Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Deduplication Guide
  5. Configuring isolated recovery environment (IRE)
  7. Managing an isolated recovery environment on a NetBackup BYO media server
NetBackup™ Deduplication Guide

Managing an isolated recovery environment on a NetBackup BYO media server

Once you have configured an isolated recovery environment on a NetBackup BYO media server, you can manage it from the media server.

Use the following commands:

To view the SLP windows from the primary server to the WORM instance:

  • /usr/openv/pdde/shell/bin/show_slp_windows --production_primary_server production primary server name --production_primary_server_username production primary server username --ire_primary_server target primary server name --ire_primary_server_username target primary server username

    Where:

    • The production primary server name is the fully qualified domain name (FQDN) of the primary server in your production environment.

    • The production primary server username is the username of a NetBackup user with permission to list SLPs and SLP windows in the production environment.

      The production primary server username must be in domain_name\user_name format on Windows.

    • The target primary server name is the FQDN of the primary server in the IRE. Use the same hostname that you used to configure the SLPs in the production environment.

    • The target primary server username is the username of a NetBackup user with permission to list the SLPs and storage units in the IRE environment.

      For example:

      The target primary server username must be in domain_name\user_name format on Windows.

      production_primary_server=examplePrimary.domain.com production_primary_server_username=appadmin ire_primary_server=exampleIREPrimary.domain.com ire_primary_server_username=appadmin

To view the allowed IP addresses and subnets

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control show-allows

To add IP addresses and subnets to the allowed list

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control allow-subnets --subnets CIDR subnets or IP addresses

    The CIDR subnets or IP addresses field is a comma-separated list of the allowed IP addresses and subnets, in CIDR notation.

    For example:

    /usr/openv/pdde/shell/bin/ire_network_control allow-subnets --subnets 10.60.120.208,10.74.48.0/20

    Note:

    The IRE primary server, the IRE media servers, and the DNS server for the IRE environment must be included in the allowed list. If all these servers are in the same subnet, only the subnet is required to be in the allowed list.

    Note:

    If your network environment is dual stack, ensure that both IPv4 and IPv6 subnets and IP addresses of the IRE domain are configured in allowed subnets. For example, if you specify only IPv6 subnets in the allowed subnet, all the IPv4 addresses are not allowed to access the IRE storage server.

To remove the IP addresses and subnets from the allowed list

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control allow-subnets --subnets

To view the daily air gap schedule

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control show-schedule

To change the air gap schedule

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control set-schedule --start_time time --duration duration [--weekday weekday in 0-6]

    For example:

    /usr/openv/pdde/shell/bin/ire_network_control set-schedule --start_time 10:00:00 --duration 03:00:00

    Note:

    The SLP replication window on the production domain must be configured to be open at the same time as the IRE schedule.

To stop the air gap schedule

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control delete-schedule [--weekday weekday in 0-6]

    Note:

    You can delete an IRE window for a specific weekday.

To view the current network status and check whether the external network is open or closed

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control external-network-status

To manually open the external network

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control external-network-open

To manually close the external network and resume the air gap schedule

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control resume-schedule

To add MSDP reverse connection

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control reverse-connection --add source msdp server [--remote_primary source primary server] [--local_addr local msdp server]

To remove MSDP reverse connection

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control reverse-connection --remove source msdp server

To list configured MSDP reverse connections

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control reverse-connection --list

To validate if a specific reverse connection works

  • Run the following command:

    /usr/openv/pdde/shell/bin/ire_network_control reverse-connection --validate source msdp server

Feedback

Was this page helpful?
Previous

Configuring an isolated recovery environment on a NetBackup BYO media server

Next

Configuring AIR for replicating backup images from production environment to IRE BYO environment

Feedback

Was this page helpful?