Professional Documents
Culture Documents
Guide
For NetBackup and OpsCenter
versions 7.5.0.7, 7.6.0.4, 7.6.1.2, 7.7,
and 7.7.2
Technical Support
Technical Support maintains support centers globally. All support services will be delivered
in accordance with your support agreement and the then-current enterprise technical support
policies. For information about our support offerings and how to contact Technical Support,
visit our website:
https://www.veritas.com/support
You can manage your Veritas account information at the following URL:
https://my.veritas.com
If you have questions regarding an existing support agreement, please email the support
agreement administration team for your region as follows:
Worldwide (except Japan)
CustomerCare@veritas.com
Japan
CustomerCare_Japan@veritas.com
Documentation feedback
Your feedback is important to us. Suggest improvements or report errors or omissions to the
documentation. Include the document title, document version, chapter title, and section title
of the text on which you are reporting. Send feedback to:
NB.docs@veritas.com
You can also see documentation information or ask a question on the Veritas community site:
http://www.veritas.com/community/
Contents
Chapter 1
Introduction
........................................................................... 5
Chapter 2
Chapter 3
Appendix A
17
18
20
21
24
26
27
27
28
30
31
33
Chapter
Introduction
This chapter includes the following topics:
2.
Chapter
Installing the hotfix on NetBackup and the NetBackup Remote Java Console
Post-installation procedures
Table 2-1
Step
Process
Additional information
Generate a list of all NetBackup servers Use the article that is shown to
and clients.
generate a list of all clients from all
NetBackup policies:
http://www.veritas.com/docs/000006640
Use the command that is shown to list
all master and all media servers:
nbemmcmd -listhosts
-nbservers
The nbemmcmd is located in
install_path\Veritas\NetBackup\bin\admincmd
for Windows and
/usr/openv/netbackup/bin/admincmd
for UNIX and Linux.
Table 2-2
NetBackup,
OpsCenter, and
appliance version
NetBackup 7.0.x.x and No version of the hotfix is available for these versions of NetBackup.
7.1.x.x
You must upgrade to a version of NetBackup for which the hotfix
is available.
Appliance 2.5.3 and
below
All NetBackup 7.5
versions
For NetBackup, you must apply the 7.5.0.7 patch. More information
about the 7.5.0.7 patch is available.
Appliance 2.5.4
http://www.veritas.com/docs/000018640
You must apply the 7.6.0.4 patch. More information about the
7.6.0.4 patch is available.
http://www.veritas.com/docs/000023129
For the NetBackup appliance, you must apply the 2.6.0.4 patch.
More information about the 2.6.0.4 patch is available.
http://www.veritas.com/docs/000080647
More information about the Etrack numbers associated with the
7.6.0.4 and 2.6.0.4 hotfix is available.
See Table A-4 on page 32.
Table 2-2
NetBackup,
OpsCenter, and
appliance version
You must apply the 7.6.1.2 patch. More information about the
7.6.1.2 patch is available.
http://www.veritas.com/docs/000025302
For the NetBackup appliance, you must apply the 2.6.1.2 patch.
More information about the 2.6.1.2 patch is available.
http://www.veritas.com/docs/000024747
More information about the Etrack numbers associated with the
7.6.1.2 and 2.6.1.2 hotfix is available.
See Table A-3 on page 30.
NetBackup 7.7 version No patch is required. You can apply the appropriate hotfix directly
to NetBackup version 7.7.
More information about the Etrack numbers associated with the
7.7 hotfix is available.
See Table A-2 on page 29.
NetBackup 7.7.1
Note: Veritas does not have a 7.7.2 package for either Mac OS
or FreeBSD. You must uninstall the 7.7.1 package and install 7.7
and the hotfix. See the NetBackup 7.7 version row in this table.
NetBackup 7.7.2
Note: The 7.7.2 hotfix delivers back-level Java support for the
older releases that require the hotfix.
