnomclus/db) and move the data folder to /opt/VRTSnom/db. Offline all the NOM resources that are online.
where <Resource Name> is the Mount resource name if a physical disk is configured. If a shared disk is configured using VxVM, the <Resource Name> includes mount, volume, and disk-group resource names.
7 8 9
Set the VCS configuration file to read/write mode.

haconf -makerw

hares -delete <Resource Name>

10 Delete the NetBackupNOM resource type.

11 Save this configuration.

The option -makero sets the configuration to read-only. 12 Run the following commands to configure the local hostname:
/opt/VRTSnom/bin/NOMCAdmin -changeDBS <hostname of the system> /opt/VRTSnom/bin/NOMCAdmin -changeHostName <hostname of the system>
where <hostname of the system> is the local hostname. 13 Browse to /opt/VRTSnom/bin/cluster directory and delete the NBU_RSP file. This is done so that the NOMAdmin command can work. 14 Restart all the NOM services.
NOMAdmin -start_service
15 Uninstall NOM 6.5.2. See the uninstall instructions in the NOM 6.5.2 ReadMe for Solaris. You can also uninstall NOM 6.5.2 from the remaining nodes.
Removing NOM completely from the cluster

Use the following instructions to remove NOM completely from the cluster. This involves removing the cluster configuration and the NOM database completely. To remove NOM completely from Windows 1 Stop the NOM resource group and take its resources offline.
hagrp -offline -force <NOM_Resource_Group> -any
where <NOM_Resource_Group> is the name of the NOM resource group. 2 3 Bring the mount resource online.
Browse to the NOM database on the shared disk and delete the db folder from INSTALL_PATH\NetBackup Operations Manager that contains the NOM database. Offline all the NOM resources that are online.
91
where <Resource Name> is the Mount resource name if a physical disk is configured. If a shared disk is configured using VxVM, the <Resource Name> includes mount, volume, and disk-group resource names. 5 6 7 8 9 Set the VCS configuration file to read/write mode.
haconf -makerw



Save this configuration.

The option -makero sets the configuration to read-only. 10 Remove NetBackup Operations Manager 6.5.2. In the Add/Remove programs dialog box, select the Release Update to be uninstalled and click Remove. Click Yes to uninstall this Release Update. 11 Remove NetBackup Operations Manager 6.5. In the Add/Remove dialog box, select Veritas NetBackup Operations Manager and click Remove. Click Yes to remove NOM 6.5. 12 Remove Symantec Product Authentication Service. In the Add/Remove dialog box, select Symantec Product Authentication Service and click Remove. Click Yes to remove Symantec Product Authentication Service. Note: Symantec Product Authentication Service may be shared between other Symantec products. In case you have not installed any other Symantec products, you can remove Symantec Product Authentication Service. 13 Remove the NetBackup client. In the Add/Remove dialog box, select Veritas NetBackup Client and click Remove. Click Yes to remove NetBackup client. 14 Repeat step 10 through step 13 on all the remaining nodes to remove NOM completely.
To remove NOM completely from Solaris 1 Stop the NOM resource group and take its resources offline.
hagrp -offline -force <NOM_Resource_Group> -any
where <NOM_Resource_Group> is the name of the NOM resource group. 2 3 Bring the mount resource online.
Browse to the mount point on the shared disk and delete the db folder from /opt/VRTSnomclus (default mount point). The db folder contains files and data associated with the NOM database. Offline all the NOM resources that are online.
where <Resource Name> is the Mount resource name if a physical disk is configured. If a shared disk is configured using VxVM, the <Resource Name> includes mount, volume, and disk-group resource names. 5 6 7 8 9 Set the VCS configuration file to read/write mode.
haconf -makerw



Save this configuration.

The option -makero sets the configuration to read-only. 10 Remove NOM 6.5.2. Change directory to the Release Update save directory (/usr/openv/pack/${PACK}/save where ${PACK} is the Release Update name) and run the un-install script:
./NB_update.uninstall
11 Remove NOM 6.5. Enter the following command:

/opt/VRTSnom/bin/uninstallnom.solaris
Enter y if you want to remove the shared components like VRTSweb and VRTSjre packages. You can remove the shared components if you do not have any other Symantec products installed. Enter y to remove NOM. 12 Remove Symantec Infrastructure Core Services Common (VRTSicsco), Symantec Private Branch Exchange and Symantec Product Authentication Service by running the following commands:
pkgrm VRTSicsco
Clustering NetBackup Operations Manager Administering a NOM cluster
93
pkgrm VRTSpbx pkgrm VRTSat
13 Remove the NetBackup client. To remove the NetBackup client on Solaris, use the uninstall procedure listed in the clients section of NetBackup Installation Guide for Unix. 14 Repeat step 10 through step 13 on all the remaining nodes to remove NOM completely.
Administering a NOM cluster

For NOM 6.5.2, the NOMCAdmin utility has been added to help manage NOM in a clustered environment. This utility is very similar to NOMAdmin and is designed to work in a clustered environment. If you run NOMAdmin in a cluster environment, it gives an error. You should always use the NOMCAdmin utility to perform operations in a clustered environment. Like NOMAdmin, the NOMCAdmin utility allows you to control (start and stop) NOM services, purge NOM alerts and jobs data, export and import the NOM database etc. Note: NOMCAdmin utility does not allow you to control (start or stop) the NOM database. To know about the options available with the NOMAdmin utility, see the Veritas NetBackup Operations Manager 6.5 Guide. Note: When you run some commands like NOMCAdmin -changePort, NOMCAdmin -changeGuest, NOMCAdmin -changePW on one node, the changes are automatically pushed to all the other nodes in the NOM cluster. This means that these commands apply to the whole cluster. On Windows, NOM uses the drive letter L for pushing the changes to the other nodes. If the drive letter L is in use, you are prompted to provide a drive letter which is free. On Solaris, the changes are pushed to the other nodes remotely using ssh. Use the following procedures to run NOMCAdmin on Windows and Solaris. To run NOMCAdmin on Windows
Enter the following command:

INSTALL_PATH\NetBackup Operations Manager\bin\admincmd\NOMCAdmin
94 Clustering NetBackup Operations Manager Limitations of a NOM cluster
To run NOMCAdmin on Solaris

/opt/VRTSnom/bin/NOMCAdmin
Limitations of a NOM cluster

The following limitations exist for NOM in a cluster:
Removing a node from a NOM cluster is not supported.
Troubleshooting a NetBackup Operations Manager cluster

See the following questions and their solutions to troubleshoot issues with NOM clusters. I have successfully configured a NOM cluster. But NOM UI (Connected To pane) shows the hostname of the NOM server and not the virtual name of the cluster. How can I resolve this? After you have configured a NOM cluster, the Connected To pane must show the virtual name of the cluster instead of the local host name of the server where NOM is running. If the local hostname appears on the Connected To pane, open cyclone.properties file from the following location: On Windows: INSTALL_PATH\NetBackup Operations Manager\config On Solaris: /opt/VRTSnom/config Check the value of cyclone.server.host.name. The value should be the virtual name of the NOM cluster. If the value is not equal to the virtual name of the cluster, then edit and change the value of cyclone.server.host.name to be the virtual name of the NOM cluster. Save the cyclone.properties file and log in to NOM again. Is clustered AT (authentication service) supported on Windows? A local AT cluster is not supported on Windows. However, a remote AT cluster is supported. A remote AT cluster can be formed by installing the authentication client locally on nodes of the NOM cluster. The authentication server should be installed as a clustered service (in Root+AB mode) on the remote server. The same remote host must be used for all the nodes. See Installing Symantec Product Authentication Service on page 65. Is clustered AT (authentication service) supported on Solaris?
Clustering NetBackup Operations Manager Troubleshooting a NetBackup Operations Manager cluster
95
Installing the authentication service as a clustered service is supported on Solaris. Both local and remote AT clusters are supported. See Installing Symantec Product Authentication Service on page 65 for information on supported configurations. Master servers are added in clustered NOM but they are showing as offline? All node names of the NOM cluster as well as virtual name of the NOM cluster should be added in the additional server list of NetBackup. See Configuring the NetBackup master servers on page 85. After installing a cluster, I am unable to log into NOM. Why? Ensure that the NOM server service/process is up and running.
96 Clustering NetBackup Operations Manager Troubleshooting a NetBackup Operations Manager cluster
Chapter
Snapshot client updates


Storage lifecycle policies with Instant Recovery snapshots on page 97 NetBackup RealTime Protection on page 102 New disk array snapshot methods in 6.5.2 on page 120 New options for vxvm snapshots on page 140

For a list of all supported combinations of snapshot methods, platforms, file systems, logical volumes, and other components, see the NetBackup 6.x Snapshot Client Compatibility document:
Storage lifecycle policies with Instant Recovery snapshots

A storage lifecycle policy is a storage plan for a set of backups. NetBackup uses the lifecycle policy to determine where to store additional copies of the backup images and how long to retain those copies. In general, short-term copies can be kept on disk (for quick restore) and long term copies can be kept on tape or other storage. This 6.5.2 release adds Instant Recovery snapshot-based backups to the types of images that NetBackup can manage with lifecycle policies. The Instant Recovery feature makes snapshots available for quick data recovery from disk. Lifecycle policies support a lifecycle storage plan for the storage unit copies made during an Instant Recovery backup. Note that lifecycle policies with Instant Recovery snapshots are especially useful with the NetBackup RealTime Protection product.
98 Snapshot client updates Storage lifecycle policies with Instant Recovery snapshots
Lifecycle policy example with RealTime Protection

Figure 4-1 shows an example hardware configuration for a lifecycle policy. The lifecycle policy specifies three destinations and three retention periods for managing RealTime snapshot-based backups. Figure 4-1 Lifecycle policy example with RealTime Protection
LAN / WAN NetBackup master server
NetBackup client
Media server and alternate client 3
Tape library
Fibre channel SAN
RealTime server
RealTime storage
Disk array
Destination 1: NetBackup creates a consistent point-in-time state in RealTime storage. Point-in-time data is retained in the RealTime storage for 2 weeks, available for Instant Recovery.
Destination 2: The NetBackup media server creates a backup image from a RealTime snapshot and copies the image to the disk array on the SAN. For data that is more than 2 weeks old, recovery can be made from the array.
Destination 3: The NetBackup media server duplicates the disk image and sends the duplication to tape. For data that is more than 6 months old, recovery can be made from tape.
Configuring a lifecycle policy for snapshots

This section describes how to create a lifecycle policy for Instant Recovery snapshot-based backups. The procedure focuses on snapshot-related details only. Full procedures are available for creating storage lifecycle policies and Snapshot Client policies: NetBackup 6.5 Administrators Guide, Volume I NetBackup 6.5 Snapshot Client Administrators Guide Note that all new features in NetBackup 6.5.2 are documented in this technote, not in the administrators guides.
Snapshot client updates Storage lifecycle policies with Instant Recovery snapshots
99
To create a lifecycle policy for Instant Recovery snapshot-based backups 1 Create a lifecycle policy with two or more storage destinations. Use the Storage > Storage Lifecycle Policies node of the NetBackup Administration Console. Click Actions > New > Storage Lifecycle Policies. Click Add. Here are suggestions for a lifecycle policy for RealTime Protection and multiple storage destinations:
For snapshots, select Snapshot on the New Storage Destination dialog. You can specify a retention period appropriate for snapshots (such as two weeks). Click OK. Note that storage units are not used for snapshots. Storage units are used only for backup (and duplication) images. For backup copies to disk, select Backup on the New Storage Destination dialog. Specify a disk storage unit and a longer retention period (such as six months). Click OK. For backup copies to tape, select Duplication on the New Storage Destination dialog. Specify a tape storage unit and a longer retention period (such as five years). Click OK and finish creating the lifecycle policy.
Create a policy for snapshots. (Use the Policies node of the Administration Console.) On the policy Attributes tab:
Do not specify the lifecycle policy in the Policy storage unit / lifecycle policy field. The lifecycle policy should be specified in the schedule, as explained later in this procedure. Select Perform snapshot backups. For RealTime Protection with lifecycles, Symantec recommends selecting Retain snapshots for Instant Recovery. This option is required if you want NetBackup to keep the snapshot after the backup occurs. Click Snapshot Client Options. To use RealTime Protection, select the CDP snapshot method for Solaris or VSS for Windows. (Other methods can be used if you are not backing up a client that uses NetBackup RealTime Protection.) See NetBackup RealTime Protection on page 102. On the Snapshot Options dialog box, the Maximum Snapshots (Instant Recovery only) parameter sets the maximum number of snapshots to be retained at one time. When the maximum is reached and another snapshot is created, the oldest snapshot is deleted. Note: if you also set a snapshot retention period in the lifecycle policy of less than infinity
100 Snapshot client updates Storage lifecycle policies with Instant Recovery snapshots
(step 1), the snapshot is expired when either of these settings takes effect (whichever happens first). For example, if the Maximum Snapshots value is exceeded before the snapshot retention period specified in the lifecycle policy, the snapshot is deleted. The same is true for the Snapshot Resources pane on the Snapshot Options dialog box. If the snapshot method requires snapshot resources, the maximum number of snapshots is determined by the number of devices specified in the Snapshot Device(s) field. For example, if two devices are specified, only two snapshots can be retained at a time. Note: if you also set a snapshot retention period in the lifecycle policy of less than infinity (step 1), the snapshot is expired when either of these settings takes effect. In other words, either the Snapshot Device(s) field or the snapshot retention period in the lifecycle policy can determine the retention period. 3 Create a schedule for the policy. As shown in Figure 4-1 on page 98, a lifecycle configuration with three storage destinations is an intelligent means of managing CDP snapshot-based backups. You can create a single schedule for backups and let the lifecycle policy govern their destinations and retention periods.
Under Destination: If you selected Retain snapshots for Instant Recovery on the policy Attributes tab, make sure that Snapshots and copy snapshots to a storage unit is selected on the schedule (not Snapshots only). Important: if you select Snapshots only on the schedule, a lifecycle policy cannot be used. In the Override policy storage selection field, select the lifecycle policy that you created at step 1.
Under Schedule type: set an appropriate frequency, such as 1 day. When the Snapshot Client policy executes this schedule, the lifecycle policy named in the Override policy storage selection field creates images on the destinations named in the lifecycle policy. The lifecycle policy also sets the retention periods for the images it creates. In this example, the retention is six months for backups to disk and five years for tape.
To make full use of RealTime Protection with Instant Recovery, create another schedule to make CDP snapshots more frequently. This schedule will not be managed by lifecycle policies.
Under Schedule type: compared to the schedule created at step 3, specify a higher frequency (such as 1 hour). Under Destination: select Snapshots only. Do not specify a lifecycle policy for this schedule. Likewise, do not specify a lifecycle policy under the Policy storage unit / lifecycle policy
Snapshot client updates Storage lifecycle policies with Instant Recovery snapshots
101
field of the policy Attributes tab. Lifecycle policies do not manage snapshots without backups. For Retention: specify the same period that you set for the Snapshot destination on the New Storage Destination dialog (under step 1). In this example, two weeks. With this configuration, the snapshot-only schedule creates a CDP snapshot every hour. The other schedule (which specifies the lifecycle policy under the Override policy storage selection field) creates a snapshot and backup to disk and tape once per day. This configuration provides an inexpensive means of continuous data protection. More detailed information on using NetBackup RealTime Protection is available. See NetBackup RealTime Protection on page 102.
Troubleshooting
If you configure a snapshot method for a policy, and the schedule specifies a lifecycle policy, the life cycle policy must include a snapshot destination. Otherwise, an error such as the following appears in the NetBackup Problems report:
snapshot backup: tashina11_1204305543 cannot be used with a lifecycle policy NoSnapshot that does not include a snapshot destination.
102 Snapshot client updates NetBackup RealTime Protection
NetBackup RealTime Protection

This 6.5.2 release introduces support for continuous data protection through NetBackup RealTime Protection. This support requires the Snapshot Client features of NetBackup. This section focuses on how to create a NetBackup policy and how to back up and restore NetBackup client data that is already configured and protected in a RealTime application. For a detailed introduction to RealTime, with installation and configuration instructions, see the following guides:

Veritas NetBackup RealTime Protection Installation Guide Veritas NetBackup RealTime Protection Administrator's Guide
Advantages of NetBackup RealTime Protection

NetBackup RealTime Protection includes the following backup and restore capabilities:
By means of Snapshot Client and database agents, NetBackup can quiesce client activity and create transactionally consistent snapshots. NetBackup provides a simple interface for data restore. NetBackup lets you browse backup images for particular files and folders, and automates the task of copying the data to the designated restore host. NetBackups implementation of snapshot-only backups with RealTime is highly efficient, consuming virtually no RealTime server resources until you select items to restore.
Types of backup
NetBackup RealTime provides the following types of backup:
Snapshot-only backup (no backup to a storage unit). The snapshot relies on NetBackups Instant Recovery feature. Snapshot-based backup to a storage unit. The data from the snapshot is copied to the storage device attached to the NetBackup media server. The snapshot is deleted when the backup operation is complete. Snapshot-based backup to a storage unit. The snapshot is retained for Instant Recovery.
Snapshot client updates NetBackup RealTime Protection
103
RealTime terminology in relation to NetBackup

The following table explains RealTime terminology from a NetBackup perspective.
annotation
A special time stamp that allows access to the data that was captured at that point in time in RealTime storage. The NetBackup client and its data that are protected by RealTime. You define an application using Recovery Manager. See the Veritas NetBackup RealTime Protection Installation Guide.
application
application host
A NetBackup client that contains RealTime components, such as the Recovery Manager and the host splitter. See the Veritas NetBackup RealTime Protection Installation Guide.
assets
The client data defined by a RealTime application. The assets comprise a set of volumes or devices that RealTime protects. A server that maintains, for a limited time, a continual history of all write operations taking place on the application assets on the client. By means of this history, the RealTime server can reassemble the client data as it existed at any point in time, thus providing continuous data protection. See TimeImage. A pool of disk storage used by the RealTime server for creating a full copy of client data when RealTime protection is applied, and for tracking time ordered writes on the protected data. Web-based management console for RealTime Protection. An exact reproduction of the protected client data (assets) at a particular time. In NetBackup, a TimeImage is created in one of the following circumstances:

RealTime server
RealTime storage
Recovery Manager TimeImage
When you select items to restore When a backup job creates a snapshot from which to copy data to a storage unit.
timeline
The window of time within which the Real Time server maintains protection for client data (assets). The timeline is maintained by the RealTime server as a result of the RealTime data capture process. The timeline may slide forward in time, depending on how much space is allocated in the RealTime storage and how many changes occur in the application assets.
Snapshots, annotations and TimeImages

It is useful to distinguish between a snapshot as used in NetBackups Snapshot Client feature, and an annotation and TimeImage as used in NetBackup RealTime Protection. They are similar in purpose (point-in-time data capture) but are not identical. In NetBackup (without RealTime), a snapshot is a point-in-time, disk-based copy of a client volume. When creating a snapshot-based backup to a storage unit, NetBackup reads the point-in-time data from the snapshot and writes it to the designated storage device. The snapshot can be automatically deleted when the backup to storage is complete, or it can be retained on disk for later restore (the Instant Recovery feature). The snapshot can also constitute the backup image by itself, in a snapshot-only backup (no backup to a storage unit). Whether used as a source for a storage unit backup or as a standalone image, the snapshot contains all the data necessary for a complete restore. For a more detailed introduction to NetBackups Snapshot Client technology, see the NetBackup 6.5 Snapshot Client Administrators Guide. A RealTime annotation, on the other hand, is a time stamp that the RealTime server creates whenever a NetBackup backup job starts. The annotation is not a snapshot, in that it does not contain the point-in-time data. Rather, the annotation allows the RealTime server to identify the point-in-time data when a TimeImage of the data is required. An annotation is thus a marker, and a TimeImage is an on-demand copy of the point-in-time data that the annotation points to. Note: A NetBackup snapshot can consist of either an annotation alone (for a snapshot-only backup), or an annotation plus a TimeImage. Table 4-1 shows the relationship between the three NetBackup backup types and the RealTime annotation and TimeImages that result from each type of backup. Table 4-1 Snapshot-based backups and resulting annotations and TimeImages Resulting RealTime action
The RealTime server creates an annotation only. The RealTime server creates no TimeImage until a restore is requested. The RealTime server creates an annotation and a TimeImage. The TimeImage data is written to the storage unit. The annotation and TimeImage are automatically deleted at the end of the backup.
Type of NetBackup backup

Snapshot-only backup; snapshot is retained for Instant Recovery
Snapshot-based backup to a storage unit
105
Table 4-1
Snapshot-based backups and resulting annotations and TimeImages Resulting RealTime action
Type of NetBackup backup
Snapshot-based backup to a storage unit, The RealTime server creates an annotation and the snapshot is retained for Instant and a TimeImage. The TimeImage data is Recovery written to the storage unit. The annotation and TimeImage are retained.
When is a TimeImage created

In NetBackup, a RealTime TimeImage is created when either of the following occurs:
A NetBackup policy directs a backup job to write the point-in-time data to a storage unit. To do so, NetBackup directs the RealTime server to create an annotation and to create a TimeImage based on the annotation. NetBackup copies the data from the TimeImage to the designated storage unit. A restore is requested. When you browse files and folders to restore, the RealTime server finds the appropriate annotation. If a TimeImage does not already exist for the annotation, the RealTime server creates one. The data is restored from the TimeImage.
Network diagram of NetBackup RealTime Protection

Figure 4-2 shows NetBackup servers and a NetBackup client as part of a RealTime environment. Figure 4-2 Hardware environment for NetBackup RealTime
LAN / WAN NetBackup master server NetBackup client (application host) NetBackup media server and/or alternate client
NetBackup storage unit (tape or disk)
Fibre channel SAN
RealTime Server
RealTime Storage
RealTime application assets on disk array (NetBackup client data)
The NetBackup backup process with RealTime

1 2 Based on a user request or a backup schedule, the NetBackup master server starts the backup job. The NetBackup client named in the policy creates a snapshot of the data:
For a snapshot-only backup (no image copied to a storage unit), the client directs the RealTime server to place an annotation in the RealTime timeline. No TimeImage is created unless you select items to restore. For a snapshot-based backup to a storage unit, the client directs the RealTime server to place an annotation in the RealTime timeline and to create a TimeImage in RealTime storage. For a snapshot-based backup with a retained snapshot, the client directs the RealTime server to place an annotation in the RealTime timeline and to create a TimeImage in RealTime storage. The TimeImage is retained as called for in the NetBackup policy.
For a snapshot-based backup to a storage unit (with or without a retained snapshot), the following occurs:
The NetBackup client sends the TimeImage data to the NetBackup media server.
107
The media server writes the data to the storage unit that is designated in the policy.
For a snapshot-based backup to a storage unit without a retained snapshot, the client directs the RealTime server to delete the TimeImage when the backup to storage is complete. For all types of backup (including snapshot only), the master server updates the NetBackup catalog. When the backup image expires, all relevant annotations in the RealTime timeline are deleted as well as any existing TimeImages.
5 6
The NetBackup restore process with RealTime

If the restore is from a snapshot, the following events occur: 1 The master server directs the client to prepare the snapshot backup from which to restore, as follows.
If a TimeImage of the requested data does not already exist, the client directs the RealTime server to create a TimeImage in RealTime storage. If the asset is a file system, the client directs the RealTime server to mount the TimeImage on a path that the client can access. For a file system, the client copies the data directly from the mounted file system. For a raw device, the client does a block-by-block copy from the raw device.
The client copies the data from the TimeImage to the requested location.
If it is mounted, the TimeImage is unmounted.
If the restore is from a storage unit, the media server restores the data from the storage unit.
RealTime annotations and the timeline

The RealTime timeline is a record of all user-generated changes to the RealTime application assets defined on the NetBackup client. The timeline is started when RealTime protection is applied to the application. When the timeline is started, the RealTime server copies the clients defined assets to RealTime storage. From that moment, RealTime storage captures or mirrors every change that occurs in the clients assets. This mirroring of changes enables RealTimes continuous data protection. In addition, NetBackup directs the RealTime server to create an annotation whenever a backup occurs. Each annotation is a special time stamp that allows
later access to the data that is captured in RealTime storage. For instance, when NetBackup needs to start a restore, it directs the RealTime server to use the appropriate annotation to create a TimeImage of the protected assets. Thus, the timeline represents two things:
A period of time during which the RealTime server protects the application assets by capturing all changes. A repository from which the RealTime server can recreate a point-in-time image of the application assets.
The timeline is finite and may slide forward

Before starting RealTime protection, the administrator should allocate sufficient space in RealTime storage to hold the initial data copy as well as to hold future changes to that data. The greater the rate of change in the application, the more space is required to capture the changes in RealTime storage. It is therefore important to allocate enough space in storage to keep RealTime protection active for the desired period of time. If the space allocated in RealTime storage runs low, the timeline may have to move forward in time, to continue to capture and record current write activity on the application. Moving the timeline forward allows RealTime storage to discard older changes, to save space. Unless your RealTime storage is infinite, there may come a time when the older data in storage must give way to the new. Figure 4-3 Example of RealTime timeline in motion
Indicates RealTime protection is active.
RealTime protection is first applied at 8:00. As of 12:00, protection has been running for 4 hours, capturing in RealTime storage all changes occurring in the application. 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00
Shortly after 12:00, the change rate on the application increases rapidly. At 12:30, to preserve space in RealTime storage, the timelines start point moves forward 30 minutes. The application changes that were captured between 8:00 and 8:30 are discarded, to save space in RealTime storage. 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00
109
Obsolete annotations
When the timeline moves forward to save space in RealTime storage, any backup annotations that NetBackup placed in the timeline prior to the new start time become obsolete. That is, the captured data to which the annotations refer is removed. Removing older data is a normal part of RealTime operation. If the backup data was written to a storage unit, the data can be recovered from the storage unit. But a TimeImage cannot be recovered and the annotation is of no further use. When NetBackup runs the next backup for the policy, the obsolete annotations and any associated TimeImages are removed. Figure 4-4 Example of RealTime timeline in motion, with annotations
Indicates an annotation.
RealTime protection is first applied at 8:00. NetBackup snapshot-only backups occur each hour, each backup placing an annotation in the timeline. 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00
Shortly after 12:00, the change rate on the application increases rapidly. At 12:30, to preserve space in RealTime storage, the timelines start point moves forward 30 minutes. The application changes that were captured between 8:00 and 8:30 are discarded, to save space in RealTime storage. 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00
The first annotation created at 8:00 is now obsolete. The data to which it refers is removed. The annotation is removed when the next backup for the policy is run.
It is important to allocate a lot of space in RealTime storage if you are protecting assets with a high data change rate. To determine whether any annotations are obsolete, see Cannot browse backups to restore on page 119.
Supported operating systems

Table 4-2 shows the operating systems and storage components that NetBackup RealTime Protection supports. Table 4-2 Support list File systems
ufs, VxFS NTFS
Client operating systems

Solaris Windows 2003 (32 bit)
Logical volumes
VxVM None

For a list of all supported combinations of snapshot methods for RealTime, platforms, file systems, logical volumes, and other components, see the NetBackup 6.x Snapshot Client Compatibility document:
License requirements
NetBackup RealTime Protection requires NetBackup licensing, including a Snapshot Client license key.
Important notes and restrictions

Note the following:
NetBackup RealTime does not support Instant Recovery rollback restore or block level incremental backup. NetBackup RealTime supports FlashBackup policies, but not FlashBackup-Windows policies. See Configuring a NetBackup policy on page 114. For database agents, NetBackup RealTime currently supports Oracle (Solaris only). When a RealTime application is updated by either adding or removing assets (such as by adding or removing a mount point), reapplying RealTime protection to the application restarts any existing timeline. Note that any NetBackup snapshots created before the timeline was restarted become obsolete. See Obsolete annotations on page 109.
111
NetBackup automatically removes these snapshots the next time a backup is run for the NetBackup policy. Note that backups to a storage unit are not removed. Only the snapshot is removed.
To configure a RealTime application to be used with off-host alternate client backup, see the following tech note: http://entsupport.symantec.com/docs/303966 NetBackup does not support backing up a federated application, even though the RealTime Protection server supports federated applications. A federated application is one with protected assets that span multiple clients. Snapshot-only backups should not be set for long retention periods. See Obsolete annotations on page 109. HBA persistent target bindings may be required for the application hosts HBAs. On application hosts that require persistent target bindings, the binding ensures that the TimeImages appear at the same device location when the application host reboots. Refer to your HBA vendor documentation for help configuring persistent bindings. Note: On Solaris, persistent target bindings are not needed if you use Suns Leadville stack (StorageTek SAN Foundation) or the Sun branded QLogic driver or Sun branded Emulex HBA driver. See Determine if persistent bindings are needed in HBA file (Solaris only) on page 111.
If HBA persistent target bindings are required, Symantec recommends that you configure 1024 LUNs in the Solaris sd.conf file. See Update sd.conf for import of TimeImages (Solaris only) on page 113.
Determine if persistent bindings are needed in HBA file (Solaris only)

Use these procedures to determine whether persistent bindings are needed:
Use the first procedure below to determine whether your SAN attached disks already have world-wide names as the target component of the device name. If the disk paths are using world-wide names as the target, no persistent bindings are needed in the HBA configuration file. See Determining if devices are using world-wide names on page 112. If the devices are not visible to the application host, use the second procedure to determine what HBA driver the application host is using. If the host uses Suns Leadville stack (StorageTek SAN Foundation) or the Sun branded QLogic driver or Sun branded Emulex HBA driver, no persistent bindings are needed in the HBA configuration file.
See Identifying your HBA driver on page 112.
Determining if devices are using world-wide names

If SAN-attached array devices are visible on the application host, use the following procedure. To determine if disk devices are using world-wide names
Enter the following:

/usr/openv/netbackup/bin/nbfirescan
Example output:
DevicePath Vendor Product ID EnclosureId DeviceId [Ctl,Bus,Tgt,Lun] ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------/dev/rdsk/c3t50001FE150070028d2s6 HP HSV200 5000-1FE1-5007-0020 6005-08B4-0010-5F49-0000-5000-7ED1-0000 [00,00,00,00] /dev/rdsk/c3t5006048ACCD21C80d0s6 EMC SYMMETRIX 000187910258 0000 [00,00,00,00]
The example lists device paths for an HP disk and an EMC disk. In both cases, the target component of the device name is a world-wide name, rather than a SCSI target number. The target designation of the HP disk is t50001FE150070028 and for the EMC disk it is t5006048ACCD21C80. Since these target numbers are world-wide names, no configuration for persistent binding is needed for these disks in the HBA configuration file.
Identifying your HBA driver

If no SAN-attached array devices are visible on the application host, use the following procedure. To determine your HBA driver If the following procedure indicates that the HBA driver is Sun branded, persistent bindings are not needed in the HBA configuration file. If the HBA driver is not Sun branded, configure the HBA file with persistent bindings. Refer to your HBA vendor documentation. 1 To find the QLogic HBA driver, enter the following:
modinfo | grep -i ql
Example output:
38 29 12c6e47 12058c1 50212 153 83803 272 1 qlc (SunFC Qlogic FCA v20040825-1.40) 1 qla2300 (QLogic FC Driver v4.18)
The QLogic HBA driver listed in the first line is Sun branded, as indicated by SunFC in SunFC Qlogic FCA v20040825-1.40. The QLogic driver listed in the second line is not Sun branded. 2 To find the Emulex HBA driver, enter the following:
113
modinfo | grep -i lp
Example output:
43 132b560 512e0 263 1 lpfc (Emulex LightPulse FC SCSI/IP)
The Emulex driver listed is not Sun branded.
Update sd.conf for import of TimeImages (Solaris only)

Note: The sd.conf file does not have to be modified if you use Suns Leadville stack (StorageTek SAN Foundation) or the Sun branded QLogic HBA driver or Sun branded Emulex HBA driver. See Determine if persistent bindings are needed in HBA file (Solaris only) on page 111. The Solaris /kernel/drv/sd.conf file must have sufficient entries to allow for the dynamic import of RealTime TimeImages. TimeImages must be made visible on the NetBackup client without rebooting the operating system. Entries should be added to the sd.conf file for the persistent target numbers (if any) that were configured for the HBA. For the target numbers that were persistently bound to the RealTime servers target ports, Symantec recommends that you configure 1024 LUNs. For example: if one of the RealTime servers target ports was persistently bound at target 5, the following entries should be added to sd.conf. Only the beginning and ending entries are included in this example.
name="sd" name="sd" name="sd" . . . name="sd" name="sd" name="sd" class="scsi" target=5 lun=0; class="scsi" target=5 lun=1; class="scsi" target=5 lun=2;
class="scsi" target=5 lun=1021; class="scsi" target=5 lun=1022; class="scsi" target=5 lun=1023;
You must reboot after modifying sd.conf.
Which sd.conf file to update (Solaris only)

When setting up persistent bindings, update the sd.conf file on the host that must access the TimeImages. For a local host policy (no off-host backup), update the sd.conf file on the primary client. For an off-host backup policy, update sd.conf on the alternate client.
Configuration tasks: overview

Table 4-3 lists the basic setup and administrative tasks for using NetBackup RealTime Protection. Most of these tasks are described in other documents, as indicated. Table 4-3 Tasks
Install the RealTime appliance.
Configuring NetBackup RealTime Protection: task overview Where described

See the Veritas NetBackup RealTime Protection Installation Guide. See the Veritas NetBackup RealTime Protection Installation Guide.
Install the RealTime application host packages on all NetBackup clients and any alternate clients. Define the RealTime application and apply protection. Install NetBackup client software and the Snapshot Client license. Configure a NetBackup policy Start a backup and do a restore
See the Veritas NetBackup RealTime Protection Administrators Guide. See the NetBackup Installation Guide and the NetBackup Snapshot Client Administrators Guide. See Configuring a NetBackup policy on page 114. See Performing a backup on page 117. See Performing a restore on page 117.
Configuring a NetBackup policy

This topic describes how to create a NetBackup policy to back up one or more RealTime application assets. The procedure focuses on NetBackup snapshot-related details. Note: See Table 4-3 for a list of NetBackup RealTime prerequisites. To create a NetBackup policy 1 Start the NetBackup Administration Console. Enter the following: On Solaris: /usr/openv/netbackup/bin/jnbSA & On Windows, click Start > Programs > Veritas NetBackup > NetBackup Administration Console. Click on Policies and select Actions > New > Policy. Select the policy Attributes.
2 3
115
For a complete description of policy attributes, see the online help.
Policy type
For Solaris: Standard, FlashBackup, or Oracle. For Windows: MS-Windows-NT.
Perform snapshot backups Select this option. Retain snapshots for Instant Recovery Perform off-host backup Use alternate client Select this option for a snapshot-only backup, or to keep the snapshot after the backup completes. You can use an alternate client to reduce backup I/O processing on the primary client. The alternate client performs the backup on behalf of the primary client.
Click the Snapshot Client Options button to display the Snapshot Options dialog box. Specify the following:
Snapshot method for this policy Configuration Parameters: Maximum Snapshots (Instant Recovery only)
Select CDP on Solaris, VSS on Windows.
Enter the maximum number of snapshots to be retained at one time. This option applies only to backups with the Instant Recovery feature. This parameter applies to Windows only. Select 3-hardware.
Provider Type
Snapshot Attribute
This parameter applies to Windows only. Accept the default (0-unspecified), which lets NetBackup select the correct attribute.
cdpr_server
This parameter applies to Solaris only. Enter the fully qualified host name of the RealTime server.
In the Schedule tab, define a schedule. Note the following options:
Type of backup Snapshots and copy snapshots to a storage unit
All types are supported. NetBackup creates a snapshot and copies it to the storage unit specified on the Attributes tab.
Snapshots only
NetBackup creates an annotation in the timeline. The snapshot is created when you select items to restore. This option is highly space efficient but not recommended for long term storage. To use a storage lifecycle policy to manage backups, enter the name of the lifecycle policy. Important: if you select Snapshots only, a lifecycle policy cannot be used. See Storage lifecycle policies with Instant Recovery snapshots on page 97.
Override policy storage selection
6 7
In the Clients tab, enter the fully qualified name of one or more NetBackup clients that are defined as RealTime application hosts. In the Backup Selections tab, specify the RealTime assets to be backed up. The following types of entries are allowed:

Directory or file system VxVM volume
Raw device For example:

/mnt1 /dev/vx/rdsk/volgrp1/vol3 /dev/rdsk/c0t0d0s1
Important:
The items in this list must represent all the assets in the RealTime application(s) you are backing up with this policy. If a RealTime applications assets, for example, have been defined as three file systems, all three file systems must be entered here. If you enter only one or two of the file systems for the application, the policy fails to validate when you click OK. The items in this list can span multiple applications, but cannot list partial assets in any application (as noted in the previous bullet). When backing up a VxVM volume, all of the protected LUNs for a given application must exist in the same VxVM disk group. That is, an applications protected LUNs cannot span multiple VxVM disk groups. NetBackup does not support backing up a federated application. A federated application is one with RealTime protected LUNs that span multiple clients.
117
Performing a backup
See Table 4-3 for a list of NetBackup Realtime prerequisites. The procedure for backing up RealTime assets is the same as for backing up data on any NetBackup client. See the NetBackup Backup, Archive, and Restore Getting Started Guide.
Performing a restore
You can use NetBackup to restore data to the original client, to an alternate location on the original client, or to a different client. Note the following:
Each time you restore from a snapshot-only backup, if the snapshot does not already exist, NetBackup creates it. Creating the snapshot consumes some disk space in RealTime storage. Note that prior to selecting items to restore, a snapshot-only backup consists of annotations only, which require virtually no disk space. RealTime is VxVM disk-group centric, not volume centric. If you restore a volume that shares a disk group with other volumes, all volumes in that disk group are restored. This could have unexpected results. Point-in-time rollback restore is not supported.
NetBackup RealTime logging

For log messages about backup or restore, see the following NetBackup log folders. Table 4-4 Log folder
Solaris: /usr/openv/netbackup/logs/bpfis Windows: install_path\NetBackup\logs\bpfis Solaris: /usr/openv/netbackup/logs/bppfi Windows: install_path\NetBackup\logs\bppfi
The NetBackup logs Contains

Messages about policy validation, snapshot creation, and backup. Messages about restore.
Resides on
NetBackup client
NetBackup client
Note: These log folders must already exist in order for logging to occur. If the folders do not exist, create them. More detail is available on snapshot logs, logging levels, and the required folders.
See the NetBackup 6.5 Snapshot Client Administrators Guide. A broader discussion of NetBackup logging is available. See the NetBackup Troubleshooting Guide.
Troubleshooting
The following information may be helpful.
Logging
The NetBackup bpfis log is a good source of troubleshooting information. See NetBackup RealTime logging on page 117.
Policy validation fails

Validation of a policy can fail for a number of reasons. Several common reasons are the following:
RealTime protection has not been applied to the items listed in the policy Backup Selections list. See the Veritas NetBackup RealTime Protection Installation Guide. One or more of the items in the policy Backup Selections list were entered incorrectly. The policy Backup Selections do not list all the assets defined for a RealTime application. The Backup Selections items must represent all the assets in the RealTime application(s) you are backing up with this policy. If, for example, the Backup Selections include only one of several file systems that were defined for a RealTime application, the policy fails to validate.
Backups fail with status code 156

A potential cause of a 156 error concerns an alternate client off-host backup of a NetBackup RealTime application. This error occurs if the RealTime server's host tables are not correctly updated for the alternate client. As a result, NetBackup cannot make a RealTime TimeImage accessible to the alternate client, and the backup fails. This failure happens if the backup is to a storage unit (with or without a retained snapshot). A message similar to the following may appear in the NetBackup /usr/openv/netbackup/logs/bpfis log on the alternate client:
14:38:59.002 [16772] <2> onlfi_vfms_logf: INF create_timeimage: host [s1.snappy.com] not found on appliance 14:38:59.003 [16772] <32> onlfi_fim_split: FTL - VfMS error 11; see following messages:
119
14:38:59.003 [16772] <32> onlfi_fim_split: error was reported 14:38:59.003 [16772] <32> onlfi_fim_split: vfm_freeze_commit: method: CDP, type: FIM, function: CDP_freeze_commit 14:38:59.003 [16772] <32> onlfi_fim_split: error 6; see follow ing message: 14:38:59.003 [16772] <32> onlfi_fim_split: CDP_freeze_commit: create timei mage failed with status 48
FTL - Fatal method FTL -
FTL - VfMS method
FTL -
For more details on this problem, see the following NetBackup tech note: http://entsupport.symantec.com/docs/303966
Cannot browse backups to restore

A few simple reasons can account for the inability to browse files and folders to restore. You may have specified the wrong date range for NetBackups search for available backups. Or perhaps no backups were created within the specified dates. Note the following additional possibilities:
In the case of NetBackup RealTime, the annotation for the backup you want to browse may have become obsolete. Rendering older annotations obsolete is a normal function of RealTime protection, to save space in RealTime storage. Note that you can always restore your NetBackup data as long as the policy created a storage unit backup that has not expired. If the backup created a retained snapshot, the snapshot depends upon a valid annotation in the RealTime timeline. The attempt to browse fails if the annotation is no longer in the current RealTime protection timeline. A message similar to the following may appear in the /usr/openv/netbackup/logs/bppfi log. The location of the log depends on the type of backup. For an off-host alternate client backup, the bppfi log is on the alternate client. For a local host backup (not alternate client), the bppfi log is on the primary client.
15:13:15.802 [17768] <4> Error: createTimeImage failed with retcode 6 (RC_ERROR) 15:13:15.802 [17768] <4> [USER][ERROR][minneapolis:312] Cannot create timeImage: Imagetime before timeline start
See RealTime annotations and the timeline on page 107.
If the backup was a snapshot only backup, the backup succeeds but the attempt to restore fails. The contents of the folder that you are trying to browse do not appear. A message similar to the following may appear in the NetBackup bppfi log on the client or alternate client.
120 Snapshot client updates New disk array snapshot methods in 6.5.2
14:32:40.089 [18728] <4> create_timeimage: host [s1.snappy.com] not found on appliance 14:32:40.089 [18728] <4> mount_frag: create timeimage failed with status 48
For more details on this problem, see the following NetBackup tech note: http://entsupport.symantec.com/docs/303966
New disk array snapshot methods in 6.5.2

The following topics explain how to configure the NetBackup disk array methods that are new in 6.5.2. See your array documentation or disk array administrator for assistance with the array.
About the new disk array methods in 6.5.2

The array snapshot methods described in this section take advantage of high-speed mirroring and other snapshot capabilities that are provided by the arrays. Similar disk array snapshot methods for other array models, which were introduced in NetBackup 6.5, are described in the NetBackup 6.5 Snapshot Client Administrator's Guide. For background information on disk array methods, see that guide.
The disk array methods at a glance

Table 4-5 is an alphabetical listing of the disk array snapshot methods that are introduced in NetBackup 6.5.2. Table 4-5 6.5.2 snapshot methods Description and notes
For space-optimized, copy-on-write snapshots with Hitachi SMS/WMS/AMS, USP/NSC, and USP-V/VM series of arrays. For full-volume copy (mirror) snapshots with Hitachi SMS/WMS/AMS, USP/NSC, and USP-V/VM series of arrays. For full-volume copy (clone) snapshots on IBM DS6000 and DS8000 series of arrays with DSCLI version 5.2.2.224 and later.
Snapshot method
Hitachi_CopyOnWrite
Hitachi_ShadowImage
IBM_DiskStorage_FlashCopy
Snapshot client updates New disk array snapshot methods in 6.5.2
121

For a list of all supported combinations of snapshot methods, platforms, file systems, logical volumes, and other components, see the NetBackup 6.x Snapshot Client Compatibility document:
Note on Instant Recovery (point-in-time) rollback

Use caution with Instant Recovery rollback. An Instant Recovery (point-in-time) rollback overwrites the entire LUN (source disk) with the contents of the snapshot or mirror disk. If you have multiple file systems or multiple partitions configured on the hardware array LUN (the source disk), one or more of those file systems or partitions sharing the snapshot or mirror disk may have older data that you do not want to write back to the source. When the rollback takes place, any older data on the snapshot or mirror disk replaces the newer data on the source.
Array preconfiguration tasks

Before you configure a NetBackup policy, make sure the following tasks have been completed. Table 4-6 Array preconfiguration tasks Where described
See your array documentation. For the supported software versions, see the appropriate software requirements section in this document. See your HBA documentation.
Array administration tasks

Install the disk array and its software, including appropriate licenses.
Install supported HBAs on the NetBackup primary client and alternate clients.
Zone the client HBAs through the Fibre See your Fibre Channel documentation. Channel switch, so the array is visible to the primary client and any alternate clients. Install NetBackup and array vendor See the appropriate installation snapshot management software on the documentation. NetBackup primary client and any alternate clients. Configure source and snapshot devices on the array (such as LUNs). See your array documentation.
122 Snapshot client updates New disk array snapshot methods in 6.5.2
OS-specific configuration
This topic describes the configuration tasks that are related to the operating system on the NetBackup client.
Dynamic multipathing
In a SAN fabric, it is advantageous for multiple pathways to exist from a host computer to a device on a disk array. The purpose of dynamic multipathing software is the following:

Manage the pathways so that only one is in use at a time Switch to another pathway if the one in use fails
Consult your array documentation for multipathing requirements.
HBA configuration
The supported HBAs are Emulex and QLogic. For certain HBAs, the arrays target number cannot be guaranteed on the host without persistent bindings. A persistent device target number ensures that snapshots appear at the same device location if a NetBackup client host reboots. Refer to your HBA vendor documentation for help configuring persistent bindings. Note: Persistent target bindings are not needed if you use Suns Leadville stack (StorageTek SAN Foundation) or the Sun branded QLogic HBA driver or Sun branded Emulex HBA driver. See Determine if persistent bindings are needed in HBA file (Solaris only) on page 111.
Solaris sd.conf file (Hitachi arrays only)

Prior to running backups, you must configure a sufficient number of static devices (array LUNs) in the /kernel/drv/sd.conf file on the client (and any alternate client) to accommodate the number of snapshot devices that backups require. Note: Hitachi arrays do not support dynamic import of snapshot devices. It may be necessary to reboot after modifying sd.conf.
Snapshot client updates New disk array snapshot methods in 6.5.2
123
Verify NetBackup client access to array devices

You can use the nbfirescan command to verify the following: that NetBackup clients have access to the array devices, and that the arrays are properly zoned and LUNs are unmasked. Note that nbfirescan only displays LUNs that have actually been LUN masked to the host. To verify access, zoning, and LUN masking
Enter the following on the client:

This command queries the hosts SCSI bus for all the SCSI (or Fibre) attached devices that are visible. Example output from an AIX host, for Hitachi and IBM arrays, followed by a description:
DevicePath Vendor Product ID EnclosureId DeviceId [Ctl,Bus,Tgt,Lun] --------------------------------------------------------------------------------/dev/hdisk8 HITACHI OPEN-V-CM 10266 241 [00,00,144640,00] /dev/hdisk9 HITACHI OPEN-V 10266 840 [00,00,144640,01] /dev/hdisk36 IBM 1814 FAStT IBM.1814-SN72500637 60:0A:0B:80:00:29:7B:00:00:00:11:5A:47:D2:29:6C [00,00,660992,08] /dev/hdisk39 IBM 1814 FAStT IBM.1814-SN72500637 60:0A:0B:80:00:29:7B:00:00:00:11:77:47:D4:AC:9A [00,00,660992,09] /dev/hdisk34 IBM 1750500 IBM.1750-13ADDTA 1723 [00,00,662016,1075265571] /dev/rdsk/c2t6d11s6HITACHI DF600F6484 48 [00,00,00,00] /dev/rdsk/c2t6d10s6HITACHI DF600F6484 46 [00,00,00,00] /dev/rdsk/c2t10d3s6HITACHI OPEN-V-SUN 45027 18 [00,00,00,00] /dev/rdsk/c2t10d0s6HITACHI OPEN-V-CM 45027 0 [00,00,00,00]
Note the following descriptions:
DevicePath
Represents the actual access point for the device as it exists on the client host. Unique for each physical disk array. Unique for a physical or virtual disk in an enclosure. The Enclosure ID/Device ID pair constitutes a host-independent designation of a particular physical or virtual disk within a disk array. Controller, bus, target, and LUN numbers are the elements that designate a particular physical or virtual disk from the perspective of the client host computer.
EnclosureId DeviceId
Ctl,Bus,Tgt,Lun
124 Snapshot client updates IBM DS6000 and DS8000 arrays
IBM DS6000 and DS8000 arrays

The following sections include background information and configuration tasks for NetBackup Snapshot Client backups using IBM 6000 and 8000 arrays. These tasks must be completed before you run a backup.
IBM DS6000 and 8000 software requirements

The following IBM software is required. Table 4-7 Software
DSCLI
Software that is required for IBM 6000 and 8000 Where to install
Default location
Version
5.2.2.224 or higher
For instructions on installing the software, refer to your IBM documentation.
Preconfiguration for IBM arrays

No preconfiguration steps are required for IBM DS6000 and DS8000 arrays.
Configuring NetBackup to access the array

You must supply login credentials that allow the NetBackup client to access the IBM array. To supply login credentials 1 In the NetBackup Administration Console, click the Media and Device Management > Credentials > Disk Array Hosts node in the NetBackup Administration Console. Right-click in the Disk Array Hosts pane and select New Disk Array Host. Enter the host name of the IBM 6000 or 8000 array. Select IBM System Storage in the Disk Array Host Type pull-down menu. Enter the user name and password for the array. Clear (uncheck) the Connect using port number box.
2 3 4 5 6
Array access for NetBackup hosts not named in a policy

Certain NetBackup hosts that are not named as clients in a policy must be explicitly enabled to access array credentials. An example is a media server
Snapshot client updates IBM DS6000 and DS8000 arrays
125
that is used for off-host backup processing but is not included in any policys Clients list. To allow the host to access credentials 1 In the NetBackup Administration Console, click Host Properties > Master servers > double click name of master server > Properties > Credential Access. Click Add to enter the name of the client. Then click OK.
Configure the IBM array for NetBackup

You must add each NetBackup client and alternate client to the IBM array and make array devices available to the clients. In brief, the steps are the following: To configure the array for NetBackup 1 On the IBM array, provide host name and port information for the NetBackup client. Note the following:
The nickname (on the IBM 6000/8000) must be the same as the NetBackup client name. In the IBM 6000/8000 Storage Manager interface, the host type for AIX may not be obvious: select IBM pSeries. As part of the host definition, select the WWPN of the NetBackup client. Your NetBackup client must be properly zoned on the SAN to allow communication between it and the array.
2 3
Repeat step 1 for each NetBackup client or alternate client that uses the array. Create a volume group and associate the volume group with the NetBackup host you have defined on the array. For details, refer to your IBM documentation. Create logical volumes (or logical drives) for the volume group. This step makes the volumes or drives visible to the NetBackup client. For details, refer to your IBM documentation.
Obtain unique IBM identifiers

