NetBackup Self Service

Configuration Guide

7.7.3

Document version: 1
Veritas NetBackup Self Service Configuration Guide
Document version: 7.7.3

Legal Notice
Copyright © 2016 Veritas Technologies LLC. All rights reserved.

Veritas and the Veritas Logo and NetBackup are trademarks or registered trademarks of
Veritas Technologies LLC or its affiliates in the U.S. and other countries. Other names may
be trademarks of their respective owners.

This product may contain third party software for which Veritas is required to provide attribution
to the third party (“Third Party Programs”). Some of the Third Party Programs are available
under open source or free software licenses. The License Agreement accompanying the
Software does not alter any rights or obligations you may have under those open source or
free software licenses. Refer to the third party legal notices document accompanying this
Veritas product or available at:

https://www.veritas.com/about/legal/license-agreements

The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Veritas Technologies
LLC and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED

CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. VERITAS TECHNOLOGIES LLC
SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN
CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS
DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS
SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Veritas as on premises or
hosted services. Any use, modification, reproduction release, performance, display or disclosure
of the Licensed Software and Documentation by the U.S. Government shall be solely in
accordance with the terms of this Agreement.

Veritas Technologies LLC

500 E Middlefield Road
Mountain View, CA 94043

http://www.veritas.com
Technical Support
Technical Support maintains support centers globally. All support services will be delivered
in accordance with your support agreement and the then-current enterprise technical support
policies. For information about our support offerings and how to contact Technical Support,
visit our website:

https://www.veritas.com/support

You can manage your Veritas account information at the following URL:

https://my.veritas.com

If you have questions regarding an existing support agreement, please email the support
agreement administration team for your region as follows:

Worldwide (except Japan) [email protected]

Japan [email protected]

Documentation
The latest documentation is available on the Veritas website:

https://sort.veritas.com/documents

Documentation feedback
Your feedback is important to us. Suggest improvements or report errors or omissions to the
documentation. Include the document title, document version, chapter title, and section title
of the text on which you are reporting. Send feedback to:

[email protected]
You can also see documentation information or ask a question on the Veritas community site:

http://www.veritas.com/community/

Veritas Services and Operations Readiness Tools (SORT)

Veritas Services and Operations Readiness Tools (SORT) is a website that provides information
and tools to automate and simplify certain time-consuming administrative tasks. Depending
on the product, SORT helps you prepare for installations and upgrades, identify risks in your
datacenters, and improve operational efficiency. To see what services and tools SORT provides
for your product, see the data sheet:

https://sort.veritas.com/data/support/SORT_Data_Sheet.pdf
 Contents

Chapter 1 Licensing ............................................................................... 7

Applying the full License .................................................................. 7

Chapter 2 Configuring a Self Service solution ................................ 8

About configuring a Self Service solution ............................................ 8
Self Service scheduled backup ........................................................ 9
Configuration checklist .................................................................... 9

Chapter 3 Configuring a NetBackup master server .................... 11

About configuring the NetBackup master server .................................. 11

Enabling communication with a Windows NetBackup master
server .................................................................................. 12
Enabling communication with a UNIX NetBackup master server ............. 12
Enabling communication with a NetBackup appliance .......................... 14
Creating NetBackup Template Policies .............................................. 14

Chapter 4 Configuring Self Service .................................................. 17

About Self Service configuration ..................................................... 17
About integration settings ............................................................... 18
Configuring Locations ................................................................... 18
Configuring protection ................................................................... 20
Configuring Backup Now retention levels ........................................... 24
Configuring tenants ....................................................................... 24
Access rights ............................................................................... 26
Registering computers ................................................................... 27
Configuring the home page ............................................................ 30
Home page integration settings ................................................. 31

Chapter 5 Customizing Self Service ................................................ 34

Language settings ........................................................................ 34

Creating or customizing a request form ............................................. 34
Themes ...................................................................................... 35
Notices ....................................................................................... 35
 Contents 5

Chapter 6 User authentication methods ......................................... 37

About user authentication methods .................................................. 37

Forms based authentication ............................................................ 37
Windows Authentication ................................................................. 38
Active Directory Import .................................................................. 38
Configuring Self Service to use Federated Single Sign-On .................... 39

Chapter 7 Troubleshooting ................................................................. 42

About troubleshooting ................................................................... 42

Where to find troubleshooting information .......................................... 43
Impersonation of a tenant user ........................................................ 45
Issues with Remote PowerShell to Windows master servers ................. 45

Appendix A NetBackup policy types ................................................... 49

List of NetBackup policy types ......................................................... 49

Appendix B Dashboard traffic light status and usage .................... 52

About dashboard traffic light status and usage .................................... 52
Computers with a protection type ..................................................... 52
Computers without a Protection Type ............................................... 53
Usage ........................................................................................ 53

Appendix C Synchronizing data from NetBackup ........................... 54

About synchronizing data from NetBackup ......................................... 54

Appendix D NetBackup Self Service data caching

process ........................................................................... 56
About NetBackup Self Service data caching process ........................... 56
NetBackup Data Synchronization ..................................................... 57
Backup Now ................................................................................ 58
Protect computer .......................................................................... 58
Unprotect computer ...................................................................... 58

Appendix E Integration settings ............................................................ 59

About integration settings ............................................................... 59
NetBackup Adapter ....................................................................... 61
NetBackup Adapter Usage ............................................................. 61
NetBackup Adapter Access Rights ................................................... 62
Action Request Types ................................................................... 64
 Contents 6

NetBackup Location ...................................................................... 64

vCloud Director import ................................................................... 67

Appendix F REST API ............................................................................ 69

About the REST API ..................................................................... 69

Appendix G Glossary ............................................................................... 70

Glossary ..................................................................................... 70
 Chapter 1
Licensing
This chapter includes the following topics:

■ Applying the full License

Applying the full License

NetBackup Self Service 7.7.3 is shipped with a 60-day trial license. A production
license is available from your Customer Care team.
Access the NetBackup Self Service portal to apply the license. Select Admin >
Settings > License > Update License Key. Copy and paste the new license key.
Restart the Windows service after you apply the license key. If the application runs
in a server farm environment, all application pools must be restarted.
In the License page, a message at the top of the page reports that other features
are not included. All features that are required to operate a fully configured
NetBackup Self Service solution are, however, included.

Note: Additional information about prerequisites and requirements is available.

Please refer to the NetBackup Self Service Installation Guide for additional details.
 Chapter 2
Configuring a Self Service
solution
This chapter includes the following topics:

■ About configuring a Self Service solution

■ Self Service scheduled backup

■ Configuration checklist

About configuring a Self Service solution

NetBackup Self Service allows service providers to offer self-service backup and
restore to multiple customers, in a secure, and partitioned manner. In an enterprise
environment, business units and project teams can perform self-service backup
and restore.
Self Service restore functionality is enabled but additionally you can choose to
provide self-service scheduled policy editing and support for on-demand Backup
Now functionality.

Caution: All configuration data that is entered in NetBackup Self Service is

considered case sensitive. It must match the associated data that is held in
NetBackup.

The Self Service solution supports an inventory of computers and their owners.
You can populate the computer inventory multiple ways:
■ A source independent API
■ The Self Service portal
 Configuring a Self Service solution 9
Self Service scheduled backup

■ An import from vCloud Director

Self Service supports a number of NetBackup Policy types. You can either use Self
Service to manage all of a tenant’s backup needs. This option allows tenants to
create their own backup policies. Or you can configure Self Service to only provide
restore services based on manually maintained backup policies.
A record of registered computers and their protection types, such as Windows,
UNIX, VMware, etc., is maintained within Self Service.
The tenant user manages computer protection status and utilization with a full set
of dashboard features. The tenant user can create changes to protection and restore.

Self Service scheduled backup

Configuration of protection enables users to manage their backup schedules. This
option provides an abstraction from NetBackup Policy configuration, offering a
curated set of backup schedules from which the user can choose.

Configuration checklist
Table 2-1 shows the recommended sequence of steps for configuring Self Service
for the first time.

Table 2-1 Configuration checklist

Where Activity

Server Install NetBackup Self Service Portal (see NetBackup Self Service 7.7.3
Installation Guide)

Install NetBackup Self Service Adapter (see NetBackup Self Service

7.7.3 Installation Guide)

Configure remote PowerShell for a Windows master server

Configure SSH for a UNIX master server

Portal Create at least one Location

Create at least one protection type (if needed)

NetBackup master Create Template Policies

server
 Configuring a Self Service solution 10
Configuration checklist

Table 2-1 Configuration checklist (continued)

Where Activity

Portal Create a Tenant through the user interface

Register at least one computer through the user interface, the API, or
through vCloud Director import

Raise a Backup Now request

 Chapter 3
Configuring a NetBackup
master server
This chapter includes the following topics:

■ About configuring the NetBackup master server

■ Enabling communication with a Windows NetBackup master server

■ Enabling communication with a UNIX NetBackup master server

■ Enabling communication with a NetBackup appliance

■ Creating NetBackup Template Policies

About configuring the NetBackup master server

A minimum of NetBackup 7.6.1 with the latest service pack is required.
Each NetBackup master server the system needs to communicate with must be
configured as a Location. To manage locations, log on to the Self Service portal
as an Admin user, and then go to the Locations tab on the home page.

Note: If you use a vCloud Director Integrated configuration, NetBackup must be

configured for vCloud Director before you enable NetBackup Self Service. The
VMware vCloud Director must support a minimum of API version 5.1.
 Configuring a NetBackup master server 12
Enabling communication with a Windows NetBackup master server

Enabling communication with a Windows

NetBackup master server
NetBackup Self Service uses Windows PowerShell Remoting to communicate with
a Windows NetBackup master server. Windows PowerShell must be installed on
the master server. Windows PowerShell is normally installed by default. Additionally,
PowerShell Remoting must be enabled. More information is available.
http://technet.microsoft.com/library/hh847859.aspx
To enable communication with a Windows NetBackup master server
1 Log on to the NetBackup master server.
2 Launch a Windows PowerShell window as Administrator.
3 Run Enable-PSRemoting -Force.
4 Open Required Firewall ports.
By Default PowerShell Remoting uses HTTP on Port 5985 or HTTPS on Port
5986.
More information is available.
http://technet.microsoft.com/en-us/magazine/ff700227.aspx
If communication with the master server from the Self Service Server is not with a
trusted domain account, it may not be able to authenticate. To enable authentication
you need to add the remote computer to the list of trusted hosts for the local
computer in WinRM. To do so, type:
winrm set winrm/config/client '@{TrustedHosts="machine1,machine2"}'

Add extra computers as needed in the comma-separated list.

