Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Deduplication Guide
  5. Configuring deduplication
  7. Configuring MSDP replication to a different NetBackup domain
  9. Enabling NetBackup clustered primary server inter-node authentication
NetBackup™ Deduplication Guide

Enabling NetBackup clustered primary server inter-node authentication

NetBackup requires inter-node authentication among the primary servers in a cluster. For authentication, you must provision an authentication certificate on all of the nodes of the cluster. The certificates are used to establish SSL connections between the NetBackup hosts. The inter-node authentication allows the following NetBackup functionality:

NetBackup Administration Console

The NetBackup Administration Console in primary server clusters requires the NetBackup authentication certificates for correct functionality.

Targeted A.I.R. (Auto Image Replication)

Auto Image Replication in which a primary server is in a cluster requires inter-node authentication among the hosts in that cluster. The NetBackup authentication certificates provide the means to establish the proper trust relationships.

Provision the certificates on the cluster hosts before you add the trusted primary server. This requirement applies regardless of whether the clustered primaryed server is the source of the replication operation or the target.

See About trusted primary servers for Auto Image Replication.

To enable clustered primary server inter-node authentication

  • On the active node of the NetBackup primary server cluster, run the following NetBackup command:

    • Windows: install_path\NetBackup\bin\admincmd\bpnbaz -setupat

    • UNIX: /usr/openv/netbackup/bin/admincmd/bpnbaz -setupat

    NetBackup creates the certificates on every node in the primary server cluster.

    The following is example output:

    # bpnbaz -setupat
You will have to restart Netbackup services on this machine after 
the command completes successfully.
Do you want to continue(y/n)y
Gathering configuration information.
Please be patient as we wait for 10 sec for the security services 
to start their operation.
Generating identity for host 'bit1.remote.example.com'
Setting up security on target host: bit1.remote.example.com
nbatd is successfully configured on Netbackup Primary Server.
Operation completed successfully.

Feedback

Was this page helpful?
Previous

Removing a trusted primary server

Next

Configuring NetBackup CA and NetBackup host ID-based certificate for secure communication between the source and the target MSDP storage servers

Feedback

Was this page helpful?