Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section I. Identity and access management
  7. Enhanced Auditing
  9. Configuring Enhanced Auditing
  11. Configuration requirements if using Change Server with NBAC or Enhanced Auditing
NetBackup™ Security and Encryption Guide

Configuration requirements if using Change Server with NBAC or Enhanced Auditing

Additional configuration is required to perform the Change Server operation if NetBackup Access Control or Enhanced Auditing is used.

The following steps assume that NBAC or Enhanced Auditing is already configured.

Configuration to support the Change Server operation: fromServer -> toServer

  • Add fromServer to the host properties Additional Servers list on toServer.

  • If fromServer and toServer are from different NetBackup domains (media servers of different primary servers):

    • Use the vssat command to set up trust between the primary servers of fromServer and toServer. (See Changing a server across NetBackup domains. Refer to step 2 in the procedure.)

    • Add the primary server of fromServer to the host properties Additional Servers list on toServer.

  • If fromServer or toServer are media servers:

    • Use the bpnbaz - ProvisionCert command to deploy the security (Machine) certificate if needed. ( See Connecting to a media server with Enhanced Auditing.)

Additional configuration steps

To use the auth.conf file:

  • Add the USER entry to the auth.conf file on each server.

  • If NBAC is enabled, run the nbsetconfig on each server to add the entry: USE_AUTH_CONF_NBAC = YES

To use the Remote Administration Console:

  • Set up trust with each primary server by using either the vssat command or explicitly log on to each server at least once. (See Changing a server across NetBackup domains. Refer to step 2 in the procedure.)

To troubleshoot the configuration after setup, use nslookup and bptestnetconn -a -s to check server communications.

Feedback

Was this page helpful?
Previous

Changing a server across NetBackup domains

Next

Disabling Enhanced Auditing

Feedback

Was this page helpful?