Comments in-line...
-----Original Message-----
From: veritas-bu-bounces AT mailman.eng.auburn DOT edu
[mailto:veritas-bu-bounces AT mailman.eng.auburn DOT edu] On Behalf Of Alley,
Chris
Sent: 06 October 2009 17:46
To: VERITAS-BU AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] Clustering and NBAC questions
I had a couple of questions and I was hoping one of you may have some
ideas, tips, advise, anything. :-)
Right now we have a single NetBackup 6.5.4 master server running on
RedHat Linux ES 4.0 and as far as security is concerned we are just
using OS level security. i.e. users are created at the server level
that have access to run the Java admin console. We typically lease our
servers for 3 years and the lease will be up in March. I have gone
through a few Master server lease returns so I am not worried about that
but I wanted to add that bit of information. I would like to accomplish
a few things in the coming months, but I want to make sure that
everything is done is the right order to minimize risk and extra,
unneeded work.
1. I would like to cluster the Master. At a minimum living at the same
datacenter, but optimally having the passive node offsite. Pretty sure
to do this I will need both Storage Foundation, and if I wanted to have
a passive offsite I would also need volume replicator.
>> Not necessarily, all you need is a method of keeping your storage
>> "In Sync" between sites. SF is not a requirement...
2. I would like to implement NBAC. Master being the root, but I had
plans on their being a windows AB so that I could use our domain
credentials. I would like to hand off some of the backup/restore
functions to others without giving them access to everything.
I may be mistaken in my understanding of clustering NetBackup but I
don't believe you can cluster a current standalone without going through
the process of rebuilding a new server and doing a catalog restore.
Confirm/deny?
>> It "can" be done but typically would require the use of SYMC
consultancy
>> as some manipulation of the EMM database is required. The process
>> to do this has not been documented externally to the best of my
knowledge...
What are the issues with or process for migrating the NBAC root off of
one server to another when a cluster is not involved. In other words,
if I put NBAC in, and we had to do the lease return before we have
clustered does anyone have the correct steps to take? I would imagine
there would be an issue with the certificates but I could be wrong.
>> The root broker is only needed for setting up certificates for AB's;
>> I know of at least one customer that has their root broker in a VM.
>> they just start the VM up whenever they need to provision another
>> AB or renew AB certificates (once per year if memory serves)
Finally, IF (big if) all of this was done prior to the lease return,
does that make things as easy as I am thinking they would be. Something
as simple as bringing a new server into the cluster, failing over to the
new server and removing the old one out.
>> really depends on how you configure everything - it could potentially
>> be as simple as that....
Sorry for the wall of text, but thank you in advance to anyone who can
assist.
Chris Alley, MCSE
Sr. Data Protection Administrator
Kforce Technology Services
813-552-1388
www.kforce.com
Great People = Great Results(r)
Confidentiality Notice: This email message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and/or privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy
all copies of the original.
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