NetBackup role. Upgrade the computers based on their NetBackup role. The update
order is as follows:
Upgrade order based on computer role
Table 2-3
Step
number
(Conditional) You may wish to apply the hotfix to client systems first. More
information is available.
See Installing the hotfix on NetBackup and the NetBackup Remote Java
Console on page 12.
This step may require a patch to bring the system to the correct version.
Then apply the hotfix.
If clients are required to run the Java Backup, Archive, and Restore
client interface, provision a certificate on each of these clients. More
information on how to provision these certificates is available.
See Deploying a security certificate on a NetBackup host on page 21.
Any remote console systems that connect to these clients must also
have the hot fix applied to allow the Java Backup, Archive, and Restore
client interface to function.
You can pause upgrade activities here and NetBackup continues to operate successfully.
The hotfix is not, however, fully installed until all steps in this procedure are completed.
2
You can pause upgrade activities here and NetBackup continues to operate successfully.
The hotfix is not, however, fully installed until all steps in this procedure are completed.
3
Upgrade all master servers and all computers that use the NetBackup Java
interface to connect to those master servers. These computers can be
media servers, clients, or Windows systems that use the Remote console.
More information is available.
See Installing the hotfix on NetBackup and the NetBackup Remote Java
Console on page 12.
See Installing the hotfix on a NetBackup appliance on page 14.
This step may require a NetBackup patch to each system to bring it to the
correct version. Then apply the hotfix.
10
Table 2-3
Step
number
For each master server, run the command shown. If NetBackup Access
Control (NBAC) is enabled and configured, before you run the command,
set USE_VXSS from REQUIRED to AUTOMATIC. Return the value to its
previous state after you run the command.
This command performs any required initialization, configuration, and
certificate renewal operations on the master server only. Certificates for
other systems are deployed or renewed later in the procedure.
bpnbaz ConfigureAuth force
On UNIX and Linux systems, the directory path to this command is
/usr/openv/netbackup/bin/admincmd/.
On Windows systems, the directory path to this command is
install_path\NetBackup\bin\admincmd\.
Stop and restart all NetBackup processes and services
Stop all NetBackup processes and services as follows:
On Windows systems:
install_path\NetBackup\bin\bpdown -f
On Windows systems:
install_path\NetBackup\bin\bpup -f
Note: This operation is a one-time only operation. Once you run this
command, you do not need to run it again.
5
You can pause upgrade activities here and NetBackup continues to operate successfully.
The hotfix is not, however, fully installed until all steps in this procedure are completed.
11
Table 2-3
Step
number
You can pause upgrade activities here and NetBackup continues to operate successfully.
The hotfix is not, however, fully installed until all steps in this procedure are completed.
8
If your environment contains multiple master servers, you have two choices on how
to proceed.
1.
You perform steps 3 through 7 on one master domain and then move on and
perform steps 3 through 7 on all other domains.
2.
You can perform step 3 on all masters at the same time. Then perform all
subsequent steps on all systems that match as well.
12
Note: For 7.5.0.7 Microsoft Cluster Server environments, you must run an additional
command before applying the hotfix. More information is available.
http://www.veritas.com/docs/000108058
Caution: Please refer to the differences that are noted in this section as there are
some important differences that apply to this hotfix.
Three primary differences exist between the information in the article that is shown
and what is required for this hotfix.
First, Veritas created a single package that contains both the server and the client
binaries. You do not need separate binary packages for servers and clients. The
same installation works for both servers and clients.
Second, you must patch the Remote Java Administration Console. This requirement
only applies to Windows computers that use the Remote Java Administration
Console.
Finally, where the article indicates you should stop specific services, you must stop
all NetBackup services.
Stop all NetBackup processes and services as follows:
On Windows systems:
install_path\NetBackup\bin\bpdown -f
Other than these differences, please follow the instructions that are listed in the
article shown.