More information about testing the connection once you have created your first
Location is available.
See “Configuring Locations” on page 18.

Enabling communication with a UNIX NetBackup

master server
NetBackup Self Service uses Secure Shell (SSH) to communicate with a UNIX
NetBackup master server. The configuration of SSH is outside the scope of this
guide. NetBackup Self Service, however, requires the credentials to communicate
with the SSH server on the master server.
■ By default SSH uses Port 22.
 Configuring a NetBackup master server 13
Enabling communication with a UNIX NetBackup master server

To specify a different port, set the server name to server_name:port_number.

For example, MyServer:23.
■ The user account that NetBackup Self Service uses to logon to SSH on the
master server needs sudo configuration:
■ The user account should not use requiretty.
■ The user account should not require a sudo password.
■ With sudo, the user account should run all commands in
/usr/openv/netbackup/bin and /usr/openv/netbackup/bin/admincmd.

User authentication modes that are supported include:

■ Password
NetBackup Self Service passes the user name and password at logon.
■ Public key
The public key of the user is stored in the authorized_keys for the user on the
master server. The private key of the user is stored in OpenSSH format in the
NetBackup Self Service portal.
■ Keyboard-interactive
NetBackup Self Service sends the password for the user to a keyboard-interactive
ssh session. The password is sent in response to a configurable password
prompt. The default password prompt is Password:.
To configure NetBackup Self Service and the NetBackup master server for
public key authentication
1 Create a Public Private key pair using a key generator like PuTTYgen.
2 Log on to the master server as the required master server user
3 Add the public key to the user’s authorized_keys file in the master server’s
operating system format.
4 Convert the Private key into OpenSSH format encrypted with a passphrase

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,997295A8E365412F

SIKdyjX4UoDm03kprqfkCGQYc/thmNIlWYztEomjyRaMyEYlh0ZIC9Kx7XnMNnSk
...
MUxIcZW8d8fF3P4s+OLidxG03H6C/AsGLzJtpecjPQA=
-----END RSA PRIVATE KEY-----

5 When you create the Location in NetBackup Self Service:

 Configuring a NetBackup master server 14
Enabling communication with a NetBackup appliance

■ Choose Public Key for the Authentication.

■ Enter the user account to connect to the master server in User Account.
■ Paste the encrypted OpenSSH format private key in OpenSSH Private
Key.
■ Enter the passphrase in Password and Confirm Password.

More information about testing the connection once you have created your first
Location is available.
See “Configuring Locations” on page 18.

Enabling communication with a NetBackup

appliance
A connection to an appliance is configured similarly to a UNIX master server, but
configuration of keys is not available. Use a previously created user name and
password to make the connection.
Log on to shell menu on the appliance and create a new user:
Main_Menu > Manage > NetBackupCLI > Create UserName
See Creating NetBackup administrator user accounts in the NetBackup Appliance
Administrator's Guide for further details.

Creating NetBackup Template Policies

Numerous options are available when you create a NetBackup policy. The
NetBackup Administrator's Guide Volume I contains an entire chapter on creating
backup policies. Please refer to that manual for details on the creation of backup
policies.
Self Service template policies do not use all NetBackup policy options. For scheduled
policies, the information that is specified in Table 3-1 is the only items that affects
Self Service. You should configure all other policy data as you would for any other
NetBackup policy. Table 3-1 details the relevant tab in the NetBackup policy creation
screen and the corresponding information that is required for Self Service template
policies. For comprehensive information on how to create NetBackup policies,
please see the NetBackup Administrator’s Guide Volume 1.
 Configuring a NetBackup master server 15
Creating NetBackup Template Policies

Table 3-1 Required policy information for scheduled and Backup Now
policies

NetBackup Applicable Additional details

policy tab template policy

Attributes Backup Now and ■ The policy must be deactivated.

scheduled backup ■ When you specify the storage option, be sure to specify one that is
large enough to successfully back up all the data.

Schedules Backup Now only ■ You must have a schedule named Default.
■ Self Service does not use the retention value that is set in the
NetBackup policy. Self Service updates the retention level of the
Default schedule when the policy is created.
■ Do not set the schedule to run automatically.

Clients Backup Now and ■ NetBackup Self Service adds the client information so leave this field
scheduled backup blank.

Template Policies are inactive policies on the master server that need to be specially
created for the solution. They are only required if you use Protection Levels or offer
Backup Now functionality.
When users perform the actions that require a policy to be created on the master
server, the relevant template is copied to create a tenant-specific policy. The policy
is modified according to the user's action.
Template Policies must be created on every master server that is configured as a
location. The naming of these policies is case-sensitive and all should be marked
inactive.

Policy Type
The policy type code for NetBackup. For example, 0 for standard, 13 for Windows,
40 for VMware.
More information on NetBackup policy types is available.
See “List of NetBackup policy types” on page 49.
For any type 40 (VMware) template policy:
■ On the VMware tab, the Primary virtual machine identifier must be VM display
name.
■ On the Clients tab for BackupNow policies, Virtual Machine Selection must be
set to Select automatically through VMWare Intelligent Policy query.
■ For any vCloud Director template policy on the Client tab Virtual Machine
Selection must specify Enable vCloud Director integration.
 Configuring a NetBackup master server 16
Creating NetBackup Template Policies

Backup Now Template Policies

NetBackup Self Service is configured out of the box to use the default NetBackup
retention levels for BackupNow policies. If these are changed in NetBackup or
different retention levels are offered to users, modifications must be made in the
NetBackup Self Service Portal. More information about Backup Now retention levels
is available.
See “Configuring Backup Now retention levels” on page 24.

Type 40 (VMware) Backup Now template policies

Some consideration is needed around the Reuse VM selection query results for
value on the Clients tab for Backup Now template policies. If the value is left as
the 8-hour default value, backup now actions that are performed on a virtual machine
that is created within the last 8 hours could fail. If the value is set lower or to 0 hours,
the operation might succeed. This change may, however, have performance
implications for connected VMware systems as the whole cache is rebuilt. This
value may need changing from the default 8 hours, depending on the expected
usage of the system.
 Chapter 4
Configuring Self Service
This chapter includes the following topics:

■ About Self Service configuration

■ About integration settings

■ Configuring Locations

■ Configuring protection

■ Configuring Backup Now retention levels

■ Configuring tenants

■ Access rights

■ Registering computers

■ Configuring the home page

About Self Service configuration

You can manage the key creation and editing configuration tasks from the main
panel on the home page:
■ Locations
■ Protection
■ Tenants
■ Computers
Any non-Tenant associated Administrator sees this home page panel.
 Configuring Self Service 18
About integration settings

About integration settings

Integrations Settings are a flexible store of named settings with values. They are
an integral part of Self Service. You can access all integrations settings as an
Administrator from Admin > Settings > Integration Settings.
Settings are grouped into sections. Locations and vCloud Director imports exist in
Self Service as Integration Settings that are grouped into a section. A single section
defines each individual Location and vCloud Director import. When you use the
Add function for each of these, they create Integration Settings behind the scenes.
You can edit or delete these only through Integration Settings. Care must be
taken, however, as no validation is performed when editing values directly through
Integration Settings.

Configuring Locations
A location represents a connection to a NetBackup master server. The system
requires at least one location to function.
New locations are created with Add Location on the home page Locations tab.
The on-screen prompts should be completed. A Location Integration Setting section
is created.
Once the location has been created the system returns to the main Locations tab
where a Connectivity Check is started. The animated green cog on the Check
Connectivity icon indicates that the Connectivity Check is started.
Once the check has finished, the new Location is displayed with a green tick
(passed) or a red cross (failed).
If the check has passed, no further action is required and your location is ready for
use. If it failed, click the red cross to bring up details of the failure.

Integration Settings that are used in a location

None of these settings can be overridden at the tenant or the user level.
Additionally, the name of the section forming the Location must be in the format
NetBackup Location abc, where abc is the name of the location. Once computers
have been added to the location, do not change the name of the location. Changing
the name of the location can result in computers being disassociated from the
location.
 Configuring Self Service 19
Configuring Locations

Table 4-1 Location integration settings

Item Details

NetBackup server The NetBackup master server for this location.

Online Indicates if the master server is considered online. The system does
not use the locations that are not online in any way. Users are blocked
from taking the actions that affect the location. Used for planned
maintenance or in the event of an outage.

NetBackup user The user name to connect to the NetBackup master server.
name

NetBackup The password that is used for connection to the NetBackup server. If
Password using Public Key authentication, this password is used as the
passphrase to decrypt the user's private key.

NetBackup OS The operating system of the NetBackup server.

NetBackup Folder The Location on the NetBackup master server that the NetBackup
commands are installed in. Default values are:

C:\Program Files\Veritas\NetBackup for Windows

/usr/openv/netbackup for UNIX

NetBackup If all NetBackup and NetBackup Self Service servers are in the same
TimeZone time zone then you do not need to configure this setting.

If you need to edit the time zone, set the value to the correct Microsoft
Time Zone ID. You can find this ID appended to the Time Zone name
in the Server Time Zone drop down on the Add Location form on the
home page.

NetBackup Specifies the format the master server expects dates to be supplied in.
DateFormat See Add Location in the portal for options.

NetBackup Specifies the format the master server expects date and time to be
DateTimeFormat supplied in. See Add Location in the portal for options.

NetBackup For connection to UNIX master servers with SSH. The key must be in
OpenSSH Key the OpenSSH format.

NetBackup For connection to UNIX master servers when you use

Interactive Keyboard-Interactive authentication. This value matches the prompt
Password Prompt that the server sends when it expects the password to be entered. The
default value is Password:.
 Configuring Self Service 20
Configuring protection

Table 4-1 Location integration settings (continued)

Item Details

NetBackup Use Windows master servers only. Enabled by default and should be left
Pooled on for normal usage. Controls pooling of PowerShell connections to
Connections the master server for improved performance.

