Add a trusted primary server
Replication operations require that a trust relationship exists between the NetBackup servers in the different domains. You can create a trust relationship between the primary servers that both use the NetBackup CA or that both use an external CA.
Before you begin, review the following information:
Ensure that you have the RBAC System Administrator role or a role with similar permissions. Or, for appliances with software versions 3.1 and later you must have permissions for the NetBackup CLI user.
For a remote Windows primary server, the user's domain may not be the same as that of the authentication service. In this case you must add the domain with LDAP using thevssat addldapdomain command.
For a NetBackup CA-signed certificate, the recommended method to authenticate the server is the option .
If you use the option , that method may present a possible security breach. Only an authentication token can provide restricted access and allow secure communication between both the hosts. To establish trust with a 3.1 NetBackup primary appliance, use the NetBackup CLI credentials.
To add a trusted primary server
- Open the NetBackup web UI.
- Identify the NetBackup versions that are installed and the certificate types that are used on the source and the target servers.
Both servers must use the same certificate type.
- For the servers that use the NetBackup certificate authority (CA), obtain an authorization token for the remote server.
- For the servers that use the NetBackup certificate authority (CA), obtain the fingerprint for each server.
- At the top right, select Settings > Global security.
- Select the Trusted primary servers tab.
- Select the Add button.
- Enter the fully-qualified host name of the remote primary server and selectValidate Certificate Authority.
- Follow the prompts in the wizard.
- Repeat these steps on the remote primary server.
For more information on using an external CA with NetBackup, see the NetBackup Security and Encryption Guide.