Dell NetWorker Virtual Edition 19.

11
Deployment Guide

Dell Inc.

June 2024
Rev. 01
Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid
the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

© 1990 - 2024 Dell Inc. or its subsidiaries. All rights reserved. Dell Technologies, Dell, and other trademarks are trademarks of Dell Inc. or its
subsidiaries. Other trademarks may be trademarks of their respective owners.
 Contents

Figures..........................................................................................................................................5
Preface.........................................................................................................................................................................................6

Chapter 1: Overview of NetWorker Virtual Edition........................................................................10

Overview of NetWorker Virtual Edition........................................................................................................................ 10

Chapter 2: Deploying NetWorker Virtual Edition in VMware vSphere............................................ 11

Predeployment requirements and best practices....................................................................................................... 11
Solution requirements.................................................................................................................................................. 11
Virtual disk configuration best practices................................................................................................................ 12
Preconfiguration checklist......................................................................................................................................... 13
Verify the DNS configuration.................................................................................................................................... 13
Deploying the NVE appliance.......................................................................................................................................... 14

Chapter 3: Deploying the NetWorker Virtual Edition in Amazon EC2............................................ 20

Deploying the NetWorker Virtual Edition Appliance in Amazon EC2....................................................................20
Deploy NVE from the AWS Marketplace...............................................................................................................20
Deploying the NVE Virtual Machine from AWS Marketplace........................................................................... 20

Chapter 4: Deploying the NetWorker Virtual Edition with Microsoft Azure Resource Manager .... 22
Deploying the NetWorker Virtual Edition Appliance in Microsoft Azure Resource Manager......................... 22
Deploying the NVE Virtual Machine from Azure Marketplace..........................................................................22

Chapter 5: Deploying the NetWorker Virtual Edition with Google Cloud Platform........................ 25
Deploy NVE from the Google Cloud Platform Marketplace....................................................................................25

Chapter 6: Deploying the NetWorker Virtual Edition Appliance with Alibaba Cloud - Elastic
Compute Service...................................................................................................................... 27
Deploying the NetWorker Virtual Edition Appliance in Alibaba Cloud- Elastic Compute Service.................. 27

Chapter 7: Deploying the NetWorker Virtual Edition Appliance with Oracle Cloud........................29
Deploying the NetWorker Virtual Edition from the Oracle Cloud (OCI) Marketplace......................................29

Chapter 8: Configuring the NetWorker Virtual Edition................................................................. 31

Configuring NVE from NetWorker Installation Manager.......................................................................................... 31
Configuring NetWorker Virtual Edition as NetWorker Storage Node.................................................................. 33
Configuring NVE using NetWorker Installation Command Line Interface........................................................... 34
Launching the NetWorker Management Web UI...................................................................................................... 35
Starting the NMC server GUI for the first time........................................................................................................ 35
Launching the Networker Management Console ............................................................................................... 36
Configuring Postfix and NetWorker notifications..................................................................................................... 38
Configure the Postfix application............................................................................................................................ 38
Configuring NetWorker to send operation notifications by email....................................................................39
Edit policy notifications..............................................................................................................................................39

Contents 3
 Edit workflow notifications....................................................................................................................................... 39
Edit action notifications............................................................................................................................................. 40

Chapter 9: Upgrading the NetWorker Virtual Edition....................................................................41

Upgrade the NVE appliance using User Interface......................................................................................................41
Upgrading the NVE using CLI ....................................................................................................................................... 42

Chapter 10: Maintenance............................................................................................................. 44

Performing NVE appliance Security Rollup Update.................................................................................................. 44
Password maintenance.................................................................................................................................................... 44
Review password policies..........................................................................................................................................44
Modify passwords....................................................................................................................................................... 45
Expanding the Data Disk Capacity................................................................................................................................ 46
Federal Information Processing Standards................................................................................................................. 47
Display FIPS mode....................................................................................................................................................... 47
Enable FIPS mode........................................................................................................................................................47
Disable FIPS mode.......................................................................................................................................................47

Chapter 11: Configuring Firewall.................................................................................................. 48

NetWorker Virtual Edition firewall.................................................................................................................................48
Editing the Firewall in NVE............................................................................................................................................. 48
Configuring the NVE firewall.......................................................................................................................................... 49
Opening a firewall port...............................................................................................................................................49
Closing a firewall port................................................................................................................................................. 51
Removing a custom firewall rule..............................................................................................................................54
Configuring service port ranges on firewall.......................................................................................................... 55

Chapter 12: Troubleshooting and Best Practices......................................................................... 56

Best Practices and Recommendations........................................................................................................................ 56
Accessing NetWorker Virtual Edition using SSH....................................................................................................... 56
Enable SSH for root..........................................................................................................................................................56
Enable SSH for root for NVE running in Cloud.......................................................................................................... 57
Restore a lockbox manually............................................................................................................................................ 58
Support for NVE in Dual NIC configuration with different Subnets.....................................................................59
Binding to LDAP server error......................................................................................................................................... 59
NVE installation log files.................................................................................................................................................. 60
About NVE Server Data Backup....................................................................................................................................60
Backup of savesets in NVE server protection policy..........................................................................................60
Initiating a recovery.................................................................................................................................................... 60
Workaround to recover savesets using saveset recovery option................................................................... 60
Security hardening for non-admin or non-root users................................................................................................61
Reset ssh rootid passphrase...........................................................................................................................................62

4 Contents
 Figures

1 Select source page...................................................................................................................................................14

2 Review details page................................................................................................................................................. 15
3 End User License Agreements page.................................................................................................................... 15
4 Select a name and folder page..............................................................................................................................16
5 Select a resource page............................................................................................................................................16
6 Select storage page................................................................................................................................................. 17
7 Setup networks page...............................................................................................................................................17
8 Customize template page.......................................................................................................................................18
9 Recent Tasks............................................................................................................................................................. 18
10 Summary tab..............................................................................................................................................................19
11 Welcome to the NMC Server Configuration Wizard page.............................................................................37
12 Specify a list of managed NetWorker servers page........................................................................................ 37
13 NetWorker in Dual NIC configuration................................................................................................................. 59

Figures 5
 Preface
As part of an effort to improve product lines, periodic revisions of software and hardware are released. Therefore, all versions of
the software or hardware currently in use might not support some functions that are described in this document. The product
release notes provide the most up-to-date information about product features.
If a product does not function correctly or does not function as described in this document, contact a technical support
professional.
NOTE: This document was accurate at publication time. To ensure that you are using the latest version of this document,
go to the Dell Support site.

