About trusted master servers
A trust relationship between NetBackup domains lets you do the following:
Select specific domains as a target for replication. This type of Auto Image Replication is known as targeted A.I.R.
Without a trust relationship, NetBackup replicates to all defined target storage servers. A trust relationship is optional for Media Server Deduplication Pool and PureDisk Deduplication Pool as a target storage. To use a Cloud Catalyst storage server, a trust relationship is required.
Include usage reporting for multiple master servers.
Master servers can use a NetBackup certificate authority (CA) certificate or an external CA certificate. NetBackup determines the CAs used by the source and the target domains and selects the appropriate CA to use for communication between the servers. If the target master server is configured for both CA types, NetBackup prompts you to select the CA that you want to use. To establish trust with a remote master server using the NetBackup CA, the current master and the remote master must have NetBackup version 8.1 or later. To establish trust with a remote master server using an external CA, the current master and the remote master must have NetBackup version 8.2 or later.
Table: Determining the certificate authority (CA) to use for a trust relationship between servers
Source master server CA or CAs | Target master server CA or CAs | Certificate authority that is selected |
|---|---|---|
NetBackup CA and external CA | External CA | External CA |
NetBackup CA | NetBackup CA | |
External CA and NetBackup CA | ||
NetBackup CA | External CA | No trust is established. |
NetBackup CA | NetBackup CA | |
External CA and NetBackup CA | NetBackup CA |