NetBackup Windows master servers only. Used for support purposes only.
Minimum Pool Size

NetBackup Windows master servers only. Used for support purposes only.
Maximum Pool
Size

Get Backups When Self Service synchronizes computer backup images from
Chunk Size in NetBackup, they are retrieved in batches of this size. The system
Hours defaults to 25 but may need to be reduced for very busy systems with
lots of backup activities. Reducing the number results in more calls to
NetBackup to retrieve a given number of images. The total number of
images that are retrieved remains the same.

Maximum backup The maximum number of hours to allow a backup job to complete on
duration (hours) NetBackup. Used by the synchronization engine to estimate a buffer
period to synchronize backup images. Should only be changed if
problems in backup image synchronization occur.

NetBackup Windows master servers: Set to either Default or Credssp to enable

Authentication Credential Security Support Provider (CredSSP) authentication.
Mechanism
UNIX or Linux master servers: Set to Password, KeyboardInteractive,
or PublicKey.

Configuring protection
A protection type defines all the ways a user can protect a computer. If all your
users’ computers have similar backup requirements you may only need a single
protection type. If you offer different protection options for some computers, then
each option needs a protection type. Examples of different protection types can
include SQL servers or a mix of virtual and physical computers. As a general rule
you need a protection type for each NetBackup Policy Type you support.
Within each protection type you can define a number of protection levels and Backup
Now levels. These are the options that users see when they protect or back up a
computer. They can be used to provide varying schedules, retention levels, or other
options that you can configure directly on a NetBackup policy.
 Configuring Self Service 21
Configuring protection

Each protection or Backup Now level then defines one or more policies. These
represent the policies that are created on the master server in response to a user
selecting that level. They define how the policy on the master server is created,
and how it is named.
Any changes you make to the protection definition are not automatically applied to
NetBackup. Computers protected by this protection type are not updated. If the
change results in a different set of target policies, existing computers now have an
unknown protection level. This change is shown as a black check. You can remove
the unknown protection level policies from each computer or container and reapply
the modified protection level.

Creating Protection Types

From the Protection Types tab on the home page, select Add.

Table 4-2 Settings on Protection Types

Item Details

Name The name identifying a protection type. This

option is not displayed to the users.

Code The code that is used when you create

NetBackup policies that are associated with
this protection type. The code forms part of
the name of the policy created. It must be
unique.

Creating Protection Levels and Backup Now Levels

With a protection type selected, click the relevant Add option. The Name,
Description, and Color properties are all used to distinguish the level for users.
The other settings control functionality.

Table 4-3 Settings on Protection Levels and Backup Now Levels

Item Details

Name Name of the level (for users).

Code Code is used when creating NetBackup

policies that are associated with this level. It
forms part of the name of the policy created.
It must be unique within the protection type.

Description A description to help the users select between

different levels.
 Configuring Self Service 22
Configuring protection

Table 4-3 Settings on Protection Levels and Backup Now Levels (continued)

Item Details

Color Color is mainly used in the user screens to

visually distinguish the different levels that
are applied to different computers.

Request type code Should be left at the default value

(DBNEWBACK for protection levels,
DBBACKNOW for Backup Now levels) unless
you need to customize the system.

Visible Controls the visibility of the level to users.

Creating Policies
From the details of a Protection Level or Backup Now Level, click Add to create
a policy within that level.
On the Policy you can set its Code. You can also see the Target Policy Name that
is created with a combination of the code and the parent protection type and
protection level codes.
You must also enter the Template Name.

Table 4-4 Settings on Policies

Item Details

Name Used only for administration; not displayed

to users.

Run Immediately Policies that are set to Run Immediately are

run as a one-off backup, rather than being
added to an ongoing scheduled policy.

Code Code must be unique within the containing

level. If there is only one policy within the level
you may leave the code blank.

Target Policy Name Not editable. This field shows an example of

the name of the target policy that is created
on the master server when a user selects this
level. It is made up of the three codes from
protection type, level (either protection level
or Backup Now) and policy code.
 Configuring Self Service 23
Configuring protection

Table 4-4 Settings on Policies (continued)

Item Details

Template Name The name of a template policy that exists on

the master server which is copied to create
the target policy. Three options are available:

■ Default uses the system-suggested

template name.
■ Existing lets you pick the name of an
existing policy on the currently available
master servers.
■ Custom lets you enter a free form name.

More information is available.

See “Creating NetBackup Template Policies”

on page 14.

Policy Type You must specify the NetBackup policy type

of the template policy.

Warning (hours) Used in the calculation of a computer’s traffic

light status. More information is available.

See “About dashboard traffic light status and

usage” on page 52.

Policies that are created within a Backup Now level are always set to Run
Immediately. Backup Now policies do not have the Warning (hours) option.
Protection levels need to contain at least one policy that is not Run Immediately,
before they are available for users to select.

Multiple Policies within a Level

You may want to specify multiple policies within a single level. For example, you
want to provide protection for a database server with policies to back up both the
database and the operating system. The only restriction in configuring these is that
policy types affecting virtual machines cannot be combined with non-virtual machine
policy types. Therefore if you create a protection level for a SQL server, it can have
a policy with type MS-SQL-Server (15) and MS-Windows-NT (13). You cannot
combine MS-SQL-Server (15) and VMware (40).
After you add a protection level and the associated policies, click Refresh from the
Protection tab. This action ensures that this data matches policies on the NetBackup
master servers. The cog on the Refresh icon becomes green and animated. This
change indicates that the check is active. The check reviews each defined location
in the system for the template policies that correspond to the protection levels. Any
 Configuring Self Service 24
Configuring Backup Now retention levels

missing template policies are shown on screen with a red cross icon. If you click
this icon further detail about the template policy that needs to be created is displayed.
Once the missing template policies are created you can ‘refresh’ to confirm that
they are correct. More information about template policy creation is available: see
Creating NetBackup Template Policies.
See “Creating NetBackup Template Policies” on page 14.

Configuring Backup Now retention levels

A Backup Now request uses the default retention levels that come preinstalled with
NetBackup Self Service. You can amend the retention levels that are offered to
users by editing the request form.
To configure Backup Now retention levels
1 Go to Admin > Request & Approval > Request Type > Backup Now
(DBBACKNOW).
2 Click on the Form tab and then the Backup retention field.
3 At the base of the page, click on the Configuration tab.
4 Listed under the Items field is a list of retention levels that are available in the
Backup Now request form.
You can delete existing levels using the trashcan icon or add new levels. The
Code must match the NetBackup retention number and the Description is what
the user sees.

Configuring tenants
A tenant is an organizational unit and at least one tenant must exist. A tenant can
be created with the Add Tenant button in the home page Tenants tab. The first
(admin level) user of the tenant is created at the same time. If any vCloud Director
Import sources are defined, the tenant's credentials can be set. A tenant record,
related tenant Integration Settings, and the user record are added to the database
when you click OK.
A tenant’s details can be edited through Admin > Organization > Tenant. A tenant's
Customer Code, which is set when you create a tenant, can be viewed in the
Details tab. All users that are associated to the tenant are visible in the Users tab.
Tenant level Integration settings are available in the Integration tab. vCloud Director
credentials, and also additional vCloud Director imports, can be set here. The tenant
administrator can subsequently set the updated vCloud Director password when
required, using the change facility on their home page vCloud Director Infrastructure
tree view node. Tenant level theming can be carried out in the Themes tab.
 Configuring Self Service 25
Configuring tenants

You can also use an API to create tenants. A PowerShell script is provided as a
starting point for automating the creation of tenants and their users. It makes use
of the Front Office SDK to call the public web services.
Further information about the SDK is available in the help files. The help files are
found in the install location of the NetBackup Self Service portal. By default, the
files are located in C:\Program Files (x86)\Biomni\Front Office 8.5\Sdk\.
Microsoft developers should use the SDK. Non-Microsoft developers can call the
web service directly. The URL is found in Admin > Support > Configuration Check
in the Public Web Service section of the Server tab. The web service is
DirectaApi.svc.

Caution: Do not create tenants directly in the portal Admin section (Admin >
Organization > Add Tenant). If you create tenants from this screen, not all of the
required Self Service data is created. Create tenants from the Add Tenant form
(on the home page) or use the API.

Deactivating a Tenant
To deactivate a tenant:
1 Go to Admin > Organization > Tenant.
2 Deactivate the tenant.
Deactivate the tenant with the Deactivate link on the right of the specific tenant
row from the entry page. Or deactivate the tenant from the Details tab by
deselecting the Active check box in tenant record.
This action prevents logon from tenant users.
3 All computers, backup, protection, and usage data is retained in the Self Service
database.
4 Delete all policies for the tenant in NetBackup.
You can identify the policies by checking for any that start with the deactivated
tenant's Customer Code.

Adding users
You can add additional users to the tenant in a number of ways:
■ Manually through the portal from the Admin > Organization > Tenant > User
tab
■ Active Directory (Admin > Organization > User right-click Import Active
Directory). The Cost Center Code must be the same as that found in the Tenant
record.
 Configuring Self Service 26
Access rights

■ Master Data import through CSV (Admin > Organization > User right-click
Import / Export Users. Users tab in the Import File Template). The Cost
Center Code must be the same as that found in the Tenant record.
■ Using the API

Note: Once a user is associated to a tenant this association cannot change.

A user record can be deactivated to prevent access to the system. If using Forms
Authentication, password rules can be defined using a number of criteria. These
rules can be configured in Admin > Settings > System Configuration.
A tenant user with an Administrator access profile can manage their own user
records.