Purpose
This document describes how to set up NetWorker Virtual Edition in a NetWorker environment.

Audience
This guide is part of the NetWorker documentation set, and is intended for use by system administrators during the installation
and setup of the NetWorker software.

Revision history
The following table presents the revision history of this document.

Table 1. Revision history

Revision Date Description
01 June, 2024 First release of this document for NetWorker 19.11.

Related documentation
The NetWorker documentation set includes the following publications, available on the Support website:
● NetWorker E-LAB Navigator

Provides compatibility information, including specific software and hardware configurations that NetWorker supports. To
access E-LAB Navigator, go to elabnavigator.
● NetWorker Administration Guide

Describes how to configure and maintain the NetWorker software.

● NetWorker for Network Data Management Protocol (NDMP) User Guide

Describes how to use the NetWorker software to provide data protection for NDMP filers.
● NetWorker Cluster Integration Guide

Contains information that is related to configuring NetWorker software on cluster servers and clients.
● NetWorker Installation Guide

Provides information about how to install, uninstall, and update the NetWorker software for clients, storage nodes, and
servers on all supported operating systems.
● NetWorker Update Guide

Describes how to update the NetWorker software from a previously installed release.
● NetWorker Release Notes

6 Preface
 Contains information about new features and changes, fixed problems, known limitations, environment, and system
requirements for the latest NetWorker software release.
● NetWorker Command Reference Guide

Provides reference information for NetWorker commands and options.

● NetWorker and Data Domain Boost Integration Guide
Provides planning and configuration information about the use of Data Domain devices for data deduplication backup and
storage in a NetWorker environment.
● NetWorker Performance Optimization Planning Guide

Contains basic performance tuning information for NetWorker.

● NetWorker Server Disaster Recovery and Availability Best Practices Guide
Describes how to design, plan for, and perform a step-by-step NetWorker disaster recovery.
● NetWorker Snapshot Management Configuration Guide
Describes the ability to catalog and manage snapshot copies of production data that are created by using mirror technologies
on storage arrays.
● NetWorkerSnapshot Management for NAS Devices Configuration Guide
Describes how to catalog and manage snapshot copies of production data that are created by using replication technologies
on NAS devices.
● NetWorker Security Configuration Guide
Provides an overview of security configuration settings available in NetWorker, secure deployment, and physical security
controls needed to ensure the secure operation of the product.
● NetWorker and VMware Integration Guide

Provides planning and configuration information about the use of VMware in a NetWorker environment.
● NetWorker Error Message Guide

Provides information about common NetWorker error messages.

● NetWorker Licensing Guide

Provides information about licensing NetWorker products and features.

● NetWorker REST API documentation

Contains the NetWorker APIs and includes tutorials to guide you in their use.
● CloudBoost Integration Guide

Describes the integration of NetWorker with CloudBoost.

● CloudBoost Security Configuration Guide

Provides an overview of security configuration settings available in NetWorker and Cloud Boost, secure deployment, and
physical security controls needed to ensure the secure operation of the product.
● NetWorker Management Console Online Help

Describes the day-to-day administration tasks that are performed in the NetWorker Management Console and the
NetWorker Administration window. To view the online help, click Help in the main menu.
● NetWorker User Online Help

Describes how to use the NetWorker User program, which is the Windows client interface, to connect to a NetWorker
server to back up, recover, archive, and retrieve files over a network.

Typographical conventions
The following type style conventions are used in this document:

Table 2. Style conventions

Formatting Description
Bold Used for interface elements that a user specifically selects or clicks, for example, names of
buttons, fields, tab names, and menu paths. Also used for the name of a dialog box, page,
pane, screen area with title, table label, and window.

Preface 7
Table 2. Style conventions (continued)
Formatting Description
Italic Used for full titles of publications that are referenced in the text.
Monospace Used for:
● System code
● System output, such as an error message or script
● Pathnames, file names, file name extensions, prompts, and syntax
● Commands and options
Monospace italic Used for variables.
Monospace bold Used for user input.
[] Square brackets enclose optional values.
| Vertical line indicates alternate selections. The vertical line means or for the alternate
selections.
{} Braces enclose content that the user must specify, such as x, y, or z.
... Ellipses indicate non-essential information that is omitted from the example.

You can use the following resources to find more information about this product, obtain support, and provide feedback.

Where to find product documentation

● Dell Customer Support
● Dell Community Network

Where to get support

The Support website Dell Customer Support provides access to product licensing, documentation, advisories, downloads, and
how-to and troubleshooting information. The information can enable you to resolve a product issue before you contact Support.
To access a product-specific page:
1. Go to Dell Customer Support.
2. In the search box, type a product name, and then from the list that appears, select the product.

Knowledgebase
The Knowledgebase contains applicable solutions that you can search for either by solution number (for example, KB000xxxxxx)
or by keyword.
To search the Knowledgebase:
1. Go to Dell Customer Support.
2. On the Support tab, click Knowledge Base.
3. In the search box, type either the solution number or keywords. Optionally, you can limit the search to specific products by
typing a product name in the search box, and then selecting the product from the list that appears.

Live chat
To participate in a live interactive chat with a support agent:
1. Go to Dell Customer Support.
2. On the Support tab, click Contact Support.
3. On the Contact Information page, click the relevant support, and then proceed.

8 Preface
Service requests
To obtain in-depth help from Licensing, submit a service request. To submit a service request:
1. Go to Dell Customer Support.
2. On the Support tab, click Service Requests.
NOTE: To create a service request, you must have a valid support agreement. For details about either an account or
obtaining a valid support agreement, contact a sales representative. To find the details of a service request in the Service
Request Number field, type the service request number, and then click the right arrow.

To review an open service request:

1. Go to Dell Customer Support.
2. On the Support tab, click Service Requests.
3. On the Service Requests page, under Manage Your Service Requests, click View All Dell Service Requests.

Online communities
For peer contacts, conversations, and content on product support and solutions, go to the Dell Community Network.
Interactively engage with customers, partners, and certified professionals online.

