About SQL Server credentials

To protect SQL Server, you must add (or register) credentials to the SQL Server instances or availability replicas. The NetBackup web UI supports Windows authentication and Windows Active Directory authentication. It does not support Mixed Mode or SQL Server authentication. Credentials are not supported at the database or the availability group level.

Table: Options to register credentials

Option to register credentials	Environment and configuration
Use these specific credentials (recommended)	The SQL Server DBA provides the NetBackup administrator with the SQL Server user credentials. The SQL Server DBA does not want the NetBackup services running as a privileged SQL Server user on the client. Configuration requirements The user account that is used to register credentials must have the SQL Server "sysadmin" role and be a member of the Windows Administrators group. The NetBackup services can use the Local System logon account. If you want to use a different logon account, that account must also have certain local security privileges. See Configuring the NetBackup services for SQL Server backups and restores. See Configure local security privileges for SQL Server.
Use credentials that are defined locally on the client	The NetBackup services run as a privileged SQL Server user on the client. The SQL Server DBA does not want to provide credentials to register instances or replicas. The NetBackup administrator does not have access to the SQL Server credentials. Configuration requirements The user account that is used to register credentials must have the SQL Server "sysadmin" role and be a member of the Windows Administrators group. You must also configure the logon account for the NetBackup services. See Configuring the NetBackup services for SQL Server backups and restores.

Option to register credentials

Environment and configuration

Use these specific credentials (recommended)

The SQL Server DBA provides the NetBackup administrator with the SQL Server user credentials.
The SQL Server DBA does not want the NetBackup services running as a privileged SQL Server user on the client.

Configuration requirements

The user account that is used to register credentials must have the SQL Server "sysadmin" role and be a member of the Windows Administrators group.

The NetBackup services can use the Local System logon account. If you want to use a different logon account, that account must also have certain local security privileges.

See Configuring the NetBackup services for SQL Server backups and restores.

See Configure local security privileges for SQL Server.

Use credentials that are defined locally on the client

The NetBackup services run as a privileged SQL Server user on the client.
The SQL Server DBA does not want to provide credentials to register instances or replicas.
The NetBackup administrator does not have access to the SQL Server credentials.

Configuration requirements

The user account that is used to register credentials must have the SQL Server "sysadmin" role and be a member of the Windows Administrators group.

You must also configure the logon account for the NetBackup services.

See Configuring the NetBackup services for SQL Server backups and restores.

Registering instances when SQL Server hosts are clustered or use multiple NICs

When NetBackup discovers a SQL Server cluster, it adds a single entry on the Instances tab. This instance represents all nodes in the cluster. The host name is the virtual name of the SQL Server cluster. When you add credentials for this instance NetBackup validates the credentials on the active node. The credentials must be valid for all nodes in the cluster.

When NetBackup discovers a SQL Server host that uses multiple NICs, it adds an entry using the NetBackup client name on the Instances tab. If you installed the NetBackup client using the public interface name, you must configure the NetBackup client name as the private interface name. Then add credentials to the instance with its private interface name. For a SQL Server cluster that uses multiple NICs, add credentials to the instance with the private virtual name of the SQL Server cluster.

Registering Microsoft SQL Server failover cluster instances (FCIs)

NetBackup discovers and displays failover cluster instances (FCIs) under the cluster name and the physical node names. For example, instance FCI is enumerated with both its physical nodes hostvm10 and hostvm11 and with its cluster name sql-fci. Databases that exist for FCIs are also enumerated with the node names and the cluster name. Depending on how you want to protect a database, add credentials to either the cluster name (that are valid for all nodes) or to a physical node name.

Validation of credentials

After you add credentials, NetBackup validates the credentials and starts database and availability group discovery. When discovery completes, the results are displayed on the Databases or the Availability group tab.

For a SQL Server cluster or if an availability group instance is part of SQL Server cluster, NetBackup validates the credentials on the active node. The credentials must be valid for all nodes in the cluster. For a SQL Server availability group, replicas are registered and validated individually. Note that the registered date reflects the date and time the credential was added or updated and does not indicate if the credentials are valid.

About SQL Server credentials

Feedback

Feedback