Access rights
By default all users can carry out all possible actions on every computer that is
registered to their tenant. This ability depends on the functionality that the computer
can support. All users can see the monthly usage data for their tenant. You can
control the available actions at three levels: globally, per tenant, or per user.
Control of these access rights is available through Admin > Settings > Integration
Settings in the NetBackup Adapter Access Rights section. The access rights
are Allow Backup Now, Allow Protect Machine, Allow Restore File, Allow
Restore Vm, Allow Unprotect Machine, Allow Register for File Restore, Allow
Register for Protection, Allow Restore SQL, Allow Restore Oracle, and Allow
Usage Report.
To globally enable or disable an action for all users
1 Click the required access right in the NetBackup Adapter Access Rights
section.
2 Choose Enabled or Disabled in the Value field.
Ensure Allow Tenant Override is not checked.
Ensure Allow User Override is (None).
3 To allow different tenants to have different actions available to them.
■ Click the required access right in the NetBackup Adapter Access Rights
section
■ Choose Enabled or Disabled in the Value field. This setting is the default
for any existing tenants or any new tenants
■ Check Allow Tenant Override
 Configuring Self Service 27
Registering computers

Ensure Allow User Override is set to None.

Only a non-tenant associated administrator who has access to all of the Tenants
can change the value.
To configure the value of the access rights for each tenant
1 Select the Integration tab in the Tenant Admin screen.
2 Admin > Organization > Tenant > Integration.
3 Click the required access right in the NetBackup Adapter Access Rights
section.
4 Choose Enabled or Disabled in the Value field.
To allow different users to have different actions available to them
1 Click the required access right in the NetBackup Adapter Access Rights
section.
2 Choose Enabled or Disabled in the Value field. This setting is the default for
any existing or any new users.
3 Ensure Allow Tenant Override is not checked.
4 Set Allow User Override to For User.
When For User overriding is chosen the value can be changed in any of the following
places:
■ By an administrator user in the Integration tab of User Administration (Admin
> Organization > User > Integration)
■ By an administrator user in the Integration tab of Tenant User Administration
(Admin > Organization > Tenant > Users > Select User > Integration)
■ By a tenant administrator in the Integration tab of their tenant's User
Maintenance screen (Admin > User Management > Select User > Integration).
■ Click the required access right in the NetBackup Adapter Access Rights
section
■ Choose Enabled or Disabled in the Value field

Do not select the By User override option.

Registering computers
Computers within the estate must be registered to NetBackup Self Service. This
requirement includes the name for display in the UI and configuration data for use
with NetBackup.
 Configuring Self Service 28
Registering computers

You can register a computer in three different ways: through the user interface,
through the API, or automatically through vCloud Director import. A single tenant
can have more than one source of computer, for example, virtual machines imported
from vCloud Director and physical computers imported through the API.

Registering a computer with the user interface

You can register a computer from the Computers tab on the home page with
Register Computer. Help text is available to assist in completion of the data. Fields
are validated for accurate data either during entry or when you click OK.
To remove a computer registration, go to the Computers tab on the home page
and use the Remove Registration link. Computer registration cannot be edited so
it is recommended that a computer registration is deleted and recreated if changes
are required. Be sure to use the same computer code when you recreate a computer
registration.
The computer registration process includes an automatic refresh of protection data
and image data from NetBackup. Protection data indicates what is protected either
by schedule or by a one-off Backup Now task. If you click Refresh NetBackup
data from the computer row on the list, you can synchronize protection and backup
images of a computer. Typically synchronization should not require manual
intervention. Exceptions might be if you want to immediately see images from a
new protection policy or images that have been created manually.

Registering a computer with the API

For automated or bulk import of computer details, an API is available. The SDK
allows clients to be written in .NET and is the preferred usage of the API. A REST
API can, however, be used outside Microsoft environments.
Please see the SDK documentation in Install directory.

Registering by vCloud Director Import

You can automatically import a vCloud hierarchy from vCloud Director and register
the computers with NetBackup Self Service. The import is performed on a tenant
by tenant basis using individual credentials.
A vCloud Director import must define the vCloud Director instance from which the
hierarchy is imported. Additionally, it must specify the NetBackup Self Service
settings you want to associate with it.
An import must specify a Protection Type and a Location that the imported
hierarchy is associated with.
An import may optionally use virtual data center (vDC) filtering. When vDC filtering
is enabled, only vDCs in the filter are imported. Filtering occurs on a per tenant
 Configuring Self Service 29
Registering computers

basis and each must be set up with a filter to import any vDCs. Each vDC should
appear only in a single tenant's filter.
When vDC filtering is disabled, all vDCs that are visible through the import
credentials are imported.
Use the Add Import option on the Imports tab to create a new vCloud Director
Import. Follow the on-screen prompts to create a corresponding vCloud Import
Integration Setting section.
You must specify logon credentials at a tenant level to enable import. The credentials
in vCloud Director are defined against an Organization and must have the General
> Administrator View right. Only a single tenant can import computers from any
vCloud Director Organization.
When you create a new tenant, the Add Tenant form supports specifying credentials
for a single vCloud Director system as part of the tenant creation process. Further
credentials can be supplied either using the API or through the Integration Settings
tab in Tenant administration. Once the initial password is set, a tenant-administrator
can update the vCloud Director password that is used to access vCloud Director.
The tenant-administrator updates the password through a drop-down on the root
node of their Computers list.

Table 4-5 Integration Settings that are used in a vCloud Director Import

Item Details

vCloud Api This value should be set to the URL of the

vCloud Director API, in the format of
https://hostname/api/.

Location The name of the NetBackup location the

computers are registered to

Online Indicates if the vCloud Director instance is

considered online. Self Service does not use
the instances that are not online.

Ignore SSL Certificate Errors This option allows the Self Service to connect
to vCloud Director instances where the SSL
certificate is not valid.

vCloud username The user name that the tenant uses to

connect to the vCloud Director API. Each
tenant must have their own credentials. It
must be in the format userid@vOrg. Must
be set at the tenant level only.
 Configuring Self Service 30
Configuring the home page

Table 4-5 Integration Settings that are used in a vCloud Director Import
(continued)

Item Details

vCloud password The tenant's corresponding vCloud Director

password. Must be set at the tenant level
only.

Protection Type Code The protection type that is applied to imported

computers.

Use vDC Filter Set to enable vDC filtering.

vDC Filter The filter to apply to vDCs during an import.

This filter is a comma separated list and vDC
names are case-sensitive. Set at the tenant
level only.

Computers that are imported from vCloud Director are displayed to the tenant-user
in a two-paned tree-view. Computers are listed within their parent containers. If the
computer is from vCloud, containers display in left pane. When you click on the
lowest level container, the contents are displayed on the right pane. Protection can
be applied at either the container or the computer level. When only non-vCloud
Director computers are registered, they are displayed in a full width list.

Configuring the home page

The home page is presented as a dashboard. This configuration allows the user to
view current status of their inventory (computers) and initiate actions with a minimum
of mouse clicks.
The tenant-user view presents as three panels: two small summary panels at the
top of the page, and a full width panel at the bottom. This view is either a Protection
dashboard or a Usage dashboard, displayed as two tabs. The main panel changes
content if either of the top panels are clicked. These panels are referred to as the
Status, Usage and Protection panels.
The non-tenant or administrator view shows the Status panel as a total of all tenants'
computers. The view shows the Usage panel as a total of all tenants' usage. The
main panel for a non-tenant administrator contains a summary dashboard,
configuration tabs, a monitoring tab, and a usage by tenant tab.
These panels are installed fully configured but the setup can be viewed in the
Service Catalog (Admin > Service Catalog and Notices > Service Catalog).
Each Service Catalog panel references the Integration Setting Panels URL in
the NetBackup Adapter section for the URL of the NetBackup Self Service
 Configuring Self Service 31
Configuring the home page

Adapter (Admin > Settings > Integration Settings). User group level access
controls are here but typically the shipped data would not be changed.

Home page integration settings

The integration settings that are shown affect the display and information that is
included in the Status and the Usage panels.
You can find the relevant Integration settings either by Admin > Settings >
Integration Settings or Admin > Organization > Tenant > Integration.

Table 4-6 NetBackup Adapter

Item Details

Contracted Space (TB) Used to augment used space display;

maintainable at tenant level.

Usage Retention Period (months) The number of months retained for display in
Usage trend graph or list.

The Action Request Type controls the request type that is associated with the
following computer actions:

Table 4-7 Action Request Types (advanced customization only)

Item Details

Unprotect machine The Request Type Code of the customized

request type. Defaults to DBREMBACK.

Restore VM The Request Type Code of the customized

request type. Defaults to DBRESTVM.

Restore File The Request Type Code of the customized

request type. Defaults to DBRESTFILE.

Register for File Restore The Request Type Code of the customized
request type. Defaults to DBREGDNS.

DB Register for Protection The Request Type Code of the customized

request type. Defaults to DBREGPROT.

DB Restore SQL The Request Type Code of the customized

request type. Defaults to DBRESTSQL.

DB Restore Oracle The Request Type Code of the customized

request type. Defaults to DBRESTORA.
 Configuring Self Service 32
Configuring the home page

The NetBackup adapter access rights controls the actions all users, individual
tenants, or specific users are allowed to perform against a computer.

Table 4-8 NetBackup Adapter Access Rights

Item Details

Allow Backup Now Determines if the Backup Now option is

displayed.

Allow Protect Machine Determines if the Protect Computer option is

displayed.

Allow Restore File Determines if the Restore File option is

displayed. This option also includes the
Restore Folder option.

Allow Restore Vm Determines if the Restore Vm option is

displayed.

Allow Unprotect Machine Determines if the Unprotect Computer option

is displayed.

Allow Usage Report Controls the display of the Usage report on

the home page.

Allow Register for File Restore Determines if the Register for File Restore
option is displayed.

Allow Register for Protection Determines if the Register for Protection

option is displayed.

Allow Restore SQL Determines if the Restore SQL Database

option is displayed (if backups are found).

Allow Restore Oracle Determines if the Restore Oracle Backups

option is displayed (if backups are found).

More information about access rights is available in the Configuring Tenants

section.
See “Configuring tenants” on page 24.
NetBackup Adapter Usage controls features within the Usage tab.
 Configuring Self Service 33
Configuring the home page

Table 4-9 NetBackup Adapter Usage

Item Details

Currency Code Currency denotation for display (no

calculation)

Cost (Per GB) Cost per gigabyte, used to calculate Charge

Charging Type Basis of charge calculation: New backup,

Consumed Capacity, or none; maintainable
at tenant level
 Chapter 5
Customizing Self Service
This chapter includes the following topics:

■ Language settings

■ Creating or customizing a request form

■ Themes

■ Notices

Language settings
Although the portal supports multiple languages, NetBackup Self Service solution
data is currently only available in US English. This setting encompasses language
and regional settings, including date formats.