How to provide feedback

Feedback helps to improve the accuracy, organization, and overall quality of publications. Perform one of the following steps to
provide feedback:
● Go to Dell Content Feedback Platform, and submit a ticket.
● Send feedback to DPADDocFeedback.

Preface 9
 1
Overview of NetWorker Virtual Edition
This chapter includes the following topic:
Topics:
• Overview of NetWorker Virtual Edition

Overview of NetWorker Virtual Edition

NetWorker® Virtual Edition (NVE) is a NetWorker Server that runs as a virtual machine in VMware and cloud environment.
NVE integrates the latest version of the NetWorker software with SuSE Linux as a VMware virtual machine. NVE can also be
configured as Storage Node only.
NOTE: You cannot update a NetWorker Server that resides on a physical host to an NVE appliance.

10 Overview of NetWorker Virtual Edition

 2
Deploying NetWorker Virtual Edition in
VMware vSphere
This chapter includes the following topics:
Topics:
• Predeployment requirements and best practices
• Deploying the NVE appliance

Predeployment requirements and best practices

Before you deploy an NVE virtual machine, review the predeployment requirements and best practices in the following sections.

Solution requirements
This section outlines the solution requirements for the NetWorker Virtual Edition in the following environments.
● VMware vSphere
● Amazon Web Services (AWS) EC2
● Microsoft Azure
● Google Cloud Platform (GCP)
● Alibaba Cloud-Elastic Compute Service
● Oracle Cloud- OCI

WAN requirements
The following points provide the WAN requirements for the NetWorker Virtual Edition.
● Greater than or equal to 100 Mb/s bandwidth
● Less than or equal to 100 ms RTT latency

System requirements
The following table defines the minimum system requirements for each size of NVE. When creating the Azure or AWS or GCP
or Alibaba Cloud instance or Oracle Cloud (OCI), you should select the appropriate instance type for the minimum system
requirements for the NVE.

Table 3. Minimum requirements for vSphere, Azure, AWS, GCP, Alibaba Cloud or Oracle Cloud (OCI)
- Small workload Medium workload High workload
NVE root disk space 126 GB 126 GB 126 GB
Data disk space 600 GB 1200 GB 2400 GB
Azure instance D4S_V3 Standard D4S_V3 Standard D8S_V3 Standard
AWS instance m4.xlarge, m5.xlarge m4.xlarge, m5.xlarge m4.2xlarge, m5.2xlarge
GCP instance e2/n2/c2-standard-4 e2/n2/c2-standard-4 e2/n2/c2-standard-8
vSphere - - -

Deploying NetWorker Virtual Edition in VMware vSphere 11

Table 3. Minimum requirements for vSphere, Azure, AWS, GCP, Alibaba Cloud or Oracle Cloud
(OCI) (continued)
- Small workload Medium workload High workload
Alibaba cloud instance ecs.g6.xlarge ecs.g6.xlarge ecs.g6.2xlarge
Oracle Cloud (OCI) VM.Standard3.Flex*/ VM.Standard3.Flex*/ VM.Standard3.Flex*/
VM.Standard.E4.Flex* VM.Standard.E4.Flex* VM.Standard.E4.Flex*
Number of jobs performed per Up to ten thousand Up to fifty thousand Up to one hundred thousand
day

NOTE: For information related to IOPS, memory, cores, network and disk sizing, see NetWorker Performance and
Optimization planning guide

NOTE: *Modify the CPU or memory slider for Oracle Cloud as per the requirements. Small workloads—4CPU/16GB,
Medium/High workloads—8CPU/32GB.

VMware ESX System Requirements

Networker Virtual Edition (NVE) supports the following VMware versions:
● VMware vCenter 6.5, 6.7, 7.0, and 7.0 U1, U2, U3
● ESXi 6.5, 6.7 and 7.0

Port requirements
As with all networked software solutions, adhering to best practices for security is encouraged to protect the deployment. If
the ports in the following table are not configured before you configure the NetWorker Virtual Edition appliance, restart the
NetWorker Virtual Edition appliance.
The following table outlines the port requirements.

Table 4. Port requirements

Out In TCP port Description
Administrator workstation NetWorker Virtual Edition 22 SSH for maintenance and troubleshooting
appliance
Administrator workstation NetWorker Virtual Edition 23 Optional for Telnet
appliance
Administrator workstation NetWorker Virtual Edition 443 HTTPS to NVE local appliance
appliance administration page which is used internally.
Administrator workstation NetWorker Virtual Edition 7543 HTTPS access to the NVE appliance
appliance administration page

For information about NetWorker Server port requirement, see the NetWorker Security Configuration Guide.

Virtual disk configuration best practices

ESXi supports multiple disk formats. For NVE virtual machines, the initial configuration is thick provision lazy zeroed.
After the initial deployment, if you configure the virtual disks for the thick provision eager zeroed, you will get better initial
performance because the first write to the disk will require fewer operations.
NOTE: VMware documentation provides information about converting lazy zeroed virtual disks to eager zeroed virtual
disks. Converting a disk from thick provisioned lazy zeroed to thick provisioned eager zeroed is time-consuming and can
consume a significant number of storage I/O processes.
A virtual machine that runs NVE aggressively uses disk I/O and is almost never idle. VMware recommendations for appropriate
resources for high-performance database virtual machines are generally applicable to an NVE virtual machine. In particular, a

12 Deploying NetWorker Virtual Edition in VMware vSphere

storage pool that is allocated from a group of dedicated physical disks in a RAID 1 (mirror) or RAID 10 (combines RAID 0 with
RAID 1) configuration provides the best performance.

Preconfiguration checklist
Before you deploy the NVE appliance, gather the following information.

