Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Deduplication Guide
  5. Configuring deduplication
  7. About MSDP mutli-domain VLAN Support
Veritas NetBackup™ Deduplication Guide

About MSDP mutli-domain VLAN Support

MSDP supports multi-domain NetBackup setups. In a multi-domain set-up, it is important for master servers from other domains to connect with the MSDP storage server and the master server of the NetBackup domain that contains the MSDP server. The master servers and media servers must have multiple network interfaces and host names in a multi-domain setup.

When you configure MSDP VLAN, the local NetBackup domain and the other NetBackup domain must have the NetBackup version 8.2 or later.

An example for using an MSDP VLAN

The following table describes the hierarchy that is used in the example:

NetBackup domain A

NetBackup domain B

masterA - (10.XX.30.1/24)

masterA2 - (10.XX.40.1/24)

mediaA - (10.XX.30.2/24)

mediaA2 - (10.XX.40.2/24)

masterB - (10.XX.40.3/24)

mediaB - (10.XX.40.4/24)

masterA is the master server of domain A and has two host names and IP addresses. mediaA is the media server of domain A and has two host names and IP addresses. MSDP storage server is created on media server mediaA.

To let domain B access the MSDP storage server on mediaA of domain A, run the following steps:

  1. Create an MSDP storage server on media server mediaA of NetBackup domain A. (NetBackup Administration Console > Media and Device Management > Configure Disk storage servers > Media Server Deduplication Pool)

  2. Run following command on mediaA to create a new MSDP user testuser1 with password testuser1pass:

    spauser -a -u "testuser1" -p "testuser1pass"

  3. Servers in the domain B can only access IP like 10.XX.40.*, so masterA2 is used as the master server host name of domain A.

    Run following command on mediaB to get a CA certificate and a host certificate from masterA:

    nbcertcmd -GetCACertificate -server masterA2

    nbcertcmd -GetCertificate -server masterA2 -token <token_string>

    If the nbcertcmd - GetCACertificate displays the error "The server name does not match any of the host names listed in the server's certificate", refer to the following article to add more host name to master server:

    https://www.veritas.com/support/en_US/article.100034092

  4. Create an MSDP OpenStorage server on mediaB of NetBackup domain B. NetBackup Administration Console > Media and Device Management > Configure Disk storage servers > OpenStorage).

    The OpenStorage server name mediaA2 is used as the host name that has the IP address 10.XX.40.*.

    OpenStorage server type is PureDisk, user name is testuser1, and password is testuser1pass. You must enter the server type as PureDisk.

Now mediaB of NetBackup domain B can use the MSDP storage server mediaA2 and the network IP address 10.XX.40.*

If an external CA is used in the NetBackup setup, you do not need to run the nbcertcmd - GetCACertificate and the nbcertcmd - GetCertificate commands. If NetBackup domain A and NetBackup domain B do not use the same external CA, you must synchronize the external root CA between the two NetBackup domains for MSDP communication. If the servers have multiple host names, then the Subject Alternative Name field of the external certificate must contain all the host names.

Feedback

Was this page helpful?
Previous

About MSDP multi-domain support

Next

About NetBackup WORM storage support for immutable and indelible data

Feedback

Was this page helpful?