The NetBackup policy requires entry of the arrays Unique ID. If your array administrator provided LUN numbers for the devices, you must convert those LUN numbers into unique IDs for entry in the NetBackup policy Snapshot Resources pane. You can obtain the LUN unique IDs in either of two ways, as described in this topic.
The LUN ID of the primary and snapshot (clone) logical volume can be found from the array by means of DSCLI commands or the IBM Storage Manager interface. To use DSCLI commands to obtain the device identifiers 1 Find the host connection and its corresponding volume group by entering the following:
lshostconnect -dev enclosure_ID
Sample output:
dscli> lshostconnect -dev IBM.1750-6866123 Date/Time: December 17, 2007 4:18:02 PM IST IBM DSCLI Version: 5.2.2.224 DS: IBM.1750-6866123 Name ID WWPN HostType Profile portgrp volgrpID ESSIOport ==================================================================================== ============ oigtsol05 0000 10000000C956A9B4 Sun SUN - Solaris 0 V11 all oigtaix03 0022 10000000C969F60E pSeries IBM pSeries - AIX 0 V46 all oigtaix02 0023 10000000C94AA677 pSeries IBM pSeries - AIX 0 V47 all
Find the volumes presented to this volume group and to the host:
showvolgrp -dev enclosure_ID volume_group
dscli> showvolgrp -dev IBM.1750-6866123 V47 Date/Time: December 17, 2007 4:21:01 PM IST IBM DSCLI Version: 5.2.2.224 DS: IBM.1750-6866123 Name oigtaix02 ID V47 Type SCSI Mask Vols 0002 0003 0004 0005 0006 0007 0008 0009 0031
The values listed for Vols are the LUN ids. 3 Find out which device on the host corresponds to a given logical volume. Enter the following:
To use the IBM Storage Manager web interface to obtain the device identifiers 1 In the Storage Manager, click Real-time manager > Manage hardware > Host systems.
Snapshot client updates IBM DS6000 and DS8000 arrays
127
2 3
Click on the host for which you need to find the volumes presented. The volume groups that are associated with the host are displayed. Click on the volume group to get the list of the logical volumes that are configured in this volume group. The Number column indicates the LUN ID.
Configuring a NetBackup policy for IBM_DiskStorage_FlashCopy

For general help setting up a NetBackup policy in the NetBackup Administration Console, refer to the NetBackup Snapshot Client Administrators Guide. The following procedure focuses on the IBM_DiskStorage_FlashCopy method and its parameters. To configure a policy for IBM_DiskStorage_FlashCopy 1 2 3 4 In the NetBackup Administration Console, click the Perform snapshot backups box on the policy Attributes tab. Click the Snapshot Client Options button to display the Snapshot Options dialog box. In the Snapshot method pull-down list, select IBM_DiskStorage_FlashCopy. If needed, set Wait for flashcopy operation to complete to 1. By default (0), the backup does not wait for the FlashCopy operation to complete. If the backup begins before the FlashCopy operation completes, database performance on the client (such as Oracle) may be affected until the FlashCopy is complete. A setting of 1 means that NetBackup waits for the FlashCopy to complete before the backup begins, to avoid any performance issues on the client. Note that a setting of 1 may cause the backup elapsed time to increase significantly. The primary (production) volume may not be accessible until the FlashCopy command completes. On the Snapshot Options dialog box in the Snapshot Resources pane, click Add. NetBackup uses the information in the Snapshot Resources pane to correctly rotate through the clone LUNs when performing a FlashCopy clone backup. After all clone LUNs have been used in a backup, NetBackup automatically determines which clone is the oldest. NetBackup expires the oldest clone so that it can be reused for the current backup. If that clone represents the only backup image copy, NetBackup also expires the backup image associated with the clone. Note that the policy Backup Selections determine one or more source LUNs for which snapshots are taken for backup. For each source LUN that is specified in the policy Backup Selections list, you must provide the information detailed in the following steps. See Obtain unique IBM identifiers on page 125. In the Add Snapshot Resource dialog box, enter the array's serial number in the Array Serial # field. Enter the unique ID for the source LUN in the Source Device field.
6 7
Snapshot client updates Hitachi SMS/WMS/AMS, USP/NSC, USP-V/VM
129
Enter the unique IDs for the clone LUNs in the Snapshot Device(s) field. To enter multiple IDs, place a semicolon between them. Note the following:
The clone LUNs must be unmasked to the client (or alternate client) before you start a backup. For Instant Recovery backups, the Snapshot Device(s) entries determine where and in what order the snapshots are retained.
For further reference

The following IBM documents may be helpful.
The IBM System Storage DS6000 Series: Copy Services http://www.redbooks.ibm.com/redpieces/abstracts/sg246782.html http://www.redbooks.ibm.com/abstracts/sg246783.html The IBM System Storage DS8000 Series: Copy Services http://www.redbooks.ibm.com/abstracts/sg246787.html http://www.redbooks.ibm.com/abstracts/sg246788.html
Hitachi SMS/WMS/AMS, USP/NSC, USP-V/VM

The following sections include background information and configuration tasks for NetBackup Snapshot Client backups using Hitachi SMS/WMS/AMS, USP/NSC, and USP-V/VM series of arrays. These tasks must be completed before you run a backup.
Hitachi array software requirements

The following Hitachi software is required. Table 4-8 Software Software that is required for Hitachi arrays Where to install Version
01-12-03/04 or later. Note: To determine the RAID Manager version, run the following: /usr/lib/RMLIB/bin/whatrmver See Checking the RAID Manager version on page 130.
RAID Manager/LIB NetBackup client
For instructions on installing the software, refer to your Hitachi documentation.
130 Snapshot client updates Hitachi SMS/WMS/AMS, USP/NSC, USP-V/VM
Checking the RAID Manager version

Use the following procedure. To determine the current RAID Manager version

/usr/lib/RMLIB/bin/whatrmver
Example output:
Model :RAID-Manager/LIB/Solaris Ver&Rev:01-12-03/04
Preconfiguration for Hitachi

Prior to running backups, you must configure the arrays and appropriate volumes. Refer to your Hitachi array documentation.
Pair status must be PSUS (SMS/WMS/AMS arrays only)

After creating volume pairs, you must split each pair and leave the status of the pair at PSUS. You can use the following CCI command:
pairsplit -g dg_name -d device_name -l
where dg_name and device_name are the names specified in the CCI configuration file for the primary device.
Configure command devices on NetBackup client and alternate client

The Hitachi command devices must be visible to the NetBackup client as well as to any alternate client. To configure command devices, refer to your Hitachi documentation.
Configuring NetBackup to access the array

You do not need to configure array credentials for the Hitachi array. All communication between NetBackup and the array is done by means of command devices. If multiple Hitachi arrays are connected to a NetBackup client, NetBackup sends the NetBackup command to the correct Hitachi array. To determine if the command devices are visible

Snapshot client updates Hitachi SMS/WMS/AMS, USP/NSC, USP-V/VM
131
Example output:
nbfirescan v4.4.2 - Copyright (c) 2005-2007 Symantec Corp. Rescanning devices..............................................Complete. Device count: 37 DevicePath Vendor Product ID EnclosureId DeviceId [Ctl,Bus,Tgt,Lun]
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------/dev/rdsk/c3t50060E801029F700d22s6 HITACHI DF600F 10816 /dev/rdsk/c3t50060E801029F700d1s6 HITACHI DF600F-CM 10816 0201 0003 [00,00,00,00] [00,00,00,00]
The last line of the above example shows a command device (DF600F-CM).
Configure the Hitachi array for NetBackup

You must add each NetBackup client and alternate client to a host group on the Hitachi array. Note the following:
The name of the host group must match the host name or fully qualified domain name of the client as specified in the NetBackup policy. The name should not be more that 16 characters in length. For host entries in the host groups, specify the WWNN/WWPN of each host.
Obtain unique Hitachi identifiers

The NetBackup policy requires the Hitachi array's serial number and the unique IDs (device identifiers) for the source and clone LUNs. Use the following procedure to obtain that information. To obtain the array serial number and device identifiers

Example output:
DevicePath
Vendor
Product ID
EnclosureId
DeviceId
[Ctl,Bus,Tgt,Lun]
----------------------------------------------------------------------------------------------------------------------------------------------------------------------/dev/rdsk/c2t6d15s6 /dev/rdsk/c2t6d14s6 HITACHI HITACHI DF600F DF600F 6484 6484 53 52 [00,00,00,00] [00,00,00,00]
132 Snapshot client updates Hitachi SMS/WMS/AMS, USP/NSC, USP-V/VM
The Enclosure ID is the serial number and the Device ID is the arrays device ID.
Configure a NetBackup policy for Hitachi_ShadowImage or Hitachi_CopyOnWrite

For general help setting up a NetBackup policy in the NetBackup Administration Console, refer to the NetBackup Snapshot Client Administrators Guide. The following procedure focuses on the Hitachi_ShadowImage and Hitachi_CopyOnWrite methods and their parameters. Note: The term clone LUNs, as used in this procedure, refers to the Hitachi_ShadowImage method. For the Hitachi_CopyOnWrite method, the term clone LUNs can be replaced with snapshot LUNs. To configure a policy for an Hitachi array method 1 2 3 4 In the NetBackup Administration Console, click the Perform snapshot backups box on the policy Attributes tab. Click the Snapshot Client Options button to display the Snapshot Options dialog box. In the Snapshot method pull-down list, select Hitachi_ShadowImage or Hitachi_CopyOnWrite. In the Snapshot Resources pane, click Add. NetBackup uses the information in the Snapshot Resources pane to correctly rotate through the designated LUNs when performing a ShadowImage (or CopyOnWrite) backup. After all clone LUNs have been used in a backup, NetBackup automatically determines which clone is the oldest. NetBackup expires the oldest clone so that it can be reused for the current backup. If that clone represents the only backup image copy, NetBackup also expires the backup image associated with the clone. Note that the policys Backup Selections list must specify one or more source LUNs for which snapshots are created for the backup. For each source LUN in the policy Backup Selections list, you must supply a serial number and unique IDs. See Obtain unique Hitachi identifiers on page 131. In the Add Snapshot Resource dialog box, enter the array's serial number in the Array Serial # field. Enter the unique ID for the source LUN in the Source Device field.
5 6
Snapshot client updates Troubleshooting
133
The ID must be entered without leading zeroes. For example, if the LUN ID is 0110, enter 110 in the Source Device field. 7 Enter the unique IDs for the clone LUNs (for Hitachi_ShadowImage method) or the snapshot LUNs (for Hitachi_CopyOnWrite) in the Snapshot Device(s) field. To enter multiple IDs, place a semicolon between them. The ID must be without leading zeroes. For example, if the LUN ID is 0111, enter 111 in the Snapshot Device(s) field. Note the following:
The LUNs must be unmasked to the client (or alternate client) before you start a backup. For Instant Recovery backups, the Snapshot Device(s) entries determine where and in what order the snapshots are retained.
Troubleshooting
This topic provides troubleshooting assistance.
Troubleshooting: IBM DS6000 and 8000 arrays

This section provides explanations and recommended actions, as well as log entries that may help identify the problem. Note the following important items:
Before you start a backup, the snapshot device (clone) must be visible (unmasked) to the NetBackup client or alternate client. For backup and Instant Recovery rollback restore: you must supply login credentials that allow the NetBackup client to access the IBM array. For NetBackup hosts not named in a policy (such as alternate clients), you must also configure NetBackup so that the host can access the credentials. Backups may appear to succeed, but the bprd log on the server contains messages similar to the following:
09:02:17.999 [4292.3092] <2> is_disk_client_configured: db_cred_allowed(host1.enterprise.com, 1) failed: 227 09:02:17.999 [4292.3092] <2> read_text_file: is_disk_client_configured(host1.enterprise.com) failed: 227 09:02:17.999 [4292.3092] <2> process_request: read_text_file failed - status = client is not validated to use the server (131)
Until credential access is enabled, a backup or a point-in-time rollback fails with NetBackup status 5. See Configuring NetBackup to access the array on page 124. See Array access for NetBackup hosts not named in a policy on page 124.
134 Snapshot client updates Troubleshooting
Snapshot error encountered (NetBackup status code 156)

Note these possible explanations:
The snapshot device (clone) is not visible (unmasked) to the NetBackup client or alternate client. Recommended action: Make the clone device visible to the NetBackup client or alternate client before you retry the backup. Contact IBM technical support or refer to your IBM array documentation. The snapshot device (clone) is also a source device in another device pair. The following message may appear in the /usr/openv/netbackup/logs/bpfis/ibmtsfi.log.date log:
CMUN03041E mkflash: Copy Services operation failure: already a FlashCopy source
Recommended action: Reconfigure source and clone devices so that the clone required for this backup is not a source device for another clone. Contact IBM technical support or refer to your IBM array documentation.
The snapshot device (clone) and source device are not of equal size. The following message may appear in the /usr/openv/netbackup/logs/bpfis/ibmtsfi.log.date log:
CMUN03049E mkflash: Copy Services operation failure: incompatible volumes
Recommended action: Reconfigure source and clone devices to be identical in size. Contact IBM technical support or refer to your IBM array documentation.
The source device is already recording enabled for FlashCopy. The following message may appear in the /usr/openv/netbackup/logs/bpfis/ibmtsfi.log.date log:
CMUN03027E mkflash: FlashCopy operation failure: action prohibited by current FlashCopy state. Contact IBM technical support for assistance.
Recommended action: verify whether the source device has a FlashCopy relationship with some device other than the snapshot device (clone) specified in the policy. If a FlashCopy relationship exists with some other device, delete the relationship and start the backup again.
The IBM FlashCopy license is not installed. The following message may appear in the /usr/openv/netbackup/logs/bpfis/ibmtsfi.log.date log:
CMUN03035E mkflash: Copy Services operation failure: feature not installed.
Recommended action: Install the FlashCopy license on the storage subsystem. Contact IBM technical support or refer to your IBM array documentation.
135
The FlashCopy relationship is not recording enabled. The following message may appear in the /usr/openv/netbackup/logs/bpfis/ibmtsfi.log.date log:
CMUN03027E resyncflash: FlashCopy operation failure: action prohibited by current FlashCopy state. Contact IBM technical support for assistance
Recommended action:

Make sure a FlashCopy relationship exists for the device pair. If the FlashCopy relationship is not recording enabled, remove the FlashCopy relationship and then re-run the backup.
A FlashCopy relationship does not exist. The following message may appear in the /usr/openv/netbackup/logs/bpfis/ibmtsfi.log.date log:
CMUN03027E resyncflash: FlashCopy operation failure: action prohibited by current FlashCopy state. Contact IBM technical support for assistance.
A resynchronize operation was attempted on a FlashCopy pair that does not exist. Recommended action: Verify that a FlashCopy pair does not exist, and then re-execute the backup.
Incremental Copy is in progress. The following message may appear in the /usr/openv/netbackup/logs/bpfis/ibmtsfi.log.date log:
CMUN02498E resyncflash: The storage unit is busy.
This message could appear for the following reasons:
A background copy is in progress for the given pair of devices on the array.
Some maintenance activity is currently in progress on the array. Recommended action: Allow the background copy or maintenance activity to complete. Then re-run the backup.
Troubleshooting: Hitachi arrays

This section provides explanations and recommended actions, as well as log entries that may help identify the problem. Note the following important items:
RAID Manager version 01-12-03/04 or later is required. See Checking the RAID Manager version on page 130. Before you start a backup, the snapshot device (clone LUN or snapshot LUN) must be visible (unmasked) to the NetBackup client or alternate client.
For the NetBackup policy Snapshot Resource configuration, specify device IDs in decimal and without leading zeros. For example, if your source device ID is 0100 and the snapshot device ID is 0101, enter 100 and 101 in the Snapshot Resources dialog box. See Configure a NetBackup policy for Hitachi_ShadowImage or Hitachi_CopyOnWrite on page 132.
NetBackup policy validation fails

Note these possible explanations:
The Hitachi command device is not unmasked. See the sample log messages in the next bullet. Recommended action: Refer to Hitachi documentation for creating and unmasking command devices. The Hitachi command device is unmasked but is not visible to client, or the enclosure ID specified in the policys Snapshot Resources is invalid. The /usr/openv/netbackup/logs/bpfis/hitachi.log.<date> log may contain messages similar to the following:
Fri Mar 21 2008 16:26:46.431046 <Pid - 9477 / Thread id - 1> Entering Function delayedInit [110, providers/hitachi/hitachi_plugin.cpp] Fri Mar 21 2008 16:26:49.173893 <Pid - 9477 / Thread id - 1> <Device name="/dev/rdsk/c4t50060E801029F700d2s6" udid="UDID##HITACHI##HDS##75040816##3" bus=" 0" target="0" lun="0" vendor="HITACHI" product="DF600F-CM" /> Fri Mar 21 2008 16:26:49.174493 <Pid - 9477 / Thread id - 1> Exiting Function delayedInit [110, providers/hitachi/hitachi_plugin.cpp] If the delayedInit message does not include at least one entry for the
enclosure ID that was entered in the policys Snapshot Resources, the command device is not unmasked or is not visible to NetBackup client (host). Recommended action: Make sure the command device is recognized by the operating system and that the enclosure ID is entered correctly in the policy's Snapshot Resources. To determine if the command device is recognized by the operating system, try device discovery commands such as the following:
devfsadm cfgadm -al
A log message for the enclosure ID would include an entry such as the following:
c3t50060E801029F700d28 <HITACHI-DF600F-CM-0000 cyl 52 alt 2 hd 50 sec 768>
which shows that the device is visible as c3t50060E801029F700d28.
137
A mismatch exists between the policys snapshot method and the type of LUNs specified for the Snapshot Devices. For example, if you select the Hitachi_ShadowImage method but specify snapshot LUNs instead of clone LUNs for the Snapshot Devices, an error occurs. See the sample log messages in the next bullet. Recommended action: Specify the correct snapshot method or snapshot devices. A disk pair was not created for the source and snapshot devices specified in the NetBackup policys Snapshot Resources. The /usr/openv/netbackup/logs/bpfis/hitachi.log.<date> log may contain messages similar to the following. If the snapshot method is Hitachi_CopyOnWrite:
Fri Mar 21 2008 16:26:49.173893 <Pid - 9477 / Thread id - 1> HITACHI_FIM_SNAPSHOT not supported for 10
If the snapshot method is Hitachi_ShadowImage:

Fri Mar 21 2008 16:26:49.173893 <Pid - 9477 / Thread id - 1> HITACHI_FIM_SHADOW_IMAGE not supported for 10
Recommended action: Set up a disk pair (primary and secondary) for the source and snapshot devices that are specified in the policys Snapshot Resources. Refer to the Hitachi documentation.
In the policys Snapshot Resources, the device identifier for the source or snapshot device is invalid. The /usr/openv/netbackup/logs/bpfis/hitachi.log.<date> log may contain messages similar to the following:
Fri Mar 21 2008 16:26:49.173893 <Pid - 9477 / Thread id - 1> getrminfo failed. Fri Mar 21 2008 16:26:49.173893 <Pid - 9477 / Thread id - 1> operation failed with error number <> with message <msg>'.
The above message may indicate that a device ID in the policys Snapshot Resources is incorrect or does not exist. For example, if the specified snapshot device ID does not exist:
Mon May 12 2008 21:32:32.088876 <Pid - 8040 / Thread id - 1> getrminfo is called for '9999'. Mon May 12 2008 21:32:32.089736 <Pid - 8040 / Thread id - 1> getrminfo failed. Mon May 12 2008 21:32:32.090003 <Pid - 8040 / Thread id - 1> operation failed with error number '-1' with message '[EL_CMDRJE] An order of the control command rejected.'.
Recommended action: Make sure the identifiers are correctly entered in the policys Snapshot Resources. Specify source and snapshot IDs without leading zeros. See Configure a NetBackup policy for Hitachi_ShadowImage or Hitachi_CopyOnWrite on page 132.
The RAID Manager library libsvrrm.so software is not installed in the /usr/lib/ directory. Recommended action: Install the RAID Manager package in /usr/lib/. See the Hitachi documentation. The installed version of RAID Manager library libsvrrm.so is not supported. Recommended action: Look for the Library RMLIB version message in the /usr/openv/netbackup/logs/bpfis/hitachi.log.<date> log. See Checking the RAID Manager version on page 130.
Backup or restore or image expiration fails

The following bullets list possible explanations:
A problem occurred involving the Hitachi instance number. For example, the Hitachi snapshot provider did not receive the instance number for the command device. The instance number is needed to connect to the array. The /usr/openv/netbackup/logs/bpfis/hitachi.log.<date> log contains the following message:
Couldn't get instance no failed with message ....
The log may contain the following additional messages:

Fri Mar 21 2008 16:26:49.818233 <Pid - 9477 / Thread id - 1> Entering Function attachCmd [156, providers/hitachi/hitachi_rmlibintf.cpp] Fri Mar 21 2008 16:26:49.173893 <Pid - 9477 / Thread id - 1> attachcmddev is called with cmd dev /dev/dsk/c1t0d0s2 and instance number 0. Fri Mar 21 2008 16:26:49.818308 <Pid - 9477 / Thread id - 1> Exiting Function attachCmd [156, providers/hitachi/hitachi_rmlibintf.cpp]
The attachcmddev message should list the Hitachi command device (for the enclosure ID that was specified in the policy) and the instance number. If the Hitachi command device is not included in the message, then the instance number was not received. A limited number of instance numbers are allowed per command device. If the maximum number of processes are using the same command device, no more instance numbers are available. This situation may indicate a problem with the instance number management logic of the Hitachi provider. Note also the following potential messages:
Fri Mar 21 2008 16:26:49.818233 <Pid - 9477 / Thread id - 1> Entering Function attachCmd [156, providers/hitachi/hitachi_rmlibintf.cpp] Fri Mar 21 2008 16:26:49.173893 <Pid - 9477 / Thread id - 1> Couldn't get instance no failed with message '%s'.
139
Fri Mar 21 2008 16:26:49.818308 <Pid - 9477 / Thread id - 1> Exiting Function attachCmd [156, providers/hitachi/hitachi_rmlibintf.cpp]
Another example message is the following:

Fri Mar 21 2008 16:26:49.173893 <Pid - 9477 / Thread id - 1> Couldn't get instance no failed with message 'Instance No Exhausted, couln't reclaim giving up'
These messages indicate that the instance number is not available. A problem may exist with the instance number management logic. Recommended action:
Remove the following file:

/usr/openv/lib/vxfi/cachefiles/hitachi/ UDID##HITACHI##HDS##<enclosure id>##*
where enclosure id is the array's serial number specified in the policys Snapshot Resources.
Gather the appropriate Hitachi logs and contact Symantec customer support for NetBackup.
The default array controller of the source device is not the same as the controller of the snapshot device. Use the Storage Navigator interface to verify. Recommended action: Make sure that the clone (or snapshot) device has the same default controller as the source device. See the Hitachi documentation.
140 Snapshot client updates New options for vxvm snapshots
New options for vxvm snapshots

The vxvm snapshot method is for making Veritas Volume Manager snapshots. The vxvm snapshot method works for any file system that is mounted on a VxVM volume. Prior to backup, the data must be configured with either of the following: VxVM 3.1 or later for traditional mirrors, or VxVM 4.0 or later for full-sized or space optimized instant snapshots.
New vxvm backup options

Table 4-9 lists the vxvm snapshot method parameters introduced in NetBackup 6.5.2. You can configure these parameters in a snapshot policy in the NetBackup Administration Console: Policies > Actions > New > New policy > Attributes > Snapshot Client Options. See the NetBackup 6.5 Snapshot Client Administrators Guide for full details on policy configuration. Table 4-9 Parameter
Wait for mirror sync completion (Data Mover backups only)
New vxvm parameters in NetBackup 6.5.2 Description

This parameter applies only to off-host backups that use the NetBackup Media Server or Third-Party Copy Device backup method. With the default setting (Yes), this parameter specifies that full-sized instant snapshots will not be available for backup until the mirror synchronization is complete. Note that before synchronization is complete, some of the data required for the backup resides on the source disks but not on the snapshot disks. If the media server has access to the snapshot disks but does not have access to the source disks, and if the backup starts before the snapshot disks are fully synchronized with the source, the backup fails. In the case of a NetBackup Media Server or Third-Party Copy Device backupwhere the media server does not have access to the source disksyou should set this parameter to 1. If both source and snapshot disks are visible to the media server, you can set this parameter to 0 (No).
Snapshot client updates New options for vxvm snapshots
141
Table 4-9 Parameter
New vxvm parameters in NetBackup 6.5.2 Description

For configurations that have sufficient I/O bandwidth, multiple volumes can be resynchronized simultaneously, to complete resynchronization sooner. This parameter specifies the number of volume pairs that are resynchronized simultaneously. A volume pair consists of a source volume and its snapshot (or mirror) volume. The default is 1, which means that volume pairs are resynchronized one at a time. Accept the default if the I/O bandwidth in your clients and disk storage cannot support simultaneous synchronization of volumes. A major factor in I/O bandwidth is the number and speed of HBAs on each client.
Maximum number of volumes to resynchronize concurrently
Sync region size in MB (UNIX only)
Specifies the size in MB of each I/O request that is used when synchronizing the regions of a volume. Specifying a larger size causes synchronization to complete sooner, but with greater impact on the performance of other processes that are accessing the volume. The default size of 1 MB is the minimum suggested value for high-performance array and controller hardware. The specified value is rounded to a multiple of the volume's region size. This option is the same as the iosize=size parameter on the VxVM vxsnap command. For more details on the iosize=size parameter, see the Veritas Volume Manager Administrators Guide.
Sync I/O delay in milliseconds (UNIX only)
Specifies the delay in milliseconds between synchronizing successive sets of regions as specified by the value of the previous parameter (Sync region size in MB). This option can be used to change the impact of synchronization on system performance. The default is 0 milliseconds (no delay). Increasing this value slows down synchronization, and reduces the competition for I/O bandwidth with other processes that may be accessing the volume. This option is the same as the slow=iodelay parameter on the VxVM vxsnap command. For more details on the slow=iodelay parameter, see the Veritas Volume Manager Administrators Guide.
142 Snapshot client updates New options for vxvm snapshots
New vxvm restore options for Instant Recovery rollback

Several of the vxvm parameters described in Table 4-9 can be set specifically for Instant Recovery point in time rollback when multiple volumes are involved in the rollback. Modifying these options to suit the circumstances under which the rollback will occur may improve performance. The following parameters can be modified for rollback:

Maximum number of volumes to resynchronize concurrently Sync region size in MB (UNIX only) Sync I/O delay in milliseconds (UNIX only)
Note: Instant Recovery rollback uses the same defaults for these vxvm parameters as are listed in Table 4-9. To modify the vxvm parameters for point in time rollback 1 2 Create the following file:
/usr/openv/netbackup/SYMC_PARAMS
In the file, enter the numeric values for the parameters, in one line. The numbers apply to the parameters listed in the bulleted list above, in that order. For example:
6 3 1000
This example resets the parameters as follows:

Maximum number of volumes to resynchronize concurrently = 6 Sync region size in MB (UNIX only) = 3 Sync I/O delay in milliseconds (UNIX only) = 1000
Chapter
New data at rest key management

Key Management Service
The Key Management Service (KMS) feature runs on NetBackup 6.5.2 and is a master server based symmetric key management service that manages symmetric cryptography keys for tape drives that conform to the T10 standard (LTO4). KMS has been designed to uses volume pool based tape encryption. KMS is used with tape hardware that has built-in hardware encryption capability. An example tape drive with built-in encryption is the IBM ULTRIUM TD4 cartridge drive. KMS runs on Windows and UNIX. KMS generates keys from your passcodes or auto-generates keys. KMS operations are done through the KMS Command Line Interface (CLI). The CLI options are available for use with both nbms and bmkmsutil. KMS has a minimal impact on existing NetBackup operation system management and yet provides a foundation for future Key Management Service enhancements. The initial release of KMS has a limited feature set in this 6.5.2 unlicensed version with a limited number of key groups and key records for each key group.
KMS considerations
The following considerations relate to the functionality and use of KMS.
New NBKMS service

Master server based service providing encryption keys to media server BPTM processes.
144 New data at rest key management Key Management Service
New nbkmsutil KMS configuration utility

For security reasons, the KMS configuration utility can only be run from the master server as root or administrator.
NetBackup wide changes

To deal with the ENCR_ prefix on the volume pool names. To communicate with the key management service. To provide support for the T10 / SCSI standard tape drives with embedded (LT04 and equivalent) encryption.
NetBackup GUI and CLI changes to report the encryption key tag addition to the NetBackup image information The bpimmedia and bpimagelist were modified. An emphasis on recoverability and ease of use for this NetBackup 6.5.2 release The recommended option is that all encryption keys are generated with passphrases. You type in a passphrase and the key management system creates a reproducible encryption key from that passphrase.
KMS installation and deployment decisions
You can make the decision to choose KMS random generated keys or passphrase generated keys. You can decide to include NBAC deployment or not.
KMS security
There is no burden on existing NetBackup services with additional security concerns.
Cipher types
The following cipher types are supported in KMS:

AES_128 AES_192 AES_256 (default cipher)
KMS recoverability
There is a method of using the KMS where all of the encryption keys are generated from passphrases. You can record these passphrases and then use them at a later time to recreate the entire KMS for NetBackup.
New data at rest key management Key Management Service
145
NetBackup 6.5.2 unlicensed version limits

There is a maximum limit in this NetBackup 6.5.2 unlicensed version of KMS for ten key records per group and an additional maximum of two key groups.
KMS files
The KMS has three files associated with it where information on the keys is kept.
Key file or key database Contains the data encryption keys. The key file is located at /opt/openv/kms/db/KMS_DATA.dat. Host master key Contains the encryption key that encrypts and protects the KMS_DATA.dat key file using AES 256. The host master key is located at /opt/openv/kms/key/KMS_HMKF.dat Key protection key Encryption key that encrypts and protects individual records in the KMS_DATA.dat key file using AES 256. The key protection key is located at /opt/openv/kms/key/KMS_KPKF.dat. Currently the same key protection key is used to encrypt all of the records.
Key records
Key records contain many fields but the primary records are the encryption key, the encryption key tag, and the record state. Key records also contain some metadata.
Encryption Key This is the key that will be given to the tape drive. Encryption Key Tag This tag is the identifier for the encryption key. Record state Each of the key records has a state. The states are prelive, active, inactive, deprecated, and terminated. Metadata Metadata includes logical name, creation date, modification date, and description.
Key groups
A logical name and grouping of key records. All key records created must belong to a group. A key group can only have one active state key record at any time.
Tape drives and media capabilities

Drive, tape, and NetBackup capabilities must all match for drive encryption to be successful. There are a number of drives that adhere to the standard. The LT04 is a popular type. Currently only LT04 drives and LT04 media can be encrypted or decrypted. You can still run LT03 media in LT04 drives for reading and writing but you cannot encrypt the data. If you are using LT02 media, that data can be read in LT04 drives but they cannot be written in either unencrypted or encrypted format. You will have to keep track of these drive and media issues as you setup encryption. Not only do you need drives that are capable of encryption but the media needs to be grouped so that the media is capable of encryption. For later decryption the tape must be placed in a drive that is capable of decryption. Following is the interoperatability matrix for the tape drives and media.

LTO4 drives can read LTO2, LT03, and LT04 media LTO4 drives can write LTO3 and LT04 media LTO4 drives can only encrypt LTO4 media LTO4 encrypted and decrypted media only works in LTO4 drives
KMS with NBAC

Information on using KMS with NBAC is included where applicable in various sections of this document. For further information, refer to the NetBackup 6.5.2 NBAC documentation.
KMS with HA clustering

Information on using KMS with HA clustering is included where applicable in various sections of this document. For further information, refer to the NetBackup 6.5.2 HA documentation
KMS logging
The service uses the new unified logging and has been assigned OID 286. The nbkmsutil CLI uses traditional logging and its logs can be found in the file /usr/openv/netbackup/logs/admin/*.log
KMS with NetBackup 6.5.2 Windows uninstall

When a Windows uninstall is done of NetBackup 6.5 without first uninstalling NetBackup 6.5.2, a remnant of KMS is left installed in the Windows Service Manager. To resolve this Windows issue, uninstall NetBackup 6.5.2 and then uninstall NetBackup 6.5. A tech note will be created on this topic.
147
KMS principles of operation

KMS works with encryption capable tape drives. KMS is integrated into NetBackup 6.5.2 in such a way so as to eliminate difficulties in using NetBackup from a system management perspective. KMS provides encryption key management for tape drives with built-in encryption capabilities. These are tape drives that adhere to the SCSI standard. A SCSI command actually enables encryption on the tape drive. NetBackup accesses this capability through the volume pool name.
About writing an encrypted tape

BPTM receives a request to write to a tape and to use a tape from a volume pool with the ENCR_ name prefix. The ENCR_ prefix is a signal to BPTM that the information to be written to tape is to be encrypted. BPTM contacts KMS and requests an encryption key from the key group with a name that matches the name of the volume pool. KMS hands back to BPTM an encryption key and a key identifier (known as the encryption key tag). BPTM places the drive in encryption mode and registers the key and identifier tag with the drive. This is all done with the SCSI security protocol in/out command that has been added to the SCSI specification. The backup then proceeds as normal. When the backup is complete, BPTM unregisters the key and tag with the drive and sets the drive back into regular mode. BPTM then records the tag in the NetBackup image record catalog.
NBU Catalog
BPTM
KMS Tape Drive
About reading an encrypted tape

When a tape is read and an area of the tape in encountered where an image is encrypted, BPTM determines what tag is used and KMS loads that record and key into BPTM. Then BPTM provides the key to the drive and reading the tape proceeds as normal.
KMS terminology
The terms associated with KMS are listed below:
CLI
Command line interface. You can operate the KMS feature from the provided command line using the nbkmsutil command. You can use the CLI to create a new key group, create a new key, modify key group attributes, modify key attributes, get details of key groups, get details of keys, delete a key group, delete a key, recover a key, modify the host master key, get host master key ID, modify key protection key, get key protection key ID, get key store statistics, quiesce the KMS database, unquiesce the KMS database.
149
Host Master Key (HMK)

Contains the encryption key that encrypts and protects the KMS_DATA.dat key file using AES 256. The host master key is located at /opt/openv/kms/key/KMS_HMKF.dat
Key
Encryption key that is used to encrypt and decrypt data.
Key group (KG)

Logical collection of keys.
Key group record (KGR)

Contains the details of a key group.
Key Management Service (KMS)

Is a master server based symmetric key management service that manages symmetric cryptography keys for tape drives that conform to the T10 standard (LTO4). The KMS is located here: /usr/openv/netbackup/bin/nbkms
Key record (KR)

Contains the details of an encryption key.
KMS database
Contains the data encryption keys.
Key Protection Key (KPK)

Encryption key that encrypts and protects individual records in the KMS_DATA.dat key file using AES 256. The key protection key is located at kms/key/KMS_KPKF.dat. Currently the same key protection key is used to encrypt all of the records.
Key file (key database)

Contains the data encryption keys. The key file is located at /opt/openv/kms/db/KMS_DATA.dat.
Key group
A logical name and grouping of key records. A key group can only have one active state key record at any time.
Key record
Contains the encryption key, encryption key tag, and the record state. Other useful metadata such as logical name, creation date, modification date, and description are also included. The key records have states listed below.
Key record states

Key record states are listed below.
Prelive The key record has been created, but has never been used. Active The key record can be used for encryption and decryption in both backup and restore. Inactive Key record cannot be used for encryption, but can be used for decryption only during restore. Deprecated The key record can not be used for encryption or decryption. Terminated The key record is not available for use but it can be deleted.
Key store
The file that keeps the data encryption keys.
Passphrase
User specified random string. Seed to create encryption keys. You have a choice of creating the HMK, the KPK, and the encryption key with or without a passphrase. Using a passphrase would provide the following benefits:

Better passphrases result in keys with better security strength. If lost, keys can be recovered (re-generated) by providing the same passphrase (which was used to create the original key).
Note: It is important to keep track of all passphrases by recording them and storing them in a safe place for future use.
New data at rest key management Installing KMS
151
Quiesce
Sets the KMS DB to read-only administrator mode. Quiescing is required to make a backup of consistent copy of the KMS DB files.
Tag
Unique identifier (UUID) used to identify a key or key group in a key store.
Installing KMS
The service is called nbkms. The service does not run until the data file has been setup and in this way minimizes the impact on environments not using KMS. To configure it run the nbkms -createemptydb option. This will prompt you for a passphrase for the host master key HMK and the key protection key KPK. You will be asked for an ID. In this particular case the numbers 34 and 10 were entered. These IDs can be anything descriptive that you want to use to identify the HMK and KPK. Then you start up the KMS service.
fel (root) [4]: nbkms -createemptydb Enter the Host Master Key (HMK) passphrase (or hit ENTER to use a randomly generated HMK). The passphrase will not be displayed on the screen. Enter passphrase : Re-enter passphrase : An ID will be associated with the Host Master Key (HMK) just created. The ID will assist you in determining the HMK associated with any key store. Enter HMK ID : 34 Enter the Key Protection Key (KPK) passphrase (or hit ENTER to use a randomly generated KPK). The passphrase will not be displayed on the screen. Enter passphrase : Re-enter passphrase : An ID will be associated with the Key Protection Key (KPK) just created. The ID will assist you in determining the KPK associated with any key store. Enter KPK ID : 10 fel (root) [5]: nbkms fel (root) [6]: ps -ef | grep nbkms root 11917 11873 0 13:08:09 pts/18 0:00 grep nbkms root 11915 1 0 13:08:02 ? 0:00 nbkms
The next step is to create the key group. This operation is done by using the KMS utility with the options create key group with a key group name specified. For this to work with NetBackup 6.5.2 the key group name must be an identical match to the volume pool name. All key group names must have a prefix ENCR_.
152 New data at rest key management Installing KMS
This is how BPTM when it gets a volume pool request with ENCR_ hands that volume pool name to KMS. KMS identifies it as an exact match of the volume pool and then picks the active key record for backups out of that group.
fel (root) [3]: nbkmsutil -createkg -kgname ENCR_pool1 New Key Group creation is successful
The next step is to create a key record. nbkmsutil -createkey -kgname ENCR_pool1 -keyname Q1_2008_key -activate -desc "Key for Jan, Feb, & March" The option is createkey. You need to specify the key group name that this record will be part of. You can give it a key name. In this example it is called Q1_2008_key. You specify the activate option which skips the prelive state and creates this key as active. You can provide an optional description of what that key is. In this case the description is Key for Jan, Feb, & March. Below shows the output of the command. In this case the default is to enter the passphrases for the keys.
fel (root) [312]: nbkmsutil -createkey -kgname ENCR_pool1 -keyname Q1_2008_key activate -desc "Key for Jan, Feb, & March" Enter a passphrase: Re-enter the passphrase: New Key creation is successful fel (root) [313]: nbkmsutil -listkeys -kgname ENCR_pool1 Key Group Name : ENCR_pool1 Supported Cipher : AES_256 Number of Keys : 1 Has Active Key : Yes Creation Time : Sat Mar 15 10:45:55 2008 Last Modification Time: Sat Mar 15 10:45:55 2008 Description : Key Tag : d5a2a3df1a32eb61aff9e269ec777b5b9092839c6a75fa17bc2565f725aafe90 Key Name : Q1_2008_key Current State : Active Creation Time : Sat Mar 15 10:46:51 2008 Last Modification Time: Sat Mar 15 10:46:51 2008 Description : Key for Jan, Feb, & March Number of Keys: 1
You can create another key record. nbkmsutil -createkey -kgname ENCR_pool1 -keyname Q2_2008_key -activate -desc "key for Apr, May, & Jun" This one could be called Q2_2008_key.
153
fel (root) [326]: nbkmsutil -createkey -kgname ENCR_pool1 -keyname Q2_2008_key activate -desc "key for Apr, May, & Jun" Enter a passphrase: Re-enter the passphrase: New Key creation is successful fel (root) [327]:
Then you can run the list keys option to list all of the keys that belong to the ENCR_pool1 keygroup name. Notice that the Q1_2008_key is inactive and the Q2_2008 key is the active key. List Key Records part of the named Key Group. nbkmsutil -listkeys -kgname ENCR_pool1
fel (root) [331]: nbkmsutil -listkeys -kgname ENCR_pool1 Key Group Name : ENCR_pool1 Supported Cipher : AES_256 Number of Keys : 2 Has Active Key : Yes Creation Time : Sat Mar 15 10:45:55 2008 Last Modification Time: Sat Mar 15 10:45:55 2008 Description : Key Tag : cf7ac430d8795a9b39e703821371ed10be6ec80eab72d89aef6f8a791fc2460d Key Name : Q2_2008_key Current State : Active Creation Time : Sat Mar 15 11:02:46 2008 Last Modification Time: Sat Mar 15 11:02:46 2008 Description : key for Apr, May, & Jun Key Tag : d5a2a3df1a32eb61aff9e269ec777b5b9092839c6a75fa17bc2565f725aafe90 Key Name : Q1_2008_key Current State : Inactive Creation Time : Sat Mar 15 10:46:51 2008 Last Modification Time: Sat Mar 15 10:46:51 2008 Description : Key for Jan, Feb, & March Number of Keys: 2
Using KMS with NBAC

The following changes have been made to NBAC to support the introduction of KMS:
Addition of the new authorization object "KMS"
154 New data at rest key management Installing KMS
Addition of the new NetBackup User Group "NBU_KMS Admin"
The permissions a user has on the KMS object determines the KMS related tasks you are allowed to perform. Table 5-1 shows the default KMS permissions for each of the NetBackup user groups. Table 5-1 Set Default KMS permissions for NetBackup user groups Activity NBU_ User
-----------
NBU_ Operator
-----------
NBU_ Admin
X X -------
NBU_ Security Admin

-----------
Vault_ Operator
-----------
NBU_ SAN Admin

-----------
NBU_ KMS Admin

X X X X X
Browse Read Configure Configure Configure
Browse Read New Delete Modify
Besides the KMS permissions listed above, the NBU_KMS admin group also has the following permissions on other authorization objects:

BUAndRest - Browse, Read, Backup, Restore, List HostProperties - Browse, Read License - Browse, Read
KMS with HA clustering

In a typical NetBackup environment, it is possible that not all the optional packages are installed, licensed or configured. In such scenarios, any services that pertain to these optional products may not be active all the time. These services are hence not monitored by default and do not cause a NetBackup to failover if they fail. If at a future time an optional product is installed, licensed and configured, its services can be manually configured to cause NetBackup to failover if they fail. In this section, we document the manual steps that set up KMS to get cluster monitored.
Enabling cluster use with the KMS service

You can cluster enable the KMS service by adding it to the list of services that can be monitored by doing the following: 1 Open the command prompt on the active node of the cluster.
155
2 3
Change the directory to the <NetBackup install path>\NetBackup\bin (Windows) and /usr/openv/netbackup/bin (UNIX). Run the following command. On Windows: bpclusterutil -addSvc "NetBackup Key Management Service." On UNIX: bpclusterutil -addSvc nbkms Follow the optional product specific steps to enable the product. For NetBackup Key Management Service run the command to create the database, and start the service.
Enabling monitoring of the KMS service

To enable monitoring the KMS service and failover NetBackup when the service fails do the following: 1 2 3 Open a command prompt on the active node of the cluster. Change the directory to the <NetBackup install path>\NetBackup\bin (Windows) and /usr/openv/netbackup/bin (UNIX) Run the following command. On Windows: bpclusterutil -enableSvc "NetBackup Key Management Service" On UNIX: bpclusterutil -enableSvc nbkms
Disabling monitoring of the KMS service

To disable monitoring of the KMS service do the following: 1 2 3 Open a command prompt on the active node of the cluster. Change the directory to the <NetBackup install path>/NetBackup/bin (Windows) and /usr/openv/netbackup/bin (UNIX) Run the following command: On Windows: bpclusterutil -disableSvc "NetBackup Key Management Service" On UNIX: bpclusterutil -disableSvc nbkms
Removing the KMS service from monitored list

To remove the KMS service from the list of services that can be monitored do the following: 1 Disable monitoring of the optional product service using the above procedure
156 New data at rest key management KMS configuration
2 3 4 5
Follow the optional product specific steps to remove the product Open the command prompt on the active node of the cluster Change the directory to the <NetBackup install path>\NetBackup\bin (Windows) and /usr/openv/netbackup/bin (UNIX) Run the following command On Windows: bpclusterutil -deleteSvc "NetBackup Key Management Service" On UNIX: bpclusterutil -deleteSvc nbkms
KMS configuration
Configuration of KMS is done by creating the key database, key groups, and key records. Then NetBackup is configured to work with KMS. Use the following steps to configure and initialize KMS. 1 2 3 Create the key database, the host master key (HMK), and the key protection key (KPK). Create a key group that matches the volume pool. Create an active key record.
Creating the key database

Use the following procedure to create an empty key database. A key database is created by invoking the service name with the -createemptydb option. This process checks and ensures that an existing key database does not already exist, and then proceeds with the creation. Two protection keys need to be created when the KMS is initialized. They are the Host Master Key (HMK) and the Key Protection Key (KPK). As with all KMS key creation activities, the user is presented with two options for creating these keys:

Key generated by passphrases Randomly generated passphrases
You are prompted to provide a logical ID to be associated with each key. At the end of this operation, the key database and protection keys are established. On a windows system they can be found at: \Program Files\Veritas\kms\db\KMS_DATA.dat \Program Files\Veritas\kms\key\KMS_HMKF.dat \Program Files\Veritas\kms\key\KMS_HKPKF.dat On a UNIX system they can be found at:
New data at rest key management KMS configuration
157
/opt/openv/kms/db/KMS_DATA.dat /opt/openv/kms/key/KMS_HMKF.dat /opt/openv/kms/key/KMS_HKPKF.dat Note: On Windows the following nbkms command is run from the C:\Program Files\Veritas\NetBackkup\bin directory. 1 Enter nbkms -createemptydb. felix (root) [4]: nbkms -createemptydb Enter the Host Master Key (HMK) passphrase (or hit ENTER to use a randomly generated HMK). The passphrase will not be displayed on the screen. Enter passphrase. Re-enter passphrase. An ID will be associated with the Host Master Key (HMK) just created. The ID will assist you in determining the HMK associated with any key store. Enter HMK ID: 34. Enter the Key Protection Key (KPK) passphrase (or hit ENTER to use a randomly generated KPK). The passphrase will not be displayed on the screen. Enter passphrase. Re-enter passphrase. An ID will be associated with the Key Protection Key (KPK) just created. The ID will assist you in determining the KPK associated with any key store. Enter KPK ID: 10.
2 3
5 6
Creating key groups and key records

A key group is a logical collection of key records where no more than one record is in the active state. A key group definition consists of:
Name Given to a key group. Should be unique within the key store. Renaming of the key group is supported if the new name is unique within the key store. Tag Unique key group identifier (not mutable). Cipher
Supported cipher. All keys belonging to this key group are created with this cipher in mind (not mutable).
Description Any description (mutable). Creation Time Time of creation of this key group (not mutable). Last Modification Time Time of last modification to any of the mutable attributes (not mutable).
Creating key groups

The first step for setting up encryption is to create a key group. In this example the key group ENCR_mygroup is created. 1 To create a key group named ENCR_mygroup, run the command nbkmsutil -createkg -kgname ENCR_mygroup.
Note: For this 6.5.2 version of KMS, it is important that the group name you create (i.e., mygroup), is prefixed with ENCR_.
About key records

The next step is to create an active key record. The key record can either be created in the prelive state and then transferred to the active state, or it can be created directly in the active state. A key record consists of the following critical pieces of information:
Name Name given to a Key, should be unique within a KG. Renaming of Key is supported if the new name is unique with in the KG. Key Tag Unique Key identifier (not mutable). Key Group Tag Unique KG identifier, to which this Key belongs (not mutable). State Key's current state (mutable). Encryption Key Key, used to encrypt/decrypt the backup/restore data (not mutable). Description
159
Any description (mutable).
Creation Time Time of creation of this Key (not mutable). Last Modification Time Time of last modification to any of the mutable attributes (not mutable). Prelive - Record has been created, but has not been used Active - Record and key can be used for encryption and decryption Inactive - Record and key cannot be used for encryption, but can be used for decryption Deprecated - Record can not be used for encryption or decryption Terminated - Record can be deleted
The following key record states are available:

Key record states

Key record states include the prelive, active, inactive, deprecated, and terminated. Key record states adhere to a key record life cycle. Once a key has entered the active state (that is setup to be used for encryption), the key must progress in proper order through the lifestyle, by passing from one state to its adjacent state. It is not possible for a key to bypass any of the states. Between the active and terminated states, the record can move one state at a time in either direction. Outside of this state range, the transitions are one directional. Deleted key records cannot be recovered (unless they were created using a passphrase), and active keys can not be moved back to prelive state. Note: Keys can be created in either the prelive state or the active state. Active key records are available for both backup and restore operations. An inactive key is only available for restore operations. Deprecated keys are not available for use. If your key record is in the deprecated state and you attempt to do a backup or restore with that key record, it will fail. A key record that is in the terminated state can be removed from the system.
Create Key Record
PRELIVE
Deleted Key Record
ACTIVE
TERMINATED
INACTIVE
DEPRECATED
Key record state considerations

The considerations below can be followed when working with key record states.
Key record state transitions are well defined and you must go through the whole path of states to delete a key record. Setting a key record to active bumps any existing active key record to the inactive state for that group. There can only be one active record in a group. The deprecated state is useful for saving a key while restricting its use. If as an administrator you think that a key has been compromised and you want to manually put a hold on anyone using that key without that key being deleted from the system. You would set the key record to the deprecated state and someone attempting to do a backup or restore with this deprecated key would get an error. The key record deletion involves two steps helping to reduce the possibility of accidentally deleting a key. You must first set deprecated keys to terminated and then you can delete the key record. Only terminated key records can be deleted (other than the keys which are in the prelive state). You can use the prelive state to create a key record before use.
161
Prelive state
A key record created in the prelive state can be made active or deleted. The prelive state could be used in the following way:
The KMS administrator wants to test the creation of a key record without impacting the system. If created correctly the record can then be activated. If not created correctly the record can be deleted. The KMS admin wants to create a key record, but then only activate it at some time in the future. The reasons for this may include delay setting the record active until the KMS key store has been backed up (or the passphrase has been recorded). Or delay setting the record active until some future time. Key records in the prelive state can be made active or deleted from the system.
Active state
Active key records could be used to encrypt and decrypt data. If necessary, the active key record could be made inactive. The active state is one of the three most important data management states. The inactive and deprecated states are the other two important data management states. Key records can be created directly in the active state bypassing the prelive state. Key records in the active state can either stay active or be made inactive. Active records cannot go back to the prelive state.
Inactive state
Inactive key records could be used to decrypt data. If necessary, the inactive key record could be made active again or moved to the deprecated state. The inactive state is one of the three most important data management states. The active and deprecated states are the other two important data management states. Key records in the inactive state can either stay inactive, be made active, or be made deprecated.
Deprecated state
Deprecated key records cannot be used to encrypt or decrypt data. If necessary, key records in the deprecated state could be made inactive or terminated. The deprecated state is one of the three most important data management states. The active and inactive states are the other two important data management states.The deprecated state could be used in the following ways:
The use of a key needs to be tracked or regulated. Any attempt to use a deprecated key will fail, until its state is changed to the appropriate state.
A key should not be needed any longer, but just to be safe is not set to the terminated state. Key records in the deprecated state can either stay deprecated, be made inactive, or terminated.
Terminated state
The terminated state adds a second step or safety step for deleting a deprecated state key record. A terminated key record could be moved to the deprecated state and ultimately made active again as needed. A terminated key record can also be deleted from the KMS. Caution: Before deleting a key, make sure that no valid image exists which was encrypted with this key Key records in the terminated state can either stay terminated, be made deprecated, or physically deleted.
KMS best practices

The following section addresses suggested best practices for backing up the KMS, recovering the KMS, regenerating the KMS, and the problems and solutions related to backing up the KMS data files.
Backing up the KMS database files

Backing up the KMS database involves backing up the KMS files. The KMS utility has an option for quiescing the database files or temporarily preventing anyone from modifying the data files. It is important to run the quiesce option if you plan to copy the KMS_DATA.dat, KMS_HMKF.dat, and KMS_KPKF.dat files to another location for backing up purposes. During quiesce write access is removed from these files and read access is only allowed. You run the nbkmsutil -quiescedb. It returns with a quiesce successful statement and an indication of the number of outstanding calls. The outstanding calls number is more of a count. A count is placed on the file for the number of outstanding requests on this file. After quiesce you can then backup the files by copying them to another directory location.
fel (root) [338]: nbkmsutil -quiescedb Key Store quiesce is successful Outstanding quiesce calls: 1
163
You can then unquiesce the KMS database files using the KMS utility option for unquiesce. You run the nbkmsutil -unquiescedb. Once the outstanding quiesce calls count goes to zero, the KMS is now capable of running commands that could modify the KMS_DATA.dat, KMS_HMKF.dat, and KMS_KPKF.dat files. Write access is once again returned to these files.
felix (root) [341]: nbkmsutil -unquiescedb Key Store unquiesce is successful Outstanding quiesce calls: 0 felix (root) [342]:
Recovering KMS by restoring all data files

