-
Home
- Getting Started
Requirements
System Requirements
Veritas NetBackup KM for PATROL supports the following operating systems:
Operating System | Version |
---|---|
AIX | 5.1 and higher |
HP-UX | 11 and higher |
Linux | All distributions |
Oracle Solaris | 8 and higher |
Windows | 2008 and higher |
Software Requirements
Veritas NetBackup KM for PATROL supports:
Software | Version |
---|---|
Veritas NetBackup | 5 and higher |
BMC PATROL Agent | Any version |
BMC PATROL Console | Any version |
BMC ProactiveNet Performance Management | 9.5 and higher |
BMC TrueSight Operations Management | 10 and higher |
BMC Helix Operations Management | 20 and higher |
Java | 1.8 and higher |
When running the KM on… | Fix |
---|---|
AIX managed nodes | Default ncargs value for processing bpdbjobs output may not be sufficient. Check this attribute using: lsattr -EH -l sys0 | grep ncargs . If the value is below 16, increase it using: chdev -l sys0 -a ncargs=16 |
Linux managed nodes | Korn shell binary (/bin/ksh ). Alternatively a soft link from /bin/ksh to /bin/bash will be needed. |
BMC PATROL Agent 11.0.00 on Windows | BMC patch 11.0.00.01: Patch 1 for BMC PATROL Agent 11.0.00 must be installed. |
For the Access Control List (ACL)
The KM stores all configuration information in the PATROL Agent configuration database (pconfig), under the /NBU/<node-id>
and /Runtime/NBU/<node-id>
paths. PATROL Agent user (default: patrol) should be able to read and write to these pconfig variables any time. If Access Control List (ACL) is used to control which users are authorized to connect to a PATROL Agent, please make sure that the mode for PATROL Agent user includes “C” in the PATROL Agent variable /AgentSetup/accessControlList
. Please refer to the PATROL Agent Reference Manual for more details.
To support bash shell platforms when ksh is not installed
To collect NetBackup stats when ksh was not installed on UNIX/Linux servers, you need to create a soft link for /bin/ksh
to /bin/bash
:
ln -s /bin/bash /bin/ksh
Security Requirements
A user account with administrative privileges must be configured in BMC PATROL or BMC TrueSight Operations Management to read and execute Veritas NetBackup application programs and access file systems. Depending on the operating systems used, several options will be available.
The following user accounts can be used:
-
On UNIX/Linux platforms:
- a root user
- a non-root user, such as patrol, that has Sudo privileges on NetBackup to execute application programs and access file systems
- a non-root account, such as patrol, configured in NetBackup application to administer the NetBackup application.
-
On Windows platforms:
- an administrator user
- a non-administrator account, such as patrol, configured in NetBackup application to administer the NetBackup application. Refer to the NetBackup System Administrator’s Guide for details on how to set up this type of account.
-
Users added to NBU_Admin user group in VxSS. Please make sure the credentials of this user do not expire using the utility nbac_cron.
The user login details are configured in the KM. The password is encrypted and stored in the PATROL Agent.
This user needs read & execute permission to executable and library files under the paths listed below. The Veritas NetBackup installation path INSTALL_PATH, referenced in the tables below is usually:
/usr/openv
(on UNIX/Linux)C:\Program Files\Veritas
(on Microsoft Windows)
Here are the executable and library files accessed by the Veritas NetBackup KM User:
UNIX/Linux | Microsoft Windows |
---|---|
INSTALL_PATH/netbackup |
INSTALL_PATH\NetBackup |
INSTALL_PATH/netbackup/bin |
INSTALL_PATH\NetBackup\bin |
INSTALL_PATH/netbackup/bin/admincmd |
INSTALL_PATH\NetBackup\bin\admincmd |
INSTALL_PATH/netbackup/bin/goodies |
INSTALL_PATH\NetBackup\bin\goodies |
INSTALL_PATH/volmgr/bin |
INSTALL_PATH\Volmgr\bin |
INSTALL_PATH/volmgr/bin/goodies |
INSTALL_PATH\Volmgr\bin\goodies |
INSTALL_PATH/db/bin |
|
INSTALL_PATH/lib |
C:\Program Files\Common Files\VERITAS Shared |
/usr/openwin/lib |
INSTALL_PATH\NetBackup\lib |
If the KM is enabled to failover in a clustered environment, the login user needs execute permissions to the following cluster commands:
/opt/VRTSvcs/bin/hagrp
(in Veritas Cluster Server)vxdctl
(in Veritas Cluster File System)/usr/cluster/bin/clrg
(in Oracle Solaris Cluster)cluster
(in Microsoft Cluster)
The Veritas NetBackup KM includes some scripts which should be executable by the PATROL Agent user and the Veritas NetBackup KM user. These scripts are stored under KM_HOME
path, normally <PATROL_HOME>/lib/NBU
.
