[Veritas-bu] NBAC vs hot catalog
We are setting up NBAC in our NetBackup environments but came to the conclusion that hot catalog backups are not longer working / supported when you run vxss in restricted mode. Does anyone of you could think of a workaround ? The 2 possible workarounds I see are: - cold catalog backup every month and daily backup of the images and class folder - realtime for the catalog Best Regards, Bart WALLEBROEK ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Re: [Veritas-bu] NBAC vs hot catalog
Why do think that hot catalog backup does not work or is not supported with NBAC? /Girish --- On Mon, 9/13/10, WALLEBROEK Bart wrote: > From: WALLEBROEK Bart > Subject: [Veritas-bu] NBAC vs hot catalog > To: "veritas-bu@mailman.eng.auburn.edu" > Date: Monday, September 13, 2010, 4:50 PM > We are setting up NBAC in our > NetBackup environments but came to the conclusion that hot > catalog backups are not longer working / supported when you > run vxss in restricted mode. > > Does anyone of you could think of a workaround ? > > The 2 possible workarounds I see are: > - cold catalog backup every month and daily backup of the > images and class folder > - realtime for the catalog > > Best Regards, > Bart WALLEBROEK > ___ > Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu > http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu > ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Re: [Veritas-bu] NBAC vs hot catalog
Page 203 of Security and Encryption Guide : Including authentication and authorization databases in NetBackup hot catalog backups In NetBackup environments using the online hot catalog backup method: no additional configuration is needed to include the Symantec Product Authentication Service and Symantec Product Authorization Service databases in the catalog backup. Note: Hot catalog backup does not run in the NBAC mode REQUIRED. Which I believe is weird because on 1 side you want to secure NetBackup but on the other side you can no longer take any backups of your catalog. Not even cold ones because this is no longer supported as of NBU 7. We contacted Symantec support and they do not have any workaround for this. Best Regards, Bart WALLEBROEK Backup Admin & Systems & Applications Management & Support Specialist Enterprise Applications Delivery - Infrastructure Management Tel: + 32 2 655 30 75Mobile: + 32 478 31 61 77 S.W.I.F.T. SCRL Have you visited http://www.swift.com/support lately? In the Knowledge Base, you will find a lot of information. If you have a question, you can report it online using Case Manager. This e-mail and any attachments thereto may contain information which is confidential and/or proprietary and intended for the sole use of the recipient(s) named above. If you have received this e-mail in error, please immediately notify the sender and delete the mail. Thank you for your co-operation. SWIFT reserves the right to retain e-mail messages on its systems and, under circumstances permitted by applicable law, to monitor and intercept e-mail messages to and from its systems. -Original Message- From: Girish Jorapurkar [mailto:giris...@yahoo.com] Sent: Monday, September 13, 2010 4:30 PM To: veritas-bu@mailman.eng.auburn.edu; WALLEBROEK Bart Subject: Re: [Veritas-bu] NBAC vs hot catalog Why do think that hot catalog backup does not work or is not supported with NBAC? /Girish --- On Mon, 9/13/10, WALLEBROEK Bart wrote: > From: WALLEBROEK Bart > Subject: [Veritas-bu] NBAC vs hot catalog > To: "veritas-bu@mailman.eng.auburn.edu" > Date: Monday, September 13, 2010, 4:50 PM > We are setting up NBAC in our > NetBackup environments but came to the conclusion that hot > catalog backups are not longer working / supported when you > run vxss in restricted mode. > > Does anyone of you could think of a workaround ? > > The 2 possible workarounds I see are: > - cold catalog backup every month and daily backup of the > images and class folder > - realtime for the catalog > > Best Regards, > Bart WALLEBROEK > ___ > Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu > http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu > ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Re: [Veritas-bu] NBAC vs hot catalog