If you have made backup copies of the KMS_DATA.dat, KMS_HMKF.dat, and KMS_KPKF.dat files, it is just a matter of restoring these three files. Then startup the nbkms service and the KMS system will be up and running again.
Recovering KMS by restoring only the KMS data file

You can restore the backed up copy of the KMS data file kms/db/KMS_DATA.dat by regenerating the KMS_HMKF.dat and KMS_KPKF.dat files with passphrases. So, if you have written down passphrases for the host master key and key protection key, you can run a command to regenerate those files. The system will prompt you for the passphrase and if the passphrase you now enter matches the passphrase originally entered, you will be able to reset the files. The process is as follows: 1 2 3 Run the nbkms resetkpk command. Run the nbkms resethmk command. Startup the nbkms service.
Recovering KMS by regenerating the data encryption key

You can regenerate the complete KMS database by regenerating the data encryption keys. The goal is to create a brand new empty KMS database and then repopulate it with all your individual key records.
You can recover the KMS by regenerating the data encryption key as follows: 1 Create an empty KMS database using the command nbkms -createemptydb. In this particular case you do not have to use the same host master key HMK and key protection key KPK. You could choose new keys.
fel (root) [4]: nbkms -createemptydb Enter the Host Master Key (HMK) passphrase (or hit ENTER to use a randomly generated HMK). The passphrase will not be displayed on the screen. Enter passphrase : Re-enter passphrase : An ID will be associated with the Host Master Key (HMK) just created. The ID will assist you in determining the HMK associated with any key store. Enter HMK ID : 34 Enter the Key Protection Key (KPK) passphrase (or hit ENTER to use a randomly generated KPK). The passphrase will not be displayed on the screen. Enter passphrase : Re-enter passphrase : An ID will be associated with the Key Protection Key (KPK) just created. The ID will assist you in determining the KPK associated with any key store. Enter KPK ID : 10 fel (root) [5]: nbkms fel (root) [6]: ps -ef | grep nbkms root 11917 11873 0 13:08:09 pts/18 0:00 grep nbkms root 11915 1 0 13:08:02 ? 0:00 nbkms
Use the recover key option and specify the key name, key group, and tag. In this case the key name is Q1_2008_key. The group is ENCR_mygoup and the tag is that long string of digits. It is highly suggested that you keep an electronic copy of all the key groups by running the list keys option. If needed you can cut and paste the tag names as needed. Otherwise you will have to enter the tag information manually. Enter the passphrase that is an exact match with the original passphrase you previously wrote down and saved.
fel (root) [368]: nbkmsutil -recoverkey -keyname Q1_2008_key -kgname ENCR_mygroup -tag d5a2a3df1a32eb61aff9e269ec777b5b9092839c6a75fa17bc2565f725aafe90 Enter a passphrase: Re-enter the passphrase: Key recovery is successful fel (root) [369]:
Note: If the tag you enter already exists in the KMS database, then you will not be able to recreate the key.
165
The recovery key option places the key record in the inactive state. When you run the recover key option, the key record is brought into the KMS database in the inactive state. If this is the key that you want to use for backups, then use the command nbkmsutil modifykey to set the required state to active. If this is a key record that is to be deprecated then use the command nbkmsutil modifykey to move the key record to the deprecated state.
Problems backing up the KMS data files

There can be problems backing up the KMS data files with the normal NetBackup tapes or with the catalog backup. Caution: The KMS data files are not included in the NetBackup catalog backups. If the KPK, HMK, and key files were included in a catalog backup, and the catalog backup tape is lost, the key store is compromised because the tape contains everything needed to gain access to the keys. Significant problems can exist if both the catalog backup and data tapes are lost together say on the same transport truck. If both tapes are lost together then that situation would not be any better than not ever encrypting the tape in the first place. Encrypting the catalog is not a good solution either. If the KPK, HMK, and key file were included in a catalog backup, and the catalog backup itself is encrypted, you have done the equivalent of locking the keys in the car. To protect from this problem is why KMS has been established as a separate service for NetBackup and why the KMS files are in a separate directory from the NetBackup directories. However, there are solutions for backing up the KMS data files.
Solutions for backing up the KMS data files

The best solution for backing up KMS data files is to do so outside of the normal NetBackup process, or rely on passphrase generated encryption keys to manually rebuild KMS. All of the keys can be generated by passphrases. So if you have recorded all of the passphrases, then you can recreate the KMS manually from the information you have written down. Because the number of records are limited to 20, two groups with 10 records per group, the number of records that you would need to recover is 20. One way to back up KMS is to place the KMS information on a separate CD, DVD or USB drive.
Creating a key record

The following example shows how to create the key by using a passphrase and by bypassing the prelive state and creating an active key. Note: If an attempt is made to add a key to a group that already has an active key, the existing key is automatically moved to the inactive state. 1 To create a key record enter the command nbkmsutil -createkey -usepphrase -kgname ENCR_mygroup -keyname my_latest_key -activate -desc "key for Jan, Feb, March data" Enter a passphrase: New key creation is successful
Listing keys
Use this procedure to list the keys that you created in a particular key group. 1 To list the keys in a key group enter the command nbkmsutil -listkeys -kgname ENCR_mygroup. The nbkmsutil outputs the list in the verbose format by default. Following is a non-verbose listing output. KGR ENCR_mygroup AES_256 1 Yes 134220503860000000 134220503860000000 KR my_latest_key Active 134220507320000000 134220507320000000 key for Jan, Feb, March data Number of keys: 1
Configuring NetBackup to work with KMS

Configuring Netbackup to work with KMS involves:

NetBackup getting key records from KMS Setting up NetBackup to use encryption
How does NetBackup get key records from KMS

The first step is to get a NetBackup supported encryption capable tape drive and the required tape media. The second step is to configure NetBackup like normal, except the encryption capable media must be placed in a volume pool with the identical name as the key group previously created (ENCR_mygroup).
167
Note: The 6.5.2 Key Management feature requires the key group name and NetBackup volume pool name match identically and both be prefixed with ENCR_. This method of configuration enabled encryption support to be made available in 6.5.2 without requiring major changes to the NetBackup system management infrastructure.
Setting up Netbackup to use encryption

The following example shows two NetBackup volume pools created for encryption (with the ENCR_ prefix)
The following figure shows a NetBackup Policy configured to use the Volume and KEY GROUP named ENCR_testpool.
If configured and operating correctly backups should proceed as normal. If a NetBackup image has been encrypted the key tag will be recorded and associated with the image. This information can seen through the GUI Reports, or can be seen in the output of the bpimmedia and bpimagelist commands. The following figure shows images on Tape report showing the linking between encryption and a backup images being encrypted.
New data at rest key management Using KMS
169
Using KMS
You can use KMS to run an encrypted tape backup, verify an encrypted tape backups, and manage keys. The following sections provide examples for each of these scenarios.
Run an encrypted tape backup

The policy is configured to draw from ENCR_pool1. In this particular case there is a volume pool ENCR_pool1 configured for policy as shown in the figure below.
170 New data at rest key management Using KMS
Verify an encryption backup

It is important to verify that an encrypted backup has taken place. When the backup is run, and the images on media are viewed, the encryption key tag that is registered with the record is now recorded. This is your indication that what actually got written to tape is encrypted. The encryption key tag uniquely identifies which key was used to encrypt the data. You can run a report and read down the policy column to determine whether everything on a particular tape was encrypted.
New data at rest key management Using KMS
171
KMS DB constituents
The KMS DB consists of three files:
The key store file (KMS_DATA.dat) contains all the key group and key records along with some metadata. The KPK file (KMS_KPKF.dat) contains the KPK that is used to encrypt the ciphertext portions of the key records that are stored in the key store file. The HMK file (KMS_HMKF.dat) contains the HMK that is used to encrypt the entire contents of the key store file (exception - the key store file header contains some metadata like the KPK ID and HMK ID that is not encrypted).
Create an empty KMS DB

An empty KMS DB can be created by executing the command nbkms -createemptydb. This command prompts for the following information:

HMK passphrase - leave empty for a random HMK HMK ID KPK passphrase - leave empty for a random KPK KPK ID
The KMS DB backup and disaster recovery procedures will vary for random and passphrase generated KPK and HMK as described below.
172 New data at rest key management Using KMS
Use this disaster recovery procedure when the HMK and KPK were generated randomly as follows: 1 2 Restore the key store file from a backup. Execute the command nbkms -info to find out the KPK ID and HMK ID of the KPK and HMK needed to decrypt this key store file. The output should also inform you that the HMK and KPK for this key store file were generated randomly. Restore the HMK file corresponding to the HMK ID from a secure backup. Restore the KPK file corresponding to the KPK ID from a secure backup.
3 4
Importance of the KPK ID and HMK ID

To decipher the contents of a key store file, it is essential to identify the right KPK and HMK that will do the job. The KPK ID and HMK ID enable you to make this identification. Since these IDs are stored unencrypted in the key store file header, they can be determined even if you only have access to the key store file. It is important to choose unique IDs and remember the association of IDs to passphrases and files to be able to perform a disaster recovery.
Periodically updating the HMK and KPK

The HMK and KPK can be updated periodically using the modifyhmk and modifykpk options of the KMS CLI. These operations prompt you for a new passphrase and ID and then update the KPK/HMK. You can choose either random or passphrase based KPK/HKM at each such invocation. Note: It is a best practice to use the -usepphrase option when modifying the HMK and KPK so that you are required to use a known passphrase for future recovery. With the -nopphrase option, KMS generates a random passphrase that is unknown and eliminates the possibility of future recovery if needed.
Backing up the KMS key store and admin keys

Important KMS data files can be backed up by making copies of the key database KMS_DATA.dat, the Host Master Key KMS_HMKF.dat, and the Key Protection Key KMS_HKPKF.dat. On Windows these files are located here: \Program Files\Veritas\kms\db\KMS_DATA.dat \Program Files\Veritas\kms\key\KMS_HMKF.dat \Program Files\Veritas\kms\key\KMS_KPKF.dat
New data at rest key management CLI commands
173
On UNIX these files are at this location: /opt/openv/kms/db/KMS_DATA.dat /opt/openv/kms/key/KMS_HMKF.dat /opt/openv/kms/key/KMS_KPKF.dat
CLI commands

CLI usage help Create new key group Create new key Modify key group attributes Modify key attributes Get details of key groups Get details of keys Delete a key group Delete a key Recover a key Modify host master key (HMK) Get host master key (HMK) ID Modify key protection key (KPK) Get KPK ID Get key store statistics Quiesce KMS DB Unquiesce KMS DB
CLI usage help

To get CLI usage help use the NetBackup key management service utility command with the included arguments. Use "#nbkmsutil -help -<option>" for help on an individual option. # nbkmsutil -help nbkmsutil [ -createkg ] [ -createkey ] [ -modifykg ] [ -modifykey ] [ -listkgs ] [ -listkeys ] [ -deletekg ] [ -deletekey ] [ -modifyhmk ] [ -modifykpk ]
174 New data at rest key management CLI commands
[ -gethmkid ] [ -getkpkid ] [ -quiescedb ] [ -unquiescedb ] [ -recoverkey] [ -ksstats ] [ -help ]
Create a new key group

To create a new key group use the NetBackup key management service utility command with the included arguments. # nbkmsutil -help -createkg nbkmsutil -createkg -kgname <key_group_name> [ -cipher <type> ] [ -desc <description> ] Note: The default Cipher is AES_256. -kgname: Name of the new key group (it has to be unique with in the key store) -cipher: Type of cipher to be supported by this key group.
Create a new key

To create a new key use the NetBackup key management service utility command with the included arguments. # nbkmsutil -help -createkey nbkmsutil -createkey [ -nopphrase ] -keyname <key_name> -kgname <key_group_name> [ -activate ] [ -desc <description> ] Note: The default key state is prelive. -nopphrase: Create key without using a passphrase. If this option is not specified, user will be prompted for a passphrase -keyname: Name of the new key (it should be unique within the key group to which it belongs) -kgname: Name of an existing key group to which the new key should be added
175
-activate: Sets key state to active (default key state is prelive)
Modify key group attributes

To modify key group attributes use the NetBackup key management service utility command with the included arguments. # nbkmsutil -help -modifykg # nbkmsutil -modifykg -kgname <key_group_name> [ -name <new_name_for_the_key_group> ] [ -desc <new_description> ] -kgname: Name of the key group, whose attributes needs to be modified -name: New name of the key group (should be unique with in the key store)
Modify key attributes

To modify key attributes use the NetBackup key management service utility command with the included arguments. # nbkmsutil -help -modifykey nbkmsutil -modifykey -keyname <key_name> -kgname <key_group_name> [ -state <new_state> | -activate ] [ -name <new_name_for_the_key> ] [ -desc <new_description> ] Note: -state and -activate are mutually exclusive -keyname: Name of the key to be modified -kgname: Name of the key group to which this key belongs -name: New name of the key (it should be unique with in the key group) -state: New state of the key (see valid key state transition order) -activate: Sets key state to active
Get details of key groups

To get details of key groups use the NetBackup key management service utility command with the included arguments. #nbkmsutil -help -listkgs nbkmsutil -listkgs [ -kgname <key_group_name> |
-cipher <type> | -emptykgs | -noactive ] [ -noverbose ] Note: By default all the key groups would be listed. If no option is specified, details of all the key groups are returned. -kgname: Name of a key group, whose details we want to see -cipher: Gets the details of all the key groups which supports specific cipher type -emptykgs: Gets the details of all the key groups with zero keys in it -noactive: Gets the details of all the key groups in which there is no active key -noverbose: Prints the details in formatted form (non-readable) format. The default is verbose. The output is displayed in a human readable form.
Get details of keys

To get details of keys use the NetBackup key management service utility command with the included arguments. #nbkmsutil -help -listkeys nbkmsutil -listkeys -kgname <key_group_name> [ -keyname <key_name> | -activekey ] [ -noverbose ] -kgname: Details of all the keys belonging to a key group are returned -keyname: Gets the details of specific key which belongs to a specific key group -activekey: Gets the details of a Specific key group's active key -noverbose: Prints the details in formatted form (non-readable) format. The default is verbose. The output is displayed in a human readable form.
Delete a key group

To delete a key group use the NetBackup key management service utility command with the included arguments. #nbkmsutil -help -deletekg nbkmsutil -deletekg -kgname <key_group_name> Note: Only empty key groups can be deleted
177
-kgname: Name of the key group to be deleted. Only empty key groups can be deleted.
Delete a key
To delete a key use the NetBackup key management service utility command with the included arguments. #nbkmsutil -help -deletekey nbkmsutil -deletekey -keyname <key_name> -kgname <key_group_name> Note: Keys, which are in prelive, or terminated state can be deleted. -keyname: Name of the key to be deleted (to delete, key state has to be in one of prelive, or terminated) -kgname: Name of the key group to which this key belongs
Recover a key
To recover a key use the NetBackup key management service utility command with the included arguments. #nbkmsutil -help -recoverkey nbkmsutil -recoverkey -keyname <key_name> -kgname <key_group_name> -tag <key_tag> [ -desc <description> ] Note: The key state would be set to inactive. Restore could fail if a key used in encrypting the backup data is lost (and no copy of it is available). Such keys can be recovered (re-created) with the knowledge of the original key's attributes (tag, and passphrase) -keyname: Name of the key to be recovered (re-created) -kgname: Name of the key group to which this key should belong -tag: Tag identifying the original key (we need to use the same tag) Note: The user is prompted to enter the correct passphrase to get the right key (the system does not verify the validity of entered passphrases).
Modify host master key (HMK)

To modify the host master key use the NetBackup key management service utility command with the included arguments. The HMK is used to encrypt the key store. To modify the current HMK, the user should provide an optional seed/passphrase, and an ID (HMK ID) which can remind them of the specified passphrase. Both the passphrase and HMK ID are read interactively. # nbkmsutil -help -modifyhmk nbkmsutil -modifyhmk [ -nopphrase ]
Get HMK ID
To get the HMK ID use the NetBackup key management service utility command with the included arguments. The HMK ID is then returned. #nbkmsutil -help -gethmkid nbkmsutil -gethmkid
Modify key protection key (KPK)

To modify the key protection key use the NetBackup key management service utility command with the included arguments. KPK is used to encrypt KMS keys. Currently KPK is per key store, to modify the current KPK, user should provide an optional seed/passphrase, and an ID (KPK ID) which can remind us the specified passphrase. Both passphrase and KPK ID are read interactively. # nbkmsutil -help -modifykpk nbkmsutil -modifykpk [ -nopphrase ]
Get KPK ID
To get the KPK ID use the NetBackup key management service utility command with the included arguments. The command returns the current KPK ID #nbkmsutil -help -getkpkid nbkmsutil -getkpkid
Get key store statistics

To get the key store statistics use the NetBackup key management service utility command with the included arguments. This command returns the following key store statistics:
179
Total number of key groups Total number of keys Outstanding quiesce calls
#nbkmsutil -help -ksstats nbkmsutil -ksstats [ -noverbose ]
Quiesce KMS DB
To quiesce the KMS database use the NetBackup key management service utility command with the included arguments. This command sends the quiesce request to KMS. If the command succeeds, the current outstanding quiesce count is returned as multiple backup jobs might quiesce the KMS database. #nbkmsutil -help -quiescedb nbkmsutil -quiescedb
Unquiesce KMS DB
To unquiesce the KMS database use the NetBackup key management service utility command with the included arguments. This command sends an unquiesce request to KMS. If the command succeeds, the current outstanding quiesce count is returned. A count of zero (0) means that the KMS database is completely unquiesced. #nbkmsutil -help -unquiescedb #nbkmsutil -unquiescedb
Key creation options

Any use of the NetBackup KMS feature should include creating a backup of the kms/db and kms/key directories. The protection keys and the key database exist in two separate subdirectories to facilitate splitting these when creating a backup copy. Note: Due to the small size of these files, the fact that they likely change infrequently, and that they must not be included on any NetBackup tape that itself is encrypted, it is recommend that they files be manually copied to form of backup media.
180 New data at rest key management Troubleshooting KMS
Note: The recommended approach for creating keys with this 6.5.2 version of KMS is to always create keys from passphases. This includes both the protection keys (Host Master Key and Key Protection Key), and the data encryption keys associated with the key records). It is recommend the passphrases used to create the keys are recorded and stored for recovery purposes. While allowing the KMS system to randomly generate the encryption keys provides a stronger solution, this usage cannot recover from the loss or corruption of all copies of the key store and protection keys, and therefore is not encouraged.
Troubleshooting KMS
You can troubleshoot KMS as follows: 1 2 Determine what error code and description are encountered. It is recommended that you capture this information. Check to determine if KMS is running and that the KMS data files exist. kms/db/KMS_DATA.dat kms/key/KMS_HMKF.dat kms/key/KMS_KPKF.dat If the files do not exist, then KMS has not been configured, or the configuration has been removed. Find out what happened to the files if they do not exist. If KMS has not been configured, the nbkms service will not be running. If KMS is not running or is not configured, it will not impact NetBackup operation. If you have previously used the ENCR_ prefix for a volume pool name, this must be changed as ENCR_ now has special meaning to NetBackup. Get the KMS configuration information: Get a key group listing by running the command nbkmsutil listkgs. Get a listing of all keys for a key group by running the command nbkmsutil listkeys kgname <key_group_name>. Get operational log information such as KMS logs by way of VxUL OID 286 and BPTM logs. Evaluate the log information. The KMS errors (Table 5-2) are handed back to BPTM. Evaluate the KMS errors recorded in the KMS log
4 5 6
New data at rest key management Troubleshooting KMS
181
Solution for backups are not encrypting

If tape backups are not being encrypted, consider the following solutions:
Verify that a backup is not being encrypted by checking that the encryption key tag field is not set in the image record. Verify that the key group and volume pool names are an exact match. Verify that there is a key record in the key group with an active state. Verify that everything related to traditional media management is configured properly. Is the NetBackukp policy drawing a tape from the correct volume pool. Does the encryption capable tape drive have encryption capable media available. For example is LTO4 media installed in the LTO4 tape drive?
Other non-KMS configuration options to look at include:
Solution for restores are not decrypting

If the encrypted tape restores are not decrypting, consider the following solutions:
Verify that the original backup image was encrypted to begin with by viewing the encryption key tag field in the image record. Verify that the key record with the same encryption key tag field is in a record state that supports restores (that is active or inactive states). If the key record is not in the correct state change the key back to the inactive state. Verify that the drive and media actually support encryption. Is the encrypted media being read in an encryption capable tape drive?
Other non-KMS configuration solution options to consider:

Troubleshooting example - backup with no active key record

Attempting a backup when there is no active key record. Below is a listing of key records. There are three of them for the key group named ENCR_mygroup and with the same volume pool name. Notice that in the listing there is one key group Q2_2008_key that is active. At the bottom of the screen that key state was changed to inactive.
fel (root) [385]: nbkmsutil -listkeys -kgname ENCR_mygroup Key Group Name : ENCR_mygroup Supported Cipher : AES_256 Number of Keys : 3 Has Active Key : Yes Creation Time : Sat Mar 15 10:45:55 2008 Last Modification Time: Sat Mar 15 10:45:55 2008 Description : Key Tag : cf7ac430d8795a9b39e703821371ed10be6ec80eab72d89aef6f8a791fc2460d Key Name : Q2_2008_key Current State : Active Creation Time : Sat Mar 15 11:02:46 2008 Last Modification Time: Sat Mar 15 11:02:46 2008 Description : key for Apr, May, & Jun Key Tag : d5a2a3df1a32eb61aff9e269ec777b5b9092839c6a75fa17bc2565f725aafe90 Key Name : Q1_2008_key Current State : Inactive Creation Time : Sat Mar 15 10:46:51 2008 Last Modification Time: Sat Mar 15 10:46:51 2008 Description : Key for Jan, Feb, & March Key Tag : d5a2a3df1a32eb61aff9e269ec777b5b9092839c6a75fa17bc2565f725aafe91 Key Name : test Current State : Inactive Creation Time : Sat Mar 15 13:12:25 2008 Last Modification Time: Sat Mar 15 13:12:25 2008 Description : Number of Keys: 3 fel (root) [383]: nbkmsutil -modifykey -keyname Q2_2008_key -kgname ENCR_mygroup -state Inactive Key details are updated successfully
When the listing is produced again you can see that the Q2_2008_key state is now listed as inactive.
fel (root) [384]: nbkmsutil -listkeys -kgname ENCR_mygroup Key Group Name : ENCR_mygroup Supported Cipher : AES_256 Number of Keys : 3 Has Active Key : No Creation Time : Sat Mar 15 10:45:55 2008 Last Modification Time: Sat Mar 15 10:45:55 2008 Description : Key Tag : d5a2a3df1a32eb61aff9e269ec777b5b9092839c6a75fa17bc2565f725aafe90 Key Name : Q1_2008_key Current State : Inactive Creation Time : Sat Mar 15 10:46:51 2008 Last Modification Time: Sat Mar 15 10:46:51 2008 Description : Key for Jan, Feb, & March Key Tag : d5a2a3df1a32eb61aff9e269ec777b5b9092839c6a75fa17bc2565f725aafe91 Key Name : test Current State : Inactive Creation Time : Sat Mar 15 13:12:25 2008 Last Modification Time: Sat Mar 15 13:12:25 2008 Description : Key Tag : cf7ac430d8795a9b39e703821371ed10be6ec80eab72d89aef6f8a791fc2460d Key Name : Q2_2008_key Current State : Inactive Creation Time : Sat Mar 15 11:02:46 2008 Last Modification Time: Mon Mar 17 13:53:33 2008 Description : key for Apr, May, & Jun Number of Keys: 3
With no active key, what happens to the backup? Here is the BPTM log output. It is actually going to log the message within the 1227 error code in the BPTM log.
183
14:29:16.381 [19978] <2> manage_drive_attributes: MediaPool [ENCR_mygroup], MediaLabel [MEDIA=JRO111;] 14:29:16.384 [19978] <2> manage_drive_attributes: encryption status: nexus scope 0, key scope 0 14:29:16.384 [19978] <2> manage_drive_attributes: encryp mode 0x0, decryp mode 0x0, algorithm index 0, key instance 0 14:29:16.384 [19978] <2> KMSCLIB::kmsGetKeyAndKad: Entering function....(KMSClib.cpp:583) 14:29:16.384 [19978] <2> KMSCLIB::GetQueryableFacetInstance: Entering function....(KMSClib.cpp:207) 14:29:16.384 [19978] <2> KMSCLIB::InitOrb: Entering function....(KMSClib.cpp:158) 14:29:16.385 [19978] <2> Orb::init: Created anon service name: NB_19978_1536015948517350(Orb.cpp:600) 14:29:16.385 [19978] <2> Orb::init: endpointvalue is : pbxiop://1556:NB_19978_1536015948517350(Orb.cpp:618) 14:29:16.385 [19978] <2> Orb::init: initializing ORB kmslib with: kmslib -ORBSvcConfDirective "ORBDottedDecimalAddresses 0" -ORBSvcConfDirective "static PBXIOP_Factory ''" -ORBSvcConfDirective "static EndpointSelectorFactory ''" -ORBSvcConfDirective "static Resource_Factory '-ORBProtocolFactory PBXIOP_Factory'" ORBSvcConfDirective "static Resource_Factory '-ORBProtocolFactory IIOP_Factory'" -ORBSvcConfDirective "static PBXIOP_Evaluator_Factory '-orb kmslib'" -ORBSvcConfDirective "static Resource_Factory '-ORBConnectionCacheMax 1024 '" -ORBEndpoint pbxiop://1556:NB_19978_1536015948517350 -ORBSvcConf /dev/null -ORBSvcConfDirective "static Server_Strategy_Factory '-ORBMaxRecvGIOPPayloadSize 268435456'"(Orb.cpp:725) 14:29:16.406 [19978] <2> vnet_cached_gethostbyname: vnet_hosts.c.307: found host in cache: felix.min.veritas.com 14:29:16.406 [19978] <2> vnet_cached_gethostbyaddr_rnl: vnet_hosts.c.506: found IP in cache: 127.0.0.1 14:29:16.460 [19978] <2> db_error_add_to_file: dberrorq.c:midnite = 1205730000 14:29:16.461 [19978] <16> get_encryption_key: NBKMS failed with error status: Key group does not have an active key (1227) 14:29:16.462 [19978] <2> send_MDS_msg: MEDIADB 1 42 JRO111 4000007 *NULL* 6 1205781805 1205782033 1206991633 0 64 2 2 1 4 0 8193 1024 0 8 0
What does this error look like in the activity monitor? There is a status code 83 media open error message returned.
In the detailed status you will get the message stating that NBKMS failed with error status key group does not have and active key (1227). With the
information in the previous screens it should be easy to diagnose what it the particular problem or to identify what a given problem is related to.
Troubleshooting example - restore with an improper key record state

Attempting a backup when the key record has a deprecated key record state. The record you need is set to deprecated. This following shows the listing. The same command is used to change the state from inactive to deprecated.
fel (root) [426]: !385 nbkmsutil -listkeys -kgname ENCR_mygroup Key Group Name : ENCR_mygroup Supported Cipher : AES_256 Number of Keys : 3 Has Active Key : No Creation Time : Sat Mar 15 10:45:55 2008 Last Modification Time: Sat Mar 15 10:45:55 2008 Description : Key Tag : d5a2a3df1a32eb61aff9e269ec777b5b9092839c6a75fa17bc2565f725aafe90 Key Name : Q1_2008_key Current State : Inactive Creation Time : Sat Mar 15 10:46:51 2008 Last Modification Time: Sat Mar 15 10:46:51 2008 Description : Key for Jan, Feb, & March Key Tag : d5a2a3df1a32eb61aff9e269ec777b5b9092839c6a75fa17bc2565f725aafe91 Key Name : test Current State : Inactive Creation Time : Sat Mar 15 13:12:25 2008 Last Modification Time: Sat Mar 15 13:12:25 2008 Description : Key Tag : cf7ac430d8795a9b39e703821371ed10be6ec80eab72d89aef6f8a791fc2460d Key Name : Q2_2008_key Current State : Deprecated Creation Time : Sat Mar 15 11:02:46 2008 Last Modification Time: Mon Mar 17 14:52:59 2008 Description : key for Apr, May, & Jun Number of Keys: 3
185
The following BPTM log output shows the 1242 error returned.
14:53:48.782 [21109] <2> io_read_back_header: drive index 0, reading backup header 14:53:48.791 [21109] <2> io_position_for_read: successfully positioned JRO111 to file number 3 14:53:48.796 [21109] <2> io_position_for_read: next block encryption status: LON 0x0000000000000009, algorithm index 1, encryption status 0x6 14:53:48.796 [21109] <2> io_position_for_read: Kad type 0x0, kad length 32 Kad [cf7ac430d8795a9b39e703821371ed10be6ec80eab72d89aef6f8a791fc2460d] 14:53:48.796 [21109] <2> KMSCLIB::kmsGetKeyAndKadByKeyTag: Entering function....(KMSClib.cpp:655) 14:53:48.796 [21109] <2> KMSCLIB::GetQueryableFacetInstance: Entering function....(KMSClib.cpp:207) 14:53:48.796 [21109] <2> KMSCLIB::InitOrb: Entering function....(KMSClib.cpp:158) 14:53:48.797 [21109] <2> Orb::init: Created anon service name: NB_21109_1537488329610200(Orb.cpp:600) 14:53:48.798 [21109] <2> Orb::init: endpointvalue is : pbxiop://1556:NB_21109_1537488329610200(Orb.cpp:618) 14:53:48.798 [21109] <2> Orb::init: initializing ORB kmslib with: kmslib -ORBSvcConfDirective "ORBDottedDecimalAddresses 0" -ORBSvcConfDirective "static PBXIOP_Factory ''" -ORBSvcConfDirective "static EndpointSelectorFactory ''" -ORBSvcConfDirective "static Resource_Factory '-ORBProtocolFactory PBXIOP_Factory'" ORBSvcConfDirective "static Resource_Factory '-ORBProtocolFactory IIOP_Factory'" -ORBSvcConfDirective "static PBXIOP_Evaluator_Factory '-orb kmslib'" -ORBSvcConfDirective "static Resource_Factory '-ORBConnectionCacheMax 1024 '" -ORBEndpoint pbxiop://1556:NB_21109_1537488329610200 -ORBSvcConf /dev/null -ORBSvcConfDirective "static Server_Strategy_Factory '-ORBMaxRecvGIOPPayloadSize 268435456'"(Orb.cpp:725) 14:53:48.818 [21109] <2> vnet_cached_gethostbyname: vnet_hosts.c.307: found host in cache: felix.min.veritas.com 14:53:48.818 [21109] <2> vnet_cached_gethostbyaddr_rnl: vnet_hosts.c.506: found IP in cache: 127.0.0.1 14:53:48.842 [21109] <2> db_error_add_to_file: dberrorq.c:midnite = 1205730000 14:53:48.844 [21109] <16> get_encryption_key: NBKMS failed with error status: Operation not allowed for key record in this state (1242)
The following activity monitor shows a status code 5 - restore failed to recover the requested files.
The following detailed status contains KMS error message 1242.
KMS error messages

Table 5-2 lists the KMS error messages. Table 5-2 Error message KMS errors Description
EC_KS_keygrp_notfound - 1229 - Key During a backup a key group with a matching Group was not found Volume Pool name was not found. EC_KS_no_active_key - 1227 - Key group does not have an active key EC_KS_keystate_disallow_op - 1242 Operation not allowed for key record in this state EC_KS_kad_notfound - 1261 - KAD did not match any key records During a backup an ACTIVE key record for the specified Key group does not exist. A Restore operation has requested access to a key that is not in the ACTIVE or INACTIVE state.
A record operation was looking for a Key Record with a specific Tag / KAD, and the record could not be found. Generally this is due to the Key Record having been deleted. BPTM and the tape drive have requested a Tag / KAD length combination that is not supported.
EC_KS_invalid_kad_len -1220 Invalid KAD length
Chapter
New database Administration tool for NetBackup relational databases

The NetBackup relational database and Bare Metal Restore database in NetBackup 6.0 and 6.5 used Sybase Adaptive Server Anywhere (ASA). (Also known as SQL Anywhere.) NetBackup 6.0 and 6.5 included command line utilities to administer the databases. NetBackup 6.5.2 contains a tool that makes it easier for administrators to perform database administration tasks. The Database Administration tool for NetBackup databases is a stand-alone, interactive, menu-driven tool available on both UNIX and Windows:

On UNIX, the tool has a menu-user interface, similar to the bpadm tool. On Windows, the tool has a graphical user interface. The tool is based on existing command lines.
The tool on both UNIX and Windows provides a way for the administrator to perform the following actions:
Select, start, and stop the NetBackup relational database (NBDB) or the Bare Metal Restore database (BMRDB) Report on the status, consistency, and high-level space utilization Report on database space in full and table level reports
188 New database Administration tool for NetBackup relational databases
Manage database space and memory cache

Full and table level defragmentation Index compression Add free space to the database Adjust the database server memory cache size Truncate the transaction log Toggle the transaction log mode between full and minimum
Manage the transaction log

Check for database consistency using standard and full database validation Rebuild the database Move the database
Create or stop using a mirrored transaction log
Unload the database Back up and restore the database Change the password Report on and change the database server settings
New database Administration tool for NetBackup relational databases Running the Database Administration tool on UNIX
189
Running the Database Administration tool on UNIX

The dbadm menu interface is available on UNIX platforms and is installed in the following location: /usr/openv/db/bin Upon starting the tool, the user must enter the DBA password. If the password is the default password that is used for NetBackup installation, the user is encouraged to change the password but is not required to do so. After the user logs in, the main screen for the NetBackup Database Administrator Interface displays the information as shown in Table 6-1: Table 6-1 Field
Selected database Status Consistency
Database information on main screen Description

NBDB or BMRDB UP or DOWN OK, NOT_OK, or DOWN This information can also be obtained running the following command: nbdb_admin -validate
Space Utilization
The Space Utilization is a measure of the amount of used space as a percentage of the file system space that is allocated for the database. When the NBDB or the BMRDB databases are initially created, extra space is allocated so that contiguous space is available as needed. As a result, a low Space Utilization is a positive indication unless the database is very large and disk space is in short supply.
190 New database Administration tool for NetBackup relational databases Running the Database Administration tool on UNIX
The Database Administration menu displays the following menu selections:

Database Administration ----------------------1) Select/Restart Database and Change Password 2) Database Space and Memory Management 3) Transaction Log Management 4) Database Validation Check and Rebuild 5) Move Database 6) Unload Database 7) Backup and Restore Database 8) Refresh Database Status h) Help q) Quit
Online Help is available from all screens by selecting the h option from the main menu. Option 2 from the Help Facility menu displays an index of all help available. Each of the help files shown in the index are also available from the associated menus. The Database Administration menu selections are described in the following sections.
Select/Restart Database and Change Password option

Select option 1 from the main menu to display the Select/Restart Database and Change Password menu. This menu contains the following options:
Select/Restart Database and Change Password ------------------------------------------1) NBDB 2) BMRDB 3) Start Selected Database 4) Stop Selected Database 5) *Change Password h) Help q) Quit WARNING: Starred option affects all databases. Database must be restarted for settings to take effect.
Use options 1 and 2 to select NBDB or BMRDB. Then view or modify the selected database using the other dbadm menu options. Use options 3 and 4 to start and stop the selected database. Use option 5 to change the password for the databases. The password is changed for both NBDB and BMRDB, if applicable. Restart the database for the password change to take effect.
191
Database Space and Memory Management option

Select option 2 from the main menu to perform the following functions:

To report on database space utilization To reorganize fragmented database objects To add free space to the database files To adjust the database server's memory cache settings
These actions are performed from the Database Space and Memory Management menu, as follows:
Database Space and Memory Management -----------------------------------1) Report on Database Space 2) Database Reorganize 3) Add Free Space 4) Adjust Memory Settings h) Help q) Quit
Report on Database Space option

Select option 1 from the Database Space and Memory Management menu to generate a report on space utilization for the currently selected database. The report contains the dbspaces and the physical pathnames of the relational database. For each dbspace, the report displays the name, the amount of free space in KBytes, the file size in KBytes, and the space utilization. The report also displays the transaction log file size and the amount of free space that remains on each of the file systems being used for the database.
Database Reorganize option

Select Option 2 from the Database Space and Memory Management menu to reorganize fragmented database tables and indexes. These actions are performed from the Database Reorganize menu as follows:
Database Reorganize ------------------1) Defragment All 2) Table Level Defragmentation 3) Index Compression h) Help q) Quit
Defragment All
Option 1 automatically determines the database tables and indexes that are fragmented. It then uses the Sybase ASA REORGANIZE command to defragment the tables and compress the indexes. The equivalent command is nbdb_admin -reorganize.
Table Level Defragmentation Option 2 generates a fragmentation report for each database table. For each table, the report includes the TABLE_NAME, number of ROWS, number of ROW_SEGMENTS, and SEGS_PER_ROW. In addition, a * displays in the ! column for an individual table if it would be automatically selected for reorganization by the Defragment All option. A row segment is all or part of one row that is contained on one page. A row may have one or more row segments. The ROW_SEGMENTS value indicates total number of row segments for the table. The SEGS_PER_ROW value shows the average number of segments per row, and indicates whether or not a table is fragmented. A SEGS_PER_ROW value of 1 is ideal, and any value more than 1 indicates a high degree of fragmentation. For example, a value of 1.5 means that half of the rows are partitioned. Index Compression Option 3 generates a fragmentation report for each database index and lets the administrator select individual indexes to be compressed. For each index the report includes the TABLE_NAME, INDEX_NAME, TYPE of index, LEVEL, and DENSITY. The index TYPE is one of the following values: PKEY (primary key), FKEY (foreign key), UI (unique index), UC (unique constraint), NUI (non-unique index). In addition, a * displays in the ! column for an individual index if it would be automatically selected for reorganization by the Defragment All option. The LEVEL and DENSITY indicate whether or not an index should be reorganized. The number of levels in the index tree determines the number of I/O operations that are needed to access a row using the index. Indexes with fewer levels are more efficient than indexes with greater numbers of levels. The density is a fraction between 0 and 1 providing an indication of how full each index page is on average. A LEVEL value of 1 is ideal. An index with a LEVEL value of 4 or more or with a level value of 2 or 3 with a density greater than 0.5 is a good candidate for reorganization.
Add Free Space option

Select option 3 from the Database Space and Memory Management menu to add additional free space to individual dbspaces. Additional free space helps to
193
reduce future fragmentation of the database objects that are stored in the database. When the relational database is initially created or rebuilt, 25MB of free space is automatically added to the data and the index dbspaces. A Rebuild eliminates all free space and then adds back what was initially added when the database was created. If the user accidentally adds too much free space, a Rebuild can be used to eliminate the space.
Adjust Memory Settings option

Select option 4 from the Database Space and Memory Management menu to view and modify the Sybase ASA memory cache settings of the relational database server. Changes to these settings affect all of the relational databases that the database server manages, and do not take effect until the database server is restarted. The database cache is an area of memory that the database server uses to store database pages for repeated fast access. The more pages that are accessible in the cache, the fewer times the database server needs to read data from disk. To read data from disk is a slow operation, so the amount of cache available is often a key factor that determines performance. The database cache is automatically resized as needed. The cache grows when the database server can usefully use more, as long as memory is available. The cache shrinks when other applications require cache memory, so that the database server does not unduly impact other applications on the system. Three memory cache settings can be used to control the size of the database cache. These settings are set in the server.conf file. The database server reads the file when it is started. The server.conf file is found in the following locations: On UNIX: /usr/openv/var/global On Windows: InstallPath\VERITAS\NetBackupDB\conf Note that if the settings are too large, the database server may not start. The memory cache settings are as follows:
Initial (-c option in server.conf) Sets the initial memory that is reserved for caching database pages and other server information. Minimum (-cl option in server.conf) Sets the minimum cache size as a lower limit to automatic cache resizing. Maximum (-ch option in server.conf)
Sets the maximum cache size as an upper limit to automatic cache growth.
Transaction Log Management option

Select option 3 (Transaction Log Management) from the main menu to truncate the transaction log of the database and to change the databases transaction log mode. These actions are performed from the Transaction Log Management menu, as follows:
Transaction Log Management -------------------------1) Truncate the Transaction Log 2) *Toggle Transaction Log Mode (FULL/PARTIAL) 3) Change Temporary Directory for Truncation h) Help q) Quit WARNING: Starred option affects all databases. NetBackup must be restarted for setting to take effect.
The databases transaction log is used for database recovery. The transaction log for NBDB is NBDB.log. For BMRDB it is BMRDB.log. During a full hot catalog backup, all of the database files are included in the backup. For example, for NBDB, NBDB.db, EMM_DATA.db, EMM_INDEX.db, and NBDB.log are included. After these files are backed up, the transaction log is truncated. For a differential hot catalog backup, only the transaction log (NBDB.log), is included in the backup. To recover from a full and an incremental, all of the database files are restored and the transaction logs are applied one at a time in order. If the transaction log is truncated outside of the hot catalog backup process, the next catalog backup must be a full hot catalog backup. Otherwise, a gap would exist in the transaction logs due to the truncation and an error during catalog recovery would occur. If the transaction log is truncated using this menu, a full hot catalog backup is forced the next time any schedule of the catalog backup policy is due. The transaction log mode controls when the transaction log is automatically truncated outside of the catalog backup process. A transaction log mode of PARTIAL forces a deletion of the transaction log whenever a database checkpoint occurs. The default transaction log mode is FULL. In FULL mode, the transaction log is only truncated automatically after a successful online (hot) or offline (cold) catalog backup.
195
With PARTIAL mode, the hot catalog backup must always be a full backup and all incremental schedules are automatically converted to full schedules by NetBackup. The cold catalog backup is always a full backup.
Truncate the Transaction Log option

Select option 1 on the Transaction Log Management menu to truncate the transaction log for the currently selected database. If the next scheduled hot catalog backup is a differential incremental, a backup of all of the relational database files is included. Before NetBackup starts the operation to truncate the transaction log, NetBackup tells the user that a full catalog backup must be performed after the transaction log is truncated. The user must confirm whether or not to continue.
Toggle Transaction Log Mode option

Select option 2 on the Transaction Log Management menu to toggle the transaction log mode between FULL and PARTIAL transaction log modes. In PARTIAL mode, all schedules that are used for the hot catalog backup policies include backups of all of the relational database files. If the mode is changed from full to partial, a warning displays. In FULL mode, the differential incremental schedule includes only the transaction log file. This option affects all databases that the database server manages (NBDB and BMRDB). The database server must be restarted in order for the transaction log mode change to take effect.
Change Temporary Directory for Truncation option

Select option 3 on the Transaction Log Management menu to change the directory that is used for transaction log truncation. Make sure that enough space is available for a copy of the existing transaction log before it is truncated. After the transaction log is successfully copied and truncated, the temporary copy is deleted.
Database Validation Check and Rebuild option

Select option 4 (Database Validation Check and Rebuild) from the main menu to validate and rebuild the currently selected database. The Database Validation Check and Rebuild menu lets the administrator validate the currently selected database. The database validation checks that are run from this menu do not require that all NetBackup activity is suspended.
However, the validation checks may report any transient errors that are a result of transactions that are in progress. If any validation errors are reported, shut down the NetBackup daemons and services and start only the Sybase ASA database server. Then repeat the validation check using this tool or the nbdb_admin command line utility. If validation errors continue, contact Symantec customer support. The administrator may be asked to rebuild the database using the Database Rebuild option or the nbdb_unload command line utility.
Database Validation Check and Rebuild ------------------------------------1) Standard Validation 2) Full Validation 3) *Database Rebuild h) Help q) Quit WARNING: Starred options will temporarily suspend NetBackup operations. Do not perform backups during any of these actions.
Standard Validation option

Option 1 lets the administrator validate the indexes and keys on all of the tables in the database. Each table is scanned. For each row, a check is made that it exists in the appropriate indexes. The number of rows in the table must match the number of entries in the index. This option is equivalent to the command nbdb_admin -validate.
Full Validation option

Option 2 performs the same checks as option 1, Standard Validation. In addition, Full validation ensures that every row that is referenced in each index exists in the corresponding table. For foreign key indexes, it also ensures that the corresponding row exists in the primary table. This option is equivalent to the command nbdb_admin -validate -full.
Database Rebuild option

Option 3 lets the administrator rebuild the database. This menu option is equivalent to the command nbdb_unload -rebuild. A Database Rebuild results in a complete unload and reload of the database. A new database with all of the same options is built in place. A Database Rebuild may be required if Database Validation errors are reported using the Standard or Full Validation options. During a Database Rebuild, all NetBackup operations are suspended.
197
If option 3 is selected, a message appears which recommends that you exit and create a backup using the Backup Database option before you rebuild the database. You then have the choice of whether to continue or not. For more information, see Backup and Restore Database option on page 199.
Move Database option

Select option 5 (Move Database) from the main menu to change the location of the database files or to split the database files into multiple directories. To do so may improve performance in the case of large databases. The database files are moved for both NBDB and BMRDB, if present. Note: Due to performance issues, NetBackup supports database files only on locally attached drives. These actions are performed from the Move Database menu, as follows:
Move Database ------------1) *Move Data 2) *Move Index 3) *Move Transaction Log 4) *Move/Create Mirrored Log 5) *Stop Using Mirrored Transaction Log h) Help q) Quit WARNING: Starred options will temporarily suspend NetBackup operations. Do not perform backups during any of these actions.
In addition, the Move Database menu lets the administrator create a mirrored transaction log. The transaction logs (NBDB.log and BMRDB.log) are critical files used to recover the relational databases. For extra protection, a mirrored transaction log can be used. Create the mirrored log in a different directory from the original log.
Move Data option

Option 1 lets the administrator change the location of the data dbspaces.
Move Index option

Option 2 lets the administrator change the location of the index dbspaces.
Move Transaction Log option

Option 3 lets the administrator change the location of the transaction log.
Move/Create Mirrored Log option

Option 4 lets the administrator change the location of the mirrored transaction log. If the mirrored transaction log does not already exist, it is created in the new location.
Stop Using Mirrored Transaction Log option

Option 5 is displayed only if a mirrored transaction log is used. The option lets the administrator configure the database server so that it stops using a mirrored transaction log. The existing mirrored transaction log file is deleted.
Unload Database option

Select option 6 (Unload Database) from the main menu to unload either the schema or the schema and data from the relational database.
Unload Database --------------1) Schema Only 2) Data and Schema 3) Change Directory h) Help q) Quit
A SQL command file is created that can be used to rebuild the database. If the data is also included in the unload, a set of data files in comma-delimited format is created.
Schema Only option

Option 1 lets the administrator unload only the database schema. The schema is unloaded as a file that is named reload.sql in the named directory.
Data and Schema option

Option 2 lets the administrator unload both the database schema and the data. The data is unloaded as a set of files. One file is created for each database table.
Change Directory option

Option 3 lets the administrator change the directory location for the files that unload options (1) or (2) create.
199
Backup and Restore Database option

Select option 7 (Backup and Restore Database) from the main menu to back up the relational database to the specified directory, and to restore from a previously created backup. Either an online or offline backup can be selected. An offline backup causes NetBackup activity to be suspended so do not perform an offline backup when active backups or restores run. Note: Using the Database Administration tool to back up and restore the NetBackup database can potentially break the consistency between the NetBackup catalog and the database. This loss of consistency can lead to loss of data. Use the tool to back up and restore the NetBackup database only as a precautionary measure.
Backup and Restore Database --------------------------1) Online Backup 2) *Offline Backup 3) *Restore Backup 4) Change Directory h) Help q) Quit WARNING: Starred options will temporarily suspend NetBackup operations. Do not perform backups during any of these actions.
Online Backup Option

Option 1 lets the administrator make a copy of the database files while the database is active. Other NetBackup activity is not suspended during this time.
Offline Backup option

Option 2 lets the administrator make a copy of the database files with all other NetBackup activity suspended. The database is shut down before the copy is made, and restarted after the copy has completed.
Restore Backup option

Option 3 lets the administrator restore from a copy of the database files previously made with either options 1 or 2. The currently running database files are overwritten, and the database is shut down and restarted after the restore is completed.
Change Directory option

Option 4 lets the administrator change the directory location for the files that backup options (1) or (2) create. This directory is the source of the files for the restore option (3).
New database Administration tool for NetBackup relational databases Running the Database Administration Tool on Windows
201
Running the Database Administration Tool on Windows

The Database Administration tool is available as a graphical user interface on Windows platforms. This stand-alone application is called NbDbAdmin.exe and is located in the following directory: InstallPath\VERITAS\NetBackup\bin The user must enter the DBA password when the tool is started. See Change button to change the password on page 204 for more information. The tool contains the General tab and the Tools tab. It also contains the following information when either tab is displayed:

The database (displays NBDB information by default). The status of the database. The results from a validation check. Information on space utilization. See Table 6-1 for more information. Drive Space button Shows the amount of free space and used space on a drive. If the database files are on multiple drives, this view is useful to see which drive has more free space available. Close button Closes the Database Administration tool. Help button Provides additional assistance in the console.
202 New database Administration tool for NetBackup relational databases Running the Database Administration Tool on Windows
General tab
When the user logs in, the General tab of the Database Administration console displays, as shown in Figure 6-1. Figure 6-1 General tab of the Database Administration Tool
The following topics describe the options available on the General tab.
Data Details button

Click the Data Details button on the General tab to defragment individual tables. See Database Reorganize option on page 191 for more information.
Add Data Space button

Click the Add Data Space button on the General tab to add free space to the data dbspaces.
203
If too much space is added, see Rebuild button on page 203.
Add Index Space button

Click the Add Index Space button on the General tab to add free space to the index dbspaces. If too much space is added, see Rebuild button on page 203.
Refresh button
Click the Refresh button to make sure that the most current information is displayed.
Reorganize All button

Click the Reorganize All button on the General tab to automatically determine the database tables and indexes that are fragmented. The option then uses the Sybase ASA REORGANIZE command to defragment the tables and compress the indexes. Clicking Reorganize All is equivalent to running the following command: nbdb_admin -reorganize
Validate button
Click the Validate button on the General tab to perform either a standard or a full database validation. See Database Validation Check and Rebuild option on page 195 for more information.
Rebuild button
Click the Rebuild button on the General tab to rebuild the database. Clicking the Rebuild button eliminates all free space and then adds back what was initially added when the database was created. If the user accidentally adds too much free space, a Rebuild can be used to eliminate the space. See Database Validation Check and Rebuild option on page 195 for more information.
Tools tab
The following topics describe the options available on the Tools tab. Figure 6-2 Tools tab of the Database Administration Tool
Change button to change the password

Click the Change button in the Password section on the Tools tab to change the DBA password. When the Database Administration tool is started, the administrator must enter the DBA password. If the DBA password is the default password that is used when NetBackup is installed, the administrator is encouraged to change the password. The administrator is not required to change the password, however.
205
Move button
Click the Move button in the Move Database section on the Tools tab to change the location of the database files or to split the database files into multiple directories. Note: Due to performance issues, NetBackup supports database files only on locally attached drives. For more information, see Move Database option on page 197.
Export button
Click the Export button in the Unload section on the Tools tab to unload either the schema or the schema and data from the relational database. Select one of the following options:
Schema Unload only the database schema. The schema is unloaded as a file that is named reload.sql in the named directory. Schema and data Unload both the database schema and the data. The data is unloaded as a set of files in comma-delimited format. One file is created for each database table.
Copy button
Click the Copy button in the Backup section on the Tools tab to back up the relational database to the specified directory. Either an online or offline backup can be selected. An offline backup causes NetBackup activity to be suspended so do not perform an offline backup when backups or restores run. Note: Using the Database Administration Tool to back up and restore the NetBackup database can potentially break the consistency between the NetBackup catalog and the database. This loss of consistency can lead to loss of data. Use the tool to back up and restore the NetBackup catalog only as a precautionary measure.
Restore button
Click the Restore button on the Tools tab to restore a copy of the database that was previously made using either an online or offline backup.
Set button
Click the Set button in the Cache section on the Tools tab to view and change the Sybase ASA memory cache settings. Changes to these settings affect all of the relational databases that the database server manages. The changes do not take effect until the database server is restarted. For more information about memory cache settings, see Adjust Memory Settings option on page 193.
Modify button
Click the Modify button in the Transaction Log section on the Tools tab to change the transaction log mode of the database. For more information, see Toggle Transaction Log Mode option on page 195.
Truncate button
Click the Truncate button in the Transaction Log section on the Tools tab to truncate the transaction log of the database. For more information, see Truncate the Transaction Log option on page 195.
New database Administration tool for NetBackup relational databases Validation checks during a hot catalog backup
207
Validation checks during a hot catalog backup

A database validation check is performed as part of a hot catalog backup. If a hot catalog backup fails, one possible reason is a failure of the validation check. The validation check can fail because of the following reasons:

The validation check encountered errors. The catalog backup occurred while a database transaction was taking place.
The following procedure can determine whether the hot catalog backup failed due to database errors or normal backup activity. To determine whether a hot catalog backup failure is due to database errors 1 Examine the bpdbm log. If the failure is due to database validation errors, the following message appears:
validate_database: Database validation failed for database NBDB
If the log indicates validation failure, use the Database Administration tool or the command line option to run a full validation. The resulting database validation report indicates whether or not the database has errors. For UNIX (dbadm), see Full Validation option on page 196. For Windows (NbDbAdmin.exe), see Validate button on page 203. To use the command line, run: nbdb_admin -validate -full If the report shows validation errors, perform the following steps:
Shut down the NetBackup daemons and services: For UNIX: /usr/openv/netbackup/bin/bp.kill_all For Windows: Install_path\VERITAS\NetBackup\bin\bpdown Start only the ASA database server: For UNIX: /usr/openv/netbackup/bin/nbdbms_start_stop start For Windows: Install_path\VERITAS\NetBackup\bin\bpup -e ASANYs_VERITAS_NB Rerun the validation as described in step 2.
208 New database Administration tool for NetBackup relational databases Validation checks during a hot catalog backup
Perform the following steps only if errors occur:
Create a backup copy of the database using either the Database Administration tool or the command line option: For UNIX (dbadm), see Backup and Restore Database option on page 199. For Windows (NbDbAdmin.exe), see Copy button on page 205. To use the command line, run: nbdb_backup -online directory Run a full validation. From the command line, run: nbdb_admin -validate -full Run a rebuild as described in step 4.
If the database has errors, rebuild the database using either the Database Administration tool or the command line option: For UNIX (dbadm), see Database Rebuild option on page 196. For Windows (NbDbAdmin.exe), see Rebuild button on page 203. To use the command line, run: nbdb_unload -rebuild Run the hot catalog backup again.
Chapter
NetBackup for SharePoint Portal Server updates

This topic describes the changes to the NetBackup for SharePoint agent since NetBackup 6.5. The information in this topic includes the operational notes that were published in the NetBackup Release Notes for 6.5 and the NetBackup ReadMe for 6.5.1. This topic has the information included in the SharePoint TechNote #292586 for 6.5.1.
Binaries
The following new binaries are installed on the SharePoint servers (Windows front-end servers and SQL database servers).

