Configuring NetBackup client as the scan host
NetBackup malware scanning feature requires configuration of an additional host (a scan-host).
Before configuring scan host ensure that the following prerequisites are met:
See Prerequisites for a scan host.
Configuring NetBackup client as the scan host
- Install NFS client by running the following command on PowerShell:
Install-WindowsFeature -Name NFS-Client
- Enable UID mapping by running the following commands on PowerShell to enable NFS user mapping:
PS C:\Users\Administrator> Set-NfsMappingStore -EnableUNMLookup $True -UNMServer localhost PS C:\Users\Administrator> nfsadmin mapping The following are the settings on localhost Mapping Server Lookup : Enabled Mapping Server : localhost AD Lookup : Disabled AD Domain
- Run the configuration script as follows:
For Linux: /usr/openv/netbackup/bin/goodies/nbscanhostconfigcmd -validate
For Windows: C:\Program Files\Veritas\NetBackup\bin\goodies\nbscanhostconfigcmd.exe" -validate
- Restart NFS client:
After updating
passwd/groupfiles, restart NFS client service using the following commands:nfsadmin client stop
nfsadmin client start
- Verify the ID (UID/GID) mapping for user by running the following command using PowerShell:
Get-NfsMappedIdentity -AccountName scanuser -AccountType User UserIdentifier : 1001 GroupIdentifier : 1001 UserName : scanuser PrimaryGroup : SupplementaryGroups :
- Configure the Malware scanner tool (Microsoft Defender Antivirus).
If required user can use the PBX port communication feature for the communication between the primary server and the scan host.
Following are the steps required to set up PBX communication:
:
Using the following command stop the mqbroker service (or stop all services):
For Linux: /usr/openv/mqbroker/bin/nbmqbroker terminate
For Windows: C:\Program Files\Veritas\NetBackup\mqbroker\bin\nbmqbroker.exe -stop
Configure mqbroker using the following respective command:
For Linux: /usr/openv/mqbroker/bin/install/configureMQ -defaultPorts
For Windows: C:\Program Files\Veritas\NetBackup\mqbroker\bin\install\configureMQ.bat -defaultPorts
In the above commands,
-defaultPortssets the default port values for external and internal ports as follows:Default external port: 13781
Default internal ports: 13780, 13779, 13778
To set the port values other than the default values, see the options by running the following command:
For Linux: /usr/openv/mqbroker/bin/install/configureMQ --help
For Windows: C:\Program Files\Veritas\NetBackup\mqbroker\bin\install\configureMQ --help
Add the above configured external port to the configuration file.
Default: 13781
NB_MQBROKER_PORT = 13781
For Linux, add the entry in
bp.conffile.For Windows, add DWORD entry in registry editor.
Using the following command start the mqbroker service (or start all services):
For Linux: /usr/openv/mqbroker/bin/nbmqbroker start
For Windows: C:\Program Files\Veritas\NetBackup\mqbroker\bin>nbmqbroker.exe -start
:
Stop all the services.
To use PBX port, add the entry in
bp.conffile:SCAN_HOST_VIA_PBX = 1
For Linux, add the entry in
bp.conffile.For Windows, add DWORD entry in registry editor.
Start all the services.
In case you happened to run the configure MQ command twice, the fix the issue using the following steps:
Delete the
/usr/openv/var/global/mqbroker/mqhome/.erlang.cookiefile.Configure the PBX connection again using the above mentioned steps.