Table 5. Preconfiguration checklist

Completed? Information
● Yes/No Network configuration details:
● Yes/No ● Additional DNS search domains
● Yes/No ● DNS servers
● Yes/No ● Hostname FQDN
● Yes/No ● IPv4 or IPv6 Address and Mask/Prefix
● Yes/No ● IPv4 or IPv6 Default Gateway
● NTP Servers
● Yes/No Ensure that the following firewall ports are open between the NetWorker Server and the Dell
● Yes/No License Server:
● Yes/No ● 27000
● 27010
● 51000
NOTE: These ports are not required for NetWorker Virtual Edition running with unserved
license

● Yes/No Data Domain system information (when DD Boost devices are used):
● Yes/No ● IP address of the Data Domain system
● Yes/No ● Administrator account name
● Yes/No ● Password of the administrator account
● Yes/No ● Storage folder location
● Yes/No ● DDBoost user username
● Yes/No ● Password of the DDBoost user
● SNMP community string

Verify the DNS configuration

Before you deploy the NVE, ensure that the DNS server is configured correctly for the hostname and IP address of the vCenter
server and the NVE appliance. Incorrect name resolution results in runtime errors and configuration issues.
From a command prompt on the vCenter server, type the following commands:
1. To perform a reverse DNS lookup of the IP address of the NVE, type the following command:
nslookup NVE_IP_address DNS_Server_IP_address
The IP address configuration is correct when the nslookup command returns the fully qualified domain name (FQDN) of
the NVE.
2. To perform a forward DNS lookup of the FQDN of the NVE, type the following command:
nslookup NVE_FQDN DNS_Server_IP_address
The FQDN configuration is correct when the nslookup command returns the correct IP address of the NVE.
3. To perform a reverse DNS lookup of the IP address of the vCenter server, type the following command:
nslookup vCenter_IP_Address DNS_Server_IP_address
The IP address configuration is correct when the nslookup command returns the FQDN of the vCenter server.
4. To perform a forward DNS lookup of the FQDN of the vCenter server, type the following command:
nslookup FQDN_of_vCenter DNS_Server_IP_address
The FQDN configuration is correct when the nslookup command returns the correct IP address of the vCenter Server.

Deploying NetWorker Virtual Edition in VMware vSphere 13

If the nslookup commands return the proper information, close the command prompt. If the nslookup commands do not
return the correct information, before you install NVE, resolve the DNS configuration.

Deploying the NVE appliance

NVE uses an open virtualization format template (OVF Template) to deploy and configure the appliance. The OVF template is
distributed as an open virtual appliance (OVA) package.
Download and install the vSphere Web Integration Client Plug-in on a host that has network access to the vCenter server that
manages the NVE appliance.
Perform the following steps from a host that has the vSphere Web Integration Client Plug-in and network access to the vCenter
server.
NOTE: The following procedure and screenshots are specific to vCenter 6.0. Other vCenter server versions might display
the information in the deployment screens differently.
1. Download the NVE OVA package from Dell Support.
2. Connect to the vCenter server by using the VMware vSphere Web Client. On the Login screen, specify a user account that
has administrative rights.
3. In the vCenter server console, browse to vCenter > vCenter server.
4. Right-click the vCenter server that manages the NVE appliance and select Deploy OVF template.
The Deploy OVF Template wizard is displayed.
5. On the Select source page, select one of the following options, and then click Next.
● URL—Type the path to the OVA file.
● Local file—Click Browse, and then search for the OVA file.
The following figure provides an example of the Select source page.

Figure 1. Select source page

6. On the Review details page, verify the details about the template, and then click Next.
The following figure provides an example of the Review details page.

14 Deploying NetWorker Virtual Edition in VMware vSphere

 Figure 2. Review details page
7. On the End User License Agreement page, if you agree to the license terms, click Accept, and then click Next.
The following figure provides an example of the Accept License Agreements page.

Figure 3. End User License Agreements page

8. On the Select a name and folder page page, type a descriptive name for the NVE, select the inventory location, and then
click Next.
The following figure provides an example of the Select a name and folder page with a Datacenter named Burlington IDD
lab selected.

Deploying NetWorker Virtual Edition in VMware vSphere 15

 Figure 4. Select a name and folder page
9. On the Select a resource page, select the ESXi host, cluster, vApp, or resource pool on which to run the deployed
template, and then click Next.
The following figure provides an example of the Select a resource page with an ESXi host selected.

Figure 5. Select a resource page

10. On the Select storage page, perform the following configuration tasks:
a. In the Select virtual disk format field, leave the default selection Thick Provisioned Lazy Zeroed.
b. In the VM Storage Policy field, select a storage policy.
c. In the Storage table, select the datastore for NVE.
d. Click Next
NOTE: System requirements contains details about the disk requirements.

The following figure provides an example of the Select storage page with a VNX datastore selected.

16 Deploying NetWorker Virtual Edition in VMware vSphere

 Figure 6. Select storage page
11. On the Setup networks page, select the destination network, and then click Next.
The following figure provides an example of the Setup networks page.

Figure 7. Setup networks page

12. On the Customize template page, perform the following configuration tasks, and then click Next:
a. In the Additional DNS Search Domains field, type additional DNS search domains, which are comma-separated.
b. In the DNS Server(s) field, type the IP address of up to three DNS servers, which are comma-separated.
c. In the Hostname FQDN field, type the fully qualified domain name (FQDN) for the NVE appliance.
d. In the IPv4 Address and Mask/Prefix field, type the IPv4 address and netmask for the NVE appliance.
e. In the IPv4 Default Gateway field, type the IPv4 address of the gateway host.
f. If deployed in an IPv6 environment, in the IPv6 Address and Prefix field, type the IPv6 address and netmask for the
NVE appliance.
g. If deployed in an IPv6 environment, in the IPv6 Default Gateway field, type the IPv4 address of the gateway host.
h. In the NTP Server(s) field, type the NTP server name, which is comma-separated.
NOTE: In the VMware deployment, ignore the VMC specific fields.

The following figure provides an example of the Customize template page.

Deploying NetWorker Virtual Edition in VMware vSphere 17

 Figure 8. Customize template page
13. On the Ready to complete page, confirm the deployment settings, select Power on after deployment, and then click
Finish.
The deployment might take several minutes. After the deployment completes, the Recent tasks section of the vSphere
Web Client displays the status of the Deploy OVF template task as Completed. The following figure provides an example
of the Recent Tasks window after the deployment completes.

Figure 9. Recent Tasks

14. In the vCenter console, browse to the Hosts window and select the NVE virtual machine. To monitor the progress of the
installation, open the Virtual Console.
15. On the Summary tab, verify that the status for VMware Tools changes to Running or Unmanaged.
The following figure provides an example of the Summary tab where the status of VMware Tools is displayed as Running.

