If you have a NetBackup environment that uses the online hot catalog backup method, no additional configuration is needed to include the NetBackup Authentication and Authorization databases in the catalog backup.
Upgrading NetBackup 7.5 when an older version of NetBackup is using a root broker installed on a remote machine
You can use the following steps for upgrading NetBackup 7.5 when an older version of NetBackup is using a root broker installed on a remote machine.
Access control security
Upgrading NetBackup Access Control (NBAC) 174
Upgrading NetBackup 7.5 when an older version of NetBackup is using a root broker installed on a remote machine
1
Before upgrading to NetBackup 7.5, stop the NetBackup services and disable NBAC by settingUSE_VXSS=PROHIBITED. To set the new value forUSE_VXSS, run the following command. Then start the NetBackup 7.5 upgrade.On UNIX platforms, use
/usr/openv/netbackup/bin/admincmd/bpsetconfig bpsetconfig> USE_VXSS=PROHIBITED
bpsetconfig>Crtl + D (to save and quit).
On Windows, use
C:\Program Files\Veritas\NetBackup\bin\admincmd\bpsetconfig bpsetconfig> USE_VXSS=PROHIBITED
bpsetconfig> Crtl + Z + Enter (to save and quit).
2
Once the NetBackup 7.5 upgrade is completed then migrates the remote root broker (RB) and local shared authentication broker (AB) into NetBackup 7.5 by using theatutiltool which is shipped with NetBackup 7.5.3
Copy theatutilutility from the NetBackup computer to the root broker computer.On UNIX Platforms, copy the/usr/openv/netbackup/sec/at/bin/atutil file from NetBackup computer to the root broker computer.
On Windows, copy theC:\Program
Files\Veritas\NetBackup\sec\at\bin\atutil.exefile from NetBackup computer to the root broker computer.
4
Change directory to where theatutilcommand was copied. Then export the root broker by running theatutil export -r -f <RB output xml file>-p <password>command.
5
Copy the exported file to NetBackup computer.175 Access control security Upgrading NetBackup 7.5 when an older version of NetBackup is using a root broker installed on a remote machine
6
Import the root broker into the NetBackup computer by executing the following command.On UNIX platforms, execute /usr/openv/netbackup/sec/at/bin/atutil import -z /usr/openv/var/global/vxss/eab/data/ -f <RB output xml file> -p <password>
On Windows, executeC:\Program
Files\Veritas\NetBackup\sec\at\bin\atutil import -z C:\Program Files\Veritas\NetBackup\var\global\vxss\eab\data -f <RB output xml file> -p <password>
On cluster computers, the -z option should point to the shared drive.
7
Configure the NetBackup authentication service inR+ABmode by running the following command.On UNIX platforms, run/usr/openv/netbackup/sec/at/bin/vssregctl -s -f
/usr/openv/var/global/vxss/eab/data/root/.VRTSat/profile/VRTSatlocal.conf -b "Security\Authentication\Authentication Broker" -k Mode -t int -v 3
On Windows, runC:\Program
Files\Veritas\NetBackup\sec\at\bin\vssregctl -s -f C:\Program Files\VERITAS\NetBackup\var\global\vxss\eab\data\systemprofile\VRTSatlocal.conf -b "Security\Authentication\Authentication Broker" -k Mode -t int -v 3
On cluster computers set the –f option to point to the shared drive.
8
Set the value ofUSE_VXSS to AUTOMATICto start the authentication service.To set a new value forUSE_VXSSrun following command.
On UNIX platforms,
/usr/openv/netbackup/bin/admincmd/bpsetconfig bpsetconfig> USE_VXSS=AUTOMATIC
bpsetconfig> Crtl + D (to save and quit).
On Windows,
C:\Program Files\Veritas\NetBackup\bin\admincmd\bpsetconfig bpsetconfig> USE_VXSS=AUTOMATIC
bpsetconfig> Crtl + Z + Enter (to save and quit).
Access control security
Upgrading NetBackup 7.5 when an older version of NetBackup is using a root broker installed on a remote machine 176
9
Start the NetBackup 7.5 authentication service by running the following command.On UNIX platforms, run/usr/openv/netbackup/bin/nbatd. On Windows, runnet start nbatd.
10
Reset the value of USE_VXSS to PROHIBITED.On UNIX platforms manually edit the/usr/openv/netbackup/bp.conffile and setUSE_VXSS to PROHIBITED.
On Windows, open the registry entry for
HKEY_LOCAL_MACHINE\SOFTWARE\Veritas\NetBackup\CurrentVersion\Config and set the value ofUSE_VXSS to PROHIBITED.
11
Export the shared AB domain and import it into NetBackup 7.5 by running the following command.On UNIX platforms, execute the following commands in sequence.
/usr/openv/netbackup/sec/at/bin/atutil export -t ab -f
<AB output xml file> -p <password>
/usr/openv/netbackup/sec/at/bin/atutil import -z
/usr/openv/var/global/vxss/eab/data/ -f <AB output xml file> -p
<password>.
On Windows, execute the following commands in sequence.