Creating or customizing a request form

You can customize a request type but normal operation does not require this
customization. All shipped request types are implementation-ready.

Note: If changes to a shipped request form are essential, it should be copied first,
then you can edit the copy as required.

NetBackup Self Service is shipped with fully preconfigured request forms (request
types). These forms are launched when a backup or restore option is selected from
the home page dashboard. If additional data or integration is required, you can
override the default request form with an association to a customized form. This
override takes effect at the system-wide level.
 Customizing Self Service 35
Themes

You should be aware that a customization may be overwritten on upgrade and any
customizations must be reapplied.
The shipped request form should be selected from the list and then copied. Access
the form through Admin > Request and Approval > Request Type. Additional
request fields, approval stages, or workflow can then be added and the Request
Type Active check box enabled. Ensure that the Request Type Name is amended
to text suitable for viewing in the Request List.

Note: No shipped request fields or workflow steps should be removed. This facility
is available as a means of adding fulfillment steps or an approval process.

You should edit the relevant Action Request Typesetting from the Integration
Settings section.
1 Access the setting through Admin > Settings > Integration Settings.
2 Edit it by replacing the existing value with the new Request Type Code.
3 You can then deactivate the shipped request form.

Note: The Service Catalog and a full list of shipped request types is available if a
restore to default values is required. They can be found in the
MsBuild\RequestTypes folder, under the Installation location.

Themes
The pre-shipped NetBackup Self Service theme can be adjusted. Change the theme
in an Admin area screen by editing the colors that are used as well as many of the
images and styles. Many elements are editable by an edit page. The Page Width
should remain at 1024 pixels. You can also do additional customized editing with
an online CSS editor.
The shipped theme can be adjusted system wide with Admin > Settings > Theme
or for an individual tenant with Admin > Organization > Tenant > Theme.

Notices
You can display news ticker-style notices at the top of the home page. These notices
can be either alert type or information types. You can change the theme of the
notice and filter the notice by tenant. You can control the publication of a notice by
both start date and end dates. An API supports these notices.
 Customizing Self Service 36
Notices

A tenant with an access profile of Administrator can maintain their organization’s

notices.
 Chapter 6
User authentication
methods
This chapter includes the following topics:

■ About user authentication methods

■ Forms based authentication

■ Windows Authentication

■ Active Directory Import

■ Configuring Self Service to use Federated Single Sign-On

About user authentication methods

NetBackup Self Service supports three different methods of authenticating users:
■ Forms based authentication that uses a user name and password. This
configuration is the default configuration that ships with Self Service.
■ Windows authentication, optionally with an Active Directory Import. This option
is only suitable for Enterprise type deployments.
■ Federated Single Sign on by the WS-Federation Passive Protocol.

Forms based authentication

Users access the Self Service portal by entering a user ID and password on the
logon page. This configuration is the default method of accessing the system and
no additional configuration is required.
 User authentication methods 38
Windows Authentication

Password rules can be defined in the Password Policies category of Admin >
Settings > System Configuration.

Windows Authentication
To use Windows Authentication, the users must be set up in the database with the
user names that match the users’ domain names. This format is either
DOMAIN_NAME\username or username. The format depends on the system setting.
Configure Remove Domain Name in Admin > Settings > System Configuration.
Switch it on if it uses firstname.lastname or switch off if it uses
DOMAIN\firstname.lastname.

Once at least one Windows user has access to the Administration area, disable
both Anonymous Authentication and Forms Authentication in IIS. Then enable
Windows Authentication. This configuration in IIS insures the web.config file is
updated and Self Service address is changed accordingly.
You can only use the shipped admin user ID to access the system until Windows
Authentication is configured in IIS. After that point, no manual logon is available.

Note: If you use Active Directory to synchronize users, ensure that at least one
user is associated to the Supervisor access profile on initial import. Otherwise,
access to the Admin area is compromised.

Note: These instructions only apply to configuration on initial implementation of the

system and are not appropriate for later changes to the logon protocol. This limitation
is due to effect on historical data.

Active Directory Import

You can synchronize Self Service with Active Directory for easier maintenance.
Import is managed from a scheduled import task. This process lets you specify a
time or frequency for the process. The schedule should reflect the full user set as
any user that is not included is deactivated in Self Service.
You can create multiple import profiles with a different source for each profile. For
each profile a Self Service access profile, cost center, and user account status must
be specified. The users may be automatically assigned to zero or more user groups.
The user group, however, must already exist in Self Service. You can source the
Self Service user name from either Full Name (default) or Display Name. You can
select a language, otherwise the system base language is used. You can specify
 User authentication methods 39
Configuring Self Service to use Federated Single Sign-On

an import profile by group or organizational unit, and with or without children

included.
Import profiles are processed from the top of the list so you can modify the order
to fit your requirements. If the same user is present in multiple profiles, only the
Imported User Fields from the latest profile that is processed apply. User group
membership is updated from all profiles.
The user that is specified within the Active Directory Import requires the List
Contents and Read All Properties rights at the root level of the domain. These
rights are required so that the user can search all organizational units and
organizational groups and import all users.
A system configuration setting lets you control of whether the Domain Name is
pre-pended to the user ID when you import it. Find the system configuration setting
in Admin > Settings > System Configuration. Verify the appropriate setting value
before you create the first user accounts. Subsequent change causes new user
accounts to be created and existing accounts are disabled, along with the attendant
effect on accessing historical requests. A change of SAM account name causes
the creation of a new Self Service user account.
You can create locally maintained Self Service users for the records that are not
maintained in Active Directory. Active Directory update ignores these users.

Note: If you use Windows Authentication, ensure that at least one user is associated
to the Supervisor access profile on initial import. Otherwise access to the
Administration area is compromised.

Note: These instructions only apply to configuration on initial implementation of the

system. They are not appropriate for later changes to the logon protocol due to
effect on the user-maintained method

Configuring Self Service to use Federated Single

Sign-On
Self Service supports Federated Single Sign on through the WS-Federation Passive
Protocol. It is implemented with Microsoft Windows Identity Foundation (WIF), and
uses Security Assertion Markup Language (SAML) tokens for claims transfer. It
does not, however, support the SAML2 Protocol, SAML-P.
When Self Service is installed, it is configured with Forms Authentication that requires
first logon to use the admin account.
 User authentication methods 40
Configuring Self Service to use Federated Single Sign-On

To authenticate through the identity provider:

1 Create users in the Self Service database, who correspond to users in the
identity provider.
2 Edit the Self Service web.config file to enable federated single sign-on.

Create a user in Self Service

The User ID is used to identify users in Self Service. Claims are used to identify
users in the identity provider. For authentication to succeed, users in Self Service
must have a User ID that matches the value in one of the claims from the identity
provider.
Self Service looks at the following claims when it attempts to find the Self Service
user: Name, Email, Windows Account Name, and UPN. Typically Name and
Windows Account Name have the format domain\username, and typically Email
and UPN have the format username@domain.
You can enter Users through the portal or import in bulk, either directly from Active
Directory or by a .CSV file.

Edit web.config to enable Federated Single Sign-On

To change the web.config file to enable federated single sign-on:
1 Navigate to install_path\WebSite.
2 Open web.config with Notepad as Administrator.
3 Find the <modules> section and uncomment the two IdentityModel modules.
4 Find the <authentication> section and change the mode to None.
5 Enter the URL of the WS-Federation website in the issuer attribute of the
<wsFederation> element

6 Find the <trustedIssuers> section and enter the token-signing certificate

thumbprint of the WS-Federation server.

Note: You should not use cut and paste for the thumbprint as it can insert
hidden characters into the file which interfere with the thumbprint matching.

7 If these changes are on a test system that uses self-sign SSL certificates,
uncomment the <certificateValidation> element.
8 Save the web.config file.
If you have to switch back to Forms Authentication, the web.config file can be
edited and the authentication mode set to forms: <authentication mode="Forms">.
 User authentication methods 41
Configuring Self Service to use Federated Single Sign-On

One instance where you would switch back to Forms Authentication is to recover
from a problem.

Log on to Self Service

To confirm that the system is fully configured for Federated logon:
1 Close and re-open Internet Explorer
2 Enter the URL of Self Service
3 If your environment uses test certificates, accept the two certificate errors
4 Enter the credentials for the previously created user. The user should
successfully log on.
 Chapter 7
Troubleshooting
This chapter includes the following topics:

■ About troubleshooting

■ Where to find troubleshooting information

■ Impersonation of a tenant user

■ Issues with Remote PowerShell to Windows master servers

About troubleshooting
The first step in troubleshooting a problem is to determine if it lies with Self Service
or NetBackup itself. Unless there is an error or a failure message that points in a
clear direction, the best first course of action is to try and manually perform the
action on the NetBackup console. If this action fails it points to a NetBackup issue.
Once NetBackup issues have been ruled out proceed with diagnosing in Self Service.
 Troubleshooting 43
Where to find troubleshooting information

Where to find troubleshooting information

Check Connectivity
On the Locations tab the Check Connectivity icon tests the connection to each
master server in the system. Any failures show as a red cross which can be clicked
to show error information.

Request Workflow
Some actions in Self Service creates a request in the system. From the Requests
Top menu you can find the request which can be a good source of troubleshooting
information:
 Troubleshooting 44
Where to find troubleshooting information

Table 7-1 Tab information

Tab name Details

Fulfillment tab Any failed steps are red and have errors against them.

Audit tab Will show progress against the action and can also provide the
NetBackup Job Id.

Self Service Error Log

Found in Admin > Support > Error Log
Errors can contain a System Reference which can be used to tie it back to a specific
Request, and hence an Action.
If trying to locate failed NetBackup commands, performing a search for the text
/bin or \bin can be helpful.

Additional activity reporting

An additional source of activity reporting can be found in the Support category of
the Admin home page. This category includes access to Integration Logs, Audit
Logs, and Email Logs, as well as a Task Queue and Email Queue. The Task Queue
is a particularly useful source of information. The different tabs show the different
states of Task Queue activity. The History tab can be filtered to show the tasks
that have Completed With Errors. Tasks with errors are highlighted red.