18 Deploying NetWorker Virtual Edition in VMware vSphere

 Figure 10. Summary tab
For information about configuring the NetWorker Virtual Edition, see the topic Configuring the NetWorker Virtual Edition

Deploying NetWorker Virtual Edition in VMware vSphere 19

 3
Deploying the NetWorker Virtual Edition in
Amazon EC2
This chapter includes the following topics:
Topics:
• Deploying the NetWorker Virtual Edition Appliance in Amazon EC2

Deploying the NetWorker Virtual Edition Appliance in

Amazon EC2
You can deploy the NetWorker Virtual Edition Appliance in Amazon EC2 By using the NVE Amazon Machine Image (AMI) image
in the AWS marketplace.

Deploy NVE from the AWS Marketplace

The following topics describe how to deploy an NVE virtual machine by using the AMI image in the AWS Marketplace, and then
prepare the virtual machine for NetWorker Virtual Edition software installation. This method saves time by eliminating the need
to upload and convert an NVE virtual appliance file.
Before you can use the AMI image in the AWS Marketplace, you must subscribe to NVE and accept the software terms.
Subsequent launches omit these steps.
The AWS documentation provides more information about subscribing to software and the different methods of deploying
virtual machine instances.

Deploying the NVE Virtual Machine from AWS Marketplace

If you have already subscribed to the NVE marketplace image in the AWS Marketplace, the following instructions launch an
instance of the NVE virtual machine from the EC2 dashboard.
1. Open the AWS EC2 Console and select the correct region.
2. From the EC2 console dashboard, click Launch Instance.
The Choose an Amazon Machine Image (AMI) page appears.
3. Select the AWS Marketplace category.
4. Search the AWS Marketplace for NetWorker Virtual Edition, and then locate the latest version of the NetWorker
Virtual Edition.
5. Click Select.
The Choose an Instance Type page appears.
6. For Step 2: Choose an Instance Type, select the correct instance type.
For more information on system requirement, see System requirements
7. Click Add Storage from the ribbon bar at the top of the page.
8. Click Add New Volume.
● For Size, type the size as per your requirement. System requirements provides information about the required disk size.
● For Volume Type, because SSD volumes have better performance than volumes other volume types, NVE recommends
SSD for all volumes. However, SSD volumes incur a larger cost. You should balance performance and budget when
selecting the volume type.
Perform this step for NVE root disk and data disk.

20 Deploying the NetWorker Virtual Edition in Amazon EC2

9. Click Step 6: Configure Security Group. Create or select a security group.
NOTE: Port requirements contains information about the required settings for security groups that are used with NVE
on AWS.

10. Complete the rest wizard as appropriate. At Step 7: Review Instance Launch, select the key pair that you created in a
previous step, then click Launch Instance.
11. Before you can connect to the NetWorker Virtual Edition appliance, you must download the private key.
NOTE: Save the private key in a secure and accessible location. After the private key is created, you will be unable to
download the private key again.

The NetWorker Virtual Edition appliance starts in Amazon EC2.

12. Change the NVE hostname from AWS assigned DNS to a custom DNS.
By configuring a custom DNS in AWS cloud, you can control the length of the NVE hostname. For best practices and
recommendation on configuring DNS, see Best Practices and Recommendations
a. Login to the NVE using an SSH as an admin user.
NOTE: The default password is the private ip address of the NVE.

b. Switch to super user by entering the command sudo su.

c. Update the /etc/hosts file with the custom FQDN and shortname.
d. Update the /etc/resolv.conf file with the Name Server and custom search DNS.
e. Update the /etc/HOSTNAME with new FQDN.
f. Restart the NVE using by the reboot command.

NOTE: You must run this procedure before taking the backup.

Configure the NetWorker Virtual Edition. To configure NetWorker Virtual Edition, refer Configuring the NetWorker Virtual
Edition

Deploying the NetWorker Virtual Edition in Amazon EC2 21

 4
Deploying the NetWorker Virtual Edition with
Microsoft Azure Resource Manager
Use the procedures in this section to deploy NetWorker Virtual Edition with Microsoft Azure Resource Manager (ARM).
Topics:
• Deploying the NetWorker Virtual Edition Appliance in Microsoft Azure Resource Manager

Deploying the NetWorker Virtual Edition Appliance in

Microsoft Azure Resource Manager
You can deploy the NetWorker Virtual Edition (NVE) from the Microsoft Azure marketplace.

Deploying the NVE Virtual Machine from Azure Marketplace

The NetWorker Virtual Edition (NVE) software is available in the Microsoft Azure marketplace.
NOTE: For security considerations, deploy NVE in a private network and configure a secure gateway from which you can
install, configure, and manage the NetWorker server.
1. Open the Azure portal at Azure Portal and log in to the Azure account.
2. In the Azure Marketplace, search for NetWorker Virtual Edition and locate the latest version of the Dell NetWorker Virtual
Edition.
3. To start the NetWorker Virtual Edition Deployment wizard, click Create.
4. Configure the basic settings for the virtual machine:
a. In the Name field, type a name for the virtual machine.
b. In the VM disk type field, select HDD.
c. In the User name field, type a username.
d. In the Authentication type field, select one of the following options:
● In the SSH Public Key field, type the public key.
● In the Password field, type the password.
e. Verify the subscription information.
f. In the Resource Group, perform one of the following steps:
● To create a resource group, click Create new.
● To select a resource group, click Use existing and then select the resource group that you would like to use.
g. In the Location field, select a location to deploy the virtual machine.
h. Click OK to continue.
5. Choose the size of the virtual machine:
a. Select the VM size that you would like to deploy.
See the System requirements.
b. Click Select to continue.
6. Configure settings for the virtual machine.
a. In the Availability set field, keep the default setting of None.
b. In the Storage field, keep the default setting of Yes.
c. In the Virtual network field, select an existing or create a new virtual network.
d. In the Subnet field, select a subnet.

22 Deploying the NetWorker Virtual Edition with Microsoft Azure Resource Manager
 e. In the Public IP address field, keep the default settings to create a Public IP address.
f. In the Network security group (firewall) field, click Advanced, and select the Network security group to add inbound
and outbound rules.