Here are the paths and files accessed by the PATROL Agent User:
UNIX/Linux | Microsoft Windows |
---|---|
INSTALL_PATH/netbackup/db |
INSTALL_PATH\NetBackup\db |
INSTALL_PATH/volmgr/database |
INSTALL_PATH\Volmgr\database |
INSTALL_PATH/var |
INSTALL_PATH\NetBackup\var |
INSTALL_PATH/netbackup/db/error/daily_messages.log |
INSTALL_PATH\NetBackup\db\error\log_<timestamp> |
/var/adm/messages (on Solaris) |
|
/var/adm/syslog/syslog.log (on HP-UX) |
|
/var/log/messages (on Linux) |
On Windows platforms the Veritas NetBackup installation is identified by checking the Microsoft Windows Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Veritas\NetBackup\
The configured login user should have sufficient privileges to run regedit
command on the managed node.
Sudo User Settings
If a non-root user with sudo privileges is preferred as the KM user, configure the account as a sudoer through the visudo utility using the entry below. The KM accepts any non-root user with the following or equivalent sudo configuration in the sudoers file.
User_Alias NBUKMUSERS = <nbu-km-user>
Defaults:NBUKMUSERS !lecture,!authenticate,!requiretty,env_keep+="PATH INSTALL_PATH KM_HOME KM_TEMP",env_reset
NBUKMUSERS ALL=/bin/cat,/usr/bin/du,/usr/openv/netbackup/bin/admincmd/*,/usr/openv/volmgr/bin/*,/usr/openv/db/bin/*
<nbu-km-user> must be replaced with username used by the KM.
If there is a secure_path defined in the sudoers file, all binary paths listed in the sudoers file above should be listed:
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/openv/netbackup/bin/admincmd:/usr/openv/volmgr/bin:/usr/openv/db/bin
This KM user should be able to execute required NetBackup and Operating System commands on the command line with just the sudo
prefix to the command, without any sudo authentication. For example, the following commands show how to test the sudo settings:
[patrol@rt-netbck-vtl ~]$ export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/openv/netbackup/bin/admincmd:/usr/openv/volmgr/bin:/usr/openv/db/bin
[patrol@rt-netbck-vtl ~]$ sudo bpdbjobs -report -most_columns
17106,6,3,2524,catalog-backup,-,rt-netbck-vtl.internal.sentrysoftware.net,rt-netbck-vtl.internal.sentrysoftware.net,1624486390,0000000608,1624486998, ,2,,,,,0,,root,1,35,0,0,root,rt-netbck-vtl.internal.sentrysoftware.net,2,2,0,0,0,0,0,17106,,,,,,,,,,,,-1,0,0,1,0,0,rt-netbck-vtl.internal.sentrysoftware.net_1624486995,1,,0,0, ,,,,,
17105,17,3,1,,,,,1624464012,0000000010,1624464022,,1,,,,,100,21910,root,,,,85000,,rt-netbck-vtl.internal.sentrysoftware.net,,,,,,0,0,,,,,,,,,,,,,,,,,,,,,,,, ,,,,,
Here the KM user patrol is able to run the NetBackup command bpdbjobs using sudo without a password prompt and keep the user's PATH settings inside the sudo.
This PSL code can be used to list all commands used by Veritas NetBackup KM once the KM is installed. The commands that require sudo privileges are listed separately, if you prefer to restrict the sudoers entry to only those commands.
Listing the Commands
To list all OS and NetBackup commands used by the Veritas NetBackup KM, execute the following PSL code from the PATROL Console, using PSL Task menu, after installing and loading the KM.