NetBackup Command-Line Errors

Self Service works by running NetBackup Commands on the command line of the
master server. If there is a problem running a command, it is included in the error
in Self Service. Locating these errors is very helpful. Once you have an error with
a NetBackup Command line, you can copy the command and try running it manually
on the master server. This technique is useful for troubleshooting.

Errored Jobs in NetBackup Console

Check for any errors on the NetBackup Activity Monitor especially against Job Ids
that are identified.

Checking Template Policies

Template Policies must be configured in certain ways to function correctly. When
you check policy templates, refer to the Protection Levels tab in Admin. Make
sure that the Template meets all the criteria that are displayed when you select the
green tick that corresponds with its protection level.
 Troubleshooting 45
Impersonation of a tenant user

Synchronization Errors
Can be viewed as an MSP admin user in computer detail pop-up.

Details incorrect for computer

In the case that image or protection details don’t seem correct for a computer, run
Refresh NetBackup Data for the computer.

Tracing
Tracing can be configured to analyze problems on a more detailed level. This
method is a more advanced troubleshooting method. Do not attempt this method
without the assistance of support. See the ReadMe.txt in Services Site\Logs and
Panels Site\Logs.

Impersonation of a tenant user

You can impersonate a tenant-user to see their home page view, as well as perform
actions on their behalf.
From the home page, when you mouse-over the logged on user name, the option
Act as another user is displayed. If this option is selected, it displays a user list.
Select the required tenant-user and their home page view is displayed.

Issues with Remote PowerShell to Windows

master servers
Concurrent Remote PowerShell Connection Limits
The NetBackup master server limits the number of remote connections. The server
defaults are typically sufficient.
In high usage installations it may be necessary to increase this limit. If the limit is
exceeded the following error may occur:

NetBackup server name Connecting to remote server NetBackup server

name failed with the following error message : The WS-Management
service cannot process the request. The maximum number of concurrent
shells for this user has been exceeded. Close existing shells or
raise the quota for this user. For more information, see the
about_Remote_Troubleshooting Help topic.
 Troubleshooting 46
Issues with Remote PowerShell to Windows master servers

To increase the limit:

1 On the NetBackup master server, run the PowerShell command that is shown
to determine the number of connections allowed:
Get-Item WSMan:\localhost\Shell\MaxShellsPerUser

2 On the NetBackup master server, run the PowerShell command that is shown
to increase the number of connections allowed:
Set-Item WSMan:\localhost\Shell\MaxShellsPerUser interger_value

Concurrent User Operation Limits

Symptom of reaching this limit is an error similar to:

RunCommand failed.
"C:\Program Files\Veritas\NetBackup\bin\admincmd\bpimagelist"
"-d" "03/02/2015 09:58:11" "-e" "03/02/2015 11:58:11"
"-json_compact"
Run-Process script threw exception:
Starting a command on the remote server failed with the following
error message : The WS- Management service cannot process the
request. This user is allowed a maximum number of 15 concurrent
operations, which has been exceeded. Close existing operations for
this user, or raise the quota for this user. For more information,
see the about_Remote_Troubleshooting Help topic.

Windows 2012 defaults to 1500, Windows 2008 R2 defaults to 15. On the master
server, run the command that is shown to increase this limit:
winrm set winrm/config/Service
@{MaxConcurrentOperationsPerUser="1500"}

PowerShell Connection Pooling

By default, Windows locations use PowerShell Connection Pooling. This option
allows much higher throughput when you call PowerShell on the master server.
Higher throughput is achieved because every call does not require the computer
to create and destroy a new Run Space.
 Troubleshooting 47
Issues with Remote PowerShell to Windows master servers

Settings
Table 7-2 Location integration settings that are used for PowerShell
Connection Pooling

Name Details

NetBackup Use Pooled Connections In the event of problems with connection

pooling, it can be switched off by changing
this setting to False.

NetBackup Minimum Pool Size Minimum number of run spaces to keep in

the pool.

NetBackup Maximum Pool Size Maximum number of run spaces to keep in

the pool.

Diagnostics
The diagnostic tracing captures a large amount of information about the PowerShell
connection creation, use, and disposal.
The following PowerShell script can be used to find information about the
connections to a master server:

$machineName = 'master_server_machine_name'
$userName = 'user_name_-_same_as_the_location_integration_setting'
$password = '<password>'

$connectionURI = ('http://{0}:5985/wsman' -f $machineName)

$securePassword = ConvertTo-SecureString $password -AsPlainText -Force

$credential = New-Object System.Management.Automation.PSCredential
($userName, $securePassword)

$connections = Get-WSManInstance -ConnectionURI $connectionURI

-Credential $credential -ResourceURI shell -Enumerate #| where
{ $_.Owner -eq $userName }

if($connections.length -eq 0) { "There are no remote PowerShell

connections" }

$connections | ForEach-Object {
# To remove the connection, uncomment the line below
# Remove-WSManInstance -ConnectionURI $connectionURI shell
@{ShellID=$_.ShellID}
 Troubleshooting 48
Issues with Remote PowerShell to Windows master servers

$_
"Owner: {0}" -f $_.Owner
"HostName: {0}" -f (Resolve-DnsName $_.ClientIP | select
-expand NameHost)
"-------------------------------------------------------"
}

Monitoring Scheduled Tasks

Self Service runs a number of scheduled tasks in the background. These scheduled
tasks synchronize data between external systems and keep the user interface as
up to date as possible. The status and timing of these tasks is displayed to the left
of the Monitoring tab of the home page when logged on as non-tenant administrator
user.
The action cog is red if there are any problems running a particular task. If you click
the task name, the Scheduled Task Details window is displayed. This window
shows any error messages, which aids the troubleshooting process. You can resolve
errors and then click Run Now in the drop-down to retry the task.
The Activity area of the Monitoring tab displays tasks queued for action. If this
queue is over ten items and shows no sign of change over several minutes, there
could be a problem with the main task engine of Self Service. Make sure the
Windows Service is running and check for errors in Admin > Support > Error Log.

Table 7-3 Background tasks and descriptions

Background task Description

System Sync Imports backup images from all master

servers since the last time it ran. The task
expires old backup images and calculates
usage. This task runs once per day on
schedule.

System Update Performs system updates such as syncing

backup images and updating active requests.
This task runs once per minute on schedule.

VCloud Director Import Synchronizes the computers from vCloud

Director according to configured imports. This
task runs once per day on schedule but can
be initiated manually.
 Appendix A
NetBackup policy types
This appendix includes the following topics:

■ List of NetBackup policy types

List of NetBackup policy types

Table A-1 is a list of the Policy Types available in NetBackup and their associated
IDs. You must use these when you create the Policy Types Integration Setting.

Table A-1 Policy types and associated IDs

ID Name NetBackup Self Backup selection

Service

0 Standard Protection; file restore Defined in policy template and

applies to all clients in the policy.

2 FlashBackup-Windows Protection Defined in policy template and

applies to all clients in the policy.

4 Oracle Protection (client based Defined by a script that resides

only); database restore on the client.

6 Informix-On-BAR Not supported

7 Sybase Protection Defined by a script that resides

on the client.

8 MS-SharePoint Protection Defined in policy template and

applies to all clients in the policy.

10 NetWare Not supported

11 DataTools-SQL-BackTrack Not supported

 NetBackup policy types 50
List of NetBackup policy types

Table A-1 Policy types and associated IDs (continued)

ID Name NetBackup Self Backup selection

Service

12 Auspex-FastBackup Not supported

13 MS-Windows-NT Protection; file restore defined in policy template, applies

to all clients

14 OS/2 Not supported

15 MS-SQL-Server Protection (client based Defined by a script that resides

only); database restore on the client.

16 MS-Exchange-Server Protection Defined in policy template and

applies to all clients in the policy.

17 SAP Protection Defined by a script that resides

on the client.

18 DB2 Protection Defined by a script that resides

on the client.

19 NDMP Protection Defined in policy template and

applies to all clients in the policy.

20 FlashBackup Protection Defined in policy template and

applies to all clients in the policy.

21 Split-Mirror Not supported

22 AFS Not supported

24 DataStore Not supported

25 Lotus-Notes Not supported

27 OpenVMS Not supported

31 BE-MS-SQL-Server Not supported

32 BE-MS-Exchange-Server Not supported

34 Disk Staging Not supported

35 NBU-Catalog Not supported

37 CMS_DB Not supported

38 PureDisk Export Not supported

 NetBackup policy types 51
List of NetBackup policy types

Table A-1 Policy types and associated IDs (continued)

ID Name NetBackup Self Backup selection

Service

39 Enterprise Vault Not supported

40 VMware Protection (intelligent

policies); restore VM;
restore file

41 Hyper-V Protection (client based);

restore VM; restore file

42 NBU-Search Not supported

At this time, computers cannot be protected with snapshot-enabled policies. This

issue is a known issue.
 Appendix B
Dashboard traffic light
status and usage
This appendix includes the following topics:

■ About dashboard traffic light status and usage

■ Computers with a protection type

■ Computers without a Protection Type

■ Usage

About dashboard traffic light status and usage

The dashboard status panel shows the number of computers in a given protection
state: red, amber, or green. This color calculation is dependent on a computer
having a protection type.
Consumed capacity is visible as a total and by month.
If you are a tenant-user you see totals for your tenant. If you are a service provider,
you see totals reflecting the full estate.

Computers with a protection type

When a user selects a protection level from those available to a protection type,
this action adds the computer to one or more NetBackup policies. Self Service holds
a threshold (in hours) for each policy it is aware of. Evaluating the thresholds of all
the known policies that a computer is in determines its red, amber, or green status.
 Dashboard traffic light status and usage 53
Computers without a Protection Type

Table B-1 Computers with Protection Types

Color Computer state

Green Protection level applied, and all policies have

backups within their threshold

Amber No protection level has been applied to the

computer

Red Protection level applied, but one or more

policies have no backups, or the most recent
backup is outside of its threshold

Note: If a computer is in a NetBackup policy but no protection level is found, the

policy is not considered when the color status is determined.