Nbbedssps3.dll SpswrapperV3.exe SPSManagedWrapperHelper.dll
Limitations
The following limitations exist for the NetBackup for SharePoint version 6.5.2 agent.
SharePoint 2007 documents cannot be restored individually (document-level restore) from a backup image made with NetBackup 6.5.1 or earlier. Document restores cannot be redirected to a different location. Restores of the following objects cannot be redirected to a different location:
210 NetBackup for SharePoint Portal Server updates Installation requirements
A site in another farm (but to another site within the original farm is supported) Farm configuration database and single-sign-on database Portal index database A document
You cannot restore a Windows Microsoft SQL Server 2000 Desktop Engine (WMSDE) database to an alternate location because of a WMSDE limitation. Version 6.5 of the NetBackup for Microsoft SharePoint Portal Server 2003 Administrators Guide indicates that for document-level restores you can automatically duplicate images from tape to disk. This functionality is not available at this time. If you want to perform a document-level restore, you must manually copy the backup image from tape to disk.
Installation requirements
Verify that the following requirements are met before you use the NetBackup for SharePoint agent.
SharePoint Portal Server setup
For document-level backups, the top-level folder of a site must contain at least one document. Otherwise, documents are not enumerated correctly for restore. This will be resolved in a release update. When using SharePoint load balancing, all load-balanced Web sites must be uniformly identified in IIS using either host headers or IP addresses, but not both. Environments which mix host headers and IP addresses across load-balanced servers are not supported. To prevent restore failures, the IIS Default Application Pool identity must be a valid SharePoint user ID. Client settings on the SharePoint hosts:

The SharePoint user should be an administrator user account. The SharePoint user settings must be set on all SharePoint farm hosts.
Database agent
Verify that the following requirements are met for the database agent. If you want to be able to restore individual documents, install the software that is
NetBackup for SharePoint Portal Server updates Installation requirements
211
indicated in Table 7-1. This software must be installed on the clients in the SharePoint farm which have the content database and NetBackup Media Server. Table 7-1 Windows
Windows 2008, 32-bit or 64-bit
Requirements for the SharePoint database agent SharePoint/WSS

SharePoint Portal Server 2007/WSS 3.0 (32-bit and 64-bit) SharePoint Portal Server 2007/WSS 3.0 (32-bit and 64-bit) SharePoint Portal Server 2003 SP2/WSS 2.0 (32-bit) SharePoint Portal Server 2003 SP1/WSS 2.0 (32-bit)
SQL Server
SQL 2005 (32-bit or 64-bit) or SQL Express
Document-level restores
Software Development Kit (SDK) for SUA is installed. See Installing the Utilities and SDK for Subsystem for UNIX-Based Applications on page 211. Software Development Kit (SDK) for SUA is installed. See Installing the Utilities and SDK for Subsystem for UNIX-Based Applications on page 211. For 32-bit systems, Microsoft Services for NFS is installed. See Installing Microsoft Services for NFS on page 212. Windows Services for UNIX (SFU) 3.5 or higher is installed. See Installing Windows Services for UNIX on page 212.
Windows 2003 R2 or later, 32-bit or 64-bit
Windows 2003 R2 or later, 32-bit or 64-bit
Windows 2003 R1
SQL 2000 SP4 (32-bit) or SQL Express
Installing the Utilities and SDK for Subsystem for UNIX-Based Applications
If you have Windows Server 2003 R2, 64-bit, you need to install Software Development Kit (SDK) for SUA. This is available from Microsoft. To install Microsoft Services for NFS 1 2 Ensure that your computer meets the system requirements for SFU. See the documentation Microsoft provides. Download the SFU package.
Go to the Microsoft Download Center, www.microsoft.com/downloads In the Search box, enter sua and click Go. Click on the link Utilities and Software Development Kit (SDK) for Subsystem for UNIX-based Applications. Click Download the files below.
212 NetBackup for SharePoint Portal Server updates Installation requirements
Installing Microsoft Services for NFS

If you have Windows Server 2003 R2, you need to install Microsoft Services for NFS. This option is available on the Windows Server installation CD. To install Microsoft Services for NFS 1 2 3 Install Microsoft Services for NFS from the Windows Server installation CD. After the installation is complete, ensure that Client for NFS is running. To configure a different port, refer to Configuring a different network port in the NetBackup for Microsoft SharePoint Portal Server System Administrator's Guide. When the installation is complete, open the Services control panel and ensure that Server for NFS is stopped and disabled. Repeat this step for each client.
Installing Windows Services for UNIX

If you have Windows Server 2003 R1, you need to install Windows Services for UNIX (SFU) 3.5 or higher. This package is not required for Windows Server 2003 R2. To install Windows Services for UNIX 1 2 Ensure that your computer meets the system requirements for SFU. Refer to documentation Microsoft provides. Download the SFU package.
Go to the Microsoft Download Center, http://www.microsoft.com/downloads. In the Search box, enter windows services for unix and click Go. Click on the link Windows Services for UNIX. Click Download.
3 4 5 6 7
Log on as administrator on the local computer. Start the installation. During installation, choose to install both Server for NFS and Client for NFS. After the installation is complete, ensure that Client for NFS is running. To configure a different port, refer to Configuring a different network port in the NetBackup for Microsoft SharePoint Portal Server System Administrator's Guide.
NetBackup for SharePoint Portal Server updates Configuring the SharePoint agent
213
When the installation is complete, open the Services control panel and ensure that Server for NFS is stopped and disabled. Repeat this step for each client.
Configuring the SharePoint agent

In order to use the SharePoint agent you must configure the following: Table 7-2 Task Configuring the SharePoint agent See this topic in version 6.5 of the NetBackup for Microsoft SharePoint Portal Server 2003 Administrators Guide
The NetBackup Client Service log on Configuring the NetBackup Client Service log on account account The account that logs on to the SharePoint Application Server Consistency checks Enable restores on multiple SharePoint hosts Specifying the account that logs on to the SharePoint Application Server
Performing consistency checks Configuring restores for multiple SharePoint hosts Use the SharePoint Hosts dialog box to set the association of the SQL back-end servers and the SharePoint front-end servers. Backup images are cataloged under the SharePoint front-end server name. This setting allows you to perform restores and redirected restores of federated farms.
Configuring backup policies

Note the following when you configure backup policies:
The Directive set name has been changed from MS_SharePoint_Portal_Server_2003 to MS_SharePoint_Portal_Server. Use this directive for MOSS and WSS configurations with SharePoint 2007 and SPPS and WSS configurations in SharePoint 2003. As in earlier releases, directives in the Backup Selections list can be made specific to different SharePoint and WSS objects. The farm databases (Configuration, Single Sign-on, Index) cannot be backed up with a policy that is enabled for document-level backups. For comprehensive farm disaster recovery, back up those databases with a separate policy where document-level backups are disabled.
214 NetBackup for SharePoint Portal Server updates Backup schedule types for SharePoint 2007
No significant changes have been made to the files list directives. To protect the farm with a scheduled backup, you still add the Microsoft SharePoint Resources:\* directive to the Backup Selections list. Refer to version 6.5 of the NetBackup for Microsoft SharePoint Portal Server 2003 Administrators Guide for recommended policies you should configure.
Backup schedule types for SharePoint 2007

The following backup schedule types are supported with the SharePoint agent. Table 7-3 Supported schedule types Schedule type
Full Backup, Differential Incremental backup Full Backup, Differential Incremental backup Full Backup, Differential Incremental backup Full Backup, Differential Incremental backup Full Backup Full Backup, Differential Incremental backup Full Backup, Differential Incremental backup Full Backup, Differential Incremental backup Full Backup Full Backup, Differential Incremental backup Full Backup, Differential Incremental backup
SharePoint/WSS Objects
Configuration v3 DB Global Settings Single Sign-on Web App/Content DB/ (including document restores) WSS Help Search/Index Files WSS Help Search/Search DB WSS Administration/Web App/Content DB Shared Services/Services DB Shared Services/Shared Search Index/Index Files Shared Services/Shared Search Index/ Search DB Shared Services/Web App/Content DB
Performing user-directed backups

If you open multiple backup windows (in the NetBackup client) to browse SharePoint resources, the windows unexpectedly terminate. Instead, use a single backup window to browse SharePoint resources for backup.
NetBackup for SharePoint Portal Server updates Restoring SharePoint farm components
215
SharePoint and WSS objects appear as follows in the NetBackup, Backup, Archive, and Restore interface.
Restoring SharePoint farm components

Perform the restore of SharePoint farm components and other tasks in the following sequence:

Configuration database All SQL databases Bring the web application or portal online Wait for SharePoint to initialize storage for the Search Index Search Index
Restoring the Configuration database

When restoring the Configuration database, restore it individually and before any other object in the farm.
216 NetBackup for SharePoint Portal Server updates Restoring SharePoint farm components
Restoring the Search Index
(SharePoint 2003) When the SharePoint Search Index service is updating databases, it sometimes contends with NetBackup for access to the portal index database. This situation can cause failed backup or restore operation of that database. If this occurs, repeat the backup or restore operation until successful. To restore the Search Index, you must do the following:

Restore all SQL databases. Bring the web application or portal online. Wait for SharePoint to initialize storage for the Search Index. This may take a few minutes to occur, after newly recovered web application or portal is started. Restore the Search Index alone and after all other objects in the farm.
Restoring the farm or a collection of web applications or portals
To restore the farm or multiple web applications or portals, perform an individual restore of each web application or portal. When you restore web applications or portals, ensure that you perform restores from the SharePoint front-end server(s). This server is the client name that you specified in the MS-SharePoint backup policy.
Restoring the Shared Services Provider when in a state of unprovisioning

The following instructions describe how to restore the Shared Services Provider when it is in a state of unprovisioning. To restore the Shared Services Provider when in a state of unprovisioning 1 Delete the Shared Services Provider. Run the following command: stsadm -o deletessp -title <SSP name> -force Open the NetBackup Backup, Archive, and Restore interace. Open a Restore window. Select the Full backup that contains the shared services. Select the following objects of the shared services.

2 3 4 5
Services database Shared Search Index database (do not select the Index files for restore)
NetBackup for SharePoint Portal Server updates Restoring SharePoint farm components
217
Shared Services Administration site(s)
6 7 8 9
Choose Actions > Restore. In the Restore Marked Files dialog box, select the Microsoft SharePoint tab. Uncheck Bring restored databases online and reconnect previous database links. Click Start Restore.
10 Restore any incremental backups. Do not select Bring restored databases online and reconnect previous database links. 11 Use the SQL Server administrative tools to recover the SSP databases. 12 In SharePoint Administration interface, use the Shared Services Administration page to reconnect the restored SSP.
Redirecting a web application or portal to another web application or portal

Note the following when you redirect a web application or portal:
You can redirect the restore of a web application or portal within the same farm when the SQL database host and the SharePoint host are the same. A redirected restore is not supported if the SQL databases exist across multiple SQL hosts. You must restore all SQL databases in one operation at the same time. Before you redirect the restore of a web application or portal, remove the source web application or portal. If you attempt the redirected restore without removing the source, the restore completes successfully, but the databases are not properly connected to the virtual server. To redirect MOSS 7.0 and WSS 3.0 web applications, specify the destination web application name (or the URL of the destination site). To redirect SharePoint 2003 portals and team sites, specify the URL to the destination site in the Restore Marked Files dialog.
Restoring backward-compatible document library store

When restoring a backward-compatible document library store, the Microsoft Information Store service must be running.
218 NetBackup for SharePoint Portal Server updates Restoring Windows SharePoint Services (WSS) 3.0
Restoring Windows SharePoint Services (WSS) 3.0

To restore a WSS 3.0, perform an individual restore of each WSS object.
Recovering a web application when using Network Load Balancing

To restore a deleted web application in a Network Load Balanced (NLB) farm, you may need to perform a manual operation using the SharePoint 3.0 Central Administration GUI. After the restore operation is successful, if the web application on the NLB farm is offline, perform the following steps. To recover a web application when using Network Load Balancing 1 2 3 4 5 Open the SharePoint 3.0 Central Administration interface. Select Application Management under Central Administration. Under SharePoint Web Application Management, click Create or extend Web application. Select Extend an existing Web application and fill-in the values to extend the restored web application. Complete the restore operation on all of the NLB front-end servers. Make sure the server is extended on the other NLB servers by selecting Extend an existing virtual server from the Virtual Server List page in the Central Administration GUI.
Performing document-level restores

The following requirements must be met to restore individual documents:
The administrator has configured NetBackup to allow document-level restores. This option is configured on the Attributes tab for the backup policy. The user has chosen to restore from a full backup image. You can only restore when the backup image resides on a disk storage unit. Use the bpduplicate command to copy the image to disk storage. The NetBackup-Java client user interface does not yet support browsing of SharePoint documents for restore. Instead, use the Windows client to restore documents.
Note the following when you perform document-level restores:
NetBackup for SharePoint Portal Server updates Disaster Recovery
219
When you restore a document, it is safe to ignore certain bprd errors in the Activity Monitor similar to the following:
7/12/2007 11:01:39 AM - Error bpdm (pid=2928) did not receive EXIT STATUS from bprd, all blocks may not have been restored
Instead, rely upon the final status reported in the Activity Monitor to determine the true success or failure of the restore operation. To restore individual documents 1 2 3 4 5 6 7 8 9 Enable the SharePoint front-end Web server to restore to the SQL hosts in the farm. Log on as Administrator. Open the Backup, Archive, and Restore interface. Choose File > Select Files and Folders to Restore > from Normal Backup. In the Restore window, select the SharePoint policy type (choose File > Specify NetBackup Machines and Policy Type). Click OK. NetBackup browses for SharePoint Portal Server backup images. From the NetBackup History pane, select the full backup image that contains the documents you want to restore. In the All Folders pane, expand Microsoft SharePoint Resources. Expand the Team database.
10 Select the document(s) to restore. 11 Choose Actions > Restore. 12 In the Restore Marked Files dialog box, select the Microsoft SharePoint tab. 13 Choose the restore options you want. Choose whether or not to have documents overwritten if they already exist. 14 Click Start Restore.
Disaster Recovery
You can now restore the SharePoint Configuration database from the Backup, Archive, and Restore interface. You do not need to use the command line (SPSRecoveryAsst).
220 NetBackup for SharePoint Portal Server updates Disaster Recovery
Chapter
NetBackup for Exchange support

This topic describes the changes to the NetBackup for Exchange agent since NetBackup 6.5. The information in this topic includes the operational notes that were published in the NetBackup Release Notes for 6.5 and the NetBackup ReadMe for 6.5.1. This topic also has the information included in the Exchange TechNote #292587 for 6.5.1. The topics addressed here are as follows:
Installing and configuring the NetBackup for Exchange Server agent with Exchange 2007 on page 222 Cluster support on page 224 Exchange LCR/CCR support on page 224 Requirements for redirected restores of Exchange 2003 or 2007 legacy (non VSS) backups to an RSG on page 228 Requirements for redirected restores of Exchange 2003 VSS backup images on page 228 About redirecting restores of Exchange 2007 VSS backup images on page 228 Instant recovery for Exchange on Windows VSS on page 231 Off-host backups on page 233 Other operational notes on page 234
222 NetBackup for Exchange support Installing and configuring the NetBackup for Exchange Server agent with Exchange 2007
Installing and configuring the NetBackup for Exchange Server agent with Exchange 2007
In addition to the other requirements that are included in the NetBackup for Microsoft Exchange Administrators Guide, note the following.

Do not install Outlook on the same server on which Exchange is installed. To take advantage of the Exchange 2007 consistency checks with the Microsoft API with a VSS off-host backup, the Exchange Management Console must be installed on the off-host client.
To perform backups and restores of mailboxes and public folders with Exchange 2007, additional configuration is required.
For mailbox-level backups with Windows 2003 and Exchange 2007, download and install the Microsoft Exchange Server MAPI Client and Collaboration Data Objects package. Version 6.05.7888 or higher is required. You can find this package at: http://www.microsoft.com/downloads/ NetBackup 6.5.2 does not support mailbox-level backups and restores on Windows 2008. At the time of this release, Microsoft has yet to provide a MAPI Client and Collaboration Data Objects package that is compatible with Windows 2008. You must also create a user account for the NetBackup Client Service. The process is different for Exchange 2007 than for earlier versions of Exchange. See Creating an Exchange 2007 user account for the NetBackup Client Service on page 222.
Creating an Exchange 2007 user account for the NetBackup Client Service
In Exchange 2003, the following security roles were available through the Delegation Wizard in Exchange System Manager:

Exchange Full Administrator Exchange Administrator Exchange View Only Administrator
Exchange 2007 has these predefined groups that manage Exchange configuration data:

Exchange Organization Administrators Exchange Recipient Administrators
NetBackup for Exchange support Installing and configuring the NetBackup for Exchange Server agent with Exchange 2007
223
Exchange View-Only Administrators Exchange Server Administrators
Prerequisites
Make sure that the NetBackup Client is installed on the Exchange server, if the Exchange server is not locally installed on the NetBackup server. Ensure that the NetBackup service account has Domain Admin and Local Administrative rights. Verify that the NetBackup service account mailbox is not hidden.
Configuring the NetBackup service account

To configure the NetBackup service account 1 2 In Active Directory Users and Computers, select the Users directory. Right-click on the Administrator account, select Copy, and create an account for NetBackup. Create a user account that has a mailbox with a unique name. A unique name is one that does not already exist within the Exchange Organization. This name cannot be contained as a set of characters in an existing name. For example: EXCH1 is entered as the unique mailbox name, and other mailbox names such as EXCH1BACKUP or BACKUPEXCH1 exist. The backup or restore of individual mailboxes or both fail. After you create the account, double-click the account, click the Members Of tab, and add this account to the Domain Admins group. Open the Exchange Management Console. In the Exchange Management Console, select Organization Configuration. Right-click on Organization Configuration and click Add Exchange Administrator. On the Add Exchange Administrator page, click Browse and select the user to which you want to delegate control. Select Exchange Server Administrator role. Under Select the server(s) to which this role has access, click Add.
3 4 5 6 7 8 9
10 Select the servers to which you want to delegate control and click OK. 11 Click Add. 12 On the Completion page, verify that the delegation was successful and click Finish.
224 NetBackup for Exchange support Cluster support
13 Continue with the instructions for Configuring the NetBackup Client Service log on account in the NetBackup for Microsoft Exchange Server Administrators Guide. 14 Continue with the instructions for Configuring NetBackup to use the mailbox that is associated with the NetBackup Client Service account See the NetBackup for Microsoft Exchange Server Administrators Guide.
Cluster support
Note following if you want to use NetBackup for Exchange in a cluster environment:
The NetBackup for Exchange agent supports Microsoft Cluster Server (MSCS), and Veritas Cluster Server (VCS). Refer to the Veritas NetBackup Enterprise Server 6.x / NetBackup Server 6.x Cluster Compatibility list. This list contains information on the versions of Exchange Server that are supported with cluster environments. A patch is required if you want to use Exchange 2007 in a VCS 5.0 environment. See the following TechNote for more information: http://entsupport.symantec.com/docs/288625.htm The NetBackup for Exchange agent also supports Clustered Continuous Replication (CCR) and Single Copy Cluster (SCC). In the NetBackup for Microsoft Exchange Server manual version 6.5, any installation or configuration requirements noted for clusters also apply to CCR and SCC configurations. Restoring Exchange in a cluster When you restore data in an Exchange cluster environment, you must set the destination client to be the virtual server name. If you perform the with a NetBackup client-only installation on a cluster, you may not be able to change the destination client value to the virtual server name. In that case, use the NetBackup Backup, Archive, and Restore interface on a NetBackup server.
Exchange LCR/CCR support

Before NetBackup 6.5.1, the only way to back up Exchange storage groups that had replication enabled was to back up the original (or active) data by interfacing with the Exchange server (either VSS or legacy-based backups). With 6.5.2, NBU can back up the replicated data by interfacing with the replica (or passive) Exchange service. VSS is the only supported backup of this replicated data. The benefit of such a backup is to reduce I/O impact. NetBackup accesses
NetBackup for Exchange support Exchange LCR/CCR support
225
the replicated data and leaves the active (or live) Exchange service alone. This is especially beneficial for a backup of a CCR node because the active node is completely left out of the backup.
Requirements
To back up a clustered Exchange Server (including CCR and SCC) with Exchange 2007 SP1 or later, you must add or set the following registry key: HKLM\System\CCS\Services\MSExchangeIS\ParametersSystem\ Enable Remote Streaming Backup For more information see the Backup and Restore Reference for Exchange Server 2007 SP1 on the MSDN web site: http://msdn2.microsoft.com/en-us/library/aa580485(EXCHG.80).aspx
Enabling an Exchange 2007 replication backup

To perform an Exchange 2007 replication backup, you must indicate which VSS writer you want backed up. To enable an Exchange 2007 replication backup 1 2 3 4 5 6 Open the NetBackup Administration Console or the Remote Administration Console. In the left pane, expand Host Properties. Click Clients. In the right pane, right-click on the Exchange client you want to configure and choose Properties. Expand Windows Client and click Exchange. In the Exchange 2007 replication backup (LCR or CCR) box, select the writer you want to back up.
Backup the passive copy and if This option backs up the passive copy of the VSS not available backup the active writer. If the passive copy is not available and copy healthy, NetBackup backs up the active copy. This option is the default. Backup the passive copy This option backs up the passive copy of the VSS writer. If the passive copy is not available and healthy, the backup fails.
226 NetBackup for Exchange support Exchange LCR/CCR support
Backup the active copy
This option backs up the active copy of the VSS writer.
7 8
Click OK. Create a snapshot backup policy for the storage groups you want to back up. See the instructions in the Using NetBackup for Exchange Server with Snapshot Client chapter of the NetBackup for Microsoft Exchange Administrators Guide. Note: Instant recovery and off-host backups cannot be used with a replication backup.
Recovering an Exchange 2007 Local Continuous Replication (LCR) environment

Follow these steps when you recover a storage group with LCR enabled. Most of the following powershell commands are now available in the Exchange Management Console with Exchange 2007 SP1. Refer to Managing Local Continuous Replication for more information: http://technet.microsoft.com/en-us/library/aa998823.aspx
Issue the powershell command Suspend-StorageGroupCopy for a storage group before you restore that storage group. Perform a database restore, as described in the NetBackup for Microsoft Exchange Administrators Guide. You may need to re-seed the copy before you resume the copy. Do the following:
Remove the database files, all log files and checkpoint files from the copy location. (If you use the Exchange Management Console, you will be prompted to perform this step.)
Issue the powershell command Update-StorageGroupCopy. See How to Seed a Local Continuous Replication Copy for more information: http://technet.microsoft.com/en-us/library/aa995973.aspx
Issue the powershell command Resume-StorageGroupCopy to properly resume the copy.
NetBackup for Exchange support Exchange LCR/CCR support
227
Recovery of an Exchange 2007 Clustered Continuous Replication (CCR) environment

Follow these steps when you recover a storage group with CCR enabled. Most of the following powershell commands are now available in the Exchange Management Console with Exchange 2007 SP1. See Managing Cluster Continuous Replication for more information: http://technet.microsoft.com/en-us/library/aa997676.aspx
The NetBackup Client Service must be run as a domain administrator or equivalent user on each node. Otherwise, NetBackup is not properly authorized to perform dismounts or restores. Note: A restore can only be directed to the active node.
Issue the powershell command Suspend-StorageGroupCopy for a storage group before you restore that storage group. Perform a database restore, as described in the NetBackup for Microsoft Exchange Administrators Guide. You may need to re-seed the cluster copy before you resume the copy. Do the following:
Remove the database files, all log files and checkpoint files from the passive node. (If you use the Exchange Management Console, you will be prompted to perform this step.)
From the passive node, issue the powershell command Update-StorageGroupCopy. See How to Seed a Cluster Continuous Replication Copy for more information: http://technet.microsoft.com/en-us/library/bb124706.aspx
Issue the powershell command Resume-StorageGroupCopy to properly resume the cluster copy.
Troubleshooting LCR or CCR recovery

If you do not perform a full backup of the active instance after you restore the database, Exchange may report an error similar to the following:
Event Event Event Event Type: Error Source: MSExchangeRepl Category:Service ID: 2059
228 NetBackup for Exchange support Requirements for redirected restores of Exchange 2003 or 2007 legacy (non VSS) backups to an RSG
Requirements for redirected restores of Exchange 2003 or 2007 legacy (non VSS) backups to an RSG
The following requirements exist to redirect restores of Exchange 2003 or 2007 legacy (non VSS) backups to an RSG:

The RSG must exist (and be dismounted) on an Exchange server. If the RSG exists on the local server, leave the destination client the same as the source client. If the RSG exists on a different server, change the destination client to the Exchange server that holds the RSG. The destination path does not need to be changed even though the RSG is a different name than the original storage group. The ESE engine automatically redirects the restore to the proper location. However, you can change the destination path to the RSG name if wanted. You can restore individual databases or the entire storage group to the RSG.
Requirements for redirected restores of Exchange 2003 VSS backup images

The following requirements exist to redirect restores of Exchange 2003 VSS backups to an RSG:

You cannot restore to an RSG in this Exchange release. You cannot redirect to a different storage group in this Exchange release. If you want to redirect to a storage group on another server, the storage group and database must be identical. The path(s) of the storage group also must be identical to the original storage group.
About redirecting restores of Exchange 2007 VSS backup images

NetBackup 6.5.2 includes a new option to redirect a restore of Exchange 2007 VSS backups to an RSG. See Redirecting the restore of a VSS backup to the Exchange 2007 recovery storage group (RSG) on page 230. The following requirements exist to redirect restores of Exchange 2007 VSS backups to an RSG:
NetBackup for Exchange support About redirecting restores of Exchange 2007 VSS backup images
229
If you want to restore to an RSG, the RSG must already exist (and be dismounted) on an Exchange server. If you want to restore to another storage group, that storage group must contain databases and those databases must have the same names as the those in the original storage group. If you want to restore to a storage group or an RSG on the local server, leave the destination client the same as the source client. If you want to restore to a storage group or an RSG on a different server, change the destination client to the Exchange server that holds that storage group or RSG. If you want to restore to an RSG, select the new restore option Redirect restore to Recovery Storage Group. This option automatically determines the RSGs name on the target system. See Redirecting the restore of a VSS backup to the Exchange 2007 recovery storage group (RSG) on page 230. You can also change the destination path to the RSG name if desired. Unlike legacy restores, the ESE engine does not automatically redirect a storage group restore to its RSG, if it exists. If a storage group contains more than one database, you must restore one database at a time. Select one database for each restore request (and the logs object) and redirect the restore to the target storage group. If you want to restore individual databases, you must restore any additional incremental backup images after the full image. To restore an incremental backup, select the entire storage group from the incremental image(s). NetBackup supports a redirected restore from any type of VSS backup. This includes: local VSS snapshot backups, off-host VSS backups, and Instant Recovery backups (using the copy-back mechanism). If you attempt to restore a VSS backup from a multiplexed tape and you selected a single database from a storage group that contains multiple databases, the restore may fail. In this case, restore the entire storage group instead. This issue will be fixed in a future release. If you want to restore a storage group from an Exchange 2007 VSS image, the restore may fail if an Exxrestore.env file exists in the storage group path. This temporary Exchange file can be left from a previously failed restore. Remove this file manually before you attempt another restore.
230 NetBackup for Exchange support About redirecting restores of Exchange 2007 VSS backup images
Redirecting the restore of a VSS backup to the Exchange 2007 recovery storage group (RSG)
This procedure describes how to restore a VSS backup of a storage group to the Exchange 2007 recovery storage group (RSG). Review the requirements for this type of back before you attempt this type of backup. See Redirecting the restore of a VSS backup to the Exchange 2007 recovery storage group (RSG) on page 230. Note: A restore of Exchange Server files always overwrites any existing files. For example, if Pub.edb already exists on the target machine, it is replaced with the copy from the backup. To redirect the restore of a VSS backup to the Exchange 2007 recovery storage group (RSG) 1 2 3 4 5 6 Log on as Administrator. Create the Recovery Storage Group on an Exchange server and do not mount it. Open the Backup, Archive, and Restore interface. Choose File > Select Files and Folders to Restore > from Normal Backup. Select the Exchange policy type (choose File > Specify NetBackup Machines and Policy Type). From the NetBackup History pane, select the image(s) containing the objects you want to restore.

the last full backup, or the last full backup and all subsequent differential backups, or
the last full backup and the last cumulative backup Additional requirements exist for a restore of individual databases. See About redirecting restores of Exchange 2007 VSS backup images on page 228. 7 8 In the All Folders pane, select the storage group you want to restore. Expand the Microsoft Information Store node and select the storage group to restore. A full backup of an Exchange database includes the database transaction log files. When you restore a database, you must also restore the transaction log files. Select Actions > Restore.
NetBackup for Exchange support Instant recovery for Exchange on Windows VSS
231
10 Select Redirect to Recovery Storage Group (RSG). 11 Choose your other restore options. 12 If you want to restore the backups individually, you must select the Commit after last backup set is restored and Mount database after restore options when you restore the LAST incremental backup set. 13 Click Start Restore. 14 If you chose to restore storage groups and you did not select Mount database after restore (after the restore), be sure to mount the storage group databases that were restored.
Instant recovery for Exchange on Windows VSS

This topic supplements the information on instant recovery in the NetBackup 6.5 for Microsoft Exchange Administrators Guide.
Policy recommendations
Create the following policies when you use instant recovery:
Create a policy with Retain snapshots for Instant Recovery enabled.
In the Snapshot Client Options, set Maximum Snapshots to a small number. For fast temporary backups, create a Full Backup schedule and select the Instant Recovery option Snapshots only.
Do not rely on a snapshot-only backup for Disaster Recovery. If you create a snapshots-only schedule, also do one of the following:
Create other schedules that perform snapshot backups to a storage unit. (Use the instant recovery option Snapshots and copy snapshots to a storage unit.) Create a snapshot policy with the instant recovery enabled and with the option Snapshots and copy snapshots to a storage unit selected. Create a snapshot policy, without instant recovery enabled.
Configuration requirements for Exchange

A special requirement exists when you want to use instant recovery (IR) with the Microsoft System Provider. In this case, Symantec recommends when you create the policy that you only include storage groups whose databases are on a common volume. If you have a an IR policy that backs up databases on multiple volumes and you perform a restore that rolls back a subset of those volumes,
232 NetBackup for Exchange support Instant recovery for Exchange on Windows VSS
NetBackup deletes the other snapshots. In this case you lose the IR capability of the backup for the other volumes that you did not roll back. If you use instant recovery with the Microsoft System Provider and you select a set of storage groups that spans multiple volumes, NetBackup creates a backup set with one snapshot for each volume. On a subsequent backup, if any of the snapshots are rolled back, then all of the snapshots in that set are deleted. (With SFW or the hardware system provider, the rolled back snapshots are re-snapped so that the snapshot set remains complete.) This is a normal operating situation that typically occurs when you do a roll-forward restore of a storage group whose database and log folders are on separate volumes. The database volume normally is rolled back but the log volume is copied back. This action preserves the logs that were created since the backup. NetBackup then deletes the log snapshot and removes the IR copy of the backup image from the catalog. The storage unit copy of the backup, if one exists, remains.
Limitations
The following limitations exist for instant recovery operations:
NetBackup can only restore instant recovery backups performed with NetBackup 6.5.2 or later. Instant recovery does not support off-host backups.
Operational notes
Review the following notes before you perform instant recovery operations:
When using SFW to make your Exchange IR snapshots, use Veritas Enterprise Administrator (VEA) rather than vshadow or vssadmin to view and manage your snapshots. SFW resnaps a volume after a rollback restore, but the Microsoft utilities are not aware of the new snapshot. They falsely report that the snapshot does not exist. When you restore an instant recovery backup in a cluster environment, the same node must be active as when the backup was created.
Copy-back instant recovery restore method

The copy -back restore method is used in the following situations:
If the system provider is used and the snapshot selected for restore is not the most recent snapshot. If there are other files on the volume that would be lost.
NetBackup for Exchange support Off-host backups
233
If all the files on the snapshot are not selected for restore. If you select Roll-Forward Recovery (in the Restore Marked Files dialog box). A Roll-Forward recovery needs the log files that were created since the backup. A rollback can not be performed since it removes those log files.
Troubleshooting
An additional log exists that you can use to troubleshoot backups and restores. install_path\NetBackup\logs\beds You can create this directory manually or run install_path\NetBackup\logs\mklogdir.bat.
Off-host backups
Note the following requirements and operational notes for off-host backups:
VxVm 5.0 or later is required for Exchange 2007 off-host backups using SFW. To successfully perform backups using the VSS Provider for VxVM 5.0, you must apply two hotfixes.
For Exchange 2003 and Exchange 2007, you must apply the following hotfix on all systems where a Snapshot Client backup occurs. The hotfix can be obtained by calling Symantec Support. This hotfix will also be included in the SFW/SFW-HA 5.0 MP1 release. See the following TechNote for more information. http://entsupport.symantec.com/docs/295112 Note: This information has changed since NetBackup 6.5.1.
If you have Exchange 2007 and use the VSS off-host method, you must also apply the following hotfix. http://entsupport.symantec.com/docs/292544
Off-host backups with SFW require that you backup only one VxVM disk group at a time. Initiating an off-host snapshot backup from the NetBackup Client GUI or the bpbackup command When you use the NetBackup Client GUI or the bpbackup command to initiate an Exchange off-host alternate client backup or a backup of the passive node of a CCR cluster, the backup will fail. Instead, use the NetBackup Administration Console to initiate a manual backup for that Exchange policy. See the Testing Configurations Settings section in the
234 NetBackup for Exchange support Other operational notes
NetBackup for Exchange System Administrators Guide for instructions regarding a manual backup operation. This functionality will be supported in a future release.
Other operational notes

Review the following information before you perform Exchange backup and restore operations:
Concurrent restore of multiple storage groups When you use multiple backup streams, for example, one stream for each storage group, only the last storage group restored from the last restore job is properly mounted. Recovery of the remaining storage groups is not complete. Take one of these corrective actions:
If you are restoring from a snapshot backup, simply mount the unmounted storage groups. If you are restoring from a legacy (non-snapshot) backup, restore the logs from the last backup set for each storage group individually. To avoid these steps, you can also restore the storage groups individually in separate restore operations.
Chapter
NetBackup for Microsoft SQL Server updates

This topic provides additional details for new NetBackup for Microsoft SQL Server features.
SQL Server file-based checkpoint/restart

File checkpointing
Use file checkpointing if you need to perform a large backup and want to save completed work in case the operation fails before it completes. When file checkpointing is enabled, the database or filegroup is divided into file sets that are backed up as separate units. The following batchfile command initiates file checkpointing: MAXRESTARTS integer The backup operation is split into the number of operations specified by the integer value, unless the total number of files comprising the database or filegroup operation is less than that value. In this case, the number of separate operations is the number of files. File checkpointing is available for databases and filegroups that are backed up as streams or with the snapshot option. However, the following restrictions exist:

The backup object must contain at least two files. The recovery model of the database cannot be simple. If the IR snapshot backup method is selected and you select the resume option Save work and restart at point of failure, the resume option is ignored.
236 NetBackup for Microsoft SQL Server updates SQL Server file-based checkpoint/restart
The batch file that you use for a file checkpoint backup can specify only one database or filegroup. You cannot use the 'backup database $ALL option.
When you use file checkpointing for backing up a full database, NetBackup for SQL Server automatically splits the database into file set components. Recovering the database from components requires a restore of the transaction log. NetBackup for SQL Server automatically includes a backup log directive in the generated batch file when you choose file checkpointing from the backup dialog box.
Using automatic retries with file checkpointing

Retry may also be used in conjunction with file checkpoints. You can create the batch file so that any parts of the operation that fail are written to a new batch file that can be launched either automatically or manually. See File checkpointing on page 235. You can easily enable file checkpointing with automatic retry in the backup dialog in the NetBackup for SQL Server graphical user interface. Simply select a single database (or filegroup), then from the Resume options for this selection list, choose Save work and restart at point of failure. This creates a batch file that contains the following scripting:
MAXRESTARTSETS 32 RESTARTWAITSECONDS 60 NUMRESTARTS 1
MAXRESTARTSETS 32 means that up to 32 pieces are backed up independently. The next two keywords are synonymous with the following:
RETRYWAITSECONDS 60 NUMRETRIES 1
These keywords indicates two things: first, that an automatic retry is launched after 60 seconds for all of the pieces that failed to get backed up on the first time. Second, the restart is attempted only one time. You can manually change either of these parameters. In addition, you can choose to not have the retry script automatically launched. Replace the NUMRETRIES command with RETRYTYPE MANUAL.
NUMRETRIES 1 with RETRYTYPE MANUAL
When manual retry is enabled, the generated batch file for the components that were unsuccessfully backed up is written to the following folder:
NB_INSTALL\dbext\mssql\retry
NetBackup for Microsoft SQL Server updates SQL Server file-based checkpoint/restart
237
Resume options
The option Retry failed backups has been replaced with Resume options for this selection. The values for this option are as follows:

Do not resume unsuccessful backups Retry from the beginning Restart failed backups after waiting 60 seconds. Save work and restart at point of failure Divide the backup into multiple streams and back up separately. Any streams that fail are restarted after 60 seconds. This option is available when the following conditions have been met:

Exactly one object has been selected, The object that is selected for backup is a database or filegroup and the backup type is full, The SQL Server object uses the full or bulk-logged recovery method.
New batchfile keywords
Several keywords have been renamed. The old keyword names can also be used in batchfiles.

NUMRETRIES has been renamed NUMRESTARTS. RETRYTYPE has been renamed RESTARTTYPE. RETRYWAITSECONDS has been renamed RESTARTWAITSECONDS.
There is a new batchfile keyword: MAXRESTARTSETS Value: integer Required: No Default: none Use MAXRESTARTSETS to enable file checkpointing. The valid range is 2 to 32. This parameter specifies the number of separate streams into which the backup request is sub-divided.
238 NetBackup for Microsoft SQL Server updates SQL Server file-based checkpoint/restart
Chapter
10
Storage Lifecycle Policy destination configuration changes

The 6.5.2 NetBackup release introduces several configuration changes for storage lifecycle policy storage destinations. The changes appear in the Storage Destination dialog box (Figure 10-1) as follows:
The new Snapshot destination type is available when the Snapshot Client option is installed. For more information, see Configuring a lifecycle policy for snapshots on page 98. The Alternate read server selection is available for duplication destinations only. For more information, see Alternate Read Server option enabled only for duplication destinations on page 240. The Preserve multiplexing option is available to preserve multiplexing for tape-to-tape duplication within a storage lifecycle. For more information, see Duplicating multiplexed backups with the Preserve multiplexing option on page 241.
240 Storage Lifecycle Policy destination configuration changes Alternate Read Server option enabled only for duplication destinations
Figure 10-1
Changes in Storage Destination dialog box
New Snapshot destination type
Expire after duplication now available for Duplication destination type Alternate read server selection available to duplication destinations only Preserve multiplexing available for multiplexed source images
Alternate Read Server option enabled only for duplication destinations

In this release, the Alternate read server option is available for selection only when configuring duplication destinations. This option lets the administrator specify the media server to use to connect to the duplication destination. For example, consider that a source backup is in a SharedDisk disk pool that contains three media servers. Each media server is connected to a separate tape library. The administrator can specify one of the media servers in the SharedDisk pool to read the image.
Considerations for upgrading

In 6.5, the Alternate read server option was available for backup storage destinations only. Upon upgrade to 6.5.2, if the Alternate read server option is enabled for a backup destination, the Alternate read server option becomes disabled with no server selected. To indicate an alternate read server, the administrator must edit the lifecycle by selecting a duplication destination and indicate an alternate read server.
Storage Lifecycle Policy destination configuration changes Duplicating multiplexed backups with the Preserve multiplexing option
241
Duplicating multiplexed backups with the Preserve multiplexing option

The new Preserve multiplexing option is available to preserve multiplexing for tape-to-tape duplication within a storage lifecycle. The source backups must be multiplexed on tape for this option to have an effect. If Preserve multiplexing is not enabled, the backup copies are de-multiplexed before they are copied. If the duplication writes to disk, the Preserve multiplexing option is ignored.
Best practices for duplicating multiplexed backups

The Preserve multiplexing option works as intended when lifecycle duplication is turned off during the backup window. If duplication is not suspended, the behavior and results will be unpredictable as they will be subject to a number of conflicting demands of backup and duplication operations. To turn off lifecycle duplication, use the nbstlutil command. The command can deactivate individual storage lifecycle policies, preventing duplications from occurring. For example, the following command can be included in scheduled scripts to prevent storage lifecycle policy GOLD_SPL from duplicating backups: nbstlutil inactive -lifecycle GOLD_SLP After this command issues, no duplication operations occur for the GOLD_SLP policy until the following command is issued: nbstlutil active -lifecycle GOLD_SLP Note the following items when using nbstlutil:
Setting the storage lifecycle policy to inactive does not stop duplications that are already in progress. Setting the storage lifecycle policy to inactive does not prevent backups from using lifecycle. The inactive setting only prevents duplication of the original backups from occurring. A nbstlutil status change is persistent. Issue the corresponding command to clear a particular status setting.
242 Storage Lifecycle Policy destination configuration changes nbstl command changes
nbstl command changes

The NetBackup storage lifecycle utility command (nbstl) gives administrators the ability to create, modify, and delete storage lifecycle policies. The nbstl command contains the following operations and options in 6.5.2:
nbstl [storage_lifecycle_name] [-v] [-M master_server] -L | -l nbstl storage_lifecycle_name [-v] [-M master_servpwer] -delete nbstl storage_lifecycle_name [-add | -modify] [-v] [-M master_server] [-dc data_classification] [-dp duplication_priority] [-uf used_for1[,used_for2,..used_forn] [-residence storage_unit1[,storage_unit2,..storage_unitn]] [-pool volume_pool1[,volume_pool2,..volume_pooln]] [-server_group host1[,host2,..hostn]] [-managed m1[,m2,..mn]] [-rl retention_level1[,retention_level2,..retention_leveln]] [-as alt_read_server1[,alt_read_server2,..alt_read_servern]]
New value for as parameter

An alternate read server can no longer be indicated for backup and snapshot destinations. (See Alternate Read Server option enabled only for duplication destinations on page 240.) Therefore, when using nbstl -as command to change the alternate server parameter for a destination in a lifecycle, use the new __NA__ value to represent backup and snapshot destinations. Note: Use double underscores before and after NA. Consider the following command example:
nbstl -modify -M testcycle -as __NA__, server2, server3, __NA__
This command example indicates the following changes for storage lifecycle policy testcycle:
Destination 1 in the lifecycle policy is a backup destination. __NA__ indicates that an alternate read server is not applicable for the destination. Destination 2 is a duplication destination and uses server2 as the alternate read server. Destination 3 is a duplication destination and uses server3 as the alternate read server.
Storage Lifecycle Policy destination configuration changes nbstl command changes
243
Destination 4 in the lifecycle policy is either a backup or a snapshot destination. __NA__ indicates that an alternate read server is not applicable for the destination.
244 Storage Lifecycle Policy destination configuration changes nbstl command changes
Chapter
11
AdvancedDisk storage option updates

This AdvancedDisk documentation supersedes the AdvancedDisk documentation in the 6.5 versions of the following:

NetBackup Administrators Guide for UNIX and Linux NetBackup Administrators Guide for Windows New in NetBackup 6.5.2 on page 245 Introduction on page 246 File system requirements on page 247 Installing AdvancedDisk on page 247 Configuring AdvancedDisk on page 249 Managing AdvancedDisk on page 258 Troubleshooting AdvancedDisk on page 270
This section contains the following topics:

New in NetBackup 6.5.2

With this release, the AdvancedDisk feature now supports the following:
Storage access by more than one media server. Previously, only one media server accessed the storage. Specification of preferred or required media servers for restore and duplication operations. For AdvancedDisk, this new capability replaces the FORCE_RESTORE_MEDIA_SERVER option. This capability provides the following benefits:
246 AdvancedDisk storage option updates Introduction
Offloads the workload of restores from the servers that perform the backups. Directs the duplication traffic to specific storage servers.
See Configuring AdvancedDisk storage servers on page 249.
Introduction
The NetBackup AdvancedDisk storage option lets you use the disk storage that is attached to a NetBackup media server. (Attached means a file system mount on the storage.) NetBackup aggregates the disks into pools of storage you can use for backups. NetBackup manages the storage as logical entities (disk pools). Figure 11-1 shows media servers and network mounted disks. Figure 11-1 AdvancedDisk media servers and disks
Network file system mounts
Disk volumes
NetBackup media servers
The NetBackup AdvancedDisk storage option provides the following benefits:
The option is easy to deploy and use. NetBackup discovers the storage and uses familiar NetBackup storage units and backup policies to use the storage. Allows multiple file systems to be used in a single storage unit. Storage unit capacity can be increased by adding disks. Only add what you need when you need it. After you add disks, update the NetBackup disk pools. Logical units of storage span physical boundaries, so you do not have to create new NetBackup storage units or change the backup policies. Reduces the amount of administrator attention. Policies distribute job load and manage capacity so that jobs do not fail when disk space is unavailable.
AdvancedDisk storage option updates File system requirements
247
File system requirements

AdvancedDisk can read and write any nonshared file system that NetBackup supports. However, certain operating system or file system requirements or limitations may apply. The following subsections describe known requirements and limitations. Other limitations that depend on your operating system may exist. Disk pool configuration may affect how you configure your file systems. See Configuring an AdvancedDisk disk pool on page 252.
NFS file system requirements

The following are the requirements for the NFS file system:
You must use manual mount points. Automatic mount and unmount can change mount points, which may cause disk resources to be unavailable. The NFS server that exports the mount points must be configured to allow root access to the file systems.
If you specify more than one storage server, the following must apply for the file systems of the disk volumes:
Each media server must mount the file systems of all the disk volumes within a disk pool. The mount points must be the same on each media server. NetBackup does not validate mount points, so you must ensure that the mount points are the same for each media server. You also must ensure that the mount points are valid.
Windows CIFS not supported

On Windows, networked mapped devices are not visible to Windows services, and AdvancedDisk cannot discover Common Internet File System disk volumes. Therefore, AdvancedDisk does not support the Common Internet File System.
Installing AdvancedDisk
No special installation is required for the NetBackup components of AdvancedDisk. However, You must activate the feature by entering the Flexible Disk Option license key on the NetBackup master server. To enable access by more than one media server, do the following:
248 AdvancedDisk storage option updates Installing AdvancedDisk
Upgrade the NetBackup master server and the NetBackup EMM server to NetBackup 6.5.2. (Normally, the master server and the EMM server are on the same computer.) To enable NetBackup Administration Console support on media servers, upgrade the media servers that are used for AdvancedDisk operations to NetBackup 6.5.2. You do not have to upgrade the media servers. You can configure and manage multiple storage servers as follows:
Run the Administration Console and the Disk Pool configuration wizard on the master server. GUI support for multiple AdvancedDisk storage servers is included with the 6.5.2 software on the master server. Also, you can start the Administration Console on the master server and then change servers to a media server. Upgrade a media server if you want to start the Administration Console on that media server. You can use that instance of the Administration Console to configure and manage that media server. Use NetBackup commands to configure and manage multiple AdvancedDisk media servers. NetBackup 6.5 and later commands support multiple AdvancedDisk media servers.
To use preferred or required servers for restore or duplication, do the following:
Upgrade the NetBackup master server and the NetBackup EMM server to NetBackup 6.5.2. (Normally, the master server and the EMM server are on the same computer.) To enable command line support on media servers, upgrade the media servers that are used for AdvancedDisk operations to NetBackup 6.5.2. However, you do not have to upgrade the media servers. Instead, you can configure and manage the restore and duplication storage servers by invoking the commands on the master server.
In NetBackup 6.5.2, you must use NetBackup commands to configure and manage storage server attributes. You may have one license key that activates NetBackup and all of your add-on products. Alternatively, you may have a separate license key for NetBackup and for each add-on product such as AdvancedDisk. If you remove the Flexible Disk Option license key or if it expires, the following restrictions apply:
You cannot create the disk pools or the storage units that reference AdvancedDisk disk pools.
AdvancedDisk storage option updates Configuring AdvancedDisk
249
The NetBackup jobs that try to use the disk pools or the storage units that are based on disk pools fail. The error message indicates that the feature is not licensed.
NetBackup does not delete the disk pools or the storage units that reference the disk pools. You can use them again if you enter a valid license key.
Configuring AdvancedDisk
To configure AdvancedDisk, do the following in order:

Configuring AdvancedDisk storage servers on page 249 Configuring an AdvancedDisk disk pool on page 252 Creating a storage unit on page 254 Creating a backup policy on page 257 Restores on page 258
After you configure a storage unit, you can create the NetBackup policies that you use the storage unit as the destination for backups.
Configuring AdvancedDisk storage servers

A storage server is a logical entity that reads or writes data on disk storage. It has a mount on the file system on the storage. NetBackup media servers function as storage servers. You must configure as storage servers the NetBackup media servers that have read and write access to the storage. (When you configure a storage server, it also is configured as a data mover, which is a logical entity that moves backup data. For AdvancedDisk, NetBackup media servers function as both storage servers and data movers. Data moves from primary storage (a NetBackup client) to secondary storage during backups. Data also can move from secondary storage to tertiary storage during duplication and to primary storage during restores.) If you configure multiple storage servers, be aware of the following:
To obtain a consolidated list of disk volumes, NetBackup queries every storage server. For large sets of storage servers, queries may affect performance. Disk volume status is monitored on a single media server. Which server monitors the status can change. Therefore, a change in disk volume availability on one media server may not be reflected in the disk volume status NetBackup ports.
For restores and duplications, you can specify the following storage server attributes:
250 AdvancedDisk storage option updates Configuring AdvancedDisk
Preferred restore server Required restore server Required duplication server
For AdvancedDisk, you can use these storage server attributes rather than the FORCE_RESTORE_MEDIA_SERVER option. For information about the FORCE_RESTORE_MEDIA_SERVER option, see the NetBackup Administrators Guide, Volume I. If you do not specify these attributes, NetBackup uses normal criteria to select a media server for restore or duplication. (That is, if you configure more than one storage server.) Storage servers are associated with a disk pool when you create a disk pool. To determine if a media server is configured as a storage server already
Run the following command on the NetBackup master server:

nbdevquery -liststs
The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd The command lists all storage servers already configured. By default, NetBackup configures all media servers as BasicDisk storage servers. Therefore, all media servers in your environment appear as BasicDisk servers, as in the following example:
nbdevquery -liststs V6.5 tree.symantecs.org BasicDisk 5 V6.5 flower.symantecs.org BasicDisk 5 V6.5 water.symantecs.org BasicDisk 5
If the media server does not appear in the command output as an AdvancedDisk storage server, configure the media server as a storage server. To configure an AdvancedDisk storage server in NetBackup
Run the following command on the NetBackup master server or the media server:
nbdevconfig -creatests -storage_server storage_server -stype AdvancedDisk [-st storage_type] -media_server media_server [-setattribute attribute]
The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd
251
The following are the options and arguments:
-storage_server storage_server is the name of the NetBackup media server that has a file system mount on the storage. -stype AdvancedDisk value specifies the storage server type. -st storage_type is a numeric value that specifies the server properties. For AdvancedDisk, the default is 5 (direct attached, formatted disk). Required only if you want to use a value other than the default. The value is obtained by adding together the numeric values of the following properties: 1 - formatted disk. The disk is formatted as part of the vendor-specific preparation; NetBackup does not format the disk. 2 - raw disk. The disk is not formatted; NetBackup formats the disk. 4 - direct attached. Direct attached means that the storage server and media server are the same NetBackup host. 8 - network attached. Network attached means that the storage server is physically distinct from the NetBackup media server. It does not imply LAN data movement; it precludes Fibre Channel as the transport for data movement. Whether the disk is formatted and how it is attached are mutually exclusive and complementary. -media_server media_server is the name of the NetBackup media server that performs the operation. Use the same name as the storage server name. -setattribute attribute is an attribute to apply to the storage server for the read side of restore or duplication operations. These attributes can help you manage the restore and duplication traffic. You can specify more than one -setattribute attribute pair on the command line. The following are the attributes:
PrefRestore. The storage server is preferred for the read side of restore operations. More than one storage server can have the PrefRestore attribute. Storage servers that are marked as PrefRestore are considered for use first. If none are available, any unmarked storage server is considered for use. Normal NetBackup load balancing occurs among all storage servers marked PrefRestore. ReqRestore. The storage server is required for the read side of restore operations. More than one storage server can have the ReqRestore attribute.
If a ReqRestore server is not available, NetBackup considers PrefRestore servers for use. If none are available, jobs queue until a ReqRestore or PrefRestore is available. If you configure ReqRestore servers but not PrefRestore servers, unmarked storage servers are never considered for restore jobs. Jobs queue until a ReqRestore storage server is available to execute the job. Normal NetBackup rules for job retry apply. Normal NetBackup load balancing occurs for all storage servers marked ReqRestore. Load balancing does not occur between the ReqRestore and PrefRestore storage servers.
ReqDuplicate. The storage server is required for the read side of duplication operations. More than one storage server can have the ReqDuplicate attribute. If any storage server is marked as ReqDuplicate, only storage servers that are marked as ReqDuplicate are considered for use. If a ReqDuplicate server is unavailable, jobs queue until a ReqDuplicate server is available to execute the job. Normal NetBackup rules for job retry apply. ReqDuplicate also applies to storage server allocation for synthetic backup operations.
Note: Only the media servers that are configured in the storage unit are considered for jobs. Therefore, if you select a subset of the disk pool storage servers in a storage unit, it may affect the servers that NetBackup can select. You can remove the attributes you place on a storage server. See Removing storage server attributes on page 265. Storage unit usage recommendations to manage traffic are available. See Managing backup, restore, and duplication traffic on page 256.
Configuring an AdvancedDisk disk pool

An AdvancedDisk disk pool represents disk volumes in the underlying disk storage. NetBackup aggregates the disk volumes into pools of storage you can use for backups. Note: Symantec recommends that you do not span backup images across volumes in an AdvancedDisk disk pool. File system full conditions cannot be detected adequately. Therefore, each disk pool should be comprised of only one volume.
253
Figure 11-2 shows a disk pool configuration. Figure 11-2 AdvancedDisk disk pools
AdvDiskPool _Gold
vol1
Disk volumes AdvDiskPool _Silver
vol2 vol3
AdvDiskPool _Bronze
A disk pool is the storage destination of a NetBackup storage unit. NetBackup assumes exclusive ownership of the disk resources that comprise the disk pool. If you share those resources with other users, NetBackup cannot manage disk pool capacity or storage lifecycle policies correctly. When you create a disk pool, you specify the following:
The storage servers. When you specify the storage servers, you associate them with the disk pool. Only those storage servers can access the disk pool. The disk volumes to include in the pool. The disk pool properties. Properties include the name, the high water mark, the low water mark, and a comment that describes the disk pool. Symantec recommends that disk pool names be unique across your enterprise. See Disk pool properties on page 259.
When NetBackup sends backup data to a disk pool, NetBackup uses available capacity and predicted backup size to select the disk volumes. NetBackup tries to write backup data to a single volume. If necessary, backup images span disk volumes in a disk pool. Backup images do not span across multiple disk pools. You must first configure the media servers as storage servers. See Configuring AdvancedDisk storage servers on page 249. To create an AdvancedDisk disk pool 1 2 In the NetBackup Administration Console tree, select Media and Device Management. From the list of wizards in the Details pane, click Configure Disk Pool and follow the wizard instructions.
NetBackup does not filter out common file system mount points, such as / and /usr. Therefore, carefully choose the volumes to include in a disk pool. For help, see the wizard help.
Creating a storage unit

Create one or more storage units that reference the disk pool. The Disk Pool Configuration Wizard lets you create a storage unit; therefore, you may have created a storage unit when you created a disk pool. To determine if storage units exist for the disk pool, see the NetBackup Management > Storage > Storage Units window of the Administration Console. Storage unit usage recommendations are available. See Storage unit usage recommendations on page 256. To create a storage unit from the Actions menu 1 2 3 In the NetBackup Administration Console, select NetBackup Management > Storage > Storage Units. Click Actions > New > Storage Unit. Complete the fields in the New Storage Unit dialog box.
Storage unit properties

The following are the configuration options for a disk pool storage unit.
Storage unit name

Enter a unique storage unit name for the new storage unit. The name can describe the type of storage. The storage unit name is the name used to specify a storage unit for policies and schedules. The storage unit name cannot be changed after creation.
Storage unit type

Select Disk as the storage unit type.
Disk type
Select AdvancedDisk.
Disk pool
Select the disk pool that contains the storage for this storage unit. All disk pools of the specified Disk type appear in the Disk pool list. If no disk pools are configured, no disk pools appear in the list.
255
Media server
The Media server setting specifies the NetBackup media servers to use for the storage unit. Only the NetBackup media servers that are associated with the disk pool appear in the media server list. Specify the media server or servers as follows:
To allow any server in the media server list to access the storage server (default), select Use any available media server. To restrict the media servers that can function as data movers for this storage unit, select Only use the following media servers. Then, select the media servers to allow.
NetBackup selects the media server to use when the policy runs.
Maximum fragment size

Specify the largest fragment size that NetBackup can create to store backups. The default maximum fragment size for a disk storage unit is 524,287 megabytes. To specify a maximum fragment size other than the default, enter a value from 20 megabytes to 524,287 megabytes. Backups to disk are usually fragmented to ensure that the backup does not exceed the maximum size that the file system allows. If an error occurs in a backup, the entire backup is discarded. The backup restarts from the beginning, not from the fragment where the error occurred. (An exception is for backups for which checkpoint and restart is enabled. In that case, fragments before and including the last checkpoint are retained; the fragments after the last checkpoint are discarded.)
Maximum concurrent jobs

The Maximum concurrent jobs setting specifies the maximum number of jobs that NetBackup can send to a disk storage unit at one time. (Default: 1 job. The job count can range from 0 to 256.) This setting corresponds to the Maximum concurrent write drives setting for a Media Manager storage unit. NetBackup queues jobs until the storage unit is available. If three backup jobs are ready and Maximum concurrent jobs is set to two, the first two jobs start and the third job waits. If a job contains multiple copies, each copy applies toward the Maximum concurrent jobs count. The number to enter depends on the available disk space and the server's ability to run multiple backup processes. You can use maximum concurrent jobs to balance the load between disk storage units. A higher number of concurrent jobs means that the disk can be busier than if the number is lower.
Warning: A Maximum concurrent jobs setting of 0 disables the storage unit. For information about how NetBackup balances storage unit and media server load, see Maximum concurrent jobs in:

NetBackup Administrators Guide for UNIX and Linux, Volume I NetBackup Administrators Guide for Windows, Volume I
Storage unit usage recommendations

For usage recommendations, see the following:
Managing backup, restore, and duplication traffic

If you use multiple storage servers and one storage unit, all of the disk pool storage servers are available for any job. NetBackup selects the storage server to use based on availability and load balancing criteria. You can manage the restore and duplication traffic by using the preferred and required storage server attributes for restore and duplication. NetBackup then uses availability and load balancing criteria to select among the storage servers that are marked for restores or duplications. For restores, NetBackup may select an unmarked storage server if all of the ones that are marked for restore are unavailable. For backups, NetBackup selects a storage server from among the storage units available storage servers. To further manage traffic, you can use multiple storage units for one disk pool, as in the following example:
One storage unit and one policy for backups. When you configure the storage unit, select only the storage servers that you want to use for backups. When you configure the policy, select the backup storage unit. One storage unit and one policy for restores. When you configure the storage unit, select only the storage servers that are marked as PrefRestore and ReqRestore. When you configure the policy, select the restore storage units. If you configure both preferred and required storage servers, NetBackup never selects an unmarked storage server for a restore job. One storage unit and one policy for duplications. In the duplications storage unit, select only the storage servers that are marked as ReqDuplicate. When you configure the policy, select the duplication storage unit.
You do not have to partition the storage; all storage units use the same pool of storage. For information about how NetBackup balances storage unit and media server load, see Maximum concurrent jobs in:
257
Managing backup traffic based on importance

You can separate your backup traffic similarly and write all of the data to the same disk pool. For example, you can send the backups from your most important clients to a media server that is dedicated for the most important backups:
Define a storage unit (such as STU-CRITICAL). Select the disk pool. Select Only use the following media servers. Select one (or a subset) of the media servers. Create a backup policy for the critical clients and select the STU-CRITICAL storage unit. Define another storage unit (such as STU-NORMAL). Select the same disk pool. Select Only use the following media servers. Select a different subset of the media servers. Create a backup policy for the regular clients and select the STU-NORMAL storage unit.
Maximum concurrent job setting

You can use the multiple concurrent jobs settings on storage units to assign backup priority for important clients. For example, two storage units use the same set of media servers. One of them has a higher concurrent job setting than the other. More client backups occur for the storage unit with the higher concurrent job setting.
Creating a backup policy

Backup policies define the rules that NetBackup follows to back up clients. Use normal NetBackup processes to configure backups to AdvancedDisk storage units. That is, specify the appropriate storage unit in your backup policies. Alternatively, specify a lifecycle policy that uses an AdvancedDisk storage unit as the backup destination or duplication destination. To create a policy, see the NetBackup Administrators Guide for UNIX and Linux, Volume I or the NetBackup Administrators Guide for Windows, Volume I. Monitor backup progress To monitor backup progress, use the Detailed Status tab of the Job Details dialog box. It shows the media server that functions as the data mover between the client and the storage server.
258 AdvancedDisk storage option updates Managing AdvancedDisk
If the media server cannot start or complete the job, NetBackup retries the job after the job retry period elapses. (Configure the job retry interval by using the master server Global Attributes Job retry delay host property.) If you select more than one media server in the storage unit Media server field, NetBackup may retry the job with a different media server.
Restores
Use normal NetBackup processes to restore data from backups. To perform the restore, NetBackup chooses one of the media servers that can move data to and from the disk pool.
Managing AdvancedDisk
This section contains the following topics:

Managing disk pools on page 258 Managing storage servers on page 264 Monitoring storage capacity and usage on page 268 Viewing disk reports on page 268 Viewing NetBackup logs on page 269
Managing disk pools

The following are tasks to manage disk pools:

Changing disk pool properties on page 258 Adding volumes to an AdvancedDisk disk pool on page 260 Changing disk pool or volume state on page 261 Merging disk pools on page 262 Deleting a disk pool on page 262 Obtaining disk pool and volume status on page 263
Changing disk pool properties

You can change the high and the low water marks of a disk pool and change the comment that is associated with the disk pool.
AdvancedDisk storage option updates Managing AdvancedDisk
259
To change disk pool properties 1 2 3 4 In the NetBackup Administration Console tree, select Media and Device Management > Devices > Disk Pools. Select the disk pool you want to change in the details pane. Click Edit > Change. In the Change Disk Pool dialog box, change properties.
Disk pool properties

The following are the disk pool properties:

The disk pool name. The storage server name. For AdvancedDisk, the storage server is the same as the NetBackup media server to which the storage is attached. The disk volumes that comprise the disk pool. The total amount of space available in the disk pool. The total raw, unformatted size of the storage in the disk pool. A comment that is associated with the disk pool. The high water mark for the disk pool. (The default is 98%.) The high water mark is a threshold that indicates the storage is full. It applies to both the individual disk volumes in the pool and the disk pool, as follows:
Individual volumes. When a disk volume reaches the high water mark, NetBackup writes the data to another disk volume in the pool. Disk pool. When all volumes are at the high water mark, the disk pool is full. When a disk pool approaches the high water mark, NetBackup reduces the number of jobs that are allowed to write to the pool. NetBackup does not assign new jobs to a storage unit in which the disk pool is full.
The low water mark for the disk pool. (The default is 80%.) When the capacity of the disk pool returns to the low water mark, NetBackup again assigns jobs to the storage unit. Capacity is regained as backup images expire. The low water mark setting cannot be greater than or equal to the high water mark setting.
Adding volumes to an AdvancedDisk disk pool

You can expand a disk pools capacity by adding disk volumes to the disk pool. The names of the new volumes must differ from the names of the volumes in the current disk pool. (By default, NetBackup automatically increases disk pool capacity if the capacity of the underlying disk volumes increases. Similarly, NetBackup decreases the capacity of a disk pool if the underlying disk volume capacity decreases.) The NetBackup storage units that use the disk pool automatically use the additional storage capacity. You do not have to change the storage units. To add volumes to an AdvancedDisk disk pool 1 2 Create a disk pool from the new disk volumes on the storage server. See Configuring an AdvancedDisk disk pool on page 252. Change the state of the two disk pools to DOWN. The following is the command syntax:
nbdevconfig -changestate -stype AdvancedDisk -dp disk_pool_name -state DOWN
The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd If backup jobs are assigned to a disk pool, the state change fails. Cancel the backup jobs or wait until the jobs complete. 3 Merge the disk pools. The following is the command syntax. The primary disk pool is the one you want to retain; nbdevconfig deletes the secondary disk pool after the merge.
nbdevconfig mergedps -stype AdvancedDisk -primarydp disk_pool_name -secondarydp disk_pool_name
Change the state of the primary disk pool to UP. The following is the command syntax:
nbdevconfig\nbdevconfig -changestate -stype AdvancedDisk -dp disk_pool_name -state UP
Removing a volume from a disk pool

You can remove a volume from a disk pool. The following are the prerequisites:

NetBackup image fragments cannot exist on the disk volume. NetBackup jobs cannot be active on the disk volume.
By default, NetBackup automatically decreases disk pool capacity if you remove a disk volume.
261
To remove a volume from a disk pool 1 2 3 Change the disk volume state to DOWN. See Changing disk pool or volume state on page 261. Change the disk pool state to DOWN. See Changing disk pool or volume state on page 261. Remove the volume by using the nbdevconfig command. The following is the command syntax:
nbdevconfig -deletedv -stype AdvancedDisk -dp disk_pool_name dv vol_name
Change the disk pool state to UP. See Changing disk pool or volume state on page 261.
Changing disk pool or volume state

Pool and volume states are UP or DOWN. You can change the state of a disk pool or volume. To change the state to DOWN, the disk pool must not be busy. If backup jobs are assigned to the disk pool, the state change fails. Cancel the backup jobs or wait until the jobs complete. To change the disk pool state by using the Device Monitor 1 2 3 4 In the NetBackup Administration Console, select Media and Device Management > Device Monitor. Select the Disk Pools tab. Select the disk pool. Select either Actions > Up or Actions > Down.
To change the disk volume state 1 Determine the name of the disk volume. The following command lists all volumes in the specified disk pool:
nbdevquery -listdv -stype AdvancedDisk -dp disk_pool_name
The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd 2 Change the disk volume state; the following is the command syntax:
nbdevconfig -changestate -stype AdvancedDisk -dp disk_pool_name dv vol_name -state state
The state is either UP or DOWN.
NetBackup jobs still read from and write to a disk pool that has a downed volume, but the downed volume is unavailable.
Merging disk pools

You can merge existing disk pools. NetBackup updates the catalog records to show the correct location of the backup images in those disk pools. The following are the prerequisites:

The volumes in the two disk pools must have unique names. If storage units reference the secondary disk pool, you must delete those storage units.
To merge disk pools 1 Change the state of each disk pool to DOWN; the following is the command syntax:
The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd If backup jobs are assigned to a disk pool, the state change fails. Cancel the backup jobs or wait until the jobs complete. 2 Merge the disk pools. The following is the command syntax. The primary disk pool is the one you want to retain; nbdevconfig deletes the secondary disk pool after the merge.
nbdevconfig mergedps stype AdvancedDisk -primarydp disk_pool_name -secondarydp disk_pool_name
nbdevconfig -changestate -stype AdvancedDisk -dp disk_pool_name -state UP
Deleting a disk pool

If you delete a disk pool, NetBackup removes it from your configuration. If a disk pool is the storage destination of a storage unit, you must first delete the storage unit.
263
Warning: Do not delete a disk pool that contains unexpired NetBackup images; if you do, data loss may occur. To delete a disk pool 1 2 3 4 In the NetBackup Administration Console tree, select Media and Device Management > Devices > Disk Pools. Select a disk pool Click Edit > Delete. In the Delete Disk Pool dialog box, verify that the disk pool is the one you want to delete and then click OK.
Obtaining disk pool and volume status

Use the NetBackup nbdevquery command to obtain the status of NetBackup disk pools and volumes in those disk pools. Table 11-1 summarizes nbdevquery options for disk pools. Table 11-1 Option
-dv disk_volume
nbdevquery disk pool options Description

Used with -listdv, it shows the properties of the specified disk volume. Produces the parsable output, one line of output per disk volume with no headers. The first field indicates the version of the output as an aid to create scripts. By default, nbdevquery uses the -l option. Shows all disk pools. To show the properties of a specific disk pool, also use the -dp disk_volume option.
-l
-listdp
-listdv
Shows a summary of all disk volumes. To show the properties of a specific disk volume, also use the -dv disk_volume option.
-stype AdvancedDisk Use this option with the following two options:

With -listdp, shows all disk pools of the specified storage type. With -listdv, shows all disk pools of the specified storage type and their disk volumes.
Table 11-1 Option

-U -D

Produces an output format that is more human-readable. Produces an output format that provides more information than the -U option but is not formatted as much as the -U option.
Managing storage servers

You can do the following to manage the storage servers that exist in your environment:

Viewing storage servers on page 264 Viewing storage server attributes on page 265 Removing storage server attributes on page 265 Removing a storage server from disk pool access on page 266 Deleting a storage server on page 267 Obtaining storage server status on page 267
Viewing storage servers

To view a list of storage servers already configured, use the nbdevquery command. To view configured storage servers

nbdevquery -liststs
265
If the media server does not appear in the command output as an AdvancedDisk storage server, configure the media server as a storage server.
Viewing storage server attributes

You can view the storage server attributes. To view storage server attributes
Run the following command on the NetBackup master server or a storage server:
nbdevquery -liststs -storage_server storage_server -stype AdvancedDisk U
The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd The following is an example:
% nbdevquery -liststs AdvancedDisk U Storage Server : Storage Server Type : Storage Type : State : Flag : Flag : Flag : -storage_server advdsk_server -stype advdsk_server.symantecs.com AdvancedDisk Formatted Disk, Direct Attached UP OpenStorage FT-Transfer PrefRestore
This example output is shortened; more flags may appear in actual output.
Removing storage server attributes

You can remove the following storage server attributes:

To remove storage server attributes
Run the following command on the NetBackup master server or the storage server:
nbdevconfig -changests -storage_server storage_server -stype AdvancedDisk -clearattribute attribute
The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd
Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd The following are the options and arguments:

-storage_server storage_server is the name of the storage server. -stype AdvancedDisk specifies the storage server type. -clearattribute attribute is an attribute to remove from the storage server for restore or duplication operations. You can specify more than one -clearattribute attribute pair on the command line. The following are the attributes:
PrefRestore. The storage server is preferred for the read side of restore operations. ReqRestore. The storage server is required for the read side of restore operations. ReqDuplicate. The storage server is required for the read side of duplication operations.
Removing a storage server from disk pool access

You can remove a storage server so that it no longer can access a disk pool. If NetBackup jobs exist that use that storage server, you cannot remove it. An AdvancedDisk storage server is also a media server. Caution: If you remove the only storage server, data may be lost. NetBackup cannot access the disk pool and the backup images on the disk pool. To remove a storage server from disk pool access 1 For every storage unit that specifies the storage server (media server), clear the checkbox that specifies the media server. The Use one of the following media servers option specifies the storage servers. This step is not required if the storage unit is configured to use any available media server. If only one storage server exists, change the state of all disk pools on the array to DOWN. To do so, use the following command:
Remove the storage server. The following is the command syntax:

nbdevconfig -changedp -stype AdvancedDisk -dp disk_pool_name -del_storage_servers storage_server
267
Deleting a storage server

If you delete a storage server, NetBackup removes it from your configuration. However, the media server is not deleted from your configuration. (An AdvancedDisk storage server is also a NetBackup media server.) To delete the media server, use the NetBackup nbemmcmd command. If a disk pool is configured from the disk volumes that the storage server manages, the storage server cannot be deleted. Warning: Do not delete a storage server if its storage contains unexpired NetBackup images; if you do, data loss may occur. To delete a storage server
Use the following command:

nbdevconfig -deletests -storage_server storage_server_name -stype AdvancedDisk
The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd
Obtaining storage server status

The NetBackup nbdevquery command lets you obtain the status of storage servers. Table 11-2 summarizes the nbdevquery options for storage servers. Table 11-2 Option
-liststs -storage_server server_name -stype AdvancedDisk
nbdevquery storage server options Description

Shows all storage servers. Shows the information about the specified storage server. Must be used with the -liststs option. Use this option with the following two options:

With -liststs, shows all storage servers of the specified storage type. With -storage_server, shows all storage servers that are at the specified host.
To view and manage VxUL log files, you must use NetBackup log commands. For information about how to use and manage logs on NetBackup servers, see the NetBackup Troubleshooting Guide.
Monitoring storage capacity and usage

To monitor storage capacity and usage, see the following:

The NetBackup Disk Pool status report. The disk pools window. Display the window by selecting Media and Device Management > Devices > Disk Pools. The NetBackup License Keys dialog box. Open the dialog box by selecting Help > License Keys in the NetBackup Administration Console. Display the summary by clicking Summary of active capacity-based license features. The summary displays the storage capacity for which you are licensed and the capacity used. It does not display the amount of physical storage space.
The NetBackup Operations Manager also provides information about storage capacity and usage. For more information, see the NetBackup Operations Manager Guide.
Viewing disk reports

The NetBackup disk reports include information about the disk pools, disk storage units, disk logs, images that are stored on disk media, and storage capacity. To view disk reports 1 2 3 4 In the NetBackup Administration Console tree, expand NetBackup Management > Reports > Disk Reports. Select the name of a disk report. In the right pane, select the report settings. Click Run Report.
269
Table 11-3 shows the disk reports. Table 11-3 Report

Images on Disk
Disk reports Description

The Images on Disk report generates the image list present on the disk storage units that are connected to the media server. The report is a subset of the Images on Media report; it shows only disk-specific columns. The report provides a summary of the storage unit contents. If a disk becomes bad or if a media server crashes, this report can let you know what data is lost.
Disk Logs
The Disk Logs report displays the media errors or the informational messages that are recorded in the NetBackup error catalog. The report is a subset of the Media Logs report; it shows only disk-specific columns. The Disk Storage Unit Status report displays the state of disk storage units in the current NetBackup configuration. For disk pool capacity, see Media and Device Management > Devices > Disk Pools. Multiple storage units can point to the same disk pool. When the report query is by storage unit, the report counts the capacity of disk pool storage multiple times.
Disk Storage Unit
Disk Pool Status
The Disk Pool Status report displays the state of disk pool storage units. This report displays only when an Enterprise Disk Option license is installed.
Viewing NetBackup logs

You can monitor NetBackup disk-related activity and status by viewing the NetBackup log files. Some NetBackup commands or processes write messages to their own log files. Other processes use Veritas unified log (VxUL) files. VxUL uses a standardized name and file format for log files. An originator ID (OID) identifies the process that writes the log messages. For information about the logs, see Table 11-4.
270 AdvancedDisk storage option updates Troubleshooting AdvancedDisk
Messages that begin with an sts_ prefix relate to the interaction with the storage vendor software plug-in. Most interaction occurs on the NetBackup media servers. Table 11-4 Activity
Backups and restores
NetBackup logs VxUL OID

N/A
Processes that use the ID

Messages appear in the log files for the following processes:

bpbrm backup and restore manger bpdbm database manager bpdm disk manager bptm for I/O operations
Backups and restores Device configuration Device configuration Device configuration
117
The nbjm job manager.
111
The nbemm process.
178
The Disk Service Manager process that runs in the Enterprise Media Manager (EMM) process. The Storage Server Interface process that runs in the Remote Manager and Monitor Service. RMMS runs on media servers. If the Storage Server Interface logs indicate problems with the Veritas Frozen Image (VxFI) service, examine the VxFI log files for detailed trace information:

202
UNIX: /user/openv/netbackup/logs/bpfis Windows: install_path\VERITAS\NetBackup\logs \bpfis
Device configuration
230
The Remote Disk Service Manager interface (RDSM) that runs in the Remote Manager and Monitor Service. RMMS runs on media servers.
Troubleshooting AdvancedDisk
The following may help you troubleshoot AdvancedDisk:
Unable to access storage on page 271
AdvancedDisk storage option updates Troubleshooting AdvancedDisk
271
Multiple storage servers on Windows on page 271 Volume state changes to DOWN when volume is unmounted on page 272 Disk failure on page 272 Restore or duplication operations on page 273
Unable to access storage

If NetBackup cannot access the storage, one possible cause is that the storage server was created with the incorrect nbdevconfig storage type (-st) value. An AdvancedDisk storage server -st value is 5 (formatted disk, directly attached); values other than 5 are incorrect. To determine the storage server value
Invoke the following command on the master server or the media server that functions as the storage server:
nbdevquery -liststs -stype AdvancedDisk -U
The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd The following output shows an incorrect value for AdvancedDisk:
Storage Server : halo Storage Server Type : AdvancedDisk Storage Type : Formatted Disk, Network Attached
To resolve an incorrect storage type problem 1 2 3 4 5 Delete all disk pools that use the storage server. Delete the storage server. Reconfigure the storage server. Recreate the disk pools. If necessary, specify the new disk pools in the storage units. If you recreated the disk pools with the same names as the ones you deleted, this step is not necessary.
Multiple storage servers on Windows

AdvancedDisk does not support CIFS. If you try to configure multiple storage servers, NetBackup returns the following message:
DSM does not support to use multiple Windows Storage Servers for server type: AdvancedDisk.
Volume state changes to DOWN when volume is unmounted

If a volume becomes unmounted, NetBackup changes the volume state to DOWN. The NetBackup jobs that require that volume fail. To determine the volume state
Invoke the following command on the master server or the media server that functions as the storage server:
nbdevquery -liststs -listdv -stype AdvancedDisk -U
The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd The following output shows that a volume named /mnt/nbu is DOWN:
Disk Pool Name Disk Type Disk Volume Name Status Flag : : : : : AdvDiskPool_Bronze AdvancedDisk /mnt/nbu DOWN AdminUp
To change the volume state to UP
Mount the file system After a brief period of time, the volume state changes to UP. No further action is required.
Disk failure
If recovery mechanisms do not protect a disk that fails, the backup images on that disk are lost. Operating system read and write errors may occur for the volume that represents the disk. NetBackup cannot use that volume because of the errors, and NetBackup jobs may fail. To prevent NetBackup from trying to read from or write to the disk, you must change the volume state to DOWN in NetBackup. If the volume represents other disks that still function, those disks are not available because the volume state is DOWN. You may be able to read from the volume by mounting it manually. If so, you may be able to recover image fragments from any disks that did not fail. If you replace a failed disk, you can use the same mount point for the replacement disk. Change the volume state to UP, and NetBackup uses that volume again. Any valid backup images on that volume are available for restores.
AdvancedDisk storage option updates Troubleshooting AdvancedDisk
273
Restore or duplication operations

If you use the preferred or required restore or duplication attributes for a storage server, the following may occur:
A restore operation uses a storage server that does not have a PrefRestore or ReqRestore attribute. Reasons may be as follows:
The destination disk pool does not include a storage server with a restore or duplication attribute. A preferred or required storage server cannot be used because it is unavailable (NetBackup considers it DOWN).
A restore or duplication operation is queued. The reason may be that a preferred or required storage server cannot be used because it is unavailable (NetBackup considers it DOWN).
Chapter
12
SharedDisk storage option updates

This SharedDisk documentation supersedes the SharedDisk documentation in the 6.5 and 6.5.1 versions of the NetBackup Shared Storage Guide. This section contains the following topics:

Overview on page 275 New in NetBackup 6.5.2 on page 276 NetBackup Release Notes on page 277 Installing SharedDisk on page 277 Preparing the SAN and the array on page 278 Configuring SharedDisk on page 282 Managing SharedDisk on page 306
Overview
NetBackup SharedDisk allows multiple NetBackup media servers to share disk array storage. NetBackup aggregates the disk into pools of storage you can use for backups. NetBackup manages the storage as a logical entity (a disk pool). NetBackup SharedDisk provides the following benefits:
Deploy and use easily. NetBackup discovers the storage and uses familiar NetBackup storage units and backup policies to use the storage. Increase storage unit capacity by adding disks. Only add what you need, when you need it, and then update the NetBackup disk pools. Logical units of storage span physical boundaries, so you do not have to create new NetBackup storage units or change the backup policies.
276 SharedDisk storage option updates New in NetBackup 6.5.2
Balance load and performance. NetBackup balances backup jobs and storage usage among the media servers and disk pools. For each backup job, NetBackup chooses the least full disk volume and least used media server. nstJob failover. Media server failures do not prevent backup or restore operations. If a media server fails, backup and restore activity is routed through another media server. Data mover: An entity that moves data between the primary storage (the NetBackup client) and the storage server. In SharedDisk, NetBackup media servers function as data movers. Storage server: An entity that writes data to and reads data from disk storage. A storage server is the entity that has a mount on the file system on the storage. In SharedDisk, NetBackup media servers function as both storage servers and data movers. Disk volume: A logical unit of disk storage. Disk pool: A collection of disk volumes that are administered as an entity. Enclosure: A disk array. You can create a NetBackup disk pool from all of the storage in an enclosure or only some of the storage.
The terms that are used in SharedDisk include:

With this release, the SharedDisk feature now lets you do the following:
Specify preferred or required media servers for restore and duplication operations. This new capability replaces the FORCE_RESTORE_MEDIA_SERVER option. This capability provides the following benefits:
Offloads the workload of restores from the servers that perform the backups.
Directs the duplication traffic to specific storage servers. See Creating a storage server in NetBackup on page 289.
Use either LUN masking or SCSI persistent reserve for exclusive volume access on the storage arrays. See Configuring exclusive LUN access in NetBackup on page 284. Use either GUID Partition Table (GPT) or Master Boot Record (MBR) to format LUNs on Windows systems that support GPT. See Formatting the LUNs in a disk array on page 294.
SharedDisk storage option updates NetBackup Release Notes
277
NetBackup Release Notes

For information about supported systems and peripherals, limitations, and operational notes, see the NetBackup Release Notes.
Installing SharedDisk
No special installation is required for the SharedDisk storage option. However, you must activate the feature by entering the Flexible Disk Option license key on the NetBackup master server. To use preferred or required servers for restore or duplication, do the following:
Upgrade the NetBackup master server and the NetBackup EMM server to NetBackup 6.5.2. (Normally, the master server and the EMM server are on the same computer.) To enable command line support on media servers, upgrade the media servers that are used for SharedDisk operations to NetBackup 6.5.2. However, you do not have to upgrade the media servers. Instead, you can configure and manage the restore and duplication storage servers by invoking the commands on the master server.
In NetBackup 6.5.2, you must use NetBackup commands to configure and manage storage server attributes. You may have one license key that activates NetBackup and all of your add-on products. Alternatively, you may have a separate license key for NetBackup and for each add-on product such as SharedDisk. When you choose the systems to use for the NetBackup master and media servers, be aware of the following:
All NetBackup media servers that connect to the disk array must be the same system type (such as all Solaris). Do not include the master server or EMM server in the list of media servers that use the array. Data transfer consumes system resources and severely degrades EMM performance. (Normally, the EMM server runs on the master server, but it can run on any NetBackup media server.) You cannot create the disk pools or the storage units that use the disk pools. The NetBackup jobs that try to use the disk pools or the storage units that are based on the disk pools fail. The error message indicates that the feature is not licensed.
If you remove the Flexible Disk Option license key or if it expires:

278 SharedDisk storage option updates Preparing the SAN and the array
NetBackup does not delete the disk pools or the storage units that are based on the disk pools. You can use them if you enter a valid license key.
Preparing the SAN and the array

This section includes the following topics:

Preparing the SAN on page 278 Installing array software on media servers on page 279 Configuring the disk array on page 280 Configuring device paths on page 282 Adding LUN entries to the sd.conf file on page 282
Preparing the SAN

Before you can configure and use the SharedDisk storage option, the SAN must be configured, zoned, and operational. Instructions for how to configure and manage SANs are beyond the scope of the NetBackup documentation. However, you must do the following to prepare the SAN:

Install Fibre Channel HBAs on the NetBackup media servers. Zone the SAN.
The following subsections provide guidance.
Installing HBAs for SharedDisk

On the NetBackup media servers that share the storage, do the following:

Install the HBA in each media server that connects to the array. Install the HBA vendors Fibre Channel drivers for the HBA. Install the HBA vendors Fibre Channel utilities for the HBA if required.
If you use the NetBackup Fibre Transport option with SharedDisk storage, the Fibre Transport HBA requirements may affect your HBA configuration. See the NetBackup Shared Storage Guide.
Zoning the SAN

Symantec recommends that you create a backup storage zone that includes only the NetBackup media servers and the array. A backup storage zone prevents
SharedDisk storage option updates Preparing the SAN and the array
279
that traffic from using the bandwidth that may be required for other SAN activity. The following are the major steps to zone the SAN:
Connect one or more Fibre Channel HBA ports on each NetBackup media server to one or more Fibre Channel switch ports. Connect the disk array to a Fibre Channel switch port. Define the zones on the SAN so that the media server HBA ports and the disk array are in the same zone. The HBA ports on the media servers must be hard or soft zoned to the array. You should configure SAN zones before you bind HBA ports. It prevents possible corruption of data that may occur if multiple HBAs gain access to the same storage device. Bind the media server HBA ports to the disk array volumes or LUNs. Use persistent bindings when you bind the ports to the LUNs. When you bind the media server HBA ports to disk array volumes or LUNs, you must use persistent bindings. If you do not, NetBackup access to the array may fail, backups may not occur, and data may be lost. Exception: Persistent bindings are not required for Leadville drivers.
Installing array software on media servers

Install the array vendors command line interfaces on each NetBackup media server that shares the array. NetBackup uses the array vendor software to manage the storage. In some cases, NetBackup uses the command line interface to:

Configure the arrays Mask and unmask the LUNs when a media server accesses the storage.
All media servers that are connected to the array must be the same operating system type and use the same file system.
Which software and version to install

For guidance about which vendor software and version to install on the NetBackup media servers, see Tech Note 288176 (NetBackup Disk Array Setup). The following is the URL for the Tech Note:
http://entsupport.symantec.com/docs/288176
The Tech Note also contains information about how to create host entries and how to allocate LUNs for each supported disk array.
280 SharedDisk storage option updates Preparing the SAN and the array
The Tech Note lets us update disk array information when support for new disk arrays is added. It also lets us update supported array software versions if they change between NetBackup releases.
Configuring the disk array

Before you can configure and use the SharedDisk storage option, the disk array must be configured and operational. If the array includes a management service or process, it must be operational also. HP CommandView EVA is an example of an array management service. Instructions for how to configure and manage disk arrays are beyond the scope of the NetBackup documentation. However, see the following for guidance:

Add array host entries on page 280 Allocate LUNs for NetBackup on page 281 Unmask the LUNs on page 282
Use the vendor-specific tools to configure the array. Instructions for how to configure the array are beyond the scope of the NetBackup documentation. For guidance, see the following subsections.
Add array host entries

You must add host entries on the array so that the NetBackup media servers can access the array. Different array vendors use different names for the host entries. In all cases, the host entries contain the following three key pieces of information:
The name of the host (that is, the name of the NetBackup media server host). The host name must be a valid IP host name. To be more specific, the name or friendly name of the host entry on the array must match the DNS name of the host. (A friendly name is a more human-readable name than a string used to identify a device or a host.) The World Wide Port Name (WWPN) of the HBA port on the media server. The WWPN identifies the port through which you want the media server to access the array. The type of host operating system (such as Solaris).
You must create an entry for each NetBackup media server that shares the array. If you cluster the NetBackup media servers, the host entries must be configured with the host names of the nodes (not the virtual names). NetBackup uses gethostname to identify the row in the array masking table to enable exclusive access to a LUN.
SharedDisk storage option updates Preparing the SAN and the array
281
Guidance for adding host entries

How to add host entries is beyond the scope of the NetBackup documentation. For guidance, see TechNote 288176 (NetBackup Disk Array Setup) on the Symantec support Web site:
Allocate LUNs for NetBackup

You must allocate LUNs on the array for use by NetBackup. To do so, use the following prefix when you name the LUNs:
LUN prefix:
nbusd_
Use a meaningful suffix to complete each LUN name. For example, use the name of the NetBackup disk pool and perhaps a number to make the name unique. Note: LUN names within an array must be unique; if they are not, you cannot create a NetBackup disk pool from the storage on the array. Symantec recommends that you use a unique name for each LUN that you allocate to NetBackup, even if the LUNs are on different arrays. If you merge disk pools later, each LUN name must be unique. Some arrays do not allow specific name prefixes. By default, NetBackup uses all of the LUNs for storage on those arrays. You can use only some of the LUNs for NetBackup storage. However, to format those LUNs and to create a disk pool from them is more difficult than for LUNs with the nbusd_ prefix.
Guidance for choosing LUNs

NetBackup balances jobs and workload. NetBackup tries to fill disk volumes at the same rate. Therefore, Symantec recommends that volumes in a disk pool be of similar size and speed, as follows:

Do not include small volumes and large volumes in the same disk pool. Do not include slow volumes and fast volumes in the same disk pool.
Guidance for naming LUNs

How to name LUNs is beyond the scope of the NetBackup documentation. For guidance, see TechNote 288176 (NetBackup Disk Array Setup) on the Symantec support Web site:
282 SharedDisk storage option updates Configuring SharedDisk
Unmask the LUNs

SCSI persistent reserve only. If you use SCSI persistent reserve for the LUN access method, unmask all of the LUNs allocated for NetBackup. Unmask them to all of the NetBackup media servers that share the array. Use the array software to unmask the LUNs. If you use LUN masking for the LUN access method, do not unmask the LUNs. NetBackup masks and unmasks the LUNs as needed. See Configuring exclusive LUN access in NetBackup on page 284.
Configuring device paths

SCSI persistent reserve only. If you use SCSI persistent reserve for the LUN access method, configure device paths to the LUNs on the array. Some operating systems configure device paths automatically at start time; others may require that you invoke commands to configure device paths. If you use LUN masking for the LUN access method, NetBackup configures device paths dynamically as needed. See Configuring exclusive LUN access in NetBackup on page 284.
Adding LUN entries to the sd.conf file

Solaris systems only. You may have to add LUN entries to the Solaris sd.conf file. The sd.conf file must have sufficient entries to allow NetBackup to import new LUNs to the host dynamically. If the server is restarted, most HBAs do not require the sd.conf file to be updated to show new devices. However, Veritas Frozen Image (VxFI) needs to import devices dynamically without a restart. VxFI is the NetBackup component that manages access to the storage on the disk array. Therefore, you must update the sd.conf file to allow additional LUN entries and then restart the host after you update the sd.conf file. If problems occur when you format LUNs, Symantec recommends that you open LUNs 0-15 on all targets (0-15). Also open LUNs 0-15 if NetBackup device discovery does not discover the disk array storage.
Configuring SharedDisk
The following are the tasks to configure NetBackup to use SharedDisk:
Specifying the mount point directory on page 283
SharedDisk storage option updates Configuring SharedDisk
283
Configuring exclusive LUN access in NetBackup on page 284 Creating a storage server in NetBackup on page 289 Adding disk array logon credentials on page 292 Formatting the LUNs in a disk array on page 294 Configuring Storage Foundation dynamic multipathing on page 297 Creating a SharedDisk disk pool on page 297 Creating a storage unit on page 301 Creating a backup policy on page 306 Restores on page 306
If problems occur when you configure the SharedDisk storage option, see Troubleshooting SharedDisk on page 323.
Specifying the mount point directory

By default, NetBackup uses nbushareddisk as the mount point for SharedDisk storage. The mount point is the directory on each media server where NetBackup mounts the file system on the disk array. You can specify a different mount point directory. The mount point must be the same on all NetBackup media servers that access the array. If you back up a media server that uses mount points to any disk storage that contains backup images, do not cross mount points. (The policy Cross mount points attribute specifies whether to cross mount points.) If the policy crosses mount points, the NetBackup backup images that reside on that disk storage are backed up. The NetBackup BasicDisk disk type and the Enterprise Disk Option disk types use mount points for disk storage. To specify the mount point directory 1 2 3 4 5 In the NetBackup Administration Console, expand NetBackup Management > Host Properties. Select Master Server in the tree pane. In the Details pane, double-click on the name of the master server. In the Master Server Properties dialog box, click SharedDisk in the tree pane. Enter the default mount point for the file system on the disk array.
Configuring exclusive LUN access in NetBackup

The NetBackup SharedDisk option requires exclusive read and write access to disk volumes on an array. By default, NetBackup uses Logical Unit Number (LUN) masking to provide exclusive read and write access to disk volumes. Beginning with the NetBackup 6.5.1 release, you can use either LUN masking or SCSI persistent reserve for exclusive access on Solaris computers. Microsoft Windows media servers use LUN masking. To use SCSI persistent reserve, you must first upgrade your NetBackup servers to NetBackup 6.5.1.
Configuring LUN masking

LUN masking prevents hosts from detecting LUNs or allows hosts to detect LUNs. NetBackup unmasks a LUN to expose it to a specific NetBackup media server. The media server then has exclusive read and write access to the volume while that LUN is unmasked. When the media server is finished using a volume, NetBackup masks the LUN so that the media server cannot detect that LUN. A consequence of LUN masking is that the SAN topology changes when a LUN is masked or unmasked. Every topology change generates SAN overhead traffic. Mount times increase because of LUN masking topology changes. To configure LUN masking for SharedDisk 1 2 3 4 5 6 In the NetBackup Administration Console, expand NetBackup Management > Host Properties. Select Master Server in the tree pane. In the Details pane, double-click on the name of the master server. In the Master Server Properties dialog box, click SharedDisk in the tree pane. Select Dynamic LUN Masking. Click OK.
Configuring SCSI persistent reserve

Note: SCSI persistent reserve (SPR) applies to Solaris and Linux media servers only. If you configure SPR, any Windows media servers in your environment use LUN masking. SCSI persistent reserve (SPR) provides exclusive access protection by using reservations. A reservation prevents other host bus adapters from issuing SCSI
285
commands to control the volume. Unlike LUN masking, the SAN topology does not change when a reservation is granted or released. SPR provides faster mount times than LUN masking. A consequence of SPR is longer start times for the NetBackup media servers. To use SPR, the devices must conform to the SCSI Primary Commands - 3 (SPC-3) standard. The SCSI persistent reserve method is not supported or not supported correctly by all device vendors. Incorrect support may mean no access protection. Therefore, you should thoroughly analyze your environment to ensure that all of your hardware supports SCSI persistent reserve correctly. To configure SCSI persistent reserve for SharedDisk 1 2 3 4 5 6 In the NetBackup Administration Console, expand NetBackup Management > Host Properties. Select Master Server in the tree pane. In the Details pane, double-click on the name of the master server. In the Master Server Properties dialog box, click SharedDisk in the tree pane. Select SCSI persistent reserve. Click OK.
Switching exclusive LUN access methods

You can change from one access method to the other.
Switching from LUN masking to SPR

To switch from LUN masking to SCSI persistent reserve, do the following. Note: SCSI persistent reserve (SPR) applies to Solaris and Linux media servers only. If you configure SPR, any Windows media servers in your environment use LUN masking. To switch from LUN masking to SPR 1 2 Wait until all backup or restore jobs that use the SharedDisk disk pools are complete or cancel all jobs. Change the state of all SharedDisk disk pools to DOWN; the following is the command syntax to change one disk pool:
/usr/openv/netbackup/bin/admincmd/nbdevconfig -changestate -stype SharedDisk -dp disk_pool_name -state DOWN
If backup jobs are assigned to a disk pool, the state change fails. Cancel the backup jobs or wait until the jobs complete. 3 Enable SPR by running the following NetBackup command:
/usr/openv/netbackup/bin/admincmd/nbdevconfig -setSharedDiskSPR 1
For each SharedDisk disk pool, do the following one disk pool at a time:
Use the disk array software to unmask the disk pool LUNs so that all of the storage servers for the disk pool detect the LUNs. (NetBackup media servers function as storage servers.) For example, for a disk pool that contains three LUNs and has three storage servers, unmask each LUN on each storage server. Determine the unique enclosure identifier (UEID) for the array or arrays. The following is the command syntax; run the command on one of the storage servers:
/usr/openv/netbackup/bin/admincmd/nbshareddisk list
The array UEID is used in the next step.
Write the unique device identifiers (UDIDs) of the disk pool LUNs to a text file. The following is the command syntax; run the command on the same storage server as the previous command:
/usr/openv/netbackup/bin/admincmd/nbshareddisk list ueid unique_enclosure_id > udid_filename
The command writes only the UDIDs of the LUNs that have the nbusd_ prefix. If the array does not let you specify the nbusd_ LUN prefix, all UDIDs on the array appear in the output file. If the disk pool contains LUNs from more than one array, repeat the command for each additional array. However, use the append operator (>>) rather than the redirection operator to append the output to the end of the file.