C:\Program Files\Veritas\NetBackup\sec\at\bin\atutil export -t ab -d broker -f <AB output xml file> -p <password>
C:\Program Files\Veritas\NetBackup\sec\at\bin\atutil import -z C:\Program Files\Veritas\NetBackup\var\global\vxss\eab\data -f
<AB output xml file> -p <password>
On cluster computers the –z option should point to the shared drive.
12
Start the NetBackup 7.5 authorization service by executing the following commands.On UNIX platforms, run/usr/openv/netbackup/bin/nbazd -f. On Windows, run net start nbazd.
177 Access control security Upgrading NetBackup 7.5 when an older version of NetBackup is using a root broker installed on a remote machine
13
Logon into the shared AZ service.On UNIX platforms, run/opt/VRTSaz/bin/vssaz login --domain localhost.
On Windows x86 platforms, run C:\Program
Files\VERITAS\Security\Authorization\bin\ vssaz login --domain localhost.
On Windows X64 platforms, runC:\Program Files
(x86)\VERITAS\Security\Authorization\bin\ vssaz login --domain localhost .
14
Find the NetBackup APS name from the shared AZ using the following command.On UNIX platforms, run/opt/VRTSaz/bin/vssaz listaps. On Windows x86 platforms, runC:\Program
Files\VERITAS\Security\Authorization\bin\ vssaz listaps. On Windows X64 platforms, runC:\Program Files
(x86)\VERITAS\Security\Authorization\bin\ vssaz listaps.
15
Export the NetBackup resource collection from the shared AZ by running the following command.On UNIX platforms, run/opt/VRTSaz/bin/vssaz rcexport --toplevelrcname <NBU APS name>.
On Windows x86 platforms, runC:\Program
Files\VERITAS\Security\Authorization\bin\vssaz rcexport --toplevelrcname <NBU APS name>.
On Windows x64 platforms, runC:\Program Files
(x86)\VERITAS\Security\Authorization\bin\vssaz rcexport --toplevelrcname <NBU APS name>.
16
Logout from the shared AZ using the following command.On UNIX platforms, run/opt/VRTSaz/bin/vssaz logout. On Windows x86 platforms, runC:\Program
Files\VERITAS\Security\Authorization\bin\ vssaz logout. On Windows x64 platforms, runC:\Program Files
(x86)\VERITAS\Security\Authorization\bin\ vssaz logout. Access control security
Upgrading NetBackup 7.5 when an older version of NetBackup is using a root broker installed on a remote machine 178
17
Logon to NetBackup 7.5 AZ using the following command.On UNIX platforms, run/usr/openv/netbackup/sec/az/bin/vssaz login --domain localhost.
On Windows, runC:\Program Files\Veritas\NetBackup\sec\az\bin\
vssaz login --domain localhost.
18
Import the NetBackup resource collection from shared AZ into NetBackup 7.5 using the following command.On UNIX platforms, run/usr/openv/netbackup/sec/az/bin/vssaz rcimport --location /var/VRTSaz/objdb/export/<OID>/rc_<OID>.xml.
On Windows x86 platforms, runC:\Program
Files\Veritas\NetBackup\sec\az\bin\ vssaz rcimport --location C:\Program Files\VERITAS\Security\Authorization\data\objdb\export
\<OID>\rc_<OID>.xml.
On Windows x64 platforms, runC:\Program
Files\Veritas\NetBackup\sec\az\bin\ vssaz rcimport --location C:\Program Files
(x86)\VERITAS\Security\Authorization\data\objdb\export
\<OID>\rc_<OID>.xml.
19
Restart the NetBackup service inUSE_VXSS = PROHIBITEDmode.20
Run thesetupmastercommand.21
Restart the NetBackup service.Configuring NetBackup Access Control (NBAC) for NetBackup pre-7.0 media server and client computers
Note:This procedure is applicable only for NetBackup pre-7.0 media server and client computers. NetBackup release 7.0 and forward uses embedded clients.
You can use the following procedure to configure the NetBackup Access Control (NBAC) for NetBackup pre-7.0 media and client computers.
179 Access control security Configuring NetBackup Access Control (NBAC) for NetBackup pre-7.0 media server and client computers
Configuring the NetBackup Access Control (NBAC) for NetBackup pre-7.0 media server and client computers
1
Install the Authentication and Authorization client packages on the target computer.If the target computer is a NetBackup client, then install the authentication client only. If the target computer is a NetBackup media server, install both the authentication clients and authorization clients.
You can choose to install both the client binaries and server binaries on the target computer, but there is no need to configure the servers. You need to install the authentication packages and authorization packages that are available on the Infrastructure Common Services (ICS) DVDs shipped with the older NetBackup media. The authentication binaries and authorization binaries available with NetBackup 7.5 may not be compatible with the older NetBackup media servers or clients.
On UNIX platforms, use theinstallicsutility to install the authentication packages and authorization packages.
On Windows, useVxSSVRTSatSetup.exeandVRTSazSetup.exe.
Please refer to the older NetBackup documentation for more details on how to install authentication and authorization clients.
2
Run bpnbaz -setupmediafrom the master server and provide passwords for pre-7.0 media servers.3
Set up the proper access control host properties for the target media server or the client host.See“Accessing the master server and media server host properties”
on page 183. for the media servers. See“Accessing the client host properties”
on page 187. for the clients.