Computers that are protected with only a Backup Now process are not included
in the count and are not shown as protected.

Computers without a Protection Type

When a computer does not have a protection type, the status always displays as
amber.

Usage
The Usage panel is split into two parts: the amount of consumed capacity as a total
and as a graph by month.
Consumed capacity is calculated from all non-expired images belonging to the
tenant. It can be expressed either as an absolute figure, in gigabytes, or in relation
to the amount of contracted space for the tenant. When consumed capacity is shown
in relation to contracted space, the value is shown both as a percentage and as an
absolute amount against that total.
 Appendix C
Synchronizing data from
NetBackup
This appendix includes the following topics:

■ About synchronizing data from NetBackup

About synchronizing data from NetBackup

Two different processes are responsible for synchronizing data from NetBackup to
Self Service. The processes are illustrated.
 Synchronizing data from NetBackup 55
About synchronizing data from NetBackup

Table C-1 Synchronization process and associated details

Synchronization process Details

Synchronization protection ■ Only synchronized when protection levels are configured.

For example, Self Service managing policies.
■ Searches the policies on NetBackup for client computers.
■ Displays the protection level against computer or container
(colored tick icons).
■ Self Service keeps local cache up to date itself with add
and remove protection requests.
■ Can be manually initiated in the Administration panel.

Synchronization catalog ■ Synchronizes the backup catalogs and transfers details

of all active images to Self Service.
■ Initial post-installation full synchronization that is carried
out in configurable batch sizes.
■ Regular task keeps records up to date at Self Service
with daily incremental synchronization.
■ Image records are matched against computers in the Self
Service inventory.
■ Self Service rolls up image size data per computer and
tenant on a nightly basis for summary dashboards.
■ Images for an individual computer are resynchronized on
a Backup Now request completion or when an
administrator manually initiates in the administration panel.
 Appendix D
NetBackup Self Service
data caching process
This appendix includes the following topics:

■ About NetBackup Self Service data caching process

■ NetBackup Data Synchronization

■ Backup Now

■ Protect computer

■ Unprotect computer

About NetBackup Self Service data caching

process
The NetBackup Adapter caches data about computers, protection, and backup
images for improved performance.
Scheduled Tasks run periodically to keep the data up to date. Scheduled tasks
include:
■ System Sync
■ Imports the backup images from all master servers since the last time it ran.
■ Expires the old backup images.
■ Calculates the usage.
■ Calculates the traffic light statuses.
■ Runs daily at 12:15 A.M. (UTC) by default.
 NetBackup Self Service data caching process 57
NetBackup Data Synchronization

■ System Update
This task processes the computers that are flagged for NetBackup data
synchronization. Imports the protection levels and backup images, then
recalculates traffic light statuses. Runs every minute by default.
■ vCloud Director Import
Synchronizes the computers from vCloud Director according to configured
imports. This task runs once per day at 12:30 A.M. (UTC) by default, but can
be initiated manually.

System Sync
■ Imports the images from the last day for all online locations. The import includes
a 24 hour overlap to get the backups that started but not completed when the
last System Sync took place.
■ Flags the expired images.
■ Updates the last backup time and calculates traffic light status.

Note: Adding a new location does not trigger any independent action in the system.
Any new synchronizations or ongoing synchronizations, such as getting backup
images or importing policies, now include this new location. Older images are not
imported without manual intervention. Click Refresh NetBackup Data or call the
API to import older images. These actions are required for every computer that may
have backups.

Integration settings
The Integration Settings that are listed are relevant to the System Sync:
■ Utilization Retention Period (Months) (NetBackup Adapter integration section)
The period of time which usage data and expired backup images are retained
for and the number of months displayed in the charts. After this period the usage
data and expired images are deleted in the System Sync.

NetBackup Data Synchronization

When a computer is imported, Refresh NetBackup Data is clicked, or
SyncNetBackupData is called in the API, the computer is flagged for synchronization.
This marks the computer as ready for synchronization and it is picked up by the
System Update. This process imports the protection and images, then recalculates
traffic light status.
The task processes batches of 100 computers for 5 minutes (by default) or until
there are no computers requiring import. Computers added longest ago are
 NetBackup Self Service data caching process 58
Backup Now

processed first. All computers have the same priority initially but if a Backup Now
is performed, that computer is marked as high priority.
If a synchronization fails, the synchronization is locked for a period of time. This
lock allows other computers without errors to be processed.

Integration Settings
The integration settings that are listed are relevant to the NetBackup Data
Synchronization:
■ Image Import Batch Processing (minutes) (NetBackup Adapter integration
section)
The System Update gets data for a period of time while there are computers
marked for synchronization. This defaults to five minutes.
■ Image Import Lock Delay (minutes) (NetBackup Adapter integration section)
This value defines how long to lock a computer image synchronization for a
computer if its image retrieval fails. This defaults to 60 minutes.

Backup Now
When a Backup Now request completes, the computer is flagged for synchronization
with high priority so that the computer synchronizes the new image as soon as
possible.

Protect computer
When a Protect Computer request completes, a task is queued to add the
protection level to the database and update the traffic light status.

Unprotect computer
When an Unprotect Computer request completes, a task is queued to remove the
protection level from the database and update the traffic light status.
 Appendix E
Integration settings
This appendix includes the following topics:

■ About integration settings

■ NetBackup Adapter

■ NetBackup Adapter Usage

■ NetBackup Adapter Access Rights

■ Action Request Types

■ NetBackup Location

■ vCloud Director import

About integration settings

Integration Settings are used to configure the integration between NetBackup Self
Service and NetBackup. Individual Settings are grouped within sections and are
accessed through Admin > Settings > More > Integration Settings. This section
includes the full list of Integration Settings relevant to the NetBackup Self Service
solution. Individual sections or settings are referred to throughout the document, in
the appropriate functional area.
Some settings have Allow Tenant Override set to yes. These settings typically
need to be configured on a per tenant basis and should not normally be completed
in the top-level Integration Settings. Instead they are configured under the details
for the specific tenant. The NetBackup Adapter Access Rights settings also have
the option of user override (System wide > tenant > user). More information about
access rights is available.
See “Access rights” on page 26.
 Integration settings 60
About integration settings

If an override setting is manually changed from the values automatically created

for the system-wide Integration Setting, that new value is ignored.
Most Tenant level integration settings are created from the home page but are
edited through Admin > Organization > Tenant, on a separate tab within each
tenant record. Accessing from within the tenant, only the settings that can be edited
at the tenant level are available.
The Integration Settings sections that are pre-shipped are:

Table E-1 Preset integration settings

Setting Details

NetBackup This section holds the settings which affect the whole of the solution.
Adapter There should be only one of these sections.

NetBackup This section controls the data and calculations in the Usage panel on
Adapter Usage the home page. There should be only one of these sections.

NetBackup This section determines what backup and restore actions are permitted
Adapter Access in the solution. There should be only one of these sections.
Rights

Action Request This section supports overwrite of specific shipped request types. There
Types should be only one of these sections.

The Integration Settings section that is generated from completion of an Add

Location or Add vCloud Director Import form are:

Table E-2 Generated integration settings

Setting Details

NetBackup This type of section contains details for connecting to a NetBackup

Location location master server. There can be multiple NetBackup Location sections:
one for each master server.

vCloud Import This type of section contains details of the vCloud Director instance.
import Computers are imported from here and this section determines the Self
Service location that is associated with the imported computers.
Individual tenant credentials are specified against the Tenant. You can
have multiple vCloud Director Import sections. More information is
available.

See “Registering computers” on page 27.

 Integration settings 61
NetBackup Adapter

NetBackup Adapter
This section holds the settings which affect the whole of the solution. There should
be only one of these sections.

Table E-3 NetBackup Adapter settings

Setting Tenant Details

Override

Report Customer Root Yes The path of a folder on the web server where this
tenant’s reports are stored.

Report File Extensions No A semicolon-separated list of file extensions can be

specified.

Contracted Space (TB) Yes The total amount of space, in terabytes, agreed for
use.

Optional value; if set, typically configured at tenant

level

Usage Retention No The number of months the historical rolled up data is

Period (months) retained for display in the home page Usage graph
and table.

Panels URL No The URL of the NetBackup Adapter Panels, the installer
sets this value initially.

Service URL No The URL of the NetBackup Adapter web services. The
installer sets this value initially.

Image Import Batch No The computer image load retrieves images for a period
Processing (minutes) of time while there are computers marked for
synchronization. This defaults to 5 minutes.

Image import lock No This setting determines how long to lock a computer
delay (minutes) synchronization for a computer if an error occurs during
image retrieval. The default is 60 minutes.

NetBackup Adapter Usage

This section controls the data and calculations in the Usage panel on the home
page. There should be only one of these sections.
 Integration settings 62
NetBackup Adapter Access Rights

Table E-4 Adapter settings

Setting Name Tenant Details

Override

Currency Code Yes The short currency code that is used on the home page
Usage list, to qualify the Charge column figure.

Cost (per GB) Yes Cost per gigabyte, used to calculate Charge.

Charging Type Yes The base parameter for whether the charge represents
new backups or used space, or whether no calculation
is made.

Options: New Backups, Consumed Capacity, or None.

NetBackup Adapter Access Rights

Determines the actions that are available from the home page for any listed
computer. The actions are system wide, for a specific tenant, or for an individual
tenant user. The actions are:
■ Backup Now
■ Protect Machine
■ Restore File
■ Restore VM
■ Unprotect Machine
■ Register for File Restore
■ Register for Protection
■ Restore SQL
■ Restore Oracle
This section also allows control of the home page Usage graph and Usage list.
There should be only one of these sections.

Table E-5 NetBackup Adapter Access Rights

Setting Name Tenant Details

Override

Allow Backup Now Yes To override this value at the user level, select for user
from the drop-down list. See the note that follows this
table.
 Integration settings 63
NetBackup Adapter Access Rights

Table E-5 NetBackup Adapter Access Rights (continued)

Setting Name Tenant Details

Override

Allow Protect Machine Yes To override this value at the user level, select for user
from the drop-down list. See the note that follows this
table.

Allow Restore File Yes To override this value at the user level, select for user
from the drop-down list. See the note that follows this
table.