Edit the text file and delete the LUNs that are not in the disk pool. Verify that the storage server detects all of the LUNs. The following is the command syntax; run the command on the same storage server as the previous command:
/usr/openv/netbackup/bin/admincmd/nbshareddisk verify -udid_file udid_filename
Repeat the preceding steps for each SharedDisk disk pool.
Change the state of all disk pools to UP; the following is the command syntax to change a disk pool:
/usr/openv/netbackup/bin/admincmd/nbdevconfig -changestate -stype SharedDisk -dp disk_pool_name -state UP
287
If you formatted or plan to format the disk LUNs with the Veritas File System, run the following command on all of the SharedDisk storage servers:
/usr/sbin/vxdisk scandisks
Switching from SPR to LUN masking

To switch from SCSI persistent reserve to LUN masking, do the following. Note: SCSI persistent reserve applies to Solaris and Linux media servers only. To switch from SPR to LUN masking on Solaris 1 1 Wait until all backup or restore jobs that use the SharedDisk disk pools are complete or cancel all jobs. Change the state of all SharedDisk disk pools to DOWN; the following is the command syntax to change one disk pool:
/usr/openv/netbackup/bin/admincmd/nbdevconfig -changestate -stype SharedDisk -dp disk_pool_name -state DOWN
If backup jobs are assigned to a disk pool, the state change fails. Cancel the backup jobs or wait until the jobs complete. 2 For each SharedDisk disk pool, do the following one disk pool at a time:
Determine the unique enclosure identifier (UEID) for the array or arrays. The following is the command syntax. Run the command on one of the storage servers for the disk pool. (NetBackup media servers function as storage servers.)
/usr/openv/netbackup/bin/admincmd/nbshareddisk list
The array UEID is used in the next step.
Write the unique device identifiers (UDIDs) of the LUNs on an array to a text file. The following is the command syntax; run the command on the same storage server as the previous command:
/usr/openv/netbackup/bin/admincmd/nbshareddisk list ueid unique_enclosure_id > udid_filename
The command writes only the UDIDs of the LUNs that have the nbusd_ prefix. If the array does not let you specify the nbusd_ LUN prefix, all UDIDs on the array appear in the output file. To add UDIDs from more than one array to the output file, repeat the command for each additional array. However, use the append operator (>>) rather than the redirection operator to append the output to the end of the file.
Edit the text file and delete the LUNs that are not in the disk pool.
Reserve the LUNs. The following is the command syntax; run the command on the same storage server:
/usr/openv/netbackup/bin/admincmd/nbshareddisk reserve -preempt -udid_file udid_filename
Use the disk array software to mask the disk pool LUNs so that only the storage server that owns the reservation detects the LUNs. Release the reservation that the storage server has on the LUNs. The following is the command syntax; run the command on the same storage server:
/usr/openv/netbackup/bin/admincmd/nbshareddisk release -udid_file udid_filename
Use the disk array software to mask the disk pool LUNs so that none of the storage servers for the disk pool detects the LUNs. Repeat the preceding steps for each SharedDisk disk pool.
Enable LUN masking by running the following NetBackup command:

/usr/openv/netbackup/bin/admincmd/nbdevconfig -setSharedDiskSPR 0
Change the state of all disk pools to UP; the following is the command syntax to change a disk pool:
/usr/openv/netbackup/bin/admincmd/nbdevconfig -changestate -stype SharedDisk -dp disk_pool_name -state UP
New command options

To support SharedDisk SCSI persistent reserve, several NetBackup commands have new options.
New nbdevconfig options

The following is a new option to the nbdevconfig command:
-setSharedDiskSPR 0 | 1
The setSharedDiskSPR option lets you configure SPR or LUN masking. Zero (0) enables LUN masking; 1 enables SPR.
New nbdevquery options

The following is a new option to the nbdevquery command:
-listglobals
The listglobals option outputs NetBackup Disk Service Manager global disk attributes. If SPR is enabled, the SCSI persistent reserve setting is as follows:
SCSI Persistent Reservation: 1
If LUN masking is enabled, the output shows zero (0) rather than 1.
289
New nbshareddisk options

The new nbshareddisk command options are valid only when SPR is enabled. The following are new options:
reserve [-preempt] -udid <UDID##nn#nn##nn> | -udid_file udid_filename
The reserve option lets you place a SCSI persistent reservation on one or many LUNs on the media server from which it is invoked. The unique device identifier represents a LUN. Use the -udid_file option to reserve more than one LUN. If you also use the preempt option, NetBackup preempts other NetBackup reservations on the LUNs.
release -udid UDID##nn#nn##nn | -udid_file udid_filename
The release option lets you release a SCSI persistent reservation on one or many LUNs on the media server from which it is invoked. The unique device identifier identifies LUNs. Use the -udid_file option to release more than one LUN.
verify -udid UDID##nn#nn##nn | -udid_file udid_filename
The verify option lets you determine if NetBackup can access a LUN or LUNs from a specific host. The unique device identifier represents a LUN. Use this option to determine of connectivity problems or operating system problems exist.
Creating a storage server in NetBackup

A storage server is an entity that mounts the storage and writes data to and reads data from the disk storage. Create in this context means to configure as a storage server a NetBackup media server that connects to the array. In SharedDisk, multiple storage servers can exist. The storage servers share the storage equally. (When you configure a storage server, it also is configured as a data mover, which is a logical entity that moves backup data. For SharedDisk, NetBackup media servers function as both storage servers and data movers. Data moves from primary storage (a NetBackup client) to secondary storage during backups. Data also can move from secondary storage to tertiary storage during duplication and to primary storage during restores.) You must configure as a SharedDisk storage server every NetBackup media server that connects to the storage. For restores and duplications, you can specify the following storage server attributes:

For SharedDisk, you can use these storage server attributes rather than the FORCE_RESTORE_MEDIA_SERVER option. For information about the FORCE_RESTORE_MEDIA_SERVER option, see the NetBackup Administrators Guide, Volume I. If you do not specify these attributes, NetBackup uses normal criteria to select a media server for restore or duplication. (That is, if you configure more than one storage server.) Note: Before you configure a SharedDisk storage server in NetBackup, you must install the disk array vendors software on the media server. You also must add the disk array logon credentials Figure 12-1 SharedDisk storage servers
NetBackup media servers are both storage servers and data movers. Disk array CLIs are installed.
Disk array
To determine if a media server is configured as a storage server already

nbdevquery -liststs
If the media server does not appear in the command output as a SharedDisk storage server, configure the media server as a storage server.
291
To create a SharedDisk storage server in NetBackup
Run the following nbdevconfig command on the master server or on one of the media servers:
nbdevconfig -creatests -storage_server storage_server -stype SharedDisk [-st storage_type] -media_server media_server [-setattribute attribute]
The following are the options and arguments:
-storage_server storage_server is the name of a NetBackup media server that connects to the storage. The media server must have the array vendors command line interfaces installed. -stype SharedDisk specifies the storage server type. -st storage_type is a numeric value that specifies the server properties. For SharedDisk, the default is 6 (direct attached, raw disk). Required only if you want to use a value other than the default. The value is obtained by adding together the numeric values of the following properties. Whether the disk is formatted and how it is attached are mutually exclusive and complementary.
1 - formatted disk. The disk is formatted as part of the vendor-specific preparation; NetBackup does not format the disk. 2 - raw disk. The disk is not formatted; NetBackup formats the disk. 4 - direct attached. Direct attached means that the storage server and the media server are the same NetBackup host. 8 - network attached. Network attached means that the storage server is physically distinct from the NetBackup media server. It does not imply LAN data movement nor does it preclude Fibre Channel as the transport for data movement.
-media_server media_server specifies the NetBackup media server that performs the operation. Use the same name as the storage server name. -setattribute attribute is an attribute to apply to the storage server for the read side of restore or duplication operations. These attributes can help you manage the restore and duplication traffic. You can specify more than one -setattribute attribute pair on the command line. The following are the attributes:
PrefRestore. The storage server is preferred for the read side of restore operations. More than one storage server can have the PrefRestore attribute. Storage servers that are marked as PrefRestore are considered for use first. If none are available, any unmarked storage server is considered for use.
Normal NetBackup load balancing occurs among all storage servers marked PrefRestore.
ReqRestore. The storage server is required for the read side of restore operations. More than one storage server can have the ReqRestore attribute. If a ReqRestore server is not available, NetBackup considers PrefRestore servers for use. If none are available, jobs queue until a ReqRestore or PrefRestore is available. If you configure ReqRestore servers but not PrefRestore servers, unmarked storage servers are never considered for restore jobs. Jobs queue until a ReqRestore storage server is available to execute the job. Normal NetBackup rules for job retry apply. Normal NetBackup load balancing occurs for all storage servers marked ReqRestore. Load balancing does not occur between the ReqRestore and PrefRestore storage servers. ReqDuplicate. The storage server is required for the read side of duplication operations. More than one storage server can have the ReqDuplicate attribute. If any storage server is marked as ReqDuplicate, only storage servers that are marked as ReqDuplicate are considered for use. If a ReqDuplicate server is unavailable, jobs queue until a ReqDuplicate server is available to execute the job. Normal NetBackup rules for job retry apply. ReqDuplicate also applies to storage server allocation for synthetic backup operations.
Note: Only the media servers that are configured in the storage unit are considered for jobs. Therefore, if you select a subset of the disk pool storage servers in a storage unit, it may affect the servers that NetBackup can select. You can remove the attributes you place on a storage server. See Removing storage server attributes on page 319. Storage unit usage recommendations to manage traffic are available. See Managing backup, restore, and duplication traffic on page 304.
Adding disk array logon credentials

You must enter the credentials that NetBackup uses to log into a disk array. If the array contains multiple, separately named processing units (storage processors), you must enter the credentials for each unit.
293
The disk array must be installed and prepared before you add array logon credentials. Note: For EMC CLARiiON, by default NetBackup creates global scope administrative user credentials. To create local scope credentials, you must use the Navisphere security file (created by using the EMC naviseccli command). If the security file exists, NetBackup uses it; the security file can contain a global or local administrative user. If you use the security file, you still must add logon credentials in NetBackup. NetBackup uses the disk array host name you add because the array host name is not stored in the security file. To add disk array logon credentials 1 2 3 4 In the NetBackup Administration Console, expand Media and Device Management > Credentials. Select Disk Array Hosts. Click Actions > New > Disk Array Host. Enter the host name in the dialog box.
In the Add Disk Array Host dialog box, add the credentials:
Credentials. Select the host type for the disk array.
Username. Enter the user name that NetBackup uses to log into the array. Password. Enter the password that NetBackup uses to log into the array. Confirm password. To confirm the password, re-enter the password that NetBackup uses to log into the array. (Windows systems.) Port number. For the port number, select (or enter) the port number over which to communicate with the array. If no specific port is required, select or enter 0. (UNIX systems.) Connect using port number. To use a specific port number to connect, select this option, then enter the port number over which to communicate with the array. If no specific port is required, select or enter 0.
After you add credentials, stop and then start the NetBackup services on: the NetBackup master server and on each NetBackup media server that accesses the disk array. You can use the NetBackup Administration Console Activity Monitor to stop and start the services. Alternatively, you can use the following commands in sequence:
UNIX: /usr/openv/netbackup/bin/bp.kill_all /usr/openv/netbackup/bin/bp.start_all Windows: install_path\VERITAS\Netbackup\bin\bpdown.exe install_path\VERITAS\Netbackup\bin\bpup.exe
Formatting the LUNs in a disk array

For SharedDisk storage, use the NetBackup nbshareddisk command to format the LUNs that NetBackup can use for storage. The nbshareddisk command invokes the format utility for the file system. By default, the nbshareddisk command discovers and formats only the LUNs that begin with the nbusd_ prefix. By default, the nbshareddisk command uses Master Boot Record (MBR) to formats LUNs on Windows systems. Alternatively, you can use GUID Partition Table (GPT) disk partitioning system to format LUNs on Windows systems that support GPT. GPT allows disks larger than 2 TB in size.
295
Note: NetBackup 6.5.1 and earlier cannot read or write disks that use GPT. Therefore, if you use both 6.5.1 and earlier and 6.5.2 and later for disk pool access, all disks must be formatted with MBR. MBR disks are limited to 2 TB maximum size. For the arrays that do not let you specify the nbusd_ LUN prefix for disk volumes, nbshareddisk discovers all of the LUNS on an array. To use only some of the LUNs on the array, format only those LUNs. To format LUNs on page 295 explains how to format all LUNs or only some of the LUNs. If you format only some of the LUNs, you must use the volumes method when you create a disk pool. With the volumes method, you select disk volumes rather than the entire array. For more information, Creating a SharedDisk disk pool on page 297. Caution: This procedure displays all LUNs on an array that are allocated to NetBackup, even LUNs already in use by NetBackup. Do not format LUNs that are already in use by NetBackup; if you do, data loss may occur. The nbshareddisk command resides in the following directory: UNIX: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd To format LUNs Invoke the nbshareddisk command on one of the storage servers that is connected to the array. 1 Use the nbshareddisk command with the list option to determine the arrays for which NetBackup has logon credentials. The output includes the unique enclosure identifier (UEID), which identifies arrays. The UEID of the array is used in step 2.
nbshareddisk list Enclosure list: Vendor Array Name Enclosure ID ------------------------------------------------------------------NETAPP ndmpfiler1 UEID##NETAPP##LUN##0a505b7c HP HPEVA4000 UEID##HP##HSV##5000-1FE1-5007-0020 EMC 000182601092 UEID##EMC##SYMMETRIX##000182601092 EMC APM00044701641 UEID##EMC##CLARIION##APM00044701641
If the array does not appear in the list, see 6. Verify LAN connectivity to the disk array on page 327.
Use the nbshareddisk list command to write the unique device identifiers (UDIDs) of the LUNs to a text file. The following is the command syntax: The command writes only LUNs that have the nbusd_ prefix to the file. If the array does not let you specify the nbusd_ LUN prefix, all LUNs appear in the output file. The UDIDs are used when you format the LUNs in step 5. For example, the following command writes the UDID of the LUNs in the specified enclosure to file formatlist.txt:
nbshareddisk list ueid unique_enclosure_id > filename
nbshareddisk list ueid UEID##HP##HSV##5000-1FE1-5007-0020 > formatlist.txt
To add UDIDs from more than one array to the output file, repeat step 2 for each additional array. However, use the append operator (>>) rather than the redirection operator to append the output to the end of the file. Examine the text file to verify that the LUNs in the file are the ones you want to format. If you do not see all of the UDIDs you expected to, ensure that the LUNs on the array use the nbusd_ prefix. For the arrays that do not allow the nbusd_ LUN prefix, delete the UDIDs that you do not want to format. Only delete lines from the file, do not add lines to the file. Caution: Do not format LUNs that are in use by NetBackup already; if you do, data loss may occur.
Use the nbshareddisk format command to format the LUNs on the array. The following is the command syntax:
nbshareddisk format udid_file filename
Other options are:
-gpt. Format the LUNs by using GPT on Windows systems that support GPT. -fstype native | vxfs. Format the LUNs with the file system native to the media server operating system or with the Veritas File System. The default is native. -noPrompt. Suppresses the format prompt. If you format more than one UDID, the nbshareddisk command prompts you to format each one. Because the format process may be time-consuming, you can use the -noPrompt option to suppress the prompt. Then, you do not have to monitor the formatting process. However, use the -noPrompt option with caution.
297
For example, the following command reads the UDIDs from the formatlist.txt file. It then formats the disk volumes with GPT.
nbshareddisk format -gpt udid_file formatlist.txt
If you formatted the LUNs with the Veritas File System, run the following command on all of the SharedDisk storage servers:
/usr/sbin/vxdisk scandisks
After you format the LUNs, you can create disk pools.
Configuring Storage Foundation dynamic multipathing

If you use the Veritas File System to format the LUNs on the array, you must ensure that dynamic multipathing (DMP) functions correctly. To do so, perform the following procedure on every storage server (that is, media server) you configured after you format the LUNs: To configure SF dynamic multipathing 1 Obtain a list of disk arrays by using the following Storage Foundation command:
vxdmpadm listenclosure all
Obtain a list of the DMP node names for each enclosure on which you create disk pools by using the following command:
vxdmpadm getdmpnode enclosure=enclosure-name
For each DMP node, run the following Storage Foundation command:
blockdev --rereadpt /dev/vx/dmp/DMP_node_name
Note: You may receive errors similar to Device or resource busy. You can ignore such errors. 4 After you run the blockdev command for each node, run the following Storage Foundation command:
vxdisk scandisk
Creating a SharedDisk disk pool

A SharedDisk disk pool represents LUNS on a disk array that are allocated to NetBackup. NetBackup aggregates the LUNs into pools of storage you can use for backups.
Figure 12-2
SharedDisk disk pools
LUNs
Gold_SharedDisk_Pool Disk array
Silver_SharedDisk_Pool
A disk pool is the storage destination of a NetBackup storage unit. Two methods exist to create SharedDisk disk pools:
The enclosure method creates one disk pool from all of the storage that is allocated to NetBackup on one array. This method is the easiest to accomplish. It also is easier to add volumes to the disk pool later. See Enclosure method of SharedDisk disk pool creation on page 299. The volumes method lets you create a disk pool by selecting specific disk volumes. The disk volumes can be in one enclosure or in multiple enclosures. However, to add volumes later is more difficult than for the disk pools created by the enclosure method. See Volumes method of SharedDisk disk pool creation on page 299. Note: If the array does net let you specify the nbusd_ LUN prefix for disk volumes, NetBackup discovers all of the storage on the array. To use only some of the storage on the array, you must use the volumes method to create a disk pool.
Which process you use affects how you add volumes to that disk pool in the future. Therefore, you should note which method you use for each disk pool you create. When you create a disk pool, you specify:
The NetBackup media servers that share the storage. The media servers must be configured as storage servers. They also function as data movers. The disk array that contains the storage (enclosure method) or the disk volumes on the array(s) to include in the disk pool (volumes method) The disk pool properties. Properties include the name, the high water mark, the low water mark, and a comment that describes the disk pool. See Disk pool properties on page 308.
299
Symantec recommends that disk volume names and disk pool names be unique across your enterprise. Before you create a SharedDisk disk pool, LUNs on the disk array must be allocated for use by NetBackup. The LUNs must be formatted. When NetBackup sends backup data to a disk pool, NetBackup selects the disk volumes that are based on available capacity and predicted size of the backup. NetBackup tries to write backup data to a single volume. If necessary, backup images span disk volumes in a disk pool. Backup images do not span across multiple disk pools.
Enclosure method of SharedDisk disk pool creation

The enclosure method creates one SharedDisk disk pool from the LUNs that have the nbusd_ prefix on the enclosure. A one-to-one mapping exists between the array storage that is allocated to NetBackup and the disk pool. The enclosure name becomes the disk pool name. For the arrays that do not let you specify the nbusd_ prefix, NetBackup creates a disk pool from all of the LUNs on the array. Use the Disk Pool Configuration Wizard to create a disk pool from an enclosure. To create a SharedDisk disk pool from an enclosure 1 2 In the NetBackup Administration Console tree, select the master server or Media and Device Management. From the list of wizards in the Details pane, click Configure Disk Pool and follow the wizard instructions.
For help, see the Disk Pool Configuration Wizard help.
Volumes method of SharedDisk disk pool creation

With the volumes method, you create a disk pool by specifying the disk volumes to include in the disk pool. The disk volumes can be in one enclosure or in multiple enclosures. You can use this method to create:

More than one disk pool from an enclosure. A disk pool that spans enclosures.
Also, you can specify a name for the disk pool (unlike the enclosure disk pool creation method). However, disk pool expansion is more difficult than with the enclosure method. If you cannot use the nbusd_ prefix to name LUNs, the volumes method lets you specify only some of the storage on a disk array.
The nbdevconfig command resides in the following directory: UNIX: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd To use the volumes method to create a disk pool 1 On a SharedDisk storage server, preview the volumes that the storage server detects and write the output to a file. The output file includes both formatted volumes and unformatted volumes for all arrays that connect to the storage server. The file is used as input when you create the disk pool. The following is the command syntax:
nbdevconfig previewdv storage_server storage_server stype SharedDisk -media_server media_server > filename
The following are the options:

-storage_server storage_server specifies the storage server name. -stype SharedDisk specifies the storage server type.
-media_server media_server specifies the media server that performs the operation. Use the same name as the storage server. For example, the following command creates a file of volumes named Gold_Volumes.txt from the volumes that storage server A detects:
nbdevconfig previewdv storage_server A stype SharedDisk -media_server A > Gold_Volumes.txt
Edit the file of volume names; remove the volumes that you do not want in the disk pool. Ensure that the volumes you want to use are formatted. To create multiple disk pools, make a copy of the file for each disk pool you want to create. Name each file so that it identifies each disk pool. Edit the files so each one contains only those volumes you want in each disk pool. Use those files as the inputs in step 3. Create a disk pool from the volumes that are listed in the file. The following is the command syntax:
nbdevconfig createdp dp disk_pool_name storage_servers storage_server [storage_server ...] stype SharedDisk dvlist filename

-dp disk_pool_name specifies the disk pool. -storage_servers storage_server specifies the storage servers. Specify all of the servers that share the disk pool. -stype SharedDisk specifies the storage server type.
-dvlist filename specifies the file of volume names. For example, the following command creates a Gold_SharedDisk_Pool disk pool. Servers A, B, and C are the storage servers for the disk pool. The file that contains the list of disk volumes is Gold_Volumes.txt.
301
nbdevconfig createdp dp Gold_SharedDisk_Pool storage_servers A B C stype SharedDisk dvlist Gold_Volumes.txt
You also can specify other options, as follows:

-comment, a comment that describes the disk pool. -hwm, the high water mark (the default is 98%) -lwm, the low water mark (the default is 80%) -M, the master server (the default is the current master server) -media_server server_name, the storage server that performs the operation
To create multiple disk pools, repeat step 3 for each disk pool you want to create. Each disk pool must have a separate input file. The disk pool volumes must be unique; that is, a volume cannot appear in more than one input file.
Creating a storage unit

Create one or more storage units that reference the disk pool. The Disk Pool Configuration Wizard lets you create a storage unit; therefore, you may have created a storage unit when you created a disk pool. To determine if storage units exist for the disk pool, see the NetBackup Management > Storage > Storage Units window of the Administration Console. For disk pool storage unit recommendations, see Storage unit usage recommendations on page 304. To create a storage unit from the Actions menu 1 2 3 In the NetBackup Administration Console, select NetBackup Management > Storage > Storage Units. Click Actions > New > Storage Unit. Complete the fields in the New Storage Unit dialog box.
Storage unit properties

Storage unit name

Enter a unique storage unit name for the new storage unit. The name can describe the type of storage. The storage unit name is the name used to specify a storage unit for policies and schedules. The storage unit name cannot be changed after creation.
Storage unit type

Select Disk as the storage unit type.
Disk type
Select SharedDisk.
Disk pool
Select the disk pool that contains the storage for this storage unit. All disk pools of the specified Disk type appear in the Disk pool list. If no disk pools are configured, no disk pools appear in the list. To specify or change the properties of the disk pool, click Properties and then do the following:
Select or enter the high water mark for the disk pool. (The default is 98%.) The high water mark is a threshold that indicates the storage is full. It applies to both the individual disk volumes in the pool and the disk pool, as follows:
Select or enter the low water mark for the disk pool. (The default is 80%.) When the capacity of the disk pool returns to the low water mark, NetBackup again assigns jobs to the storage unit. Capacity is regained as backup images expire. The low water mark setting cannot be greater than or equal to the high water mark setting. Enter a comment that is associated with the disk pool.
Media server
The Media server setting specifies the NetBackup media servers that can move data to and from the disk pool for this storage unit. Only the media servers that are configured as storage servers appear in the media servers list. The NetBackup media servers on which the disk array vendors software are installed function as both storage servers and data movers. If a server does not appear in the list, verify that the logon credentials are created. Specify the media server or servers as follows:
303
To allow any server in the media server list to access the disk storage (default), select Use any available media server. To restrict the media servers that can access the disk storage, select Only use the following media servers. Then, select the media servers to allow. The selection list includes only the media servers that are configured as storage servers for the disk pool.
NetBackup selects the media server to use when the policy runs.
Maximum concurrent jobs

The Maximum concurrent jobs setting specifies the maximum number of jobs that NetBackup can send to a disk storage unit at one time. (Default: 1 job. The job count can range from 0 to 256.) This setting corresponds to the Maximum concurrent write drives setting for a Media Manager storage unit. NetBackup queues jobs until the storage unit is available. If three backup jobs are ready and Maximum concurrent jobs is set to two, the first two jobs start and the third job waits. If a job contains multiple copies, each copy applies toward the Maximum concurrent jobs count. The number to enter depends on the available disk space and the server's ability to run multiple backup processes. You can use maximum concurrent jobs to balance the load between disk storage units. A higher number of concurrent jobs means that the disk can be busier than if the number is lower. Caution: A Maximum concurrent jobs setting of 0 disables the storage unit. For information about how NetBackup balances storage unit and media server load, see Maximum concurrent jobs in:

Maximum fragment size

Specify the largest fragment size that NetBackup can create to store backups. The default maximum fragment size for a disk storage unit is 524,287 megabytes. To specify a maximum fragment size other than the default, enter a value from 20 megabytes to 524,287 megabytes. Backups to disk are usually fragmented to ensure that the backup does not exceed the maximum size that the file system allows. If an error occurs in a backup, the entire backup is discarded. The backup restarts from the beginning, not from the fragment where the error occurred. (An exception is for backups for which checkpoint and restart is enabled. In that
case, fragments before and including the last checkpoint are retained; the fragments after the last checkpoint are discarded.)
Storage unit usage recommendations

For usage recommendations, see the following subsections.
Managing backup, restore, and duplication traffic

If you use multiple storage servers and one storage unit, all of the disk pool storage servers are available for any job. NetBackup selects the storage server to use based on availability and load balancing criteria. You can manage the restore and duplication traffic by using the preferred and required storage server attributes for restore and duplication. NetBackup then uses availability and load balancing criteria to select among the storage servers that are marked for restores or duplications. For restores, NetBackup may select an unmarked storage server if all of the ones that are marked for restore are unavailable. For backups, NetBackup selects a storage server from among the storage units available storage servers. To further manage traffic, you can use multiple storage units for one disk pool, as in the following example:
One storage unit and one policy for backups. When you configure the storage unit, select only the storage servers that you want to use for backups. When you configure the policy, select the backup storage unit. One storage unit and one policy for restores. When you configure the storage unit, select only the storage servers that are marked as PrefRestore and ReqRestore. When you configure the policy, select the restore storage units. If you configure both preferred and required storage servers, NetBackup never selects an unmarked storage server for a restore job. One storage unit and one policy for duplications. In the duplications storage unit, select only the storage servers that are marked as ReqDuplicate. When you configure the policy, select the duplication storage unit.
You do not have to partition the storage; all storage units use the same pool of storage. For information about how NetBackup balances storage unit and media server load, see Maximum concurrent jobs in:

305
Managing SAN client traffic in a SAN

If you use the NetBackup Fibre Transport option, you can separate the NetBackup SAN client traffic from the regular NetBackup client traffic in your environment. Do so as follows:
Define a storage unit (such as STU-FT). Select the disk pool. Select Only use the following media servers. Select the FT media servers that connect to the SAN clients. Create a backup policy for the SAN clients and select the STU-FT storage unit. Define another storage unit (such as STU-LAN). Select the same disk pool. Select Only use the following media servers. Select the media servers with LAN connectivity to the regular clients. Create a backup policy for the regular clients and select the STU-LAN storage unit.
This scenario assumes that the SAN clients are a small subset of your client base. It also assumes that the media servers with LAN connectivity to the regular clients also have SAN connectivity to the storage.
Managing backup traffic based on importance

Even without a SAN, you can separate your backup traffic similarly and still write all of the data to the same disk pool. For example, you can send the backups from your most important clients to a media server that is dedicated for the most important backups:
Define a storage unit (such as STU-CRITICAL). Select the disk pool. Select Only use the following media servers. Select one (or a subset) of the media servers. Create a backup policy for the critical clients and select the STU-CRITICAL storage unit. Define another storage unit (such as STU-NORMAL). Select the same disk pool. Select Only use the following media servers. Select a different subset of the media servers. Create a backup policy for the regular clients and select the STU-NORMAL storage unit.
Maximum concurrent job setting

You can use the multiple concurrent jobs settings on storage units to assign backup priority for important clients. For example, two storage units use the same set of media servers. One of the storage units has a higher concurrent job
306 SharedDisk storage option updates Managing SharedDisk
setting than the other. More client backups occur for the storage unit with the higher concurrent job setting.
Creating a backup policy

Backup policies define the rules that NetBackup follows to back up clients. Use normal NetBackup processes to configure backups to SharedDisk storage units. That is, specify the appropriate storage unit in your backup policies. Alternatively, specify a lifecycle policy that uses a SharedDisk storage unit as the backup destination or duplication destination. To create a policy, see the NetBackup Administrators Guide for UNIX and Linux, Volume I or the NetBackup Administrators Guide for Windows, Volume I. Monitor backup progress To monitor backup progress, use the Detailed Status tab of the Job Details dialog box. It shows the media server that functions as the data mover between the client and the storage server. If the media server cannot start or complete the job, NetBackup retries the job after the job retry period elapses. (Configure the job retry interval by using the master server Global Attributes Job retry delay host property.) If you select more than one media server in the storage unit Media server field, NetBackup may retry the job with a different media server.
Restores
Use normal NetBackup processes to restore data from backups. To perform the restore, NetBackup chooses one of the media servers that can move data to and from the disk pool.
Managing SharedDisk
The following are tasks to manage the SharedDisk storage option:

Managing disk pools on page 307 Managing disk array logon credentials on page 315 Managing storage servers on page 316 Monitoring storage capacity and usage on page 321 Viewing disk reports on page 321 Viewing NetBackup logs on page 322 Troubleshooting SharedDisk on page 323
SharedDisk storage option updates Managing SharedDisk
307
Managing disk pools

The following are tasks to manage disk pools:

Changing disk pool properties on page 307 Adding volumes to a SharedDisk disk pool on page 309 Changing disk pool or volume state on page 312 Merging disk pools on page 313 Deleting a disk pool on page 314 Obtaining disk pool and volume status on page 315
Changing disk pool properties

You can change the high and the low water marks of a disk pool and change the comment that is associated with the disk pool. You also can add other media servers that are allowed to access the disk pool. To change disk pool properties 1 2 3 In the NetBackup Administration Console tree, select Media and Device Management > Devices > Disk Pools. Select the disk pool you want to change in the details pane. Click Edit > Change.
In the Change Disk Pool dialog box, change properties.
Disk pool properties

The following are the disk pool properties:

The disk pool name. The media servers that connect to the disk array. All media servers must be the same system type (such as all Solaris). The total amount of space available in the disk pool. The total raw, unformatted size of the storage in the disk pool. The number of volumes in the disk pool. A comment that is associated with the disk pool. The high water mark for the disk pool. (The default is 98%.) The high water mark is a threshold that indicates the storage is full. It applies to both the individual disk volumes in the pool and the disk pool, as follows:
309
The low water mark for the disk pool. (The default is 80%.) When the capacity of the disk pool returns to the low water mark, NetBackup again assigns jobs to the storage unit. Capacity is regained as backup images expire. The low water mark setting cannot be greater than or equal to the high water mark setting.
Adding volumes to a SharedDisk disk pool

If your storage administrator allocates more LUNs in an array to NetBackup, you must add those volumes to a disk pool. NetBackup does not add those volumes to a SharedDisk disk pool automatically. (By default, NetBackup automatically increases disk pool capacity if the capacity of the underlying disk volumes increases. Similarly, NetBackup decreases the capacity of a disk pool if the underlying disk volume capacity decreases.) The NetBackup storage units that use the disk pool automatically use the additional storage capacity. You do not have to change the storage units. How you add volumes depends on how the disk pool was created:
If you used the enclosure method to create the disk pool, see Adding volumes to a SharedDisk disk pool: enclosure method on page 309. If you used the volumes method to create the disk pool, see Adding volumes to a SharedDisk disk pool: volumes method on page 311.
Note: The volumes must be allocated for NetBackup and they must be formatted. NetBackup does not allow volumes to be formatted after you add them to a disk pool. Also, NetBackup does not let you delete volumes after you add them to a disk pool. Therefore, if the volumes were not formatted, you cannot use them and cannot delete them from the disk pool. You must then delete the entire disk pool.
Adding volumes to a SharedDisk disk pool: enclosure method

If you created a SharedDisk disk pool by the enclosure method, add volumes to the disk pool by inventorying the disk pool. The inventory:
Queries the disk array for volume information. Displays the LUNs with the nbusd_ prefix in the Inventory Disk Pool dialog box. If the array does not allow specific LUN prefixes, the inventory discovers all LUNS on the array.
You can update the configuration (that is, import the new disk volumes). Alternatively, you can decline the update if it does not correctly show the actual configuration. To add SharedDisk volumes by using Inventory Disk Pool 1 2 In the NetBackup Administration Console tree, select Media and Device Management > Devices > Disk Pools. Click Actions > inventory Disk Pool.
In the Inventory Disk Pool dialog box, select the disk pool and then click Start Inventory. The default selection is the disk pool that was selected in the Administration Console.
311
To update the disk pool configuration with the new information, click Update Configuration. Update Configuration is enabled only after the inventory has completed. If the results do not correctly show the actual configuration, do not update the configuration. Do the following:

Verify that the new LUNs use the nbusd_ prefix. Verify that the new LUNs are the size allocated by the storage administrator. Use the nbshareddisk command to determine on which array the new LUNs reside.
Adding volumes to a SharedDisk disk pool: volumes method

If you created a SharedDisk disk pool by the volumes method, add volumes to the disk pool by using the nbdevconfig command. First, create a new, temporary disk pool and then merge it into the original disk pool. If you created a disk pool by the enclosure method, you can use the volumes method to expand the storage of the disk pool. However, you must then always use the volumes expansion method for future expansion. Use the NetBackup nbdevconfig command to merge disk pools. Invoke the commands from a NetBackup media server that is configured as a storage server. The following are the prerequisites:
Both disk pools must use the same set of NetBackup media servers to share the storage. The volumes in the temporary disk pool must have different names than the volumes in the original disk pool. All of the disk volumes must have the same file system. The new disk volumes must be formatted.
The nbdevconfig command resides in the following directory: UNIX: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd To add SharedDisk volumes by using nbdevconfig 1 On a SharedDisk storage server, preview the volumes in an array and write the output to a file. The output file includes both formatted volumes and unformatted volumes. The file is used as input when you create the disk pool. The following is the command syntax:
nbdevconfig previewdv storage_server storage_server stype SharedDisk -media_server media_server > filename
-storage_server storage_server specifies the storage server. -stype SharedDisk specifies the storage server type. -media_server media_server specifies the media server that performs the operation. Use the same name as the storage server.
2 3
Edit the file that was created in the previous step and remove all but the new volumes. The file is used as the input when you create the disk pool. Create a disk pool from the volumes that are listed in the file. The following is the command syntax:
nbdevconfig createdp dp disk_pool_name storage_servers storage_server [storage_server ...] stype SharedDisk dvlist filename

-dp disk_pool_name specifies the disk pool. -storage_servers storage_server specifies the storage servers. Specify all of the servers that share the disk pool. -stype SharedDisk specifies the storage server type. -dvlist filename specifies the file of volume names.
Change the state of each disk pool to DOWN; the following is the command syntax:
nbdevconfig -changestate -stype SharedDisk -dp disk_pool_name -state DOWN
If backup jobs are assigned to a disk pool, the state change fails. Cancel the backup jobs or wait until the jobs complete. 5 Merge the disk pools. The following is the command syntax. The primary disk pool is the one you want to retain; nbdevconfig deletes the secondary disk pool after the merge.
nbdevconfig mergedps stype SharedDisk -primarydp disk_pool_name -secondarydp disk_pool_name
nbdevconfig -changestate -stype SharedDisk -dp disk_pool_name -state UP
Changing disk pool or volume state

Pool and volume states are UP or DOWN. You can change the state of a disk pool or volume. To change the state to DOWN, the disk pool must not be busy. If backup jobs are assigned to the disk pool, the state change fails. Cancel the backup jobs or wait until the jobs complete.
313
To change the disk pool state by using the Device Monitor 1 2 3 4 In the NetBackup Administration Console, select Media and Device Management > Device Monitor. Select the Disk Pools tab. Select the disk pool. Select either Actions > Up or Actions > Down.
The nbdevconfig command resides in the following directory: UNIX: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd To change the disk pool state by using the nbdevconfig command
The following is the command syntax:

nbdevconfig -changestate -stype SharedDisk -dp disk_pool_name -state state
state is either UP or DOWN. To change the disk volume state 1 Determine the name of the disk volume. The following command lists all volumes in the specified disk pool:
nbdevquery -listdv -stype SharedDisk -dp disk_pool_name
Change the disk volume state; the following is the command syntax:
nbdevconfig -changestate -stype SharedDisk -dp disk_pool_name dv vol_name -state state
state is UP or DOWN. NetBackup jobs still read from and write to a disk pool that has a downed volume, but the downed volume is unavailable.
Merging disk pools

You can merge existing SharedDisk disk pools. NetBackup updates the catalog records to show the correct location of the backup images in those disk pools. Note: After you merge SharedDisk disk pools, you must use the volumes method to add volumes to the disk pool. This restriction also applies if you used the enclosure method to create the disk pools. Prerequisites:
The volumes in the two disk pools must have unique names.
Both disk pools must use the same set of NetBackup media servers to share the storage. If storage units reference the secondary disk pool, you must delete those storage units.
The nbdevconfig command resides in the following directory: UNIX: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd To merge disk pools 1 Change the state of each disk pool to DOWN; the following is the command syntax:
If backup jobs are assigned to a disk pool, the state change fails. Cancel the backup jobs or wait until the jobs complete. 2 Merge the disk pools. The following is the command syntax. The primary disk pool is the one you want to retain; nbdevconfig deletes the secondary disk pool after the merge.
nbdevconfig mergedps stype SharedDisk -primarydp disk_pool_name -secondarydp disk_pool_name
Deleting a disk pool

If you delete a disk pool, NetBackup removes it from your configuration. If a disk pool is the storage destination of a storage unit, you must first delete the storage unit. Caution: Do not delete a disk pool that contains unexpired NetBackup images; if you do, data loss may occur. To delete a disk pool 1 2 3 In the NetBackup Administration Console tree, select Media and Device Management > Devices > Disk Pools. Select a disk pool Click Edit > Delete.
315
In the Delete Disk Pool dialog box, verify that the disk pool is the one you want to delete and then click OK.
Obtaining disk pool and volume status

Use the NetBackup nbdevquery command to obtain the status of NetBackup disk pools and volumes in those disk pools. Table 12-1 Option
-dv disk_volume

Used with -listdv, it shows the properties of the specified disk volume. Produces the parsable output, one line of output per disk volume with no headers. The first field indicates the version of the output as an aid to create scripts. By default, nbdevquery uses the -l option. Shows all disk pools. To show the properties of a specific disk pool, also use the -dp disk_volume option.
-l
-listdp
-listdv
Shows a summary of all disk volumes. To show the properties of a specific disk volume, also use the -dv disk_volume option.
-stype SharedDisk
Use this option with the following two options:

With -listdp, shows all disk pools of the specified storage type. With -listdv, shows all disk pools of the specified storage type and their disk volumes.
-U -D
Produces an output format that is more human-readable. Produces an output format that provides more information than the -U option but is not formatted as much as the -U option.
Managing disk array logon credentials

For SharedDisk storage, the currently configured disk array credentials are shown in the Media and Device Management > Credentials > Disk Array Hosts view. You can add, change, or delete the credentials that Netbackup uses to access the arrays in your NetBackup environment.
To add array logon credentials 1 2 3 4 5 In the NetBackup Administration Console, expand Media and Device Management > Credentials. Select Disk Array Hosts. Click Actions > New > Disk Array Host. Enter the host name in the dialog box. In the New Disk Array Host dialog box, enter the credentials.
To change array logon credentials 1 2 3 4 In the NetBackup Administration Console, expand Media and Device Management > Credentials > Disk Array Host. Select a disk array host. Click Edit > Change. In the Change Disk Array Host dialog box, change the credentials.
To delete array logon credentials 1 2 3 In the NetBackup Administration Console, expand Media and Device Management > Credentials > Disk Array Host. Select a disk array host. Click Edit > Delete. The disk array host is deleted; no confirmation dialog appears.
Managing storage servers

You can do the following to manage the storage servers that exist in your environment:

Viewing storage servers on page 317 Viewing storage server attributes on page 318 Obtaining storage server status on page 317 Adding a SharedDisk storage server on page 318 Removing storage server attributes on page 319 Removing a storage server from disk pool access on page 320 Deleting a storage server on page 320
317
Viewing storage servers

To view a list of storage servers already configured, use the nbdevquery command. To view configured storage servers

nbdevquery -liststs
To list only SharedDisk storage servers, use the -stype SharedDisk option and argument. The -U option provides more detailed information. The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd The command lists all storage servers already configured. By default, NetBackup configures all media servers as BasicDisk storage servers. Therefore, all media servers in your environment appear as BasicDisk servers, as in the following example:
If the media server does not appear in the command output as a SharedDisk storage server, configure the media server as a storage server.
Obtaining storage server status

The NetBackup nbdevquery command lets you obtain the status of storage servers. Table 12-2 Option
-liststs -storage_server server_name -stype SharedDisk
nbdevquery storage server options Description

Shows all storage servers. Shows the information about the specified storage server. Must be used with the -liststs option. Use this option with the following two options:

With -liststs, shows all storage servers of the specified storage type. With -storage_server, shows all storage servers that are at the specified host.
For more information about the nbdevquery command, see the NetBackup Commands for UNIX and Linux or NetBackup Commands for Windows manual.
Viewing storage server attributes

You can view the storage server attributes. To view storage server attributes
Run the following command on the NetBackup master server or a storage server:
nbdevquery -liststs -storage_server storage_server -stype SharedDisk U
The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd The following is an example:
% nbdevquery -liststs AdvancedDisk U Storage Server : Storage Server Type : Storage Type : State : Flag : Flag : Flag : -storage_server advdsk_server -stype shareddisk_server.symantecs.com SharedDisk Formatted Disk, Direct Attached UP OpenStorage FT-Transfer PrefRestore
This example output is shortened; more flags may appear in actual output.
Adding a SharedDisk storage server

You can add a SharedDisk storage server to an existing SharedDisk configuration. The NetBackup media server also becomes a data mover. To add a SharedDisk storage server 1 Install and configure the NetBackup media server software. For procedures, see the NetBackup Installation Guide for UNIX and Linux or the NetBackup Installation Guide for Windows. Prepare the SAN. For procedures, see Preparing the SAN on page 278. Install the disk array software on the media server. For procedures, see Installing array software on media servers on page 279. Add the media server to the host entry list on the disk array.
2 3
319
For procedures, see Add array host entries on page 280. 5 If no other storage servers were configured, you must change the state of all disk pools on the storage to UP. The following is the command syntax:
Verify that the new media server appears in every storage unit that points to a disk pool on that disk array. The storage unit dialog box includes a media servers list. For every SharedDisk storage unit that specifies Use one of the following media servers, update the storage unit so it uses the correct media servers. This step is not required if the storage unit is configured to use any available media server.
Removing storage server attributes

You can remove the following storage server attributes:

To remove storage server attributes
Run the following command on the NetBackup master server or the storage server:
nbdevconfig -changests -storage_server storage_server -stype SharedDisk -clearattribute attribute
The following is the path to the command: UNIX and Linux: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd The following are the options and arguments:

-storage_server storage_server is the name of the storage server. -stype SharedDisk specifies the storage server type. -clearattribute attribute is an attribute to remove from the storage server for restore or duplication operations. You can specify more than one -clearattribute attribute pair on the command line. The following are the attributes:
PrefRestore. The storage server is preferred for the read side of restore operations. ReqRestore. The storage server is required for the read side of restore operations.
ReqDuplicate. The storage server is required for the read side of duplication operations.
Removing a storage server from disk pool access

You can remove a SharedDisk storage server so that it no longer can access a disk pool. If NetBackup jobs exist that use that storage server, you cannot remove it. A SharedDisk storage server is also a media server. Caution: If you remove the only storage server, data may be lost. NetBackup cannot access the disk pool and the backup images on the disk pool. To remove a SharedDisk storage server from disk pool access 1 For every storage unit that specifies the storage server (media server), clear the checkbox that specifies the media server. The Use one of the following media servers option specifies the storage servers. This step is not required if the storage unit is configured to use any available media server. If only one storage server exists, change the state of all disk pools on the array to DOWN. To do so, use the following command:
Remove the storage server. The following is the command syntax:

nbdevconfig -changedp -stype SharedDisk -dp disk_pool_name -del_storage_servers storage_server
Deleting a storage server

If you delete a storage server, NetBackup removes it from your configuration. The media server is not deleted from your configuration. To delete the media server, use the NetBackup nbemmcmd command. If a disk pool is configured from the disk volumes that the storage server manages, you cannot delete the storage server. Caution: Do not delete a storage server if its storage contains unexpired NetBackup images; if you do, data loss may occur. To delete a storage server
Use the following command:
321
nbdevconfig -deletests -storage_server storage_server -stype SharedDisk
The nbdevconfig command resides in the following directory:
Monitoring storage capacity and usage

To monitor storage capacity and usage, see:
The NetBackup Disk Pool status report. For more information, see Viewing disk reports on page 321. Media and Device Management > Devices > Disk Pools. The NetBackup License Keys dialog box. Open the dialog box by selecting Help > License Keys in the NetBackup Administration Console. Display the summary by clicking Summary of active capacity-based license features. The summary displays the storage capacity for which you are licensed and the capacity used. It does not display the amount of physical storage space.
The NetBackup Operations Manager also provides information about storage capacity and usage. For more information, see the NetBackup Operations Manager Guide.
Viewing disk reports

The NetBackup disk reports include information about the disk pools, disk storage units, disk logs, images that are stored on disk media, and storage capacity. To view disk reports 1 2 3 4 In the NetBackup Administration Console tree, expand NetBackup Management > Reports > Disk Reports. Select the name of a disk report. In the right pane, select the report settings. Click Run Report.
Table 12-3 shows the disk reports. Table 12-3 Report

Images on Disk
Disk reports Description

The Images on Disk report generates the image list present on the disk storage units that are connected to the media server. The report is a subset of the Images on Media report; it shows only disk-specific columns. The report provides a summary of the storage unit contents. If a disk becomes bad or if a media server crashes, this report can let you know what data is lost.
Disk Logs
The Disk Logs report displays the media errors or the informational messages that are recorded in the NetBackup error catalog. The report is a subset of the Media Logs report; it shows only disk-specific columns. The Disk Storage Unit Status report displays the state of disk storage units in the current NetBackup configuration. For disk pool capacity, see Media and Device Management > Devices > Disk Pools. Multiple storage units can point to the same disk pool. When the report query is by storage unit, the report counts the capacity of disk pool storage multiple times.
Disk Storage Unit
Disk Pool Status
The Disk Pool Status report displays the state of disk pool storage units. This report displays only when an Enterprise Disk Option license is installed.
Viewing NetBackup logs

You can monitor NetBackup disk-related activity and status by viewing the NetBackup log files. Some NetBackup commands or processes write messages to their own log files. Other processes use Veritas unified log (VxUL) files. VxUL uses a standardized name and file format for log files. An originator ID (OID) identifies the process that writes the log messages. For information about the logs, see Table 12-4
323
Messages that begin with an sts_ prefix relate to the interaction with the storage vendor software plug-in. Most interaction occurs on the NetBackup media servers. Table 12-4 Activity
Backups and restores
NetBackup logs VxUL OID

N/A
Processes that use the ID

Messages appear in the log files for the following processes:

bpbrm backup and restore manger bpdbm database manager bpdm disk manager bptm for I/O operations
Backups and restores Device configuration Device configuration Device configuration
117
The nbjm job manager.
111
The nbemm process.
178
The Disk Service Manager process that runs in the Enterprise Media Manager (EMM) process. The Storage Server Interface process that runs in the Remote Manager and Monitor Service. RMMS runs on media servers. If the Storage Server Interface logs indicate problems with the Veritas Frozen Image (VxFI) service, examine the VxFI log files for detailed trace information:

202
UNIX: /user/openv/netbackup/logs/bpfis Windows: install_path\VERITAS\NetBackup\logs \bpfis
Device configuration
230
The Remote Disk Service Manager interface (RDSM) that runs in the Remote Manager and Monitor Service. RMMS runs on media servers.
Troubleshooting SharedDisk
To help with troubleshooting, see the following:
SharedDisk troubleshooting checklist on page 324
Determining masked LUNs on page 332 Checking out a SharedDisk disk volume on page 333 Disk failure on page 334 Restore or duplication operations on page 334
SharedDisk troubleshooting checklist

The following checklist may help you troubleshoot if you have problems when you configure and use the SharedDisk storage option: 1. Verify NetBackup installation and license keys on page 324 2. Verify the array vendor software installation on page 324 3. Verify that the EMM server recognizes the media servers on page 325 4. Verify that the disk array credentials are configured on page 325 5. Restart NetBackup services on page 326 6. Verify LAN connectivity to the disk array on page 327 7. Verify that the array host list includes the NetBackup servers on page 327 8. Verify that the array can query the LUNs on page 328 9. Verify SAN connectivity to the disk array on page 329 10. Verify that the media servers are configured as storage server(s) on page 331 11. Verify that everything works in your environment on page 332 12. For more troubleshooting information on page 332 13. Contact NetBackup support on page 332
1. Verify NetBackup installation and license keys

The NetBackup master server and all NetBackup media servers that use the feature must be at NetBackup 6.5 or later. You must activate the feature by entering the appropriate license key in NetBackup. If you have configuration problems, verify that:

The NetBackup servers are at the correct release levels The license key is installed on the NetBackup master server.
For more information, see Installing SharedDisk on page 277.
2. Verify the array vendor software installation

The Veritas Frozen Image (VxFI) service is the NetBackup component that manages access to the storage on the disk array. VxFI uses the disk array vendors command line interfaces to: configure the arrays and mask and unmask the LUNs when a media server accesses the storage. The array vendor
325
software must be installed on each NetBackup media server that accesses the storage. If you have configuration or storage access problems, verify that the disk array vendors command line interfaces are installed. For more information, see Installing array software on media servers on page 279. Also, verify that a supported version of the disk array vendors command line interface is installed on each media server. To determine supported versions, check the NetBackup hardware compatibility list (HCL). You can find the HCL at the NetBackup support site:
http://entsupport.symantec.com
3. Verify that the EMM server recognizes the media servers

To verify that the EMM server recognizes each media server, use the following command. If you have more than one NetBackup master server, use the -masterserver option to identify the master server.
nbemmcmd listhosts
Each media server should appear in the output. The following is example output:
The following hosts were found: master masterserver.symantecs.org server masterserver.symantecs.org disk_array oven3a disk_array orach disk_array cx5002 media mediaserver.symantecs.org Command completed successfully.
The command output shows which servers are registered with the NetBackup EMM server. The master server and the EMM server are installed on the same host, so the server appears twice. If a media server does not appear, add it by using the nbemmcmd command. The following is the syntax:
nbemmcmd -addhost -machinename hostname -machinetype media
Other options let you specify more detailed information. The nbemmcmd command resides in the following directories:

UNIX: /usr/openv/netbackup/bin/admincmd Windows: install_path\VERITAS\Netbackup\bin\admincmd
For command usage, see NetBackup Commands for UNIX and Linux or NetBackup Commands for Windows.
4. Verify that the disk array credentials are configured

Verify that the logon credentials are configured for each disk array. To do so, use the following command:
tpconfig ddiskarrays
The following is example output:

================================================================== Disk Array Host Name: oven3a Disk Array Type: NetApp(5) User Id: root Required Port: 0 ================================================================== Disk Array Host Name: orach Disk Array Type: HP EVA(0) User Id: administrator Required Port: 0 ================================================================== Disk Array Host Name: cx5002 Disk Array Type: EMC CLARiiON(1) User Id: admin Required Port: 0
If a disk array host does not appear, add the credentials. For procedures, see Managing disk array logon credentials on page 315. (Alternatively, you can use the tpconfig command.) Note: This command verifies only that credentials are configured; it does not verify that the credentials are correct. The tpconfig command resides in the following directories:

UNIX: /usr/openv/volmgr/bin/ Windows: install_path\VERITAS\Volmgr\bin
5. Restart NetBackup services

After you add credentials, stop and then start the NetBackup services on the NetBackup master server. Also stop and start the services on each NetBackup media server that accesses the disk array. You can use the NetBackup Administration Console Activity Monitor to stop and start the services. Alternatively, you can use the following commands in sequence:
UNIX:
/usr/openv/netbackup/bin/bp.kill_all /usr/openv/netbackup/bin/bp.start_all
Windows:
install_path\VERITAS\Netbackup\bin\bpdown.exe install_path\VERITAS\Netbackup\bin\bpup.exe
327
6. Verify LAN connectivity to the disk array

To verify LAN connectivity to the disk array, use the following command:
nbshareddisk list
Verify that each disk array (enclosure) appears in the command output. If all of the disk arrays appear in the output, LAN connectivity to the disk arrays exists. The following is example output:
Enclosure list: Vendor Array Name Enclosure ID ------------------------------------------------------------------------NETAPP oven3a UEID##NETAPP##LUN##1042386 HP HPEVA4000 UEID##HP##HSV##5000-1FE1-5007-0020 HP VRTS.EVA UEID##HP##HSV##5000-1FE1-5004-5660 EMC 000187910258 UEID##EMC##SYMMETRIX##000187910258 EMC APM00044701641-cx500 UEID##EMC##CLARIION##APM00044701641
If a disk array does not appear in the output:
Verify that the disk array logon credentials exist. For procedures, see 4. Verify that the disk array credentials are configured on page 325. Verify that the disk array vendors command line interfaces are installed on each media server. (Not required for NetApp.) Also, verify that the supported versions of the disk array vendors command line interfaces are installed on each media server. For more information, see 2. Verify the array vendor software installation on page 324. Examine nbshareddisk command logs for messages about failures. The following are the log file pathnames: Windows: install_path\VERITAS\NetBackup\logs\admin UNIX: /usr/openv/netbackup/logs/admin To obtain useful information, you may have to increase the NetBackup logging levels. UNIX: /usr/openv/netbackup/bin/admincmd Windows: install_path\VERITAS\Netbackup\bin\admincmd
The nbshareddisk command resides in the following directories:

7. Verify that the array host list includes the NetBackup servers
To verify that the disk array host list includes each NetBackup server that accesses the array, use the following command:
nbshareddisk list -hosts
Each NetBackup media server that accesses the array must in the host list. Host names must be valid IP host names. For all array vendors, the host entries must match the DNS hostname of the media server. The host list also is known as a WWN map. The following is example output:
Enclosure ID Host Name HBA WWPN ----------------------------------------------------------------1042386 MediaServerA 10000000c943c971 1042386 MediaServerB 10000000c9439ef7 5000-1FE1-5007-0020 MediaServerA 10000000c943c971 5000-1FE1-5007-0020 MediaServerB 10000000c9439ef7 000187910258 MediaServerA 10000000c943c971 000187910258 MediaServerB 10000000c9439ef7 APM00044701641 MediaServerA 10000000C943C971 APM00044701641 MediaServerB 10000000C9439EF7
Depending on how your environment is configured, additional hostnames may be in the list also. If a media server is not in the list, do the following:
Verify that the SAN zone includes the HBA and array port WWPNs. The array ports must be hard or soft zoned to the NetBackup media server and NetBackup client HBA ports. For more information, see Zoning the SAN on page 278. Add the host entries. For more information, see Add array host entries on page 280. Examine the array disk plug-in logs for messages about failures. The following are the log file pathnames: Windows: install_path\VERITAS\NetBackup\logs\adsts.log UNIX: /usr/openv/netbackup/logs/adsts.log To obtain useful information, you may have to increase the NetBackup logging levels. UNIX: /usr/openv/netbackup/bin/admincmd Windows: install_path\VERITAS\Netbackup\bin\admincmd

8. Verify that the array can query the LUNs

Verify that each disk array (enclosure) can display the LUNs that were allocated to NetBackup. The following is the command syntax. It displays the LUNs with their unique device identifier (UDID) for the specified disk array.
329
nbshareddisk list ueid unique_enclosure_ID
The following is an example command and output:

nbshareddisk list enclosure UEID##EMC##CLARIION##APM00044701641 Device Name Size (KB) Device Id ----------------------------------------------------------------------------------------------------------------------nbusd_winb5 5242880 UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:D8:CD:C0:49:7D:4E:DB:11 nbusd_winb3 5242880 UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:D6:CD:C0:49:7D:4E:DB:11 nbusd_winb4 5242880 UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:D7:CD:C0:49:7D:4E:DB:11 nbusd_winb1 5242880 UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:D4:CD:C0:49:7D:4E:DB:11 nbusd_winb2 5242880 UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:D5:CD:C0:49:7D:4E:DB:11
If the array does not support LUN prefix names, all LUNs on the array should appear in the command output. If the correct UDIDs do not appear in the output, verify the array configuration as follows:
Verify that the LUNs were allocated to NetBackup by using the nbusd_ prefix. For more information, see Allocate LUNs for NetBackup on page 281. Examine the array disk plug-in logs for messages about failures. The following are the log file pathnames: Windows: install_path\VERITAS\NetBackup\logs\adsts.log UNIX: /usr/openv/netbackup/logs/adsts.log To obtain useful information, you may have to increase the NetBackup logging levels. UNIX: /usr/openv/netbackup/bin/admincmd Windows: install_path\VERITAS\Netbackup\bin\admincmd

9. Verify SAN connectivity to the disk array

To verify SAN connectivity to a disk array, do the following:

Format a LUN on the array. Mount and unmount the LUNs
If you can format a LUN and mount and unmount a LUN, SAN connectivity to the disk array is verified. I/O operation also is verified.
Format a LUN If possible, format a small LUN on the array. The format operation can be a time-consuming process. Caution: If you format a LUN on which data exists, the format operation erases that data. For example, the following command formats two LUNs. The LUNs are listed in the arrayudidlist.txt file:
nbshareddisk format -udid_file arrayudidlist.txt Preparing to process LUNs/UDIDs: UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:E2:CD: C0:49:7D:4E:DB:11 UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:E0:CD: C0:49:7D:4E:DB:11 Imported resource [UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:E2:CD :C0:49:7D:4E:DB:11] at local device path [/dev/rdsk/c3t4d0]. Device [/dev/rdsk/c3t4d0] formatted successfully with file-system type [ufs] and VM type []. Unmounted formatted resource [/dev/dsk/c3t4d0s2], [UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:E2:CD :C0:49:7D:4E:DB:11]. Deported resource [UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:E2:CD :C0:49:7D:4E:DB:11]. Imported resource [UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:E0:CD :C0:49:7D:4E:DB:11] at local device path [/dev/rdsk/c3t4d0]. Device [/dev/rdsk/c3t4d0] formatted successfully with file-system type [ufs] and VM type []. Unmounted formatted resource [/dev/dsk/c3t4d0s2], [UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:E0:CD :C0:49:7D:4E:DB:11]. Deported resource [UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:E0:CD :C0:49:7D:4E:DB:11].
If the format fails:
(Solaris only.) Verify that the appropriate LUN entries were added to the sd.conf file. The LUN entries allow NetBackup to import LUNs to the host. For more information, see Adding LUN entries to the sd.conf file on page 282. Examine the array disk plug-in logs for messages about failures. The following are the log file pathnames:
331
Windows: install_path\VERITAS\NetBackup\logs\adsts.log UNIX: /usr/openv/netbackup/logs/adsts.log To obtain useful information, you may have to increase the NetBackup logging levels. Mount and unmount the LUNs To mount a LUN, it must be formatted and offline. To unmount a LUN, it must be formatted and online. The command to mount a LUN also performs other operations that help verify connectivity. To mount and then unmount a specific LUN 1 Mount the LUN by using the nbshareddisk command. The following is the command syntax:
nbshareddisk online udid UDID##nn#nn##nn
The following is an example:

nbshareddisk online udid UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:E2:CD:C0:49:7D:4E:DB:11 List of online mount points -----------------------------------------------------------------------------------Udid Mount point -----------------------------------------------------------------------------------UDID##DGC##CLARIION##APM00044701641##60:06:01:60:2C:96:12:00:E2:CD:C0:49:7D:4E:DB:11 /nbusd_b8fd784dd4df57e6
Unmount the LUN by using the nbshareddisk command. The following is the command syntax (the command produces no output):
UNIX: nbshareddisk offline -device mount_point Windows: nbshareddisk offline -device C:\nbussod\mnt_point\
Ensure that you use the trailing back slash on the Windows command line. The following is an example:
nbshareddisk offline -device /nbusd_b8fd784dd4df57e6

UNIX: /usr/openv/netbackup/bin/admincmd Windows: install_path\VERITAS\Netbackup\bin\admincmd
10. Verify that the media servers are configured as storage server(s)
Verify that each NetBackup that connects to the array is configured as a storage server. To do so, use the following command
nbdevquery -liststs -stype SharedDisk V6.5 tree.symantecs.org SharedDisk 6 V6.5 flower.symantecs.org SharedDisk 6
V6.5 water.symantecs.org SharedDisk 6
The command output shows which media servers are configured as SharedDisk storage servers. If a storage server does not appear, create the storage server. To do so, see Creating a storage server in NetBackup on page 289. The nbdevquery command resides in the following directory: UNIX: /usr/openv/netbackup/bin/admincmd Windows: install_path\Program Files\VERITAS\NetBackup\bin\admincmd
11. Verify that everything works in your environment

Verify that your network environment functions correctly. Verify that the NetBackup services are active on all NetBackup servers. Ensure that you have read the NetBackup SharedDisk documentation and any vendor-specific documentation.
12. For more troubleshooting information

More troubleshooting information about SharedDisk and its components such as VxFI is available on the Symantec Enterprise Support Web site in the following Tech Note:
The Tech Note contents are updated when new information is available. The Tech Note may contain more current information than this guide.
13. Contact NetBackup support

If you performed all of steps in this checklist and problems still exist, contact NetBackup Technical Support. The following is the address for the site:
http://entsupport.symantec.com
Determining masked LUNs

The NetBackup nbfirescan command scans for SCSI disk devices and displays the results. The nbfirescan command resides in the Veritas Frozen Image directory as follows:
install_path\Common Files\Symantec Shared\VxFI\4\Bin (Windows) /usr/openv/netbackup/bin (UNIX)
For more information about the nbfirescan command, see the NetBackup Commands for UNIX and Linux or NetBackup Commands for Windows manual.
333
Checking out a SharedDisk disk volume

The storage in an array is exposed to a NetBackup media server dynamically. That is, Veritas Frozen Image (VxFI) masks the storage when a media server performs I/O and then unmasks the storage when not required. (VxFI is the NetBackup component that manages access to the storage on the disk array.) You can check out a disk volume manually to determine what NetBackup wrote on the file system on the LUNs. To check out a disk volume 1 Determine the name of the disk volume. The following is the command syntax:
nbdevquery -listdv -stype SharedDisk -dp disk_pool_name
Change the disk volume state to DOWN so that NetBackup does not assign jobs to it. The following is the command syntax:
nbdevconfig -changestate stype SharedDisk -dp disk_pool_name dv vol_name -state DOWN
This command does not stop currently active jobs; they complete their I/O. 3 4 Wait for all active jobs that use that volume to complete. Use the NetBackup Administration Console Activity Monitor to monitor the jobs. Determine the UDID of the disk volume. The following is the command syntax to display all of the disk volumes in an enclosure:
nbshareddisk list -ueid unique_enclosure_id
Expose (mask) the LUN to a media server and then mount it. The following is the command syntax:
nbshareddisk online -udid UDID##nn#nn##nn
6 7
Browse the file system. Unmount the LUN. The following is the command syntax:
UNIX: nbshareddisk offline -device mount_point Windows: nbshareddisk offline -device C:\nbussod\mnt_point\
Ensure that you use the trailing back slash on the Windows command line. 8 Unmask the LUN from the media server. The following is the command syntax:
nbshareddisk mask -udid UDID##nn#nn##nn
Change the disk volume to UP so that NetBackup can use it. The following is the command syntax:
nbdevconfig -changestate stype SharedDisk -dp disk_pool_name dv vol_name -state UP
Disk failure
A disk failure in an array that is configured to provide redundancy should not affect NetBackup disk pool operation. If recovery mechanisms do not protect a disk that fails, the backup images on that disk are lost. Operating system read and write errors may occur for the volume that represents the disk. NetBackup cannot use that volume because of the errors, and NetBackup jobs may fail. To prevent NetBackup from trying to read from or write to the disk, you must change the volume state to DOWN in NetBackup. If the volume represents other disks that still function, those disks are not available because the volume state is DOWN. You may be able to read from the volume by mounting it manually. If so, you may be able to recover image fragments from any disks that did not fail. If you replace the failed disk, you can allocate that new disk to NetBackup, as follows:
In NetBackup, expire backup images on the downed volume so the image records are removed from the NetBackup catalog. Use the array software utilities to delete the volume from the array. Allocate the new disk and any other disks that were in the volume to NetBackup. You must use a different name for the LUN than was used for the original volume. Add that LUN to an existing disk pool or create a new disk pool from that LUN.
Because NetBackup does not let you delete volumes from a disk pool, the downed volume remains in the disk pool. The downed volume does not affect disk pool functionality.
Restore or duplication operations

If you use the preferred or required restore or duplication attributes for a storage server, the following may occur:
A restore operation uses a storage server that does not have a PrefRestore or ReqRestore attribute. Reasons may be as follows:
The destination disk pool does not include a storage server with a restore or duplication attribute. A preferred or required storage server cannot be used because it is unavailable (NetBackup considers it DOWN). A storage server is preferred for restore but the SharedDisk disk volume is mounted on a different storage server.
A restore or duplication operation is queued. Reasons may be as follows:
335
A preferred or required storage server cannot be used because it is unavailable (NetBackup considers it DOWN). A preferred or required storage server is not used because the SharedDisk disk volume is mounted on a different storage server.
Chapter
13
SAN Client and Fibre Transport updates

This SAN Client and Fibre Transport documentation supplements the documentation in the NetBackup Shared Storage Guide for NetBackup 6.5. The NetBackup Shared Storage Guide will be updated for the next major NetBackup release.

The following subsections describe new features and capabilities for SAN client and Fibre Transport in NetBackup 6.5.2. For more information, see the following:

Tape as a storage destination on page 337 HBA port detection on Solaris on page 339 New HBAs supported on page 339
Tape as a storage destination

With this release, you can use tape as a storage destination for the SAN Client and Fibre Transport feature. For more information, see the following:

Benefits on page 338 Buffer size and concurrent pipe usage on page 338 Configuring multiplexing on page 338 Configuring multistreaming on page 338
338 SAN Client and Fibre Transport updates Tape as a storage destination
Limitations on page 339
Benefits
Using tape as a destination, you can multistream and multiplex backups of a SAN client to an FT media server, which provides the following benefits:
Ability to send nonmultiplexed and multiplexed backups of multiple streams to the tape media over the SAN. The data streams can be sent over one or more FT channels to the FT media server. The media server multiplexes them together onto one or more tape drives. Multiplexing enables parallel backup of multiple slower client data streams
Multiplexing reduces or eliminates idle time while the tape drive waits for data to become available. It better uses the transfer rate of fast tape drives. With this feature, you can replace SAN Media servers with SAN Clients and continue to back up to tape. A SAN Client uses fewer system resources, both disk space and processor, than a SAN Media server.
Buffer size and concurrent pipe usage

On x86_64 computers, Symantec recommends that you use 10 or fewer pipes concurrently. If you use more than 10 pipes, Symantec recommends that you configure the number of data buffers to a value less than 10. To do so, create (if necessary) the following file and include a single integer that specifies the number of pipes:
/usr/openv/netbackup/db/config/NUMBER_DATA_BUFFERS_FT
Symantec recommends that the number of buffers times the number of pipes be 161 or fewer. For the number of buffers per pipe, the default value is 16 for disk and 12 for tape.
Configuring multiplexing
To configure multiplexing, see the NetBackup Administrators Guide for UNIX and Linux, Volume I.
Configuring multistreaming
To configure multistreaming, see the NetBackup Administrators Guide for UNIX and Linux, Volume I.
SAN Client and Fibre Transport updates HBA port detection on Solaris
339
Limitations
The following limitations exist for tape as a storage destination:
Only FT backups from the same client are multiplexed in a particular MPX group FT backups from different clients are not multiplexed together in the same MPX group. You cannot multiplex different SAN clients to the same tape. Different clients can still be backed up to the same FT media server, but they are written to different tape drives in different MPX groups). FT and LAN backups (from the same client or different clients) are not multiplexed together in the same MPX group.
HBA port detection on Solaris

On Solaris systems, NetBackup 6.5.2 detects the PCI bus and only allows ports on one bus to be used for target mode, as follows:

The first choice is the bus with the most 2312 target mode ports. If there are no 2312 target mode ports, the bus with the most 24xx target mode ports is used. Target mode ports on other busses are not used.
New HBAs supported

NetBackup 6.5.2 includes support for the following QLogic HBAs for Fibre Transport media servers:

QLA2460 and QLA2462 (PCI-X) QLE2460 and QLE2462 (PCI-e)
Symantec recommends that you do not use 24xx 4 GB/s HBAs in 33 MHz or 66 MHz PCI slots.
340 SAN Client and Fibre Transport updates New HBAs supported
Chapter
14
Remote NDMP and disk devices updates


About remote NDMP and disk devices on page 341 Configuring remote NDMP on page 342
About remote NDMP and disk devices

The remote NDMP feature of NetBackup involves backing up NAS data (Network Attached Storage) to a storage device configured on a NetBackup media server. In previous releases, only tape devices were supported on the NetBackup media server for remote NDMP. This 6.5.2 release adds support for disk devices on the media server.
342 Remote NDMP and disk devices updates Configuring remote NDMP
Figure 14-1
NDMP backup to a storage unit on media server (remote NDMP)

LAN / WAN
NetBackup for NDMP media server
NetBackup drives in disk storage units or Media Manager storage units (tape).
NDMP hosts (NAS filers). . . Backup data travels from NDMP hosts to a disk or tape drive attached to a NetBackup media server or on a SAN. NOTE: The NetBackup drive(s) need not be dedicated to NDMP backups: they can be used for non-NDMP backups as well.
Configuring remote NDMP

This topic describes how to configure NetBackup to make backups to either disk or tape storage units attached to a NetBackup media server. Only NDMP-specific steps are described. To configure NDMP backups to disk or tape storage units 1 Authorize the NetBackup server to access the NDMP hosts you want to back up. Do the following on the master server (not media server) if you plan to create snapshots using the Snapshot Client NAS_Snapshot method.
Under Media and Device Management > Credentials, click on NDMP Hosts. Under Actions, choose New > NDMP Host to display the NDMP Host dialog box. Enter the name of the NDMP server (NAS filer) to back up. This NDMP host name is case sensitive. Repeat the above for each NDMP host that the NetBackup server backs up.
Use the NetBackup Device Configuration wizard to configure devices for remote NDM (disks, or tape drives and robots, on the media server). Note the following:
Do not use the device configuration procedure in the Configuring NDMP backup to NDMP-attached devices section of the NetBackup for
Remote NDMP and disk devices updates Configuring remote NDMP
343
NDMP Guide. Rather, configure the disk, or robots and drives, in the same way as ordinary NetBackup devices. See the NetBackup Administrators Guide, Volume I.
Tape drives can be shared using the Shared Storage Option (SSO) of NetBackup. The drives can be shared as both NDMP drives and non NDMP drives. See Using the Shared Storage Option (SSO) chapter of the NetBackup for NDMP Guide.
Create a disk or Media Manager storage unit for the drive(s). The storage unit type must be Disk or Media Manager, not NDMP. For details on storage units, refer to the NetBackup Administrators Guide, Volume I. Create an NDMP-type policy. On the New/Change Policy display, be sure to specify the storage unit that was created at step 3. See Creating an NDMP policy in the NetBackup for NDMP Guide.
344 Remote NDMP and disk devices updates Configuring remote NDMP
Chapter
15

The Multiple Copy Synthetic Backups feature introduces the capability to read remote, non-primary source images to produce a second synthetic copy in remote storage. This feature provides the following benefits:
This feature eliminates the bandwidth cost of copying synthetic full backups to another site. Instead of duplicating a local synthetic full backup to a remote site to produce a second copy, it is more efficient to produce the second copy by using data movements only at the remote site. This feature provides an efficient method to establish a dual-copy disaster recovery scheme for NetBackup backup images.
346 Synthetic Backup updates: Multiple copy backups
How this feature compares to previous releases

This section describes how using the Multiple Copy Synthetic Backups feature to create synthetic backup copies differs from duplicating synthetic full backups in previous releases. The following table emphasizes how the synthetic full backup produced at the remote site is a clone, or a second copy, of the first copy produced at the local site. Procedure for releases before 6.5.2:
1 A full backup is performed at the local site (Site A). The full backup is duplicated to the remote site (Site B). An incremental backup is performed at Site A. The incremental backup is duplicated to Site B. Steps 3 and 4 are repeated each time an incremental schedule runs. A full synthetic backup is produced at Site A. The full backup is duplicated to Site B.
Using Multiple Copy Synthetic Backups in 6.5.2:

Step 1 remains the same.
Step 2 remains the same.
3 4 5
Step 3 remains the same. Step 4 remains the same. Step 5 remains the same.
6 7
Step 6 remains the same. A full synthetic backup is produced at Site B from images at Site B. The full synthetic backup at the remote site is a second copy of the synthetic backup at the local site. Step 8 remains the same.
Steps 2 through 7 repeat per backup scheduling needs.
Figure 15-1 shows that using this feature, the images copied to the remote site are used as source images to be synthesized for the synthetic full backup at the remote site. No extra bandwidth is used to copy the synthetic full backup from Site A to Site B.
347
Figure 15-1
Synthetic full backups can be created remotely in 6.5.2
Site A (Local) time
Full backup (Copy 1)
Incremental (Copy 1)
Synthetic full backup (Copy 1)
Backups are duplicated to the remote site Site B (Remote) Full backup (Copy 2) Incremental (Copy 2) Incremental (Copy 2) Synthetic full backup (Copy 2) Incremental (Copy 2) Incremental (Copy 2)
Copy 2 synthetic full is created remotely
Configuring Multiple Copy Synthetic Backups

To configure a multiple copy synthetic backup, create a configuration file on the master server for each synthetic backup policy for which a second copy is to be produced. The configuration file is a text file, named after the policy and schedule: multi_synth.policy.schedule On UNIX create the file in the following location: /usr/openv/netbackup/db/config/multi_synth.policy.schedule On Windows create the file in the following location: install_path\VERITAS\NetBackup\db\config\multi_synth.policy. schedule
Configuration variables
The file format uses a traditional name-pair scheme for setting configuration preferences. Each preference uses a key name separated from the preference value by an equal sign with each name-value pair residing on a single line. For example: NAME=VALUE Enter all values as integers.
Table 15-1 describes the configuration entries that can be included in the configuration file. Table 15-1 Entry
SRC_COPY
Configuration entries
Purpose
Specifies the copy number of each source component for the second synthetic backup. Every source backup must have a copy by this number unless SRC_COPY_FALLBACK is specified. The default is 2. Specifies the copy number for the second synthetic backup produced. This must be different from the copy number of the first synthetic backup (which is 1). Default is 2. COPY is an alternate specification for SRC_COPY and TARGET_COPY. If COPY is specified and either SRC_COPY and TARGET_COPY is not specified, the value for COPY is used.
TARGET_COPY
COPY
TARGET_STU
Specifies the storage unit name or storage unit group name where the second copy synthetic backup is to be written. Use the special identifier __ANY__ to indicate that Any Available storage unit can be used that is not configured to be on demand only. Note that there are two underscores before and after ANY: TARGET_STU=__ANY__
FAIL_MODE
The second synthetic backup is produced immediately following the first copy synthetic backup if no errors occur during production of the first copy. If an error occurs during the second copy, the FAIL_MODE value specifies the fate of the first copy job and image. Specify one of the following:
FAIL_MODE=ALL ALL means that if the second copy fails, the first copy and its job also fail. (Default.) FAIL_MODE=ONE ONE means that if the second copy fails, the failure does not affect the first copy job.
ENABLED
Specifies whether production of the second copy is enabled or disabled. This entry turns the feature on or off. Specify one of the following:

ENABLED=YES Production of the second copy is enabled. (Default.) ENABLED=NO Production of the second copy is disabled.
349
Table 15-1 Entry

SRC_COPY_FALLBACK
Configuration entries
Purpose
Specifies that if a copy by the number given in SRC_COPY or COPY does not exist, the synthetic backup should use the primary backup. The only valid value is the following: SRC_COPY_FALLBACK=PRIMARY
VOLUME_POOL
Specifies the volume pool for tape media, if one is used. If no volume pool is specified, NetBackup uses the volume pool specified in the policy. If a volume pool is entered for disk, the entry is ignored.
Simple configuration example

The following multiple copy synthetic configuration example takes advantage of default values to produce the second synthetic copy. TARGET_STU=disk_stu The default source of copy 2 and the default destination copy 2.
Advanced configuration example

In this example, the second copy is targeting a tape library (tape_stu). The configuration specifies a volume pool (Synthetics) for the target copy. The copy number for the multiple copy synthetic backup is copy 3. If copy 3 is unavailable, SOURCE_COPY_FALLBACK indicates that copy 3 can be produced using the primary copy. If copy 3 fails, only copy 3 fails and not the job of the primary copy. TARGET_STU=tape_stu VOLUME_POOL=Synthetics SOURCE_COPY_FALLBACK=PRIMARY COPY=3 ENABLED=YES FAIL_MODE=ONE
Chapter
16
New Activity Monitor displays job state details

The Jobs tab in the Activity Monitor now contains a new State Details column that displays the reason why a job is queued. For a running job, the column may display the name of the resource for which a job waits. For example, Waiting for disk volume (dv2). Or, the State Details column may display a condition that prevents the job from running. For example, Drives are in use in storage unit. In some situations an active job can wait for a resource. For example, if a restore job requires more media because the backup image spans tapes. The restore job may be forced to wait if the second tape is used for another job. The column displays by default. (See Figure 16-1.)
352 New Activity Monitor displays job state details
Figure 16-1
State Details column in the Activity Monitor
There may be a delay between when the job appears as Queued and when the queue reason is displayed. When a job is initiated, it enters a queue to be awarded a resource. An analogous situation is the check-in line at the airport: the traveler may wait a while to reach the front of the line and be given a boarding pass. Similarly, a job enters a queue behind other jobs that wait to be assigned to media servers, robots, drives, and media. When the job reaches the front of the queue, the necessary resources may be busy. At that point, the job is not in a queue for resource selection, but in a queue for specific resources. When the specific resources are identified, the State Details column can convey the information.
New Activity Monitor displays job state details State Details column messages
353
State Details column messages

The State Details column can include the following messages:
A pending action is associated with the resource request. User intervention may be required. Disk pool is unavailable (disk_pool) Disk volume is currently unavailable Drive on pre-6.0 media server is oversubscribed (storage_unit) Drives are in use in storage unit (storage_unit) Eligible cleaning media is unavailable Lack of connectivity detected between media server and master server (media_server) Limit has been reached for requested resource (resource) Local drives are down Maximum job count has been reached for the storage unit (storage_unit_name) Maximum number of concurrent disk volume readers has been reached Maximum partially full tape volumes has been reached Mount file for tape already exists (mount_file_name) Physical drives are not available for use Required disk volume is in use (disk_volume, disk_pool) Required disk volume is unmounting (disk_volume, disk_pool) Required drives are in use Required media is in a drive that is in use by NetBackup (media_id) Required media is in use (media_id) Required media server is not active in cluster (media_server, server_name) Required media server is offline for disk (media_server) Required media server is offline for tape (media_server) Required robotic library is down on media server (robot_name, media_server) Shared drive scan host is offline Storage unit concurrent jobs throttled by capacity management (storage_unit)
354 New Activity Monitor displays job state details State Details for duplication and synthetic jobs
Waiting for fibre transport for client (client_name) Waiting for media request delay to expire Waiting for mount of disk volume (disk_volume, disk_pool) Waiting for shared tape drive scan to stop
State Details for duplication and synthetic jobs

Duplication jobs and synthetic backup jobs can run concurrent read and write allocation activities. If both the read activity and the write activity are queued, the State Details column may display a stale, incorrect queued reason. Consider the following example:
The read activity is waiting to mount a disk volume. The Resource Broker provides the queued reason to the Job Manager and the Job Manager displays the reason in the Activity Monitor (Waiting for mount of disk volume). The write activity is waiting for a drive scan to stop. The Resource Broker provides the queued reason to the Job Manager and the Job Manager overwrites the former reason. It then displays the new reason in the Activity Monitor (Waiting for drive scan to stop).
Even if the second condition is resolved (the job is no long waiting for a shared disk mount), the Activity Monitor continues to display Waiting for drive scan to stop.
New Activity Monitor displays job state details Addition to bpdbjobs -report -all_columns output
355
Addition to bpdbjobs -report -all_columns output

The bpdbjobs command is used to interact with the NetBackup jobs database. In this release, the bpdbjobs -report -all_columns command displays information about why a job is queued or waiting. The information displays in a field that is called state details, which appears at the end of the output. The following output represents the bpdbjobs -report -all_columns syntax. Fields in brackets denote repeated fields, if any.
jobid,jobtype,state,status,class,schedule,client,server,started,ela psed,ended,stunit,try,operation,kbytes,files,pathlastwritten,percen t,jobpid,owner,subtype,classtype,schedule_type,priority,group,maste rserver,retentionunits,retentionperiod,compression,kbyteslastwritte n,fileslastwritten,filelistcount,[files]...,trycount,[trypid,trystu nit,tryserver,trystarted,tryelapsed,tryended,trystatus,trystatusdes cription,trystatuscount,[trystatuslines]...,trybyteswritten,tryfile swritten]...,parentjob,kbpersec,copy,robot,vault,profile,session,ej ecttapes,srcstunit,srcserver,srcmedia,dstmedia,stream,suspendable,r esumable,restartable,datamovement,snapshot,backupid,killable,contro llinghost,fatpipe,statedetails
In the following example output, the state details field contains the information: Required media is in use (AA0045)
415,Backup,Done,96,jvlcc,vlcdiff,mule,buffalo,0885942000,0000000014 ,0885942014,8mm,3,,,,,,11602,root,1,0,1,10,,buffalo,2,1,0,0,0,3,/ho me/vlc/jadm_JAVA/usr/openv/java,/home/vlc/directory with spaces,/home/vlc/test,3,11544,8mm,buffalo,885941970,13,885941983,96 ,unable to allocate new media for backup\, storage unit has none available,2,01/27/98 16:59:30 - connecting,01/27/98 16:59:30 connected; connect time: 000:00:00,0,0,11573,8mm,buffalo,885941986,11,885941997,96,unable to allocate new media for backup\, storage unit has none available,2,01/27/98 16:59:40 - connecting,01/27/98 16:59:40 connected; connect time: 000:00:00,0,0,11602,8mm,buffalo,885942000,14,885942014,96,unable to allocate new media for backup\, storage unit has none available,2,01/27/98 17:00:00 - connecting,01/27/98 17:00:00 connected; connect time: 000:00:00,0,0, Required media is in use (AA0045)
356 New Activity Monitor displays job state details Addition to bpdbjobs -report -all_columns output
Chapter
17
New Job Priority defaults and overrides

In previous releases, the job priority was set only in the policy configuration using the Job Priority setting. The administrator was not able to specify a job priority for job types other than backups. In this release, administrators have greater flexibility and control over the priority of a job. In addition, administrators can set the priority of a job from multiple locations in the NetBackup Administration Console, from the Backup, Archive, and Restore client interface, and from the command line. This capability improves the usability and consistency of NetBackup's job priority scheme. For example, this capability is useful if an administrator wants to change the job priority of duplication jobs so that NetBackup favors regular backups. When the window for regular backups is open, the administrator may want duplication jobs to have the lowest priority because the jobs compete directly with backup jobs. The administrator may change the priority for duplication jobs to be higher when the window for regular backups is closed. The 6.5.2 release introduces the following additions for setting and changing the priority of a job:
The ability to configure default job priorities for different job types in the new Default Job Priorities master server host properties. (See Default Job Priorities host properties on page 359.) The ability to dynamically change the job priority of a queued or an active job that waits for resources in the Activity Monitor. (See Activity Monitor Job Priority setting on page 362.) The ability to set the priority for a media content job in the Reports utility. (See Job Priority setting for Tape Contents report on page 363.) The ability to set the job priority for import, verify, and duplicate jobs in the Catalog utility.
358 New Job Priority defaults and overrides Understanding the Job Priority setting
(See Job Priority setting for Verify, Duplicate, and Import actions on page 365.)
The ability to specify the job priority for restore jobs in the Backup, Archive, and Restore client interface. (See Job Priority setting for restores on page 368.) The ability to change job priorities in the bpadm and the bp interfaces. (See bp and bpadm menu interface changes on page 371.) The ability to specify the job priority from the command line. (See Setting the Job Priority using the command line on page 369.)
Understanding the Job Priority setting

As in previous releases, NetBackup uses the Job Priority setting as a guide. Requests with a higher priority do not always receive resources before a request with a lower priority. The NetBackup Resource Broker (NBRB) maintains resource requests for jobs in a queue. NBRB evaluates the requests sequentially and sorts them based on the following criteria:

The request's first priority. The requests second priority. The birth time (when the Resource Broker receives the request).
The first priority is weighted more heavily than the second priority, and the second priority is weighted more heavily than the birth time. Because a request with a higher priority is listed in the queue before a request with a lower priority, the request with a higher priority is evaluated first. Even though the chances are greater that the higher priority request receives resources first, this is not always definite. The following scenarios present situations in which a request with a lower priority may receive resources before a request with a higher priority:
A higher priority job needs to unload the media in a drive because the retention level (or the media pool) of the loaded media is not what the job requires. A lower priority job can use the media that is already loaded in the drive. To maximize drive utilization, the Resource Broker gives the loaded media and drive pair to the job with the lower priority. A higher priority job is not eligible to join an existing multiplexing group but a lower priority job is eligible to join the multiplexing group. To continue spinning the drive at the maximum rate, the lower priority job joins the multiplexing group and runs.
New Job Priority defaults and overrides Default Job Priorities host properties
359
The Resource Broker receives resource requests for jobs and places the requests in a queue before processing. New resource requests are sorted and evaluated every 5 minutes. Some external events (a new resource request or a resource release, for example) can also trigger an evaluation. If the Resource Broker receives a request of any priority while it processes requests in an evaluation cycle, the request is not evaluated until the next evaluation cycle starts.
Default Job Priorities host properties

The new Default Job Priorities host properties lets administrators configure the default job priority for different job types. The Default Job Priorities host properties list 18 job types in alphabetical order and the configurable default priority for each. (See Table 17-1 on page 360.) The value can range from 0 to 99999. The higher the number, the greater the priority of the job. In previous releases, the Global Attributes host properties contained a Priority of restore jobs setting. That has been removed from the Global Attributes host properties and moved to Default Job Priorities host properties in 6.5.2. Figure 17-1 Default Job Priorities host property
360 New Job Priority defaults and overrides Default Job Priorities host properties
JOB_PRIORITY bp.conf entry

UNIX administrators can also set the priority for a job type by using bpsetconfig to add the new JOB_PRIORITY entry to the bp.conf file. The entry uses the following format:
JOB_PRIORITY = P1 P2 P3 P4 P5 P6 P7 P8 P9 P10 P11 P12 P13 P14 P15 P16 P17 P18 P19 P20 P21 P22 P23 P24
Variables P1, P2, P3 and so on indicate the priority for each backup type. The actual default values for the entry appear as follows:
JOB_PRIORITY = 0 0 90000 90000 90000 90000 85000 85000 80000 80000 80000 80000 75000 75000 70000 70000 50000 50000 0 0 0 0 0 0
Table 17-1 Field

P1 P2
Default job type priorities Represents this action

Performing a backup Performing a database backup (a catalog backup) Performing a restore Recovering a catalog Performing a staging operation Performing the duplication jobs that Vault starts Cleaning up images Importing images Requesting tapes Cleaning a tape Tape formatting Performing device diagnostics Verifying an image Running a media contents report Labeling tape media Erasing media Running a duplication job
Default
0 0
P3 P4 P5 P6
90000 90000 90000 90000
P7 P8 P9 P10 P11 P12 P13 P14 P15 P16 P17
85000 85000 80000 80000 80000 80000 75000 75000 70000 70000 50000
New Job Priority defaults and overrides Default Job Priorities host properties
361
Table 17-1 Field

P18 P19 P20 P21 P22 P23 P24
Default job type priorities Represents this action

Performing an inventory This field is not currently in use This field is not currently in use This field is not currently in use This field is not currently in use This field is not currently in use This field is not currently in use
Default
50000 0 0 0 0 0 0
Example of JOB_PRIORITY change

An administrator may want backup jobs to have a priority of 50000 and duplication jobs to have a priority of 30000. The administrator would change the JOB_PRIORITY entry to read as follows:
JOB_PRIORITY = 50000 0 90000 90000 90000 90000 85000 85000 80000 80000 80000 80000 75000 75000 70000 70000 30000 50000 0 0 0 0 0 0
362 New Job Priority defaults and overrides Activity Monitor Job Priority setting
Activity Monitor Job Priority setting

The Activity Monitor now contains a new Job Priority column that displays the priority of the job. The column does not display by default. To display the column, select the View menu, and then Columns > Layout. Figure 17-2 Job Priority setting in the Activity Monitor dialog box
Not all jobs request resources from the Resource Broker. If a job does not request resources, the priority is not set and the priority column is empty for that job. Examples include image cleanup job for tapes and multiplexed restores.
Changing the Job Priority dynamically

To dynamically change the priority of a job, select one or more queued or active jobs that wait for resources. Then, either from the Actions menu or by right-clicking, select Change Job Priority.
New Job Priority defaults and overrides Job Priority setting for Tape Contents report
363
In the Change job priority dialog box (Figure 17-3), select one of the following methods to change the priority:
Set Job Priority to Increment the Job Priority by Decrement the Job Priority by
Enter the specific job priority for the selected jobs. Raise the priority of the job by the selected internal. Lower the priority of the job by the selected internal.
Figure 17-3
Change job priority dialog box
This changes the priority for the selected job only, and not all other jobs of that type. To change the job priority defaults, see Default Job Priorities host properties on page 359.
Job Priority setting for Tape Contents report

Before a Tape Contents report runs, the administrator can now select the job priority for the Media Contents job. Upon clicking Run Report, the Tape Contents dialog appears and displays the current default. To change the default, enable Override default job priority. Enter a job priority and click OK. The selection changes the priority for the current Media Contents job only. To change the job priority default for all Media Contents jobs, see Default Job Priorities host properties on page 359.
364 New Job Priority defaults and overrides Job Priority setting for Tape Contents report
Figure 17-4
Job Priority setting for Tape Contents report
New Job Priority defaults and overrides Job Priority setting for Verify, Duplicate, and Import actions
365
Job Priority setting for Verify, Duplicate, and Import actions

The Catalog utility now lets the administrator select the job priority for verify, duplicate, and import actions. If Override default job priority is not enabled, the job runs using the default priority as specified in the Default Job Priorities host properties. To change the default for the selected action, enable Override default job priority. Then, select a value in the Job Priority field. The selection changes the priority for the selected job only. To change the job priority default for all verify, duplicate, or import jobs, see Default Job Priorities host properties on page 359. Figure 17-5 Job Priority setting in the Catalog dialog box
366 New Job Priority defaults and overrides Job Priority setting for offline catalog backups
Job Priority setting for offline catalog backups

The Catalog utility now lets the administrator select the job priority for offline, cold catalog backups. (Job type: Catalog Backup.) The offline, cold catalog backup is for those environments that have times during which there is no backup activity. This type of catalog backup can be used if the catalog is small enough to fit onto a single tape. To specify the job priority for an offline, catalog backup, select the Catalog utility. Then select Actions > Configure offline NetBackup Catalog Backup. Set the Job Priority on the Attributes tab. Figure 17-6 Job Priority setting in the Catalog backup dialog box
The ability to set the job priority for online, hot catalog backups has existed in previous releases. Online catalog backups are configured similarly to the way regular backup policies are configured: in the Policies utility. The Attributes tab of the policy configuration contains the Job Priority setting (Figure 17-7).
New Job Priority defaults and overrides Job Priority setting for offline catalog backups
367
Figure 17-7
Job Priority setting in the Attributes tab of the policy configuration
368 New Job Priority defaults and overrides Job Priority setting for restores
Job Priority setting for restores

The Backup, Archive, and Restore interface now lets users select the job priority for restores. (Job type: Restore.) In Backup, Archive, and Restore, first select the files to restore. Then select Actions > Restore. The Job Priority section on the General tab lets the user override the default priority for restore jobs. Enable Override default priority, and then select a restore job priority. The selection changes the priority for the current Restore job only. To change the job priority default for all Media Contents jobs, see Default Job Priorities host properties on page 359. Figure 17-8 Job Priority setting in the Restore Marked Files dialog box
New Job Priority defaults and overrides Setting the Job Priority using the command line
369
Setting the Job Priority using the command line

The -priority option was added to many commands. This option lets the administrator override the default job priority. If -priority is not specified, NetBackup uses the default priority.
bpbackupdb Use the -priority option to specify a new priority for the cold catalog backup that overrides the default job priority. Use -set_priority and -change_priority_by to dynamically set and change the priority of one or more jobs. (See Changes to bpdbjobs on page 370.) Use the -priority option to specify a new priority for the duplication job that overrides the default job priority. Use the -priority option to specify a new priority for the import job that overrides the default job priority. Use the -priority option to specify a new priority for the label and erase job that overrides the default job priority. Use the -priority option to specify a new priority for the media contents job (for a Media Contents report) that overrides the default job priority. Use the -priority option to specify a new priority for the backup job that overrides the default job priority. Use the -priority option to specify a new priority for the backup job that overrides the default job priority. Use the -priority option to specify a new priority for the recovery job that overrides the default job priority. Use the -priority option to specify a new priority for the restore job that overrides the default job priority. Use the -priority option to specify a new priority for the disk staging storage unit schedule that overrides the default job priority. Use the -priority option to specify a new priority for the disk staging storage unit schedule that overrides the default job priority Use the -priority option to specify a new priority for the verification job that overrides the default job priority. Use the -priority option to specify a new priority for the image cleanup job that overrides the default job priority.
bpdbjobs
bpduplicate
bpimport
bplabel
bpmedialist
bpplinfo
bppolicynew
bprecover
bprestore
bpschedule
bpschedulerep
bpverify
nbdelete
370 New Job Priority defaults and overrides Setting the Job Priority using the command line
tpclean
Use the -priority option to specify a new priority for the tape clean job that overrides the default job priority Use the -priority option to specify a new priority for the tape mount job that overrides the default job priority Use the -priority option to specify a new priority for the optical tape format job that overrides the default job priority. Use the -priority option to specify a new priority for the physical inventory job that overrides the default job priorit.y
tpreq
tpformat
vmphyinv
Changes to bpdbjobs
The bpdbjobs command is used to interact with the NetBackup jobs database. Now the command lets administrators set and change the priority for queued and active jobs by using the following two new options:

-set_priority -change_priority_by
set_priority
Use the -set_priority option to specify a specific value as the new job priority. The command uses the following syntax: bpdbjobs -set_priority -priority number -jobid job1, job2, , jobn For example, to set the job priority for job_A to 80, enter the following:
bpdbjobs -change_priority_by -priority 80 -jobid job_A
change_priority_by
Use the -change_priority_by option to specify an increase or decrease to the current job priority. The command uses the following syntax: bpdbjobs -change_priority_by -priority number -jobid job1, job2, , jobn For example, the current job priority for job_B is 100. Use the following command to change it to 50:
bpdbjobs -change_priority_by -priority -50 -jobid job_B
To change the job priority of job_B from 100 to 200, use the following command:
bpdbjobs -change_priority_by -priority 100 -jobid job_B
New Job Priority defaults and overrides Setting the Job Priority using the command line
371
bp and bpadm menu interface changes

bpadm and bp are the character-based, menu interfaces for NetBackup management and for client backups and restores. Both interfaces have been updated with the capability to assign a priority to jobs.
bpadm management interface

See the 6.5 NetBackup Administration Guide, Volume II for general information about starting bpadm. The capability to assign a priority to tape contents jobs and offline catalog backup jobs has been added to the bp utility:
Job priority for a Tape Contents report job You are prompted to enter a job priority when running a tape contents report using bpadm. In the main NetBackup Administration menu, select r) Reports. In the Report menu, select m) Media. Specify a media ID. In the Media Reports menu, select m) Media Contents. Enter a job priority, then run the Media Contents job. Job priority for an offline catalog backup You are prompted to enter a job priority when configuring an offline catalog backup using bpadm. In the main NetBackup Administration menu, select x) Special Actions. In the Special Actions menu, select b) Offline Catalog Backup. The Offline Catalog Backup menu appears. To change the priority of an offline catalog backup configuration, select: m) Modify Offline Catalog Backup Settings... The second question prompts you to enter a job priority.
bp client interface
The capability to assign a priority to restore jobs has been added to the bp utility: In the main bp menu, select r) Restore. To change the priority for the restore job, select: j) Change Job Priority Enter a value from 0 to 99999. This priority applies to the next restore job that is run during this bp session.
372 New Job Priority defaults and overrides Database agent changes
Database agent changes

The following sections describe how the various NetBackup database agents have been changed to let administrators specify the priority for restore jobs.
DataStore/XBSA
The XBSA interface now provides the new NBBSA_RESTORE_PRIORITY environment variable to set the priority of a restore job. Set the priority for a value between 0 and 99999. If no priority (or an invalid priority) is specified, the interface uses the default priority that is configured on the master server. A value of -1 is used to indicate that the default priority for restores that is configured on the master server is used. NBBSA_RESTORE_PRIORITY can only be set before an XBSA transaction is started. The environment variable can be set in the XBSA environment block during initialization (BSAInit). Or, it can be set through a call to NBBSASetEnv as long as the call takes place before BSABeginTxn is called.
NetBackup for DB2

The NetBackup for DB2 agent now provides the new DB2_RESTORE_PRIORITY options string to set the priority of a restore job. This new option is available for the stream-based and the file-based method restores. The DB2_RESTORE_PRIORITY options string parameter is the only parameter supported for proxy restores. Set the priority for a value between 0 and 99999. If no priority (or an invalid priority) is specified, the interface uses the default priority that is configured on the master server.
Stream-based restore example

db2 restore db sample load /bp/bin/nbdb2.so64 options "DB2_RESTORE_PRIORITY=9999:DB2_SERVER=sidon"
Proxy restore example

/bp/bin/bpdb2proxy -restore -d sample -u db2v826d -p db2v826d -options "DB2_RESTORE_PRIORITY=99999"
DB2 log restores use the default priority for restores that is set on the master server. The DB2 OPTIONS command line parameter is supported only for DB2 versions 8.1 Fixpack 7 or higher. Earlier versions of DB2 do not support this parameter and cannot use the DB2_RESTORE_PRIORITY options string parameter.
New Job Priority defaults and overrides Database agent changes
373
DB2 restores
The DB2 restore interface uses the default priority that is configured in the Backup, Archive, and Restore client interface. To save the current restore in a template, the restore priority is included as a template parameter. The user then loads the template at a later time and runs it using the included restore priority. The restore priority of a loaded template overrides the restore priority that is set in the Backup, Archive, and Restore client interface. Users can convert templates with priority values to shell scripts.
NetBackup for Exchange

The NetBackup for Exchange agent now includes an option to set the default priority for restores. Users can select a restore priority in the Backup, Archive, and Restore client interface when performing a restore operation. Users can also use the bprestore priority option when performing restores from the command line.
NetBackup for Informix

The NetBackup for Informix agent now provides the new INFXBSA_RESTORE_PRIORITY environment variable to set the priority of a restore job. Users must set this environment variable before running the Informix ON-Bar utility. Set the priority for a value between 0 and 99999. If no priority (or an invalid priority) is specified, the interface uses the default priority for restores configured on the master server. For example:
setenv INFXBSA_RESTORE_PRIORITY 99999 onbar -r
Lotus
The NetBackup for Lotus agent now includes an option to set the default priority for restores. Users can select a restore priority in the Backup, Archive, and Restore client interface when performing a restore operation. Lotus users can also use the bprestore priority option when performing restores from the command line.
NetBackup for Oracle

The NetBackup for Oracle agent now provides the new NB_ORA_RESTORE_PRIORITY environment variable to set the priority of a restore job.
Oracle RMAN restores

Use the RMAN send or parms operand to set the variable. Set the priority for a value between 0 and 99999. If no priority (or an invalid priority) is specified, the interface uses the default priority for restores configured on the master server. For example:
RUN { ALLOCATE CHANNEL ch00 TYPE 'SBT_TAPE'; ALLOCATE CHANNEL ch01 TYPE 'SBT_TAPE'; SEND 'NB_ORA_SERV=$NB_ORA_SERV, NB_ORA_RESTORE_PRIORITY=25'; RESTORE DATABASE; . .
Oracle XML import restores

Set the priority for a value between 0 and 99999. If no priority (or an invalid priority) is specified, the interface uses the default priority for restores configured on the master server. For example:
darkseid [46]: cat scott.frTape.imp NAME = scott NB_ORA_SERV =sidon NB_ORA_CLIENT = darkseid NB_ORA_RESTORE_PRIORITY = 9981 darkseid [48]: /bp/bin/bporaimp scott/tiger parfile=scott.frTape.imp
Oracle restores
The Oracle restore interface uses the default priority for restores that is configured in the Backup, Archive, and Restore client interface. To save the current restore in a template, the restore priority is included as a template parameter. The user then loads the template at a later time and runs it using the included restore priority. The restore priority of a loaded template overrides the priority that is set in the Backup, Archive, and Restore client interface. Users can convert templates with priority values to shell scripts.
New Job Priority defaults and overrides Database agent changes
375
NetBackup for SAP

The NetBackup SAP agent now provides the new SAP_RESTORE_PRIORITY configuration parameter to set the priority of a restore job. This parameter is set in the initSAP.utl file. Restores of the SAP backups that are performed with RMAN can also use the NB_ORA_RESTORE_PRIORITY environment variable. Set the priority for a value between 0 and 99999. If no priority (or an invalid priority) is specified, the interface uses the default priority for restores configured on the master server.
NetBackup for SharePoint

The NetBackup for SharePoint agent now includes an option to set the default priority for restores. Users can select a restore priority in the Backup, Archive, and Restore client interface when performing a restore operation. Users can use the bprestore priority option when performing restores from the command line.
NetBackup for SQL Server

The NetBackup for SQL Server agent now includes an option to set the default priority for restores. This option is located on the NetBackup client options dialog box in the NetBackup MS SQL Client interface. Set the priority for a value between 0 and 99999. The restore priority is communicated to the SQL agent using the new keyword RESTOREPRIORITY in the batch file. This keyword requires a value between -1 and 99999. The value -1 indicates the default restore priority. The agent keys off of RESTOREPRIORITY to set the NBBSA_RESTORE_PRIORITY variable for the XBSA restores operation.
NetBackup for Sybase

The NetBackup for Sybase agent now provides the new -PRIORITY option as an additional option on the load command to specify the priority of the restore job. Set the priority for a value between 0 and 99999. If no priority (or an invalid priority) is specified, the interface uses the default priority for restores that is configured on the master server. For example:
1> load database mydb from "sybackup::sybase1500.mydb.D.0.6820.09-11-2006.10:49:19 -SERV zum -PRIORITY 99999" 2> stripe on "sybackup::sybase1500.mydb.D.1.6822.09-11-2006.10:49:18 -SERV zum -PRIORITY 99999" 3> stripe on "sybackup::sybase1500.mydb.D.2.6824.09-11-2006.10:49:19 -SERV zum -PRIORITY 99999"
4> stripe on "sybackup::sybase1500.mydb.D.3.6826.09-11-2006.10:49:19 -SERV zum -PRIORITY 99999"
Chapter
18
Reverse host name lookup updates

The domain name system (DNS) reverse host name lookup is used to determine what host and domain name are indicated by a given IP address. In previous releases, NetBackup required that reverse host name lookup was working in order to determine that a connection to a host came from a recognizable server. Some administrators cannot or do not want to configure their DNS server for reverse host name lookup. For these environments, NetBackup now allows the configuration of Reverse Host Name Lookup as a master server, media server, or client host property in order to allow, restrict, or prohibit reverse host name lookup.
Reverse Host Name Lookup host property

The Reverse Host Name Lookup property applies to master servers, media servers, and clients and appears in the new Network Settings host properties. (See Figure 18-1.) Administrators can configure the Reverse Host Name Lookup property for each host so that it does one of the following actions with requests from other hosts:

Allows reverse host name lookup (Allowed) Restricts reverse host name lookup (Restricted) Prohibits reverse host name lookup (Prohibited)
378 Reverse host name lookup updates Reverse Host Name Lookup host property
Figure 18-1
Reverse Host Name Lookup in Network Settings host properties
Allowed setting
The Allowed setting indicates that the host requires reverse host name lookup to be working in order to determine that the connection comes from a recognizable server. This is the default behavior of NetBackup 6.5.2 and reflects how NetBackup has operated in previous releases. By default, the host resolves the IP address of the connecting server to a host name by performing a reverse lookup. If the conversion of the IP address to host name fails, the connection fails. Otherwise it compares the host name to the list of known server host names. If the comparison fails, the host rejects the server and the connection fails.
Restricted setting
The Restricted setting indicates that the NetBackup host first attempts to perform reverse host name lookup. If the NetBackup host successfully resolves the IP address of the connecting server to a host name (reverse lookup is successful), it compares the host name to the list of known server host names. If the resolution of the IP address to a host name fails (reverse lookup fails), based on the Restricted setting, the host converts the host names of the known server list to IP addresses (using a forward lookup). The host compares the IP address of the connecting server to the list of known server IP addresses. If the comparison fails, the host rejects the connection from server and the connection fails.
Prohibited setting
The Prohibited setting indicates that the NetBackup host does not try reverse host name lookup at all. The host resolves the host names of the known server list to IP addresses using forward lookups.
Reverse host name lookup updates Changing host properties outside of the Administration Console
379
The NetBackup host then compares the IP address of the connecting server to the list of known server IP addresses. If the comparison fails, the NetBackup host rejects the connection from the server and the connection fails.
Changing host properties outside of the Administration Console

In some cases, a master server may not be able to view the host properties of a media server or client in the Administration Console. The NetBackup customer's DNS reverse host name lookup configuration may be one possible reason why the host properties may not be visible. In this case, since changing the NetBackup Reverse Host Name Lookup host property involves being able to view the host properties, youll need to use another method to change the Reverse Host Name Lookup host property. Use the methods described in the following sections to add the REVERSE_NAME_LOOKUP entry to the bp.conf file (UNIX) or to the Windows registry.
REVERSE_NAME_LOOKUP entry
The REVERSE_NAME_LOOKUP entry is new in NetBackup 6.5.2 and uses the following format: REVERSE_NAME_LOOKUP = ALLOWED | RESTRICTED | PROHIBITED For example: REVERSE_NAME_LOOKUP = PROHIBITED The values of ALLOWED, RESTRICTED, and PROHIBITED represent the same meaning as the values in the Network Settings host properties. (See Reverse Host Name Lookup host property on page 377.)
Setting the property on UNIX hosts

To set the Reverse Host Name Lookup property on a UNIX system outside of the Administration Console, manually add the REVERSE_NAME_LOOKUP entry to the bp.conf file on the master server, media server, or client. To add the REVERSE_NAME_LOOKUP entry to the bp.conf file, use one of the following methods:
On master and media servers:
380 Reverse host name lookup updates Changing host properties outside of the Administration Console
Use the bpsetconfig command to add the entry. The bpsetconfig command is described in the 6.5 NetBackup UNIX and Linux Commands Guide.
On UNIX clients: Edit the bp.conf directly to add the entry.
Setting the property on Windows hosts

On master and media servers, the bpsetconfig command is available to add the REVERSE_NAME_LOOKUP entry to the registry. The bpsetconfig command is described in the 6.5 NetBackup UNIX and Linux Commands Guide. To set the Reverse Host Name Lookup property on a Windows client, add the REVERSE_NAME_LOOKUP entry to the registry using the following method. To update the registry 1 2 From the command line, run regedit to open the registry editor. Navigate to the following key directory: My Computer/HKEY_LOCAL_MACHINE\SOFTWARE\VERITAS\ NetBackup\CurrentVersion\Config From the Edit menu, select New > String Value. Name the String Value: REVERSE_NAME_LOOKUP. Give REVERSE_NAME_LOOKUP the value data of either PROHIBITED, RESTRICTED, or ALLOWED. Click OK and close the Registry Editor. (See Figure 18-2.) REVERSE_NAME_LOOKUP in Registry Editor
3 4 5 6
Figure 18-2
Chapter
19
NetBackup High Availability updates

Changes for the new Key Management Service affected NetBackup clustering.
Configuring the Key Management Service (KMS) for monitoring

By default, KMS does not cause NetBackup to failover if NetBackup fails. KMS can be configured to failover NetBackup if KMS fails. To enable monitoring of the KMS service 1 2 3 Create the key database and start the KMS service. On the active node of the cluster, open a command prompt. Change to the appropriate directory based on your platform. Windows: install_path\NetBackup\bin UNIX/Linux: /usr/openv/netbackup/bin Run the command appropriate for your platform. Windows: bpclusterutil -enableSvc "NetBackup Key Management Service" UNIX/Linux: bpclusterutil -enableSvc nbkms
To disable monitoring of the KMS service 1 Open a command prompt on the active node of the cluster.
382 NetBackup High Availability updates Clustered media servers on Windows 2008
Change to the appropriate directory based on your platform. Windows: install_path\NetBackup\bin UNIX/Linux: /usr/openv/netbackup/bin Run the command appropriate for your platform. Windows: bpclusterutil -disableSvc "NetBackup Key Management Service" UNIX/Linux: bpclusterutil -disableSvc nbkms
Clustered media servers on Windows 2008

If you have installed a clustered media server in a Microsoft Cluster Server on Windows 20008, you need to configure the number of retries for the NetBackup cluster group and the number of retries for the NetBackup resource. You perform this configuration in the Failover Cluster Management interface. This configuration ensures that if the number of failures of the NetBackup service is more than the number of retries, the NetBackup service group fails over to the inactive node. Otherwise, when multiple failures of the NetBackup service occur (more than the retry count) the service is marked as Failed and the NetBackup service group does not fail over. To configure the retries account for a clustered media server on Windows 2008 1 2 3 4 5 6 7 8 Open the Failover Cluster Management interface. In the left pane, expand the cluster server name and Services and Applications. Right-click the NetBackup cluster group name. Click the Failover tab. In the Maximum failures in the specified period box, select a value of 3 for the number of failures you want the Cluster service to allow. Click OK. In the Summary window for the NetBackup cluster group, under Other Resources, right-click Adaptive Server Anywhere - VERITAS_NB. Click the Policies tab.
NetBackup High Availability updates Changes to the bpclusterutil command
383
In the Maximum restarts in specified period box, select a value of 2 for the number of restarts you want to attempt for the resource.
10 Click OK. 11 Repeat step 7 through step 10 for each resource.
Changes to the bpclusterutil command

This topic provides changes to the bpclusterutil command for NetBackup 6.5.2. For this release, the bpclusterutil command is now supported on UNIX/Linux. Additional options have also been added.
bpclusterutil (Windows)
In an MSCS or a VCS for Windows cluster, cluster configuration is one of the final steps in the installation NetBackup in a cluster. If this step is not done or does not complete successfully, the bpclusterutil command may be used to perform this step. The bpclusterutil -c command runs the same cluster configuration step that the installation program performs. This command can be run multiple times. Only run this command from the active node.
NAME
bpclusterutil - Modify and configure NetBackup in a Windows cluster.
SYNOPSIS
install_path\NetBackup\bin\bpclusterutil [-a Service Name] [-addnode NodeName] [-addSvc ServiceName] [-c] [-ci] [-delete] [-deleteSvc ServiceName] [-depend ServiceName DependServiceName] [-disableSvc ServiceName] [-display] [-enableSvc ServiceName] [-isactive] [-iscluster] [-offline] [-online] [-np] [-startagent] [-stopagent] install_path\NetBackup\bin\bpclusterutil [-r CLUSTEREDSERVICES servicename -r CLUSTERGROUPNAME -r CLUSTERNAME clustername -r CLUSTERTYPE MSCS|VCS -r GLOBDBHOST nodename -r MONITOREDSERVICES servicename
384 NetBackup High Availability updates Changes to the bpclusterutil command
-r NETBACKUPINSTALLPATH path -r NETBACKUPSHAREDDRIVE drive: -r NETBACKUPTYPE MASTER|MEDIA -r NETWORKSELECTION network name -r NODENAMES nodename -r VIRTUALIPADDRESS ip address -r VIRTUALSERVERNAME virtual name -r VIRTUALSUBNETMASK subnet mask ] install_path\NetBackup\bin\bpclusterutil [-rm CLUSTEREDSERVICES servicename -rm MONITOREDSERVICES servicename]
DESCRIPTION
This command is available on NetBackup master and media servers. The options described here are applicable to clusters in a Windows environment. It allows the user to set up the registry entries that are used for cluster configuration and then to configure the cluster. This command only modifies registry entries on the local node.
OPTIONS
-a Service Name
Configure a service in the NetBackup group within the cluster.

-addnode
Adds a node name to the possible owners list of all the resources in the NetBackup group.
-addSvc Service Name
Add a NetBackup service to the NetBackup cluster group.

-c
Configures NetBackup in a cluster as based on the values that you specified in the registry and brings the NetBackup group online.
-ci
Configures NetBackup in a cluster as based on the values that you specified in the registry and does not bring the NetBackup group online.
-delete
Deletes the registry entries that are used to configure NetBackup in a cluster.
385
-depend Service Name DependServiceName
Sets the cluster resource for Service Name to have a dependency on DependServiceName.
-deleteSvc Service Name
Delete an existing NetBackup service from the NetBackup cluster group. Ensure that the ServiceName is provided within double quotes. E.g. NetBackup Key Management Service for the Key management service
-disableSvc Service Name
Disable monitoring of a NetBackup service by the cluster.

-display
Displays the registry entries that are used for clustering configuration.
-enableSvc Service Name
Enable the cluster to monitor a NetBackup service you added to the NetBackup cluster group.
-isactive
This option displays the state of the NetBackup cluster group on the node. A return code of 1indicates the node is the active node. A return code of 0 indicates the node is an inactive node.
-iscluster
This option displays the cluster status of NetBackup.

-np
silent mode (no print).

-offline
This option issues the offline command to the NetBackup group in the cluster.
-online
This option issues the online command to the NetBackup group in the cluster.
-r
Sets the corresponding NetBackup cluster configuration registry entry to the specified value.
CLUSTEREDSERVICES servicename
This option adds servicename to the CLUSTEREDSERVICES registry entry. Only one service name can be entered at a time; run the command multiple times to add service names. The service name should match the service name property of the service.
CLUSTERGROUPNAME CLUSTERNAME clustername CLUSTERTYPE MSCS|VCS GLOBDBHOST nodename MONITOREDSERVICES servicename
This option adds servicename to the MONITOREDSERVICES registry entry. Only one service name can be entered at a time; run the command multiple times to add service names. The service name should match the service name property of the service.
NETBACKUPINSTALLPATH path NETBACKUPSHAREDDRIVE drive: NETBACKUPTYPE MASTER|MEDIA NETWORKSELECTION network name NODENAMES nodename
If NODENAMES is specified, only one node name can be entered. Run the command multiple times to add node names.
VIRTUALIPADDRESS ip address VIRTUALSERVERNAME virtual name VIRTUALSUBNETMASK subnet mask -rm
Removes a value from the corresponding NetBackup cluster configuration registry entry.
CLUSTEREDSERVICES servicename
This option removes servicename from the CLUSTEREDSERVICES registry entry. Only one service name can be entered at a time; run the command multiple times to remove service names. The service name should match the service name property of the service.
MONITOREDSERVICES servicename
This option removes servicename from the MONITOREDSERVICES registry entry. Only one service name can be entered at a time; run the command multiple times to remove service names. The service name should match the service name property of the service.
-startagent
Starts the NetBackup VCS agent.

-stopagent
Stops the NetBackup VCS agent.
387
bpclusterutil (UNIX/Linux)
In a UNIX or Linux cluster, you can use the bpclusterutil command to administer the NetBackup cluster group.
NAME
bpclusterutil - Modify and configure NetBackup in a UNIX cluster.
SYNOPSIS
/usr/openv/netbackup/bin/bpclusterutil [-np] [-online] [-offline] [-isactive] [-iscluster] [-startagent] [-stopagent] [-freeze] [-unfreeze] [-vname] [-addSvc <ServiceName>] [-deleteSvc <ServiceName>] [-enableSvc <ServiceName>] [-disableSvc <ServiceName>]
DESCRIPTION
This command is available on NetBackup master and media servers. The options described here are applicable to clusters in a UNIX environment.
OPTIONS
-addSvc <ServiceName>
Add a NetBackup service to the NetBackup cluster group.

-deleteSvc <ServiceName>
Delete an existing NetBackup service from the NetBackup cluster group.

-disableSvc <ServiceName>
Disable monitoring of a NetBackup service by the cluster.

-enableSvc <ServiceName>
Enable the cluster to monitor a NetBackup service you added to the NetBackup cluster group.
-freeze
Freeze the NetBackup cluster group.

-isactive
This option displays the state of the NetBackup cluster group on the node. A return code of 1indicates the node is the active node. A return code of 0 indicates the node is an inactive node.
-iscluster
This option displays the cluster status of NetBackup.
-np
Silent mode (no print).

-offline
This option issues the offline command to the NetBackup group in the cluster.
-online
This option issues the online command to the NetBackup group in the cluster.
-startagent
Starts the NetBackup VCS agent.

-stopagent
Stops the NetBackup VCS agent.

-unfreeze
Unfreeze the NetBackup cluster group.

-vname
Displays the virtual name of the NetBackup cluster group.
Chapter
20
NOM updates
In addition to adding cluster support, the NetBackup Operations Manager (NOM) has the following major updates in release 6.5.2:

NOM alert enhancements on page 389 Job detail and job priority enhancements on page 393 Performance enhancements for the NOM server on page 394
This section also contains the following information on upgrading 6.5 or 6.5.1 servers to 6.5.2 if you moved the NOM databases default location:
Moving a NOM 6.5 or 6.5.1 database to the original default location on page 394
NOM alert enhancements

This section includes the following topics:

Removing the dependency on NOM Alert Manager and alerts database Improved alert policy configuration Creating email and SNMP trap recipient groups Configuring the SNMP trap community name for NOM
Removing the dependency on NOM Alert Manager and alerts database

In NOM 6.5 and 6.5.1, there are two databases - vxpm (primary database) and vxam (alerts database). Earlier NOM versions like 6.5/6.5.1 stored alert information in the vxam (alerts database). In NOM 6.5.2, all alert information is stored in the primary (vxpm) database. The NOM alerts database is not used.
390 NOM updates NOM alert enhancements
You will see the following changes after installing NOM 6.5.2:
The NOM Alert Manager service/process is of no significance and does not affect NOM 6.5.2. The NOM Alert Manager process is not displayed on Solaris. Though NOM Alert Manager service is still displayed in the Services panel on Windows servers (with startup type as Manual), this service does not affect NOM. In NOM 6.5.2, the export and import options available with NOMAdmin command apply to the NOM primary database only. The export and import options are used to export and import the NOM database. Defragmentation also applies to the NOM primary database only in NOM 6.5.2. This is because NOM 6.5.2 does not use the alerts database. See the Veritas NetBackup Operations Manager 6.5 Guide to know the specific procedures for exporting, importing, and defragmenting the NOM database. Though the NOM alerts database is not used by NOM, you will still find vxam.db and/or vxam.log files in NOM 6.5.2. These files are needed if you uninstall NOM 6.5.2 and rollback to NOM 6.5/6.5.1 which use the alert database. Note: You must not delete the alert database files. These files are required if you uninstall NOM 6.5.2 and rollback to NOM 6.5/6.5.1.
Improved alert policy configuration

With NOM 6.5.2, multi-select option is available while creating an alert policy. This means that you can select multiple values for certain parameters while creating an alert policy in NOM 6.5.2. This offers you greater flexibility while creating an alert policy. Earlier versions of NOM allowed you to select a single value for these parameters.
Examples
While creating a policy using Job Finalized alert condition in NOM 6.5.2, you can select multiple values for the Job Type parameter. While creating a policy using the Job Policy Change alert condition in NOM 6.5.2, you can select multiple policies. Figure 20-1 shows how you can select multiple policies while creating a policy using the Job Policy Change alert condition in NOM 6.5.2.
NOM updates NOM alert enhancements
391
Figure 20-1
Selecting multiple policies while creating an alert policy
Creating email and SNMP trap recipient groups

You can create recipients and recipient groups for receiving email and SNMP traps in NOM. In NOM 6.5/6.5.1, if you create a recipient group G1 as a member of a recipient group G2, then NOM reflects the individual members of group G1 as members of group G2. In NOM 6.5.2, if you create a recipient group G1 as a member of a recipient group G2, NOM reflects the group G1 as a member of G2 instead of displaying the individual members of G1. In case you add or remove a member from recipient group G1, the change would automatically reflect in group G2. Note: After you uninstall 6.5.2 and rollback to NOM 6.5/6.5.1, you will not see the new features introduced with NOM 6.5.2. In other words, the recipient group G2 displays the individual members of group G1 instead of group G1.
Duplicate names between email and SNMP recipients/recipient groups

You can create email and SNMP recipients to receive NOM alerts. In NOM 6.5.2, duplicate names between email and SNMP recipients are allowed. Similarly, duplicate names between email and SNMP recipient groups are allowed. For example, you can have an email recipient named user and an SNMP trap recipient named user in NOM 6.5.2.
392 NOM updates NOM alert enhancements
Note: Duplicate names for email recipients or SNMP trap recipients are not allowed. For example, you cannot have two email recipients (or two SNMP trap recipients) named user.
Note: The recipient names are case-sensitive. This means that user and USER are two separate names. If you want to uninstall NOM 6.5.2, ensure that email and SNMP recipients/recipient groups do not have the same name. This is because the earlier NOM versions (NOM 6.5/6.5.1) do not support duplicate names between email and SNMP recipients/recipient groups. Before uninstalling NOM 6.5.2, remove duplicate names between email and SNMP recipients/recipient groups. Note: After you uninstall 6.5.2 and rollback to NOM 6.5/6.5.1, you will not see the new features introduced with NOM 6.5.2.
Configuring the SNMP trap community name for NOM

For NOM traps, the SNMP trap community name string is NOM by default. The NOM community used by NetBackup Operations Manager is a public community. Public community implies a read-only access to SNMP traps. Use the following procedures to configure the SNMP trap community name on Windows and Solaris. To configure the SNMP trap community name for NOM traps on Windows 1 Stop all the NOM services.
INSTALL_PATH\NetBackup Operations Manager\bin\admincmd\NOMAdmin -stop_service
Navigate to INSTALL_PATH\NetBackup Operations Manager\config directory and open the trap.properties file. The file shows the following contents under trap configuration: nm.trap.community=NOM nm.trap.agent.port=161 You can configure the value of nm.trap.community.name from NOM to some other name. Save the trap.properties file after making the changes. Restart all NOM services.
3 4
NOM updates Job detail and job priority enhancements
393
To configure the SNMP trap community name for NOM traps on Solaris 1 2 Stop all the NOM services.
Navigate to opt/VRTSnom/config directory and open the trap.properties file. The file shows the following contents under trap configuration: nm.trap.community=NOM nm.trap.agent.port=161 You can configure the value of nm.trap.community.name from NOM to some other name. Save the trap.properties file after making the changes. Restart all NOM services.
/opt/VRTSnom/bin/NOMAdmin -start_service
3 4
Job detail and job priority enhancements

This release provides new columns in the job details view and the ability to change the priority of jobs.
State Details and Priority columns added in the Job details view
In NetBackup Operations Manager 6.5.2, two new column called State Details and Priority have been added in the Job Details view. You can access the Job Details view by selecting Monitoring > Jobs> Details. The State Details column indicates specific reasons why a job is queued or is not progressing. It also lists the backup resource or condition for which the job is waiting. This information can be used to troubleshoot NetBackup issues involving queued jobs. The State Details column is displayed by default in the Job Details view. The Priority column lists the job priority of a NetBackup job. The Job Priority indicates the current relative priority of a job to obtain backup resources. The Priority column is not displayed by default and can be added by clicking the Table Settings icon at the top of the table. Note: The State Details and Priority field is also displayed while viewing the details for a single NetBackup job. The details for a single NetBackup job can be viewed from Monitoring > Jobs > Details when a job id is selected.
394 NOM updates Performance enhancements for the NOM server
Changing the priority of NetBackup jobs from NOM

It is possible to change the priority of NetBackup jobs from NOM 6.5.2. Review the following points before changing the job priority:

Priority can be changed only for jobs that are in Active or Queued state. Priority can be changed only for jobs from master servers that are running NetBackup 6.5.2 or higher versions.
To change the job priority 1 Select Monitoring > Jobs > Details. Select an active or queued job. You can also change the job priority when you select a job id of an active or queued job from this view. Click Change Priority from the Tasks pane.
In the Change Priority dialog box, set the job priority to a particular value. You can also increment or decrement the job priority.
Performance enhancements for the NOM server

In NOM 6.5.2, the following issues related to NOM server performance have been fixed:
NOM server consumes a large amount of memory and threads and becomes non-responsive gradually. This happens when the number of managed master servers is high. NOM server needs to be restarted frequently. NOM gets slower gradually and the NOM server service/process uses more memory and threads.
Moving a NOM 6.5 or 6.5.1 database to the original default location

In NOM 6.5 or NOM 6.5.1, you can move the NOM database to a non-default location. This was documented in the administration chapter in the NOM 6.5 Guide. If you modified the default location of the NOM database, and you want to upgrade to NOM 6.5.2 in a clustered mode, you must move the NOM database back to the default location. Use the following procedure to move the NOM database to the default location on Windows and Solaris. This procedure must be performed before you upgrade an existing NOM 6.5 or 6.5.1 server (with the NOM database in a non-default location) to NOM 6.5.2 in a clustered environment.
NOM updates Moving a NOM 6.5 or 6.5.1 database to the original default location
395
To move NOM database to the default location on Windows 1 Stop all NOM services. Enter the following command:
INSTALL_PATH\NetBackup Operations Manager\bin\admincmd\NOMAdmin -stop_service
Open the databases.conf file from INSTALL_PATH\NetBackup Operations Manager\db\conf directory with a text editor like Notepad. The file lists the location of the NOM primary and alerts database. To move the database to the default location, replace the contents of the file with the following: "<INSTALL_PATH>\NetBackup Operations Manager\db\data\vxpmdb.db" "<INSTALL_PATH>\NetBackup Operations Manager\db\data\vxam.db" Make sure that you specify the path in double quotes. Save the databases.conf file. Copy the database files to the default location. Copy vxpmdb.db and vxam.db from the non-default location to INSTALL_PATH\NetBackup Operations Manager\db\data. Restart all NOM services. To restart all NOM services, enter the following command:
You should run and monitor NOM for a certain period after moving the database. If NOM works as expected, you can delete vxpmdb.db and vxam.db from the non-default location. To move NOM database to the default location on Solaris 1 2 Stop all NOM services. Enter the following command:
Unlink the data directory located in /opt/VRTSnom/db. Enter the following command:
unlink /opt/VRTSnom/db/data
The default location of the NOM database in Solaris is /opt/VRTSnom/db/data. To copy the database from a custom location like /home/mydata to the default location,enter the following command:
cp -R /home/mydata /opt/VRTSnom/db
Restart all NOM services by entering the following command:

/opt/VRTSnom/bin/NOMAdmin -start_service
396 NOM updates Moving a NOM 6.5 or 6.5.1 database to the original default location
You should run and monitor NOM for a certain period after moving the database. If NOM works as expected, you can delete vxpmdb.db and vxam.db from /home/mydata.
Related Topics
Prerequisites Upgrading from a standalone NOM server to NOM 6.5.2 in clustered mode
Chapter
21

This chapter describes the command line changes and additions implemented in 6.5.2.
bpbackupdb
Use bpbackupdb to perform an offline, cold catalog backup. The -priority option was added so that the administrator can specify a new priority for the catalog backup that overrides the default job priority.
bpdbjobs
Use bpdbjobs to interact with NetBackup jobs database. Now the command lets administrators set and change the priority of a job using two new options: -change_priority_by and -set_priority. For more information, see Changes to bpdbjobs on page 370.
bpduplicate
Use bpduplicate to create a copy of a backup. The -priority option was added so that the administrator can specify a new priority for the duplication job that overrides the default job priority.
bpimport
Use bpimport to import NetBackup and Backup Exec backups that are expired or to import backups from another server. The -priority option was added so that the administrator can specify a new priority for the import job that overrides the default job priority.
398 Command line interface updates
bplabel
Use bplabel to write NetBackup label on tape media. The -priority option was added so that the administrator can specify a new priority for the label job that overrides the default job priority.
bpmedia
Use bpmedia to freeze, unfreeze, suspend, or unsuspend NetBackup tape media, or to move ownership of tape media to a different media server. The ability to move ownership of tape media is new in this release and applies to moving to or from media servers that are version 6.0 or later. The bpmedia option changes all media database and image records that reference one server name (oldservername) to reference another server name (newservername). The syntax for the new option is as follows. All options are necessary to run the command.
bpmedia -movedb -allvolumes -newserver newservername -oldserver oldservername
The new option performs the following functions:
First, the option moves all media assigned to one media server (oldservername) to another media server (newservername). This operation occurs on the EMM database, changing the lastwritehost of the media to newservername. For NetBackup 6.5 or later, the following is true in the case of media that belongs to a sharegroup: If the lastwritehost was set to the oldservername, then the newservername must belong to the sharegroup, and lastwritehost is changed to newservername. If the first step succeeds, then the option changes the media server name for all fragments in the image database that were originally the oldservername to the newhostname. This may take a long time, since the command must traverse the entire image database.
bpmedialist
Use bpmedialist to display the status of NetBackup tape media. The -priority option was added so that the administrator can specify a new priority for the media contents job (for a Media Contents report) that overrides the default job priority.
399
bppldelete
Use bppldelete to delete policies from the NetBackup database. The -generation [1-n] option was added to ensure that the command acts on a specific generation or version of a policy. The generation value increments each time a policy is saved. Use bpplinfo or bppllist to list the current generation value. If no generation is indicated, the command acts on the current version.
bpplinclude
Use bpplinclude to maintain a list of files automatically backed up by a NetBackup policy. The -generation [1-n] option was added to ensure that the command acts on a specific generation or version of a policy. The generation value increments each time a policy is saved. Use bpplinfo or bppllist to list the current generation value. If no generation is indicated, the command acts on the current version.
bpplinfo
Use bpplinfo to manage or display policy attributes. The attributes list now includes the generation or version of a policy. The -priority option was added so that the administrator can specify a new priority for the backup job that overrides the default job priority.
bppllist
Use bpplist to list policy information. The verbose list now includes the generation or version of a policy.
bpplsched
Use bpplsched to add, delete, or list NetBackup schedules. The -generation [1-n] option was added to ensure that the command acts on a specific generation or version of a policy. The generation value increments each time a policy is saved. Use bpplinfo or bppllist to list the current generation value. If no generation is indicated, the command acts on the current version.
bpplschedrep
Use bpplschedrep to modify NetBackup schedule attributes. The -generation [1-n] option was added to ensure that the command acts on a specific generation or version of a policy. The generation value increments each time a policy is saved. Use bpplinfo or bppllist to list the current generation value. If no generation is indicated, the command acts on the current version.
bppolicynew
Use bppolicynew to create, copy, or rename a NetBackup policy. The -priority option was added so that the administrator can specify a new priority for the backup job that overrides the default job priority.
bprecover
Use bprecover to recover NetBackup related catalogs. The -priority option was added so that the administrator can specify a new priority for the recovery job that overrides the default job priority.
bprestore
Use bprestore to restore files from a NetBackup server. The -priority option was added so that the administrator can specify a new priority for the restore job that overrides the default job priority.
bpschedule
Use bpschedule to add, delete, or list schedules for disk staging storage units. The -priority option was added so that the administrator can specify a new priority for the schedule that overrides the default job priority.
bpschedulerep
Use bpchedulerep to modify schedule attributes for disk staging storage units. The -priority option was added so that the administrator can specify a new priority for the schedule that overrides the default job priority.
401
bpverify
Use bpverify to verify NetBackup backups. The -priority option was added so that the administrator can specify a new priority for the verification job that overrides the default job priority.
nbdelete
Use nbdelete to remove deleted fragments from disk volumes. The -priority option was added so that the administrator can specify a new priority for the job that overrides the default job priority.
nbdevconfig
Use nbdevconfig to preview, import, create, or inventory disk pools. -setattribute attribute is an attribute to apply to the storage server for the read side of restore or duplication operations. These attributes can help you manage the restore and duplication traffic. You can specify more than one -setattribute attribute pair on the command line. The following are the attributes:
PrefRestore. The storage server is preferred for the read side of restore operations. More than one storage server can have the PrefRestore attribute. Storage servers that are marked as PrefRestore are considered for use first. If none are available, any unmarked storage server is considered for use. Normal NetBackup load balancing occurs among all storage servers marked PrefRestore. ReqRestore. The storage server is required for the read side of restore operations. More than one storage server can have the ReqRestore attribute. If a ReqRestore server is not available, NetBackup considers PrefRestore servers for use. If none are available, jobs queue until a ReqRestore or PrefRestore is available. If you configure ReqRestore servers but not PrefRestore servers, unmarked storage servers are never considered for restore jobs. Jobs queue until a ReqRestore storage server is available to execute the job. Normal NetBackup rules for job retry apply. Normal NetBackup load balancing occurs for all storage servers marked ReqRestore. Load balancing does not occur between the ReqRestore and PrefRestore storage servers. ReqDuplicate. The storage server is required for the read side of duplication operations. More than one storage server can have the ReqDuplicate attribute. If any storage server is marked as ReqDuplicate, only storage servers that are marked as ReqDuplicate are considered for use. If a ReqDuplicate server is unavailable, jobs queue until a ReqDuplicate server is available to execute the job. Normal NetBackup rules for job retry apply. ReqDuplicate also applies to storage server allocation for synthetic backup operations.
-clearattribute attribute is an attribute to remove from the storage server for restore or duplication operations. You can specify more than one -clearattribute attribute pair on the command line. The following are the attributes:
PrefRestore. The storage server is preferred for the read side of restore operations.
403
ReqRestore. The storage server is required for the read side of restore operations. ReqDuplicate. The storage server is required for the read side of duplication operations.
-deletedv deletes the volume from the disk pool. Requires the -stype, -dp, and -dv options. No backup image fragments can exist on the volume. No backup jobs can be active on the volume. The disk volume and disk pool must be DOWN.
nbkmsutil
nbkmsutil is a new command that runs the NetBackup key management service (KMS) utility. The following is the complete description of nbkmsutil as it would appear in the NBU Commands document or in the UNIX man page. The nbkmsutil command contains the following operations and options:
<admin_dir_path>nbkmsutil [-createkg] [-createkey] [-modifykg] [-modifykey] [-listkgs ] [-listkeys] [-modifyhmk] [-modifykpk] [-gethmkid] [-getkpkid] [-deletekg] [-deletekey] [-quiescedb] [-unquiescedb] [-recoverkey] [-ksstats] <admin_dir_path>nbkmsutil -createkg -kgname key_group_name [-cipher type] [-desc description] <admin_dir_path>nbkmsutil -createkey [-nopphrase] -kgname key_group_name -keyname key_name [-activate] [-desc description] <admin_dir_path>nbkmsutil -modifykg -kgname key_group_name [-name new_name] [-desc new_description] <admin_dir_path>nbkmsutil -modifykey -keyname key_name -kgname key_group_name [-state new_state | -activate] [-name new_name] [-desc new_description] <admin_dir_path>nbkmsutil -listkgs [-kgname key_group_name | -cipher type | -emptykgs | -noactive] [-noverbose] <admin_dir_path>nbkmsutil -listkeys key_group_name [-keyname key_name | -activekey] [-noverbose] <admin_dir_path>nbkmsutil -modifyhmk [-nopphrase] <admin_dir_path>nbkmsutil -modifykpk [-nopphrase] <admin_dir_path>nbkmsutil -gethmkid <admin_dir_path>nbkmsutil -getkpkid <admin_dir_path>nbkmsutil -deletekg -kgname key_group_name <admin_dir_path>nbkmsutil -deletekey -keyname key_name -kgname key_group_name <admin_dir_path>nbkmsutil -recoverkey -keyname key_name -kgname key_group_name -tag key_tag [-desc description] <admin_dir_path>nbkmsutil -ksstats [-noverbose] <admin_dir_path>nbkmsutil -quiescedb <admin_dir_path>nbkmsutil -unquiescedb
UNIX and Linux systems: <admin_dir_path> is /usr/openv/netbackup/bin/admincmd/ Windows systems: <admin_dir_path> is <install_path>\NetBackup\bin\admincmd\
Operation descriptions
The nbkmsutil command performs the following operations:
-createkg -createkey Create a new key group. The default cipher of the new key group is AES_256. Create a new key. The default state of the new key is Prelive.
405
-modifykg -modifykey -listkgs
Modify key group attributes. Modify key attributes. Get the details of the key groups. If no option is specified, retrieve the details of all the key groups. Get the details of keys. Delete a key group. Only empty key groups can be deleted. Delete a key. Only keys in Prelive and Terminated states can be deleted. Restore could fail if a key used in encrypting the backup data is lost. Such Keys can be recovered (re-created) with the knowledge of the original Key's attributes (tag and passphrase). Modify the host master key (HMK). HMK is used to encrypt the key store. To modify the HMK, provide an optional seed (passphrase) and an HMK ID which can remind the user of the specified passphrase. The passphrase and the HMK ID are both read interactively. Return the current HMK ID. Modify the key protection key (KPK). KPK is used to encrypt KMS keys. KPK is per key store. To modify the KPK, provide an optional seed (passphrase) and a KPK ID which can remind the user of the specified passphrase. The passphrase and the KPK ID are both read interactively. Returns the current KPK ID. Returns the key store statistics. The statistics consist of the number of key groups, the total number of keys, and the outstanding quiesce calls. Sends a quiesce request to KMS. If the command succeeds, the current outstanding quiesce count is returned (as multiple backup jobs might quiesce the KMS DB to back it up) Sends an unquiesce request to KMS. If the command succeeds, the current outstanding quiesce count is returned. A count of zero (0) means the KMS database is completely unquiesced.
-listkeys -deletekg -deletekey -recoverkey
-modifyhmk
-gethmkid -modifykpk
-getkpkid -ksstats
-quiescedb
-unquiescedb
Option descriptions
The nbkmsutil command uses the following options:
-activate -activekey -cipher Set the state of the specified key to active. The default state is prelive. Retrieves the details of a specific key group's active key. Type of cipher supported by the key group. All keys belonging to a key group supports the same cipher type. Supported cipher types are BLOW, AES_128, AES_192, and AES_256 (default cipher).
-emptykgs -keyname
Retrieves the details of all the key groups with zero keys in it. The name of a key. This name should be unique within a key group. The key group name and key name uniquely identifies a key in the key store. The name of a key group. Within a key store, a key group is uniquely identified by its name. New name of the key group when used with -modifykg or the new name of the key when used with -modifykey. The new key group name must not conflict with other names in the key store. Retrieves the details of all the key groups in which there are no active keys. Disable the utility function that prompts you for a pass phrase. Instead, the utility creates the key. The default condition is the use of the pass phrase to create a key with a seed. A lengthy and strong seed results in a strong key. Disable verbosity. The default condition is verbosity, which prints the details in readable format. New state of the Key. Possible states are Prelive, Active, Inactive, Deprecated, and Terminated. Key states can be changed only in the following ways:

-kgname
-name new_name
-noactive -nopphrase
-noverbose
-state newstate
Prelive to Active Transition between Active and Inactive Transition between Inactive and Deprecated Transition between Deprecated and Terminated
407
nbpemreq
Use the NetBackup Policy Execution Manager Requisition (nbpemreq) to determine which jobs are due in the near future. This command can also instruct nbpem to process policy updates immediately. Note that in 6.5.2, nbpem has been refactored for enhanced scalability, performance, and stability. Before running nbpemreq, note the following items:

The nbpemreq -tables option is no longer supported in 6.5.2. Whenever the nbpemreq command is run, nbpem is affected, slowing down policy processing. Note that the output from nbpemreq may change from release to release. Because of this, Symantec does not recommend using nbpemreq in scripts.
The nbpemreq command contains the following operations and options:

-due -date <mm/dd/yyyy HH:MM:SS> [-client_filter <client>...][-policy_filter <policy>...] -due -dateu <unixtime> [-unixtime] [-client_filter <client>...][-policy_filter <policy>...] -help -jobs [screen] [depth <value>] [all|<job_id>..] -persisted [screen] [depth <value>] -policies [screen] [depth <value>] [<policy>..] -predict -date <mm/dd/yyyy HH:MM:SS> [-unixtime] [-client_filter <client>...] [-policy_filter <policy>...] -predict -dateu <-unixtime> [-unixtime] [-client_filter <client>...][-policy_filter <policy>...] -predict_all -date <mm/dd/yyyy HH:MM:SS> [-client_filter <client>...] [-policy_filter <policy>...] -predict_all -dateu <unixtime> [-client_filter <client>...] [-policy_filter <policy>...] -subsystems [screen] depth [list|all| <subsystem_id>...] -updatepolicies
Operation descriptions
The nbpemreq command performs the following operations:
-due The -due option provides information about the clients or policies that are due to run by the time specified. Two formats are available to indicate the time. The -help option provides online help for the command. The -jobs option provides information about current jobs and jobs that ran in the previous 30 minutes. The -persisted option provides information about the contents of the nbpem persistence database file. The file contains information about running jobs, so if nbpem is interrupted, NetBackup knows which jobs to run when nbpem restarts. The -policies option provides information internal to nbpem about specified policies. The information presented differs from that presented using the -subsystem option. The -predict option can help determine when a policy is to run. The information displayed is based on the current time and a future date, specified using one of the two available time formats. The option can also be used to help determine why a policy has not run. The difference between the options is the output format and the amount of data presented. The -predict option shows backups that are eligible to run, but it is not an indication of which jobs will run at a specific time. This option checks if there is an open window for the backup, but does not reflect any exclude dates that might be set for the schedule. -subsystems The -subsystems option provides information about the subsystems introduced in 6.5.2. The amount of information presented for each subsystem depends on the depth indicated. Each subsystem contains varying layers of information. The -updatepolicies option instructs nbpem to reread the existing policy configuration. Normally, nbpem checks for changes based on the Policy Update Interval, located in the Global Attributes host properties. The default is 10 minutes. After running this command, the prompt is simply returned.
-help -jobs
-persisted
-policies
-predict -predict_all
-updatepolicies
Option descriptions
The nbpemreq command uses the following options:
depth value [all|job_id...] -client_filter client Where value is 0-n. The value limits how much the command generates as output. Lists all jobs or the job specified by the job ID. Filters on the name of a specific client or clients.
409
depth [list|all| subsystem_id...]
Displays all 36 subsystems introduced in 6.5.2, or specified subsystems. Example: 3 8 12 (Separate subsystems with spaces, not commas.)
-policy_filter policy screen -unixtime
Filters on the name of a specific policy or policies.
Writes the output onto the screen and to stdout. The output is placed in the log file. The number of seconds elapsed since midnight Coordinated Universal Time (UTC) of January 1, 1970, not counting leap seconds.
nbstl
The NetBackup storage lifecycle utility command (nbstl) gives administrators the ability to create, modify and delete storage lifecycle policies. The nbstl command contains the following operations and options in 6.5.2:
nbstl [storage_lifecycle_name] [-v] [-M master_server] -L | -l nbstl storage_lifecycle_name [-v] [-M master_server] -delete nbstl storage_lifecycle_name [-add | -modify] [-v] [-M master_server] [-dc data_classification] [-dp duplication_priority] [-uf used_for1[,used_for2,..used_forn]] [-residence storage_unit1 | __NA__[,storage_unit2 | __NA__...storage_unitn | __NA__]] [-pool volume_pool1 | __NA__[,volume_pool2 | __NA__...volume_pooln | __NA__]] [-server_group host1 | __NA__[,host2 | __NA__..hostn | __NA__]] [-managed m1[,m2,..mn]] [-rl retention_level1 [,retention_level2,..retention_leveln] [-as alt_read_server1 | __NA__ [,alt_read_server2 | __NA__ ,..alt_read_servern | __NA__]] [-mpx preserve_mpx1 | __NA__[,preserve_mpx2 | __NA__ ,..preserve_mpxn | __NA__]]
New value for -uf option

The -uf (used for) option specifies when each destination is used. Value 2 is used for snapshots and is new in 6.5.2. Use one of the following values with -uf:
0 1 2 Backup Duplication Snapshot (new in 6.5.2)
New __NA__ value for many options

The nbstl command creates, modifies, or deletes all of the destinations at the same time and does not support adding or modifying single destinations. To change properties of one destination, all of the existing destinations must be accounted for as well as the destination to be updated. Many of the options that need to be entered for a destination may not be applicable (NA). In that case, enter the value as __NA__ (double underscores before and after NA). The following options accept __NA__ as a value:

-residence -pool -server_group -as (alternate read server) -mpx
The following options cannot be used with the __NA__ entry:

The -managed option must be set to 0 (capacity management disabled). The -rl (retention level) option must be an integer between 0 and 24.
New State field listed for -L and -l

In 6.5.2, the output for -L and -l includes a State field for the lifecycle and for every destination in the lifecycle. The State value indicates whether or not the lifecycle or destination is active or inactive. (Administrators can use the nbstlutil command to make a lifecycle active or inactive. An inactive lifecycle or destination prevents duplications from running.)
The following is an example of how the new State field appears in the output for nbstl -L (long output). In this example:

The lifecycle named lifecycle1 is active. The storage unit named adv_dsu1 is inactive.
lifecycle1 Gold 0 active backup adv_dsu1 NetBackup *NONE* Fixed 0
Name: Data Classification: Duplication job priority: State: Destination 1 Use for: Storage Unit: Volume Pool: Server Group: Retention Type: Retention Period:
411
Alternate Read Server: *NULL* Preserve Multiplexing: false State: inactive
The following is an example of how the new State field appears in the output for nbstl -l (condensed readout). In this example:
The second 0 in the first line indicates that the lifecycle named lifecycle1 is active. The 1 in the second line indicates that the storage unit named adv_dsu1 is inactive.
lifecycle1 Gold 0 0 0 adv_dsu1 NetBackup *NONE* 0 0 *NULL* 0 1
nbstlutil
In previous releases, the nbstlutil list -l and the nbstlutil list -U output did not list fields that had no values to display. In 6.5.2, the blank fields are displayed with the following values:
nbstlutil list -l (condensed readout) output displays *NULL* for blank fields. nbstlutil list -U (user readable) output displays (none specified) for blank fields. It also lists meaningful names for the fields instead of variable names. For example:
: : : : : : : : : : : master1 master1_1204160816 master1 1204160816 (Wed Feb 27 19:06:56 2008) SLPTestPol1 0 0 SLPTest1 3 (COMPLETE) 1204160905 (Wed Feb 27 19:08:25 2008) (none specified)
Image: Master Server Backup ID Client Backup Time Policy Client Type Schedule Type Storage Lifecycle Policy Storage Lifecycle State Time In Process Data Classification ID
tpclean
Use tpclean to manage the cleaning of the tape drive. The -priority option was added so that the administrator can specify a new priority for the job that overrides the default job priority.
tpformat
Use tpformat to format optical disks for use by Media Manager. The -priority option was added so that the administrator can specify a new priority for the job that overrides the default job priority.
tpreq
Use tpreq to request a tape volume for mounting and assign a file name to the drive. The -priority option was added so that the administrator can specify a new priority for the job that overrides the default job priority.
413
vmphyinv
Use vmphyinv to inventory media contents of a robotic library or stand-alone drive and update the volume database. The -priority option was added so that the administrator can specify a new priority for the inventory job that overrides the default job priority.
Index
A
Activity Monitor State Details column 351 adding Media Manager storage unit 343 Advanced Disk license key for 247 Alternate read server option 239, 240
B
backup off-host configuration 34 Backup and Restore Database option 199 Backup Selections list 39 Bare Metal Restore 34 Bare Metal Restore database (BMRDB) 187 bp client interface 371 bpadm management interface 371 bpbackupdb 369 bpbackupdb command -priority option 397 bpchedulerep command -priority option 400 bpclusterutil command 383, 387 bpdbjobs 369 bpdbjobs command 397 -report -all_columns output 355 bpduplicate 369 bpduplicate command -priority option 397 bpimport 369 bpimport command -priority option 397 bplabel 369 bplabel command -priority option 398 bpmedia command 398 bpmedialist 369 bpmedialist command -priority option 398 bppldelete command -generation option 399 bpplinclude command -generation option 399 bpplinfo 369 bpplinfo command -priority option 399 bppllist command 399 bpplsched command -generation option 399
bpplschedrep command -generation option 400 bppolicynew 369 bppolicynew command -priority option 400 bprecover 369 bprecover command -priority option 400 bprestore 369 bprestore command -priority option 400 bpschedule 369 bpschedule command -priority option 400 bpschedulerep 369 bpverify 369 bpverify command -priority option 401
C
cache object 140 configuration add Media Manager storage unit 343 procedure 32 Converter, VMware 25 credentials, VMware 31
D
Database Administration tool for NetBackup databases UNIX 189 Windows 201 database password, changing 190 Database Rebuild option 196 database validation check 207 Database Validation Check and Rebuild 195 DataStore/XBSA 372 DB2, NetBackup for 372 Disk type storage unit setting 254, 302 document-level restores how to perform 219 requirements 218 Dynamic LUN masking property (SharedDisk) 284
416
E
encryption of snapshot data transfer 36 ESX server 25, 31 Exchange, NetBackup for 373
mount point VMware 35 Move Database option 197 Multiple Copy Synthetic Backups feature 345
F
files list (see Backup Selections list)
N
NAS snapshot 342 nbd 36 nbdelete 369 nbdelete command -priority option 401 nbdevconfig command 402 nbdssl 37 nbfirescan 123 nbkmsutil command 404 nbstl (NetBackup storage lifecycle utility) command 242 nbstl command 409 __NA__ option 410 new -L and -l output fields 410 -uf (used for) option 409 nbstlutil command new -L and -l output fields 412 NDMP to media server how to configure 342 NDMP to disk 341 NDMP to media server (disk or tape) 341 NearStore storage units logging information 269, 322 NetBackup for DB2 372 NetBackup for Exchange 373 NetBackup for Informix 373 NetBackup for Oracle 374 NetBackup for SAP 375 NetBackup for SharePoint 375 NetBackup for SQL Server 375 NetBackup for Sybase 375 NetBackup relational database (NBDB) 187 NetBackup Resource Broker (NBRB) 358 Network Block Device (NBD) transfer 36 Network Block Device (NBD) transfer with SSL 36 Network Settings host properties 377 NOM 6.5.2 alert changes 389 changing the job priority 394 configuring SNMP trap community name 392 Creating email and recipient groups 391 duplicate names between email and SNMP recipients 391
G
Global Attributes host properties 359
H
host properties for VMware 32 hot catalog backup 194, 195, 207
I
Informix, NetBackup for 373 instant snapshots 140
J
jnbSA 31, 32
L
license key for AdvancedDisk 247 lifecycle destination type 239 logging VMware 55, 117 Lotus 373 LUN masking for SharedDisk 284
M
media host properties Enable SCSI reserve/release 284 Media server storage unit setting 255, 302 method selecting off-host backup 34 Microsoft Cluster Server (MSCS) bpclusterutil command 383 Microsoft Services for NFS, installing 211, 212 mirror VxVM snapshot 140
417
Multi-select option 390 NOM cluster about the NOM cluster 61 adding a node 86 configuring a cluster 83 configuring NetBackup servers 85 installing NOM 6.5.2 cluster 63 limitations 94 NOM agent for VCS 62 removing cluster completely 90 supported cluster solutions 62 troubleshooting 94 uninstall NOM 6.5.2 87 upgrading to NOM 6.5.2 cluster 72 using NOMCAdmin 93
SQL Server, NetBackup for 375 SSL encryption of snapshot data 36 Sybase Adaptive Server Anywhere (ASA) 187 Sybase, NetBackup for 375
T
tpclean 360, 370 tpclean command -priority option 412 tpformat 360, 370 tpformat command -priority option 412 tpreq 370 tpreq command -priority option 412 Transaction Log Management 194 Truncate the Transaction Log option 195
O
off-host backup 34 Oracle XML 374 Oracle, NetBackup for 374
U
Unload Database option 198
V
Vault duplication jobs 360 Veritas Cluster Server (VCS) for Windows 2000/ 2003 bpclusterutil command 383, 387 Virtual Center 25 vmdk type 37 vmphyinv 361, 370 vmphyinv command -priority option 413 VMware and Linux 33 backup environment 25, 26 backups 42 configuration overview 29 Converter 25 credentials 31 ESX server 25, 31 host properties 32 introduction 23 logging 55, 117 main features 24 policy configuration 32 policy types 33 proxy 24 restores 43 snapshot mount point 35 troubleshooting 55 Virtual Center 25 VxVM
P
policy how to select type of 33 Policy dialog 32, 114 Preserve multiplexing option 239, 241
R
remote NDMP 341 restores document-level 218 Reverse Host Name Lookup property 377 REVERSE_NAME_LOOKUP bp.conf entry 379
S
SAP, NetBackup for 375 SCSI LUN masking for SharedDisk 284 persistent reserve for SharedDisk 284 SCSI presistent reserve property (SharedDisk) 284 SharePoint, NetBackup for 375 snapshot mirror (VxVM) 140 Snapshot Client 239 space-optimized snapshots 140
418
mirror 140 Volume Manager 140
W
Windows Services for UNIX (SFU), installing 212

Nom Netbackup Services

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Nom Netbackup Services

Caricato da

Copyright:

Formati disponibili

Veritas NetBackup 6.5.

UNIX, Windows, Linux

Veritas NetBackup NetBackup 6.5.2 Documentation Updates

Third-party legal notices

Licensing and registration

Introduction How to configure and use NetBackup for VMware

Clustering NetBackup Operations Manager

Snapshot client updates

New data at rest key management

New database Administration tool for NetBackup relational databases

NetBackup for SharePoint Portal Server updates

NetBackup for Exchange support

NetBackup for Microsoft SQL Server updates

Storage Lifecycle Policy destination configuration changes

AdvancedDisk storage option updates

SharedDisk storage option updates

SAN Client and Fibre Transport updates

Remote NDMP and disk devices updates

Synthetic Backup updates: Multiple copy backups

New Activity Monitor displays job state details

New Job Priority defaults and overrides

Reverse host name lookup updates

NetBackup High Availability updates

Command line interface updates

How to configure and use NetBackup for VMware

NetBackup for VMware: introduction

The main features of NetBackup for VMware

NetBackup for VMware environment

NetBackup for VMware components

VMware NetBackup Integration Module (VNIM) not required!

NetBackup for VMware: backup environment

Basic backup process:

VirtualCenter with multiple ESX servers

NetBackup storage unit (disk or tape)

VMware backup proxy server

VMware virtual disk files (datastore)

VMware ESX servers

Backup type: file-level and full virtual machine

Notes and restrictions

Configuration tasks: overview

Tasks for the VMware administrator

Tasks for the NetBackup administrator

How to configure and use NetBackup for VMware Configure NetBackup

Adding NetBackup credentials for VMware

32 How to configure and use NetBackup for VMware Configure NetBackup

Adding the proxy server to NetBackup configuration

Configuring incremental backups for VMware

Configuring a VMware policy

How to configure and use NetBackup for VMware Configure NetBackup

Select the policy type: MS-Windows-NT or FlashBackup-Windows

Select storage unit or group

34 How to configure and use NetBackup for VMware Configure NetBackup

How to configure and use NetBackup for VMware Configure NetBackup

36 How to configure and use NetBackup for VMware Configure NetBackup

How to configure and use NetBackup for VMware Configure NetBackup

3-SAN then NBD

4-SAN then NBDSSL

To save these settings, click OK and then Apply.

38 How to configure and use NetBackup for VMware Configure NetBackup

ESX server or VirtualCenter

How to configure and use NetBackup for VMware Configure NetBackup

40 How to configure and use NetBackup for VMware Configure NetBackup

How to configure and use NetBackup for VMware Configure NetBackup

Disk Group_________________________________ nom_group1 Start Volumes_ 0 or 1 Stop Volumes_ 0 or 1