Migrating from standard authentication to token-based authentication for Recovery Vault
If you have already configured Veritas Alta Recovery Vault with an older version of NetBackup, you must upgrade to a newer version. To make use of the token-based authentication for enhanced security, you must upgrade the primary and the media server to the following version to use this feature.
NetBackup 10.2 release for Azure.
NetBackup 10.4 release for Amazon.
To migrate the credentials
- Contact NetBackup Technical Support and ask for new credentials.
- Log into NetBackup web UI and add the new credentials to Credential management.
On the left, click Credential management.
On the Named credentials tab, click Add and provide the following properties:
Credential name
Tag
Description
Click Next.
In the drop-down, select FortKnox.
Note:
For NetBackup 11.0 and earlier releases, select Veritas Alta Recovery Vault in the drop-down list.
Click FortKnox Azure, FortKnox Amazon, or FortKnox Google.
Note:
For NetBackup 11.0 and earlier releases, select Veritas Alta Recovery Vault Azure or Veritas Alta Recovery Vault Amazon in the drop-down list.
Add the Storage account and Refresh token.
Select or add a role that can access this credential.
Review the information and click Finish.
- Update the -ntr option with the csconfig cldinstance command.
Example:
/usr/openv/netbackup/bin/admincmd/csconfig cldinstance -us -in <instance name> -sts <alias name> -ntr 1
Confirm the change by making sure that the need token renew option -ntr is set to 1 for enabling this option on the storage server:
<install path>/netbackup/bin/admincmd/csconfig cldinstance -i
- Update the credentials using nbdevconfig.
Create a configuration file with
cmsCredNameas the credential name that you created using the Credential management.Example of the configuration file:
V7.5 "operation" "update-lsu-cloud" string V7.5 "lsuName" "myvolume" string V7.5 "cmsCredName" "RVLT-creds" string V7.5 "lsuCloudBucketName" "mybucket" string V7.5 "lsuCloudBucketSubName" "myvolume" string
- Use the new configuration file to update the credentials.
<install path>/netbackup/bin/admincmd/nbdevconfig -setconfig -stype PureDisk -storage_server <storage_server> -configlist <config file path>
Restart the services on the primary server and the media server for the changes to take effect.
- Verify the restore of the old backup and run a new backup. Restore the new backup.