Table 6. Required inbound and outbound ports for NVE

Type Priority Name Port Protoc Source Destinati Action
ol on
Inbound 1000 TCP_inbound_rule_1 9000–9001 TCP Any Any Allow
Inbound 1010 TCP_inbound_rule_2 8080 TCP Any Any Allow
Inbound 1030 TCP_inbound_rule_3 22 TCP Any Any Allow
Inbound 1060 TCP_inbound_rule_4 9090 TCP Any Any Allow
Inbound 1100 TCP_inbound_rule_5 443 TCP Any Any Allow
Inbound 1101 TCP_inbound_rule_7 7543 TCP Any Any Allow
Inbound 1150 TCP_inbound_rule_6 7937–7954 TCP Any Any Allow
Inbound 65000 AllowVnetInBound Any Any VirtualNetwo VirtualNet Allow
rk work
Inbound 65001 AllowAzureLoadBalanc Any Any AzureLoadBa Any Allow
erInBound lancer
Inbound 65500 DenyAllInBound Any Any Any Any Deny
Outbound 1000 HTTPS 443 TCP Any Any Allow
Outbound 65000 AllowVnetOutBound Any Any VirtualNetwo VirtualNet Allow
rk work
Outbound 65001 AllowInternetOutBoun Any Any Any Internet Allow
d
Outbound 65500 DenyAllOutBound Any Any Any Any Deny

g. In the Extensions field, keep the default setting of No extensions.

h. In the Enable auto-shutdown field, keep the default setting of Off.
i. In the Boot diagnostics field, keep the default setting of Enabled.
j. In the Guest OS diagnostics field, keep the default setting of Disabled.
k. In the Diagnostics storage account field, select an existing or create a storage account.
l. In the Managed service identity field, keep the default setting of No.
m. Click OK to continue.
7. Review the summary for the NetWorker Virtual Edition (NVE) and then click Create.
After launching the instance, the NVE initializes and restarts automatically. This process takes 15–25 minutes. You cannot
configure NVE until this process is complete because the NVE installation package, NVE-config, is not available. SSH is also
unavailable during this time.
8. Create the data disks for NVE by performing the following steps:
a. From the disks configuration page for the virtual machine, click Add data disk.
b. In the Name drop-down list, click Create new.
c. Type a name for the data disk.
d. Select Use existing for Resource Group and select the resource group that you created in the previous step.
e. Select Standard HDD for Account type.
f. Select None(empty disk) for Source type.
g. Type the disk size according to the workload.
For more information about disk size, see the System requirements
9. Change the NVE hostname from Azure assigned DNS to a custom DNS.
By configuring a custom DNS in the Azure cloud, you can control the length of the NVE hostname. For best practices and
recommendations on configuring DNS, see Best Practices and Recommendations.
a. Log in to the NVE using an SSH as an admin user.

Deploying the NetWorker Virtual Edition with Microsoft Azure Resource Manager 23
 NOTE: The default password is the private ip address of the NVE.

b. Switch to superuser by entering the command sudo su.

c. Update the /etc/hosts file with the custom FQDN and shortname.
d. Update the /etc/resolv.conf file with the Name Server and custom search DNS.
e. Update the /etc/HOSTNAME with new FQDN.
f. Restart the NVE using by the reboot command.
Configure the NetWorker Virtual Edition. To configure NetWorker Virtual Edition, see Configuring the NetWorker Virtual Edition .

24 Deploying the NetWorker Virtual Edition with Microsoft Azure Resource Manager
 5
Deploying the NetWorker Virtual Edition with
Google Cloud Platform
Use the procedures in this section to deploy NetWorker Virtual Edition with Google Cloud Platform.
Topics:
• Deploy NVE from the Google Cloud Platform Marketplace

Deploy NVE from the Google Cloud Platform

Marketplace
Perform the following instructions to deploy NVE virtual machine from the Google Cloud Platform (GCP).
You must have a google account with credits. For more information, see the pricing tab of NetWorker Virtual Edition on Google
Cloud Platform.
1. In the Google Cloud Platform marketplace, search Dell NetWorker Virtual Edition and click Launch.
2. On the New NetWorker Virtual Edition Deployment page, specify the following:
● Deployment name
NOTE: For naming convention, see Best Practices and Recommendations.
● Select the software version
● Zone
● Machine type
NOTE: For machine type selection, see System requirements.
● Boot disk type
● Boot disk size in GB
● Network interface
3. Click Deploy.
4. Once the deployment is complete, select and edit the new deployed instance from Compute Engine > VM Instances.
Based on workload, add additional data disk. For information on data disk size, see System requirements
5. Edit the necessary options for instance SSH access from public network or private network.
NOTE: This is an optional step.

6. Change the NVE hostname from GCP assigned DNS to a custom DNS.
NOTE: This is an optional step.

By configuring a custom DNS in GCP cloud, you can control the length of the NVE hostname. See Best Practices and
Recommendations for more information on configuring DNS.

a. Login to the NVE using an SSH as an admin user.

NOTE: The default password is the private ip address of the NVE.

b. Switch to super user by entering the command sudo su.

c. Update the /etc/hosts file with the custom FQDN and short name.
d. Update the /etc/resolv.conf file with the Name Server and custom search DNS.
e. Update the /etc/HOSTNAME with new FQDN.
f. Restart the NVE using by the reboot command.

Deploying the NetWorker Virtual Edition with Google Cloud Platform 25

7. Configure the NetWorker Virtual Edition. See Configuring the NetWorker Virtual Edition for more information.

26 Deploying the NetWorker Virtual Edition with Google Cloud Platform

 6
Deploying the NetWorker Virtual Edition
Appliance with Alibaba Cloud - Elastic
Compute Service
Use the procedures in the following sections to deploy NetWorker Virtual Edition with Alibaba Cloud.
Topics:
• Deploying the NetWorker Virtual Edition Appliance in Alibaba Cloud- Elastic Compute Service