foreach var (grep("^/Runtime/NBU/.*CommandControls/",pconfig("LIST")))
{
ctl=get(var);
opt=ntharg(grep("Option",ctl),"2-"," =");
nsa=ntharg(grep("NoSudoAttempt",ctl),"2-"," =");
sua=ntharg(grep("SingleUserAttempt",ctl),"2-"," =");
typ=ntharg(grep("CommandType",ctl),"2-"," =");
cmd=nthargf(grep("CommandText",ctl),"2-","=","=");
if(osp=="") { osp=trim(nthargf(grep("OSPlatform",ctl),"2-","=","="), " "); }
fields=lines(ntharg(var,"1-","/"));
old_host=host;
host=(fields == 5)? ntharg(var,"3","/") : "localhost";
if(host!=old_host)
{
if((osp!="WINDOWS") && sudoers) { printf("\n\nCommands used with sudo:\n%s",sort(sudoers)); }
printf("\n\nOn %s:\n\n", host);
i=0; sudoers=""; osp="";
}
if((typ == "")||(typ == "OS"))
{
met="";
if(opt == "NoLogin") { met = "(run as patrol user)"; }
elsif(nsa == "YES") { met = "(run as configured user without sudo)"; }
elsif(sua == "YES") { met = "(run as supplied user - used in menu)"; }
else
{
scmd=cmd;
s=index(scmd,"%sudo");
if(s) { scmd=replace(substr(scmd,s,length(scmd)),"%sudo",""); }
sudoers=union(sudoers,ntharg(ntharg(scmd,1,">|"),"1-"," "," "));
}
printf("(%2d) %-30s %-40s: %s\n",i++,ntharg(var,fields,"/"),met,cmd);
}
}
if((osp!="WINDOWS") && sudoers) { printf("\n\nCommands used with sudo:\n%s",sort(sudoers)); }
Disk Space Requirements
Veritas NetBackup KM requires approximately:
- 2.5 MBytes of available disk space on each monitored PATROL Agent system
- 3.5 MBytes of available disk space on each PATROL Console system
- 600 KBytes of available disk space on each PATROL Central Console Server system
- 1.4 MBytes of available disk space on each PATROL Central Web Server system
It is installed under the PATROL installation path.
When monitoring a standard installation of Veritas NetBackup, the PATROL Agent will generate approximately 250 KBytes of history data per day. An enterprise installation of Veritas NetBackup on a master server with multiple media servers, clients, robotic libraries, and standalone drives will generate more history data (as per other KMs used by the PATROL Agent). These history data files are recycled by PATROL depending on the PATROL Agent history retention period.
During execution, the KM creates and maintains temporary files under KM_TEMP
(default: <PATROL_HOME>/lib/NBU/tmp
) and KM_DEBUG
(default: <PATROL_HOME>/log
) paths, where <PATROL_HOME>
path is usually /opt/bmc/Patrol3/
(on UNIX/Linux) or C:\Program Files\BMC Software\Patrol3\
(on Microsoft Windows). Please make sure you have sufficient space under these paths. These folders should have read, write and execute permissions for the PATROL Agent user.
Remote Monitoring Requirements
Remote monitoring is required for all servers or appliances on which no PATROL Agent can be installed. This feature is also interesting if you lack resources or time to deploy a PATROL Agent and Veritas NetBackup KM on several servers since it allows to monitor multiple hosts from one agent.
Remote monitoring is not possible from a UNIX/Linux PATROL Agent system to a Windows-based NetBackup server.
Please refer to the sections below to find out the remote monitoring requirements:
Java Runtime Environment
Veritas NetBackup KM requires Java 1.8 or higher and a Java Runtime Environment (JRE) to be installed on the same system that runs the PATROL Agent.
The KM will automatically detect the JRE path if it has been installed in the default location or under the BMC PATROL Agent installation path. If it has been installed in a different location, you will have to set JAVA_HOME
for the PATROL Agent default account before starting the PATROL Agent.
You can download the Java Runtime Environment along with the KM on Sentry Software Web site.
NetBackup CLI User Account
A NetBackup CLI user is required to monitor NetBackup appliances remotely. To create a NetBackup user account:
-
Open an SSH session on the NetBackup appliance
-
Log on as
admin
-
Enter the following command:
Main > Manage > NetBackupCLI > Create <nbu-km-user> where <nbu-km-user> is the name to be used for the new user
-
Enter a password for this new user account
-
A confirmation message appears stating the new user account was created successfully.
This user should have the privileges to execute NetBackup and OS commands as described in the Security Requirements section.
SSH/WMI Connection
An SSH (UNIX/Linux platforms) or a WMI (Windows platforms) connection is required to monitor remote NetBackup servers and appliances. When using an SSH connection, the SSH host key authentication, which is enabled by default on most NetBackup servers and appliances, must be disabled on the remote host.
To disable the SSH host key authentication:
- Open the global SSH configuration file (
ssh_config
) stored in the/etc/ssh/
directory on the remote host - Add the line
StrictHostKeyChecking no
- Save the file.