About NetBackup secure communication logging
This section provides information about the logs that are used for secure communication logging with the NetBackup hosts. The NetBackup 8.1 and later hosts will securely communicate with each other for all control-type functions. The control-type functions include command execution and the starting of various processes that are required to initiate a backup or restore. Currently, this does not include the bpbkar or tar data transfer. The NetBackup 8.1 and later hosts must have a Certificate Authority (CA) certificate and a host ID-based certificate for successful communication. NetBackup uses the Transport Layer Security (TLS) protocol for host communication where each host needs to present its security certificate and validate the peer host's certificate against the Certificate Authority (CA) certificate.
In NetBackup 8.0 and later versions, the master server acts as the CA. The master server depends on the correct installation and configuration of services, such as pbx, nbatd and nbwmc, to deploy the certificates.
In NetBackup 8.1, all of the media and client servers have certificates deployed to them when they are upgraded. If the certificate deployment fails, the media or client server cannot run the backups or restores. Backups and restores will not function if the host did not successfully retrieve both the CA certificate and host ID-based certificate from the master server during the installation or upgrade to NetBackup version 8.1 or later. If the master server pbx, nbatd, or nbwmc processes are not running, the certificate deployment will not function. In NetBackup 8.1 and later, the backups or restores also will not function.
When you diagnose issues with secure communication and the certificate generation and deployment, the services or processes that run on the master server are typically involved. After verifying that the services are running and are at the expected NetBackup version, the log files described in this section are critical to help determine the issue.
For more details about NetBackup secure communications, see the Read This First for Secure Communications document at the following URL:
https://www.veritas.com/docs/DOC5332
Note:
If you have NetBackup 8.0 or earlier hosts in your environment, you can enable insecure communication by navigating to the NetBackup Administration Console, then to the tab. On this tab, select the option.