Deploying the NetWorker Virtual Edition Appliance in

Alibaba Cloud- Elastic Compute Service
You can deploy the NetWorker Virtual Edition Appliance in Alibaba Cloud - Elastic Compute Service by using shared images in
different regions. For more information, contact Customer Support.
Deploy NVE from the shared custom images
You can deploy an NVE virtual machine by using the image in the Alibaba Cloud, and then prepare the virtual machine for
NetWorker Virtual Edition software installation. This method saves time by eliminating the need to upload and convert an NVE
virtual appliance file. Before you use the image in the Alibaba cloud, make sure the shared image is available in your Ali account.
Deploying the NVE Virtual Machine
1. Open the Ali ECS console and navigate to the Instances and Images section.
2. From the ECS-Images dashboard, select the shared NVE image and click Create Instance.
3. Make appropriate selections on Billing methods, Regions.
4. Choose an Instance Type, and select the correct instance type.
For more information about system requirements, see the section System requirements
5. In the Storage Section, click Add Disk.
Type the size as per your requirement. For more information about the required size, see the section System requirements
6. Make the selection for NetWork Type/Security group/Public IP4 Address as per the requirements.
For information about the required settings for security groups, see the section Port requirements.
7. Configure the login credentials with Keypair or password. The first time default credentials for the deployed instance are
admin/<Private address of instances> .
8. Specify the hostname of NVE instances.
9. Specify the resource group.
10. Complete the rest of the wizard. Review Instance Launch, then click Launch Instance.
11. Before you can connect to the NetWorker Virtual Edition appliance, you must download the private key.
Save the private key in a secure and accessible location. After the private key is created, you will be unable to download the
private key again.
The NetWorker Virtual Edition appliance starts in Ali ECS.
12. Change the NVE hostname to custom DNS if required.
By configuring a custom DNS in Ali cloud, you can control the length of the NVE hostname. For best practices and
recommendation on configuring DNS, see the section Best Practices and Recommendations.
a. Log in to the NVE using SSH as an admin user.
NOTE: The default password is the private IP address of the NVE.

Deploying the NetWorker Virtual Edition Appliance with Alibaba Cloud - Elastic Compute Service 27
 b. Switch to the superuser by entering the command sudo su.
c. Update the /etc/hosts file with the custom FQDN and short name.
d. Update the /etc/resolve.conf file with the Name Server and custom search DNS.
e. Update the /etc/HOSTNAME with the new FQDN.
f. Restart the NVE using the reboot command.
NOTE: Run this procedure before taking the backup.

13. Configure the NetWorker Virtual Edition. See Configuring the NetWorker Virtual Edition for more information.

28 Deploying the NetWorker Virtual Edition Appliance with Alibaba Cloud - Elastic Compute Service
 7
Deploying the NetWorker Virtual Edition
Appliance with Oracle Cloud
Use the procedures in this section to deploy NetWorker Virtual Edition with Oracle Cloud marketplace. For more information,
contact Customer Support.
Topics:
• Deploying the NetWorker Virtual Edition from the Oracle Cloud (OCI) Marketplace

Deploying the NetWorker Virtual Edition from the

Oracle Cloud (OCI) Marketplace
Perform the following instructions to deploy an NVE virtual machine from the Oracle Cloud (OCI) marketplace. You must have
an Oracle Cloud account with credits. For more information, see the pricing tab of NetWorker Virtual Edition on Oracle Cloud.
1. Open the OCI console and go to the Compute section.
2. From the Compute dashboard, go to Instances and click Create Instance.
Create compute instance page is displayed.
3. Enter Name and select the required compartment from the Create in compartment drop-down menu.
4. Select the preferred availability domain in the Placement section. Click Edit to make required changes to the Security
section.
5. In the Image and shape section, click Change image in the Image section.
Select an image window appears.
6. Select Marketplace and select Partner images. Search for Dell NetWorker Virtual Edition in the search bar and click
the checkbox next to the Dell NetWorker Virtual Edition App name and select the required image build in the Image build
drop-down menu.
Image build selected.
7. Click the checkbox to agree to the terms and conditions and click Select image.
Return to Create compute instance page.
8. In the Shape section, click Change shape and select the shape and details according to your system requirements. Click
the checkbox to agree to the terms and conditions and click Select shape.
Return to Create compute instance page.
NOTE: For information about system requirements, see the topic System requirements.
9. In the Primary VNIC information section, add or select the appropriate network information.
10. Click Edit to make required changes to the Networking information.
11. From the Add SSH keys section, generate or select the appropriate keys.
12. In the Boot volume section, select the required boot volume details.
13. In the Block volumes section, click Attach block volume
Attach block volume page appears.
14. In the Volume section, select an existing block volume and click Attach or click Cancel to create a volume later.
Return to Create compute instance page.
15. Click Create.
A new instance is created successfully.
16. To create a block volume, search Block Storage section, go to the Block Volumes and then click Create Block Volume.
Create block volume page is displayed.
17. Enter Name and select the required compartment. From the Volume size and performance section, select Custom.
18. Enter the required Volume Size in GB based on system requirements and click Create Block Volume.
NOTE: For information about system requirements, see the topic System requirements.

Deploying the NetWorker Virtual Edition Appliance with Oracle Cloud 29

 Block volume is successfully created.
19. Go to Compute > Instance in <compartment name> compartment section and click the new instance created.
Instance details page is displayed.
20. From the Resources section, click Attached block volumes.
Attached block volumes page is displayed.
21. Click Attach block volume.
22. From the Attach block volume wizard, select Select volume option and from the Volume in <compartment name>
drop-down, select the new block volume created.
23. Select the Attachment type as Paravirtualized and Access as Read/write.
24. Click Attach.
The created block volume is displayed under Attached block volumes.
25. For additional security requirements, make or create a selection for security group and public subnets.
For information about the required settings for security groups, see the section Port requirements.
26. Download the private keys before you can connect to the NetWorker Virtual Edition appliance.
NOTE: You can download the private key only when it is created. Download and save the private key in a secure and
accessible location.
27. Change the NVE hostname to a custom DNS if required. Configuring a custom DNS in the Oracle cloud helps you to control
the length of the NVE hostname.
For best practices on configuring DNS, see the section Best Practices and Recommendations.
a. Log in to the NVE using SSH as an admin user.
NOTE: The default password is the private IP address of the NVE.

b. Switch to the superuser using the command sudo su.

c. Update the /etc/hosts file with the custom FQDN and short name.
d. Restart the NVE using the reboot command.
NOTE: Run these steps before taking the backup.

28. Configure the NetWorker Virtual Edition.

For detailed steps, see Configuring the NetWorker Virtual Edition.

30 Deploying the NetWorker Virtual Edition Appliance with Oracle Cloud

 8
Configuring the NetWorker Virtual Edition
This chapter includes the following topics:
Topics:
• Configuring NVE from NetWorker Installation Manager
• Configuring NetWorker Virtual Edition as NetWorker Storage Node
• Configuring NVE using NetWorker Installation Command Line Interface
• Launching the NetWorker Management Web UI
• Starting the NMC server GUI for the first time
• Configuring Postfix and NetWorker notifications

Configuring NVE from NetWorker Installation

Manager
The NVE appliance includes an installation manager that prompts you for environment-specific information, such as passwords,
and then automatically installs of the NetWorker server software.
For Azure, AWS, GCP, Alibaba Cloud and Oracle Cloud (OCI) instances, you must know the private IP address of the NVE
appliance.
NOTE: The LDLS service is not enabled for NetWorker Virtual Edition. Hence, the Configuration tab in the Installation
Manager displays Error happened when getting LDLS configuration message.

