Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Deduplication Guide
  5. Quick start
  7. About Auto Image Replication (A.I.R.)
NetBackup™ Deduplication Guide

About Auto Image Replication (A.I.R.)

The backups that are generated in one NetBackup domain can be replicated to storage in one or more target NetBackup domains. This process is referred to as Auto Image Replication (A.I.R.).

Table: Supported A.I.R. models

Model

Description

One-to-one model

A single production data center can back up to a disaster recovery site.

One-to-many model

A single production data center can back up to multiple disaster recovery sites.

Many-to-one model

Remote offices in multiple domains can back up to a storage device in a single domain.

Many-to-many model

Remote data centers in multiple domains can back up multiple disaster recovery sites.

NetBackup supports the following storage types for A.I.R.:

  • Media Server Deduplication Pool (MSDP)

  • An OpenStorage disk appliance that supports replication

NetBackup uses storage lifecycle policies (SLP) in the source domain and the target domain to manage A.I.R. operations. The following table is a process overview of A.I.R., generally describing the events in the originating and target domains.

Table: Process overview of A.I.R.

Event

Domain in which event occurs

Event description

1

The originating master server (Domain 1)

Clients are backed up according to a backup policy that indicates a storage lifecycle policy as the policy storage selection. After the backup, images are replicated from original domain to the target domain.

2

The target master server (Domain 2)

The storage server in the target domain recognizes that a replication event has occurred. It notifies the NetBackup master server in the target domain.

3

The target master server (Domain 2)

NetBackup imports the image immediately, based on an SLP that contains an import operation.

4

The target master server (Domain 2)

After the image is imported into the target domain, NetBackup continues to manage the copies in that domain.

Figure: Typical A.I.R. setup is a typical A.I.R. setup that shows an image that is replicated from one source domain to one target domain.

Figure: Typical A.I.R. setup

Typical A.I.R. setup
Configuring Auto Image Replication (A.I.R.)

NetBackup provides the ability to establish a trust relationship between replication domains. A trust relationship is optional for an MSDP as the target storage.

The following items describe how a trust relationship affects A.I.R.:

  • No trust relationship - NetBackup replicates to all defined target storage servers. You cannot select a specific host or hosts as a target.

  • Trust relationship - You can select a subset of your trusted domains as a target for replication. NetBackup only replicates to the specified domains rather than to all configured replication targets. This type of A.I.R. is known as targeted A.I.R.

To set up a master server for A.I.R.

  1. On the master server of the source domain, open the NetBackup Administration Console, select NetBackup Management > Host Properties > Master Servers.
  2. Double-click on the master server. In the Master Server Properties dialog box, in the left pane, click on Servers.
  3. Select the Trusted Master Servers tab.
  4. Click Add.
  5. Add the name of the master server for the target domain in the Trusted Master Server field.
  6. Click Validate Certificate Authority.
  7. Use one of the following methods for authentication:

    • Select Specify authentication token of the trusted master server and then enter the token in the Token field.

      To create a token, review the Creating authorization tokens section in the NetBackup Security and Encryption Guide

    • Select Specify credentials of the trusted master server and then enter a User name and Password in the fields.

  8. Click OK to complete the setup.
  9. Repeat these steps in the target domain. Use the source master server name as the master server name in the Validate Certificate Authority field.
  10. Configure storage server at both source domain and target domain.

    The image is replicated from one storage server in the source domain to one storage server in the target domain. The image is needed to configure the MSDP at the source domain and the target domain. Use the Java GUI to configure the MSDP storage server, disk pool, and storage unit.

Deploying the certificate at storage server of source domain

MSDP supports secure communications between two media servers from two different NetBackup domains. The secure communication is set up when you run A.I.R.. The two media servers must use the same CA to do the certificate security check. The source MSDP server uses the Certificate Authority (CA) of the target NetBackup domain and the certificate that the target NetBackup domain authorized. You must manually deploy CA and the certificate on the source MSDP server before using A.I.R..

To configure the NetBackup CA and a NetBackup host ID-based certificate

  1. On the source MSDP storage server, run the following command to get the NetBackup CA from target NetBackup master server:

    • Windows:

      install_path\NetBackup\bin
\nbcertcmd -getCACertificate -server target_master_server

    • UNIX:

      /usr/openv/netbackup/bin
/nbcertcmd -getCACertificate -server target_master_server
  2. On the source MSDP storage server, run the following command to get the certificate generated by target NetBackup master server:

    • Windows:

      install_path\NetBackup\bin
\nbcertcmd -getCertificate 
-server target_master_server -token token_string

    • UNIX:

      /usr/openv/netbackup/bin
/nbcertcmd -getCertificate 
-server target_master_server -token token_string
Setting up the MSDP replication target

Images are replicated from source domain MSDP storage server to target domain MSDP storage server. The target MSDP server is the replication target of the source MSDP server. Use the Java GUI at the source domain to setup the replication target.

To set up the replication target

  1. On the master server of the source domain, open the NetBackup Administration Console, select Media and Device Management > Credentials > Storage Servers.
  2. Double-click on the source domain MSDP server.
  3. In the Replicaiton tab, click on Add. Fill in the required information.

    The Target storage server name is the host name of the MSDP storage server in the target domain. The User name and Password is the credential used to configure the MSDP server in target domain.

Configuring a Storage Lifecycle Policy (SLP) for A.I.R.

To run a target A.I.R., you need to create an SLP at both the source domain and the target domain. Use Java GUI to create an import SLP.

Follow the procedures in Table: To configure an SLP to configure the SLP.

Table: To configure an SLP

At target domain:

  1. Open the NetBackup Administration Console, select NetBackup Management > Storage > Storage Lifecycle Policies.

  2. Click the New Storage Lifecycle Policy option, or right-click the blank area of the SLP list view and select the New Storage Lifecycle Policy to create an SLP.

  3. Type in the SLP name at the New Storage Lifecycle Policy dialog and then click Add.

  4. Select the Import option from the Operation drop down list.

  5. In the Destination storage, select the storage unit of the target MSDP storage server from the drop-down. Click OK option to complete the SLP creation.

At source domain:

  1. Open the NetBackup Administration Console, select NetBackup Management > Storage > Storage Lifecycle Policies.

  2. Click the New Storage Lifecycle Policy option, or right-click the blank area of the SLP list view and select the New Storage Lifecycle Policy to create an SLP.

  3. Type in the SLP name at the New Storage Lifecycle Policy dialog and then click Add.

  4. In the New Operation dialog, select the Backup option from the Operation drop down list.

  5. In the Destination storage, select the storage unit of the source MSDP storage server from the drop-down. Click OK.

  6. Click the newly added operation Backup item to highlight it and then click the Add option.

  7. At the New Operation dialog select Replication option from the Operation drop down list.

  8. Click the A specific Master server option item. Select the target master server from the Target master server drop down list.

  9. Select the SLP name from the Target import SLP drop down list. Click OK on the New Operation dialog.

  10. Click OK on the New Storage Lifecycle Policy dialog box.

Create a backup policy to perform a backup and run the SLP.

At the source domain, create a backup and use the SLP as Policy storage. Run the backup and after the backup runs, the replication job at the source domain runs. After a short period of time, the import job at the target domain runs. The target domain manages the replicated image at the target storage server.

Feedback

Was this page helpful?
Previous

Configuring the MSDP node cloud tier

Next

Planning your deployment

Feedback

Was this page helpful?