Allow Restore VM Yes To override this value at the user level, select for user
from the drop-down list. See the note that follows this
table.

Allow Unprotect Yes To override this value at the user level, select for user
Machine from the drop-down list. See the note that follows this
table.

Allow Usage Report Yes To override this value at the user level, select for user
from the drop-down list. See the note that follows this
table.

Allow Register for File Yes To override this value at the user level, select for user
Restore from the drop-down list. See the note that follows this
table.

Allow Register for Yes To override this value at the user level, select for user
Protection from the drop-down list. See the note that follows this
table.

Allow Restore SQL Yes To override this value at the user level, select for user
from the drop-down list. See the note that follows this
table.

Allow Restore Oracle Yes To override this value at the user level, select for user
from the drop-down list. See the note that follows this
table.

Note: The recommendation is that you only set a system wide or tenant level flag.
An override at tenant user level should only be considered if the system-wide setting
is set to enabled.
More information about the configuration of tenants is available.
See “Configuring tenants” on page 24.
 Integration settings 64
Action Request Types

Action Request Types

This section supports overwrite of specific shipped request types. There should be
only one of these sections.
If you choose to change the shipped request type detail, create a copy of the shipped
request type first. Then the new request type is amended as required. Once that
is complete, the new request type can be activated and this section updated with
the new request type code. The shipped request type can then be deactivated.

Table E-6 Action Request Type

Setting Name Tenant Details

Override

DB Restore VM No The request type code that is associated with the

Restore VM dashboard option. Defaults to DBRESTVM.

DB Restore File No The request type code that is associated with the
Restore File dashboard option. Defaults to
DBRESTFILE.

DB Unprotect Machine No The request type code that is associated with the
Unprotect Machine dashboard option. Defaults to
DBREMBACK.

DB Register for File No The request type code that is associated with the
Restore Register for File Restore dashboard option. Defaults
to DBREGDNS.

DB Register for No The request type code that is associated with the
Protection Register for Protection dashboard option. Defaults to
DBREGPROT.

DB Restore SQL No The request type code that is associated with the
Restore SQL Database dashboard option. Defaults to
DBRESTSQL.

DB Restore Oracle No The request type code that is associated with the
Restore Oracle Backups dashboard option. Defaults
to DBRESTORA.

NetBackup Location
This section type contains details for connecting to a NetBackup master server.
There can be multiple NetBackup Location sections: one for each master server.
 Integration settings 65
NetBackup Location

Table E-7 Machine Location

Setting Tenant Details

Override

NetBackup server No The NetBackup Master server for this location.

Online No Indicates if the master server is considered online. The

system does not use the locations that are not online
in any way. Users are blocked from taking the actions
that affect the location. Used for planned maintenance
or in the event of an outage.

NetBackup User Name No The user name to connect to the NetBackup Master
server.

NetBackup Password No The password for connection to the NetBackup server.

If you use Public Key authentication, this password is
used as the passphrase to decrypt the user's private
key.

NetBackup Folder No The Location on the NetBackup Master server that the
NetBackup Commands are installed in. Default values
are:

C:\Program Files\Veritas\NetBackup for

Windows

/usr/openv/netbackup for UNIX

NetBackup OS No The Operating system of the NetBackup server.

NetBackup TimeZone No If the server time zone for the Self Service NetBackup
Adapter and your NetBackup Master server are the
same you do not need to configure the timezone.

If you need to edit the time zone, set the value to the
correct Microsoft Time Zone ID. You can find this ID
appended to the Time Zone name in the Server Time
Zone drop down on the Add Location form on the
home page.

NetBackup DateFormat No Specifies the format the master server expects dates
to be supplied in.

MM\/dd\/yyyy

See “Configuring Locations” on page 18.

 Integration settings 66
NetBackup Location

Table E-7 Machine Location (continued)

Setting Tenant Details

Override

NetBackup No Specifies the format the master server expects date

DateTimeFormat and time to be supplied in.

MM\/dd\/yyyy HH\:mm\:ss

See “Configuring Locations” on page 18.

NetBackup OpenSSH No For connection to UNIX master servers with Public Key
Key authentication. The key must be in the OpenSSH
format.

NetBackup Interactive No For connection to UNIX master servers when you use
Password Prompt Keyboard-Interactive authentication. This value
matches the prompt that the server sends when it
expects the password to be entered. The default value
is Password:.

NetBackup Use Pooled No Windows master servers Only. Enabled by default, and
Connections should be left on for normal usage. Controls pooling
of PowerShell connections to the master server.

NetBackup Minimum No Windows master servers Only. Used for support

Pool Size purposes only.

NetBackup Maximum No Windows master servers Only. Used for support

Pool Size purposes only.

Get Backups Chunk No When Self Service synchronizes computer backup

Size in Hours images from NetBackup, they are retrieved in batches
of this size. The system defaults to 25 but may need
to be reduced for very busy systems with lots of backup
activities. Reducing the number results in more calls
to NetBackup to retrieve a given number of images.
The total images that are retrieved remains the same.

Maximum backup No The maximum time a backup should take in hours on

duration (hours) NetBackup. Used by the synchronize engine to
estimate a buffer period when you synchronize backup
images. This value should be changed only if
synchronization problems occur.
 Integration settings 67
vCloud Director import

Table E-7 Machine Location (continued)

Setting Tenant Details

Override

NetBackup No Windows master servers: Set to Default or Credssp

Authentication to enable Credential Security Support Provider
Mechanism (CredSSP) authentication.

UNIX or Linux master servers: Set to Password,

KeyboardInteractive, or PublicKey.

Note: More information about editing the date and the time format is available.
https://msdn.microsoft.com/en-us/library/8kb3ddd4%28v=vs.110%29.aspx

vCloud Director import

This type of section contains details of the vCloud Director import process which
allows computers to be imported from a specific vCloud Director instance and
registered with NetBackup Self Service. The computers are imported on a tenant
by tenant basis using individual credentials. There can be multiple vCloud Director
Import sections.

Table E-8
Setting name Tennant Details
override

vCloud Api No This value should be set to the URL of the vCloud
Director API, in the format of
https://hostname/api/.

Location No The name of the NetBackup location the computers

are registered to

Online No Indicates if the vCloud Director instance is considered

online. Self Service does not use the instances that
are not online.

Ignore SSL Certificate No This option allows the Self Service to connect to vCloud
Errors Director instances where the SSL certificate is not valid.

vCloud username Yes The user name that the tenant uses to connect to the
vCloud Director API. Each tenant must have their own
credentials. It must be in the format userid@vOrg.
Must be set at the tenant level only.
 Integration settings 68
vCloud Director import

Table E-8 (continued)

Setting name Tennant Details

override

vCloud password Yes The tenant's corresponding vCloud Director password.

Must be set at the tenant level only.

Protection Type Code No The protection type that is applied to imported

computers.
 Appendix F
REST API
This appendix includes the following topics:

■ About the REST API

About the REST API

A REST API supports both administrative actions and operational actions against
the system, such as adding, protecting, and restoring computers.
Documentation for the API is found in the SDK folder in the installation directory.
The documentation for the API is also available online. The URL is included in the
ReadMe.txt file in the SDK directory.
 Appendix G
Glossary
This appendix includes the following topics:

■ Glossary

Glossary
Table G-1 Glossary of terms

Term Definition

Backup Now A user action in Self Service that creates a temporary Policy on the
master server and schedules it for immediate backup. The template
policy is deleted afterwards.

Computer Any physical or any virtual computer that the solution is aware of.

Customer Code A unique code that is used to identify the tenant in NetBackup Self
Service. This code is used in policy naming in NetBackup.

Image Sync Process where Self Service collects information about computer
backups from NetBackup.

Integration Settings Integration Settings are a flexible store of named settings with
values held in the Self Service Portal. All integrations settings can
be accessed as an Admin user from Admin > Settings >
Integration Settings. If they are configured with Tenant level
exceptions, you can access them from Admin > Organization >
Tenant > Integration.

Location A location represents a connection to a NetBackup master server.

Machine Any physical or any virtual machine that the solution is aware of.

NetBackup Self Service Term that is used to describe the whole solution.
 Glossary 71
Glossary

Table G-1 Glossary of terms (continued)

Term Definition

NetBackup Self Service Second part of a Self Service system; responsible for
Adapter communications with NetBackup.

NetBackup Self Service First part of a Self Service system, the solution’s main website.
Portal

Panels A sub area in the home page of the Self Service portal. Sometimes
called home page widgets.

Protect (computer) A user action in Self Service that results in a computer being
scheduled for regular backups through its addition to a NetBackup
Policy.

Protection Level A protection level represents a level of protection which can be

applied to a computer. Configuring protection levels means that
the users can maintain their own scheduled backups against
NetBackup Policies. This maps to template policies on each
NetBackup master server.

Protection type A protection type defines all the ways you can protect a computer.
This protection may be by a single protection level or by multiple
protection levels, for example to cover a mix of physical and virtual
computers. Scheduled protection and one-off backup require
different protection levels.

Refresh NetBackup Computer level manual or automated process to rebuild image

Data data, protection data, and traffic lights.

Register Machine The process used to update the Self Service system with information
about a tenant's computer.

Restore File/Folder A user action in Self Service that creates a job to restore a file or
folder in NetBackup.

Restore VM A user action in Self Service that creates a job to restore a virtual
machine in NetBackup.

Service Catalog The home page that is presented to users of the Self Service portal.
Can be edited from Admin > Service Catalog & Notices > Service
Catalog.

Service Provider Refers to the top-level organization administering the Self Service
system.

Template Policies Inactive NetBackup Policies on a master server the system uses
to create active policies for users.
 Glossary 72
Glossary

Table G-1 Glossary of terms (continued)

Term Definition

Tenant An organizational group of users. May be used as a business unit

within an enterprise scenario, or a customer for a service provider.
All users must be in a tenant.

Unprotect (computer) A user action in Self Service that results in a computer being
removed from a NetBackup Policy.

vCloud Director Import A computer source which allows automated import from vCloud
Director.

Web Services An API for the portal, can be used to automate adding Tenants,
users, etc. Sometimes referred to DAPI.