13
Post-installation procedures
Veritas recommends that you deploy a security certificate on a NetBackup host
after you finish installing the hotfix on it. You must have the security certificate when
you connect to a NetBackup host through the Java NetBackup Administration
Console or the Java Backup, Archive, and Restore user interface. The NetBackup
Certificate Authority (CA) issues NetBackup host security certificates. More
information about NetBackup hosts security certificates and deploying these
certificates is available.
Veritas NetBackup Administrators Guide, Volume I
http://www.veritas.com/docs/DOC5332
Once the hotfix is correctly installed, you must deploy security certificates to all
NetBackup hosts. More information about security certificates is available.
See Deploying a security certificate on a NetBackup host on page 21.
UNIX or Linux
/usr/openv/netbackup/bin/admincmd/bpnbaz -ConfigureAuth -force
When the command completes, stop and restart all NetBackup processes and
services.
Stop all NetBackup processes and services as follows:
14
On Windows systems:
install_path\NetBackup\bin\bpdown -f
On Windows systems:
install_path\NetBackup\bin\bpup -f
Operational changes
If NBAC is used in the REQUIRED mode: - If a user tries to log into a media
server but the master server cannot authenticate it, the login fails.
See User authentication when NBAC or Enhanced Auditing is enabled
on page 24.
If the user tries to connect to a host with the hotfix from a host without the hotfix,
the login fails. This login error is non-specific and does not deliver exact
information about error condition.
If a user tries to connect to a host without the hotfix from a host with the hotfix,
the user receives a message indicating that the connection is not secure. If the
user selects Yes and connects over an insecure channel, the user name and
password are sent in clear text to the NetBackup host. If the user selects No,
the connection attempt is aborted.
For MacOS, FreeBSD, IBM POWERPC Red Hat, and IBM POWERPC SuSE
hosts, the connection is insecure regardless of the status of the hotfix on those
hosts.
15
After catalog recovery on a master server, you may need to perform specific
tasks to reestablish trust with this master. More information is available.
http://www.veritas.com/docs/000023673
These messages are informational in nature and do not affect the uninstall.
16
Chapter
Deploying security
certificates
This chapter includes the following topics:
NetBackup master server cluster For a NetBackup master server in a cluster solution other
installation
than WSFC, you must deploy a security certificate to all
of the nodes in the cluster.
See Deploying a security certificate on a NetBackup
host on page 21.
Change Server operation in the
NetBackup Administration
Console
18
Figure 3-1
Note: Once you trust the CA certificate, the message is not displayed again when
you connect to any NetBackup host in the same NetBackup domain.
The authenticity of the Certificate Authority can be verified using the following
procedure:
19
Log in to the AT broker host (master server) that owns this certificate and run
the following command:
On Windows:
install_path\NetBackup\sec\at\bin\vssat showcred -p nbatd
On UNIX:
/usr/openv/netbackup/sec/at/bin/vssat showcred p nbatd
Check the output to confirm that the Certificate Hash matches the Root
Certificate Authority fingerprint that is contained in the message.
For example, if the Root Certificate Authority fingerprint in the message
displays the following fingerprint:
88:28:9C:13:A2:24:D2:BC:08:7D:DB:6C:4B:66:05:A7:D3:A7:58:R6
20
On UNIX:
/usr/openv/var/vxss/credentials
The directory might list multiple certificate files. A single host can have a
certificate for each name that it is referred to as.
For example, the NetBackup host can have a fully qualified name
(v-123.acme.com) or it can also be referred to as v-123. The host would have
two certificates.
For each certificate file, run the following command to view the details of the
certificate:
Note: Expired or invalid certificates can cause connection failures.
On Windows:
install_path\NetBackup\bin\bpnbat -whoami -cf path_name\file_name
On UNIX:
/usr/openv/netbackup/bin/bpnbat -whoami -cf path_name/file_name
21
Figure 3-2
22
23
To create a host identity and then deploy a security certificate for a media
server or client
Run the following command on the master server to create an identity for the
target NetBackup host.