I can think of a possible workaround, but it depends on relaxing security for requests originating on master server and applying granular tightened security at network/domain level. Let me explain: - Hot catalog backup does not work with NBAC because DB agent (that backs up EMM database) does not support NBAC. But the DB agent that backs up EMM db runs on the master server. - So, we need to relax NBAC on the master server without relaxing for others. ---> This compromise should be acceptable <--- USE_VXSS = AUTOMATIC VXSS_NETWORK = localhost AUTOMATIC VXSS_NETWORK = AUTOMATIC VXSS_NETWORK = REQUIRED - A dot followed by the Internet domain name of the remote systems. - The network of the remote systems followed by a dot. (Refer: NB Admin Guide Vol II) - The order of VXSS_NETWORK entries above is important. Relaxing NBAC on master means - the master server root/administrator can bypass NBAC by not doing bpnbat login. All non-root user must use NBAC (bpbnat login) anyways. If acceptable, give it a try. Regards, /Girish --- On Tue, 9/14/10, WALLEBROEK Bart wrote: > From: WALLEBROEK Bart > Subject: RE: [Veritas-bu] NBAC vs hot catalog > To: "Girish Jorapurkar" , > "veritas-bu@mailman.eng.auburn.edu" > Date: Tuesday, September 14, 2010, 2:23 PM > Page 203 of Security and Encryption > Guide : > > > Including authentication and > authorization databases in NetBackup hot catalog backups > In NetBackup environments using the > online hot catalog backup method: no > additional configuration is needed to > include the Symantec Product Authentication > Service and Symantec Product > Authorization Service databases in the catalog > backup. > > > Note: Hot catalog backup does not run in > the NBAC mode REQUIRED. > > > > Which I believe is weird because on 1 side you want to > secure NetBackup but on the other side you can no longer > take any backups of your catalog. Not even cold ones > because this is no longer supported as of NBU 7. > We contacted Symantec support and they do not have any > workaround for this. > > > > Best Regards, > Bart WALLEBROEK > Backup Admin & Systems & Applications Management > & Support Specialist > Enterprise Applications Delivery - Infrastructure > Management > Tel: + 32 2 655 30 75Mobile: + 32 478 31 61 77 > S.W.I.F.T. SCRL > > Have you visited http://www.swift.com/support lately? In > the Knowledge Base, you will find a lot of information. If > you have a question, you can report it online using Case > Manager. > > This e-mail and any attachments thereto may contain > information which is confidential and/or proprietary and > intended for the sole use of the recipient(s) named above. > If you have received this e-mail in error, please > immediately notify the sender and delete the mail. Thank you > for your co-operation. SWIFT reserves the right to retain > e-mail messages on its systems and, under circumstances > permitted by applicable law, to monitor and intercept e-mail > messages to and from its systems. > > -----Original Message- > From: Girish Jorapurkar [mailto:giris...@yahoo.com] > > Sent: Monday, September 13, 2010 4:30 PM > To: veritas-bu@mailman.eng.auburn.edu; > WALLEBROEK Bart > Subject: Re: [Veritas-bu] NBAC vs hot catalog > > Why do think that hot catalog backup does not work or is > not supported with NBAC? > > /Girish > > --- On Mon, 9/13/10, WALLEBROEK Bart > wrote: > > > From: WALLEBROEK Bart > > Subject: [Veritas-bu] NBAC vs hot catalog > > To: "veritas-bu@mailman.eng.auburn.edu" > > > Date: Monday, September 13, 2010, 4:50 PM > > We are setting up NBAC in our > > NetBackup environments but came to the conclusion that > hot > > catalog backups are not longer working / supported > when you > > run vxss in restricted mode. > > > > Does anyone of you could think of a workaround ? > > > > The 2 possible workarounds I see are: > > - cold catalog backup every month and daily backup of > the > > images and class folder > > - realtime for the catalog > > > > Best Regards, > > Bart WALLEBROEK > > ___ > > Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu > > http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu > > > > > > ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
