Configuring the cloud connector for Azure Stack
The cloud connector component connects to the workloads through a secure mechanism. You need to perform the following configurations.
By default, peer and host validations are enabled. You can disable peer and host validations only for Azure Stack.
To disable peer and host validation, set the parameter VIRTUALIZATION_HOSTS_SECURE_CONNECT_ENABLED=NO in the /cloudpoint/openv/netbackup/bp.conf file in the NetBackup Snapshot Manager. You must use HTTPS protocol, even after you disable peer and host validation.
For cloud workloads, the public root certificates are a part of the container image. NetBackup maintains the cacert.pem file which has root certificates of public cloud, at the following location:
/usr/openv/var/global/wmc/cloud/cacert.pem
For Azure Stack, you must specify the file path of the root certificates using the ECA_TRUST_STORE_PATH parameter in the /cloudpoint/openv/netbackup/bp.conf file in the NetBackup Snapshot Manager. The value of ECA_TRUST_STORE_PATH must be in the /cloudpoint/eca/trusted/cacerts.pem file.
From release 10.1 onwards NetBackup Snapshot Manager will be treated as NetBackup entity while communicating with NetBackup. Certificate Revocation List (CRL) check is enabled by default while communication happens between NetBackup entities.
ECA_CRL_CHECK: This flag is used while communicating between two NetBackup entities. By default CRL check is enabled for ECA_CRL_CHECK flag. In case NetBackup Snapshot Manager machines certificate revoked then communication between NetBackup and NetBackup Snapshot Manager will fail with the following error:
"The Snapshot Manager's certificate is not valid or doesn't exist.(9866)"
VIRTUALIZATION_CRL_CHECK: Before 10.1 NetBackup Snapshot Manager was considered as workload while communication happens with NetBackup. Value of VIRTUALIZATION_CRL_CHECK flag is used for CRL check whenever communication happens between NetBackup and workload. By default CRL check is disabled for VIRTUALIZATION_CRL_CHECK flag.
Note:
If NetBackup is upgraded from version 9.1 to 10.4 or later, then user can delete the VIRTUALIZATION_CRL_CHECK flag which was enabled for CRL check between NetBackup and NetBackup Snapshot Manager.