Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section IX. Managing security
  7. Managing the global security settings for the primary server
  9. About trusted primary servers
  11. Add a trusted primary server
NetBackup™ Web UI Administrator's Guide

Add a trusted primary server

Replication operations require that a trust relationship exists between the NetBackup servers in the different domains. You can create a trust relationship between the primary servers that both use the NetBackup CA or that both use an external CA.

Before you begin, review the following information:

  • Ensure that you have the RBAC System Administrator role or a role with similar permissions. Or, for appliances with software versions 3.1 and later you must have permissions for the NetBackup CLI user.

  • For a remote Windows primary server, the user's domain may not be the same as that of the authentication service. In this case you must add the domain with LDAP using thevssat addldapdomain command.

  • For a NetBackup CA-signed certificate, the recommended method to authenticate the server is the option Specify authentication token of the trusted primary server.

  • If you use the option Specify credentials of the trusted primary server, that method may present a possible security breach. Only an authentication token can provide restricted access and allow secure communication between both the hosts. To establish trust with a 3.1 NetBackup primary appliance, use the NetBackup CLI credentials.

To add a trusted primary server

  1. Open the NetBackup web UI.
  2. Identify the NetBackup versions that are installed and the certificate types that are used on the source and the target servers.

    Both servers must use the same certificate type.

  3. For the servers that use the NetBackup certificate authority (CA), obtain an authorization token for the remote server.

    See Manage NetBackup certificate authorization tokens.

  4. For the servers that use the NetBackup certificate authority (CA), obtain the fingerprint for each server.

    See Manage NetBackup security certificates.

  5. At the top right, select Settings > Global security.
  6. Select the Trusted primary servers tab.
  7. Select the Add button.
  8. Enter the fully-qualified host name of the remote primary server and selectValidate Certificate Authority.
  9. Follow the prompts in the wizard.
  10. Repeat these steps on the remote primary server.
More information

For more information on using an external CA with NetBackup, see the NetBackup Security and Encryption Guide.

Feedback

Was this page helpful?
Previous

About the certificate to use to add a trusted primary server

Next

Remove a trusted primary server

Feedback

Was this page helpful?