To set up the NetWorker software on a new NVE appliance, perform the following steps:
1. On a host that has network access to the NVE virtual machine, open a web browser and type the following URL:
https://NVE_VM
Where NVE_VM is the hostname or IP address of the NVE appliance.
When you use Internet Explorer, if any security messages appear, click Continue. When you use Firefox, if any connection
warnings appear, select I understand the risks, and then add an exception for the website.
NOTE: The URL https://NVE_VM:7543/avi can also be used to access the NetWorker Installation manager.

NOTE: Enclose the IPv6 address within [] brackets for accessing the NVE UI. For example, https://[NVE_VM] or
https://[NVE_VM]:7543/avi

The NetWorker Installation Manager login page appears.

2. In the User field, type root.
3. In the Password field, type the default password.
NOTE:
● The default password for NVE running on
a. VMware vSphere is changeme
b. Azure or AWS or GCP or Alibaba Cloud or Oracle Cloud (OCI) is the private ip address of the NVE.
● The default password expiration policy on the NVE is once every 60 days. If the password that you specify has
expired, a message similar to the following appears:Error "Login failed. The password has already
expired or is within the warning period. You must change and verify the password
expiration date." To resolve this issue, change the passwords that are assigned to the root and admin users.
Modifying passwords provides more information.

4. Click Login.

Configuring the NetWorker Virtual Edition 31

5. On the SW upgrades tab, to the right of the NveUpgrade package, click Install.
The installation initialization begins. The initialization extracts files from the package and prepares the environment for the
installation. The process can take a few minutes. After the initialization completes, the Installation Setup page appears.
6. Uncheck the Storage Node only option if you want to install NVE.
7. On the Authc Settings tab, specify the following attributes:
a. In the Tomcat KeyStore Password and Tomcat KeyStore password (Confirm) fields, type a password for the
keystore file that the NetWorker Authentication Service uses to store data.
Specify a password that contains at least six characters and does not contain dictionary words.

b. In the Authc Password and Authc Password (confirm) fields, type a password for the NetWorker Authentication
Service administrator account.
Ensure the password complies with the following minimum requirements:
● Nine characters long
● One uppercase letter
● One lowercase letter
● One special character
● One numeric character
NOTE: You will use the administrator account to log in to the NMC Server.

c. Click Save.
8. (Optional) To install additional language packs, on the NetWorker Settings tab, from the Value list, select the language
pack, and then click Save.
9. On the Passwords tab, and specify the operating system admin user and operating system root user passwords, and then
click Save.
Ensure that the passwords comply with the following minimum requirements:
● Nine characters long
● One uppercase letter
● One lowercase letter
● One special character
● One numeric character
10. On the Passphrase tab, specify the passphrase for the rootid and click Save.
The passphrase requirements are as mentioned below:
● The password must be between 9 and 20 characters in length.
● The password must contain alphanumeric characters only. Any special characters or symbols are not allowed.
NOTE: Configuring and upgrading NVE using avi-cli command is not supported in the 19.10 release.

11. On the Server Settings tab, from the Value list, select the time zone for the appliance, and then click Save.
12. (Optional) To configure Data Domain devices in the NetWorker datazone, on the Data Domain Settings tab, select the box
in the Value column, and then specify the following configuration attributes:
a. In the Data Domain Address field, type the IP address or the FQDN of the Data Domain system.
b. In the Data Domain Administrator Name field, type the username for a Data Domain Administrator account.
c. In the Data Domain Administrator Password field, type the password for the Data Domain Administrator account.
d. In the Data Domain Storage Folder field, type a new or existing name for a folder that you want to use for DD Boost
storage.
The installation process automatically creates a Storage Unit (SU) and folder for the appliance in the hidden mount point
folder, /data/col1. Do not modify this folder structure, which all NetWorker server hosts use.
e. (Optional) To create a DD Boost account, select DDBoost create new login account.
f. In the Data Domain Login field, type the account for the DD Boost user.
g. In the DDBoost Login Password field, type the password for the DD Boost user that you specified in the Data Domain
Login field.
NOTE: The DD Boost user that you specify must have an assigned role that is not none.

h. In the DDBoost Login Password Confirm field, type the password for the DD Boost user that you specified in the Data
Domain Login field.
i. Click Save.

32 Configuring the NetWorker Virtual Edition

 j. To specify the SNMP community string to monitor the Data Domain system, on the NetWorker Settings tab, in the
SNMP Community String field, type the string value. Click Save.
The default SNMP Community String on a Data Domain system is Public.
13. (Optional) To install or upgrade the password hardening package, on the Security Settings tab, select Show advanced
settings, and then select the box in the Value column. Click Save.
14. Click Continue.
The Installation Progress window appears and displays information about the status of the installation actions. The
Information Log pane displays messages about the status of each task. To generate a file that contains each message, click
Export, and then select Excel to export the information to an Excel spreadsheet or select PDF to export the information to
a PDF file.
The NetWorker Installation Manager installs the NetWorker, NMC server software and the NetWorker Management Web UI on
the NVE appliance.
Install and configure the Dell License Server on a host in the datazone that the NetWorker server can access. NetWorker
Licensing Guide provides more information.

Configuring NetWorker Virtual Edition as NetWorker

Storage Node
Starting with NetWorker 19.9, NetWorker Installation Manager can be used to configure NVE as Storage Node too. This is an
optional feature. For such a configuration across all platforms, you must have one more VM or instance to configure NVE as
Storage Node. After configuration of NVE as Storage Node, you can attach to any configured NVE server or NW server.
In this option, rest of the NW functionalities such as NMC, Server are removed, and only Storage Node related functionalities
are retained. This change cannot be configured back as NVE.
NOTE:
● NVE as Storage Node configuration can be done only with NetWorker Installation manager.
● Postfix is disabled for NVE configured as Storage Node.
● FIPS