Windows: install_path\NetBackup\bin\bpnbat addmachine
target_hostname
Run the following command on the target NetBackup host to obtain a certificate
from the master server and deploy it:
Windows: install_path\NetBackup\bin\bpnbat loginmachine
UNIX: /usr/openv/netbackup/bin/bpnbat loginmachine
Enter the master server name as the authentication broker name when
prompted. Enter the same computer name and password that were used to
create the target host identity on the master server.
Note: If a target host has multiple host names, repeat the steps for each host
name.
24
Figure 3-3
Figure 3-4
These certificates are required when NBAC or Enhanced Auditing are enabled on
NetBackup. The NetBackup Authentication daemon on the master server generates
the user certificates. If the user certificate is not generated, you may have limited
access to NetBackup or your login can fail.
The following are possible reasons why the authentication can fail and the corrective
actions that the user can take:
25
Make sure that you log in using valid credentials that can be authenticated by
the NetBackup Authentication daemon.
26
Appendix
Table A-1
Product and bundle name
Operating
System
Installation files
Java console:
Windows x64
eebinstaller.3871155.1.AMD64.exe
NB_7.7.2_ET3871155_1.zip
Readme file
NB_7_7_2_ET3871155_1.README
NetBackup:
Windows x64
eebinstaller.3871154.1.AMD64.exe
NB_7.7.2_ET3871154_1.zip
HP-UX Itanium
eebinstaller.3871154.1.hpia11.31
RedHat x64
eebinstaller.3871154.1.linuxR_x86_2.6.18
SuSE x64
eebinstaller.3871154.1.linuxS_x86_2.6.16
AIX
eebinstaller.3871154.1.rs6000_61
Solaris SPARC
eebinstaller.3871154.1.solaris10
Solaris x64
eebinstaller.3871154.1.solaris_x86_10_64
IBMZ Redhat
eebinstaller.3871154.1.zlinuxR_2.6.18
IBMZ SuSE
eebinstaller.3871154.1.zlinuxS_3.0.76
Windows x86
Readme file
NB_7_7_2_ET3871154_1.README
OpsCenter
All operating
systems
Appliance:
Appliance
SYMC_NBAPP_EEB_ET3871154-2.7.2.0-1.x86_64.rpm
SYMC_NBAPP_EEB_ET38711542.7.2.0-1.x86_64.rpm
28
Table A-2
Product and bundle name
Operating
System
Installation files
Java consoles:
Windows x64
eebinstaller.3864872.1.AMD64.exe
NB_7.7_ET3864872_1.zip
Readme file
NB_7_7_ET3864872_1.README
NetBackup:
HP-IA64
eebinstaller.3864869.1.hpia11.31
NB_7.7_ET3864869_1.zip
AIX
eebinstaller.3864869.1.rs6000_61
eebinstaller.3864869.1.linuxS_x86_2.6.16
x64 RedHat
Enterprise Linux
eebinstaller.3864869.1.linuxR_x86_2.6.18
SuSE zLinux
eebinstaller.3864869.1.zlinuxS_3.0.76
Windows x64
eebinstaller.3864869.1.AMD64.exe
Windows x86
eebinstaller.3864869.1.x86.exe
Mac OS
eebinstaller.3864869.1.macosx10_8
FreeBSD
eebinstaller.3864869.1.freebsd9.2
Readme file
NB_7_7_ET3864869_1.README
OpsCenter:
Windows x64
OpsCenter_windows_AMD64_77EEB_ET3864871_1.zip
NB_7.7_ET3864871_1.zip
x64 RedHat
Enterprise Linux
OpsCenter_LinuxR_x86_x86_64_77EEB_ET3864871_1.tar.gz
x64 SuSE
Enterprise Linux
OpsCenter_LinuxS_x86_x86_64_77EEB_ET3864871_1.tar.gz
Readme file
NB_7_7_ET3864871_1.README
29
Table A-3
Operating
System
Installation files
Java consoles:
Windows x64
eebinstaller.3865356.1.AMD64
NB_7.6.1.2_ET3865356_1.zip
Readme file
NB_7_6_1_2_ET3865356_1.README
NetBackup:
Windows x64
eebinstaller.3865353.1.AMD64.exe
NB_7.6.1.2_ET3865353_1.zip
FreeBSD
eebinstaller.3865353.1.freebsd6.0
HP-UX Itanium
eebinstaller.3865353.1.hpia11.31
RedHat/Debian
eebinstaller.3865353.1.linuxR_x86_2.6.18
SuSE x64
eebinstaller.3865353.1.linuxS_x86_2.6.16
MacOS
eebinstaller.3865353.1.macosx10_6
Solaris SPARC
eebinstaller.3865353.1.solaris10
Solaris x64
eebinstaller.3865353.1.solaris_x86_10_64
Windows x86
eebinstaller.3865353.1.x86.exe
IBMZ Redhat
eebinstaller.3865353.1.zlinuxR_2.6.18
IBMZ SuSE
eebinstaller.3865353.1.zlinuxS_2.6.16
Readme file
NB_7_6_1_2_ET3865353_1.README
30
Table A-3
Operating
System
Installation files
OpsCenter:
RedHat x64
OpsCenter_LinuxR_x86_x86_64_7612EEB_
ET3865355_1.tar.gz
SuSE x64
OpsCenter_LinuxS_x86_x86_64_7612EEB_
ET3865355_1.tar.gz
Solaris x86_64
OpsCenter_SunOS_i386_7612EEB_
ET3865355_1.tar.gz
Solaris SPARC
OpsCenter_SunOS_sparc_7612EEB_
ET3865355_1.tar.gz
Windows x64
OpsCenter_windows_AMD64_7612EEB_
ET3865355_1.zip
Readme file
NB_7_6_1_2_ET3865355_1.README
Appliance
SYMC_NBAPP_EEB_ET3865353-2.6.1.2-1.x86_64.rpm
NB_7.6.1.2_ET3865355_1.zip
Appliance:
SYMC_NBAPP_EEB_ET3865353
-2.6.1.2-1.x86_64.rpm
31
Table A-4
Product and bundle name
Operating
System
Installation files
Java consoles:
Windows x64
eebinstaller.3865361.1.AMD64
NB_7.6.0.4_ET3865361_1.zip
Readme file
NB_7_6_0_4_ET3865361_1.README
NetBackup:
Windows x64
eebinstaller.3865357.1.AMD64.exe
NB_7.6.0.4_ET3865357_1.zip
FreeBSD
eebinstaller.3865357.1.freebsd6.0
HP-UX PA-RISC
eebinstaller.3865357.1.hp11.11
HP-UX Itanium
eebinstaller.3865357.1.hpia11.31
RedHat/Debian
eebinstaller.3865357.1.linuxR_x86_2.6.18
SuSE x64
eebinstaller.3865357.1.linuxS_x86_2.6.16
MacOS
eebinstaller.3865357.1.macosx10_6
IBM POWERPC
RedHat
eebinstaller.3865357.1.plinuxR_2.6
IBM POWERPC
SuSE
eebinstaller.3865357.1.plinuxS_2.6
AIX
eebinstaller.3865357.1.rs6000_61
Solaris SPARC
eebinstaller.3865357.1.solaris10
Solaris x64
eebinstaller.3865357.1.solaris_x86_10_64
Windows x86
eebinstaller.3865357.1.x86.exe
IBMZ Redhat
eebinstaller.3865357.1.zlinuxR_2.6.18
IBMZ SuSE
eebinstaller.3865357.1.zlinuxS_2.6.16
Readme file
NB_7_6_0_4_ET3865357_1.README
32
Table A-4
Operating
System
Installation files
OpsCenter:
RedHat x64
OpsCenter_LinuxR_x86_x86_64_7604EEB_
ET3865360_1.tar.gz
SuSE x64
OpsCenter_LinuxS_x86_x86_64_7604EEB_
ET3865360_1.tar.gz
Solaris x86_64
OpsCenter_SunOS_i386_7604EEB_
ET3865360_1.tar.gz
Solaris sparc
OpsCenter_SunOS_sparc_7604EEB_
ET3865360_1.tar.gz
Windows x64
OpsCenter_windows_AMD64_7604EEB_
ET3865360_1.zip
Readme file
NB_7_6_0_4_ET3865360_1.README
Appliance
SYMC_NBAPP_EEB_ET3865357-2.6.0.4-1.x86_64.rpm
NB_7.6.0.4_ET3865360_1.zip
Appliance:
SYMC_NBAPP_EEB_ET3865357
-2.6.0.4-1.x86_64.rpm
33
Table A-5
Product and bundle name
Operating
System
Installation files
Java consoles:
Windows x64
eebinstaller.3865365.1.AMD64.exe
NB_7.5.0.7_ET3865365_1.zip
Windows x86
eebinstaller.3865365.1.x86.exe
Readme file
NB_7_5_0_7_ET3865365_1.README
NetBackup:
Windows x64
eebinstaller.3865362.1.AMD64.exe
NB_7.5.0.7_ET3865362_1.zip
FreeBSD
eebinstaller.3865362.1.freebsd6.0
HP-UX PA-RISC
eebinstaller.3865362.1.hp11.11
HP-UX Itanium
eebinstaller.3865362.1.hpia11.31
RedHat Itanium
eebinstaller.3865362.1.linuxR_ia64_2.6
RedHat/Debian
eebinstaller.3865362.1.linuxR_x86_2.6.18
SuSE Itanium
eebinstaller.3865362.1.linuxS_ia64_2.6
SuSE x64
eebinstaller.3865362.1.linuxS_x86_2.6.16
Mac OS
eebinstaller.3865362.1.macosx10_6
IBM POWERPC
RedHat
eebinstaller.3865362.1.plinuxR_2.6
IBM POWERPC
SuSE
eebinstaller.3865362.1.plinuxS_2.6
AIX
eebinstaller.3865362.1.rs6000_53
Solaris 10
eebinstaller.3865362.1.solaris10
Solaris 9
eebinstaller.3865362.1.solaris9
Solaris x64
eebinstaller.3865362.1.solaris_x86_10_64
Windows x86
eebinstaller.3865362.1.x86.exe
IBMZ Redhat
eebinstaller.3865362.1.zlinuxR_2.6.18
IBMZ SuSE
eebinstaller.3865362.1.zlinuxS_2.6.16
Readme file
NB_7_5_0_7_ET3865362_1.README
34
Table A-5
Product and bundle name
Operating
System
Installation files
OpsCenter:
AIX
OpsCenter_AIX_powerpc_7507EEB_
ET3865364_1.tar.gz
HP-UX
OpsCenter_HP-UX_ia64_7507EEB_
ET3865364_1.tar.gz
RedHat
OpsCenter_LinuxR_x86_x86_64_7507EEB_
ET3865364_1.tar.gz
SuSE
OpsCenter_LinuxS_x86_x86_64_7507EEB_
ET3865364_1.tar.gz
Solaris x86_64
OpsCenter_SunOS_i386_7507EEB_
ET3865364_1.tar.gz
Solaris SPARC
OpsCenter_SunOS_sparc_7507EEB_
ET3865364_1.tar.gz
Windows x64
OpsCenter_windows_AMD64_7507EEB_
ET3865364_1.zip
Windows x86
OpsCenter_windows_x86_7507EEB_ET3865364_1.zip
Readme file
NB_7_5_0_7_ET3865364_1.README
Appliance
SYMC_NBAPP_EEB_ET3865362-2.5.4.0-1.x86_64.rpm
NB_7.5.0.7_ET3865364_1.zip
Appliance:
SYMC_NBAPP_EEB_ET38653622.5.4.0-1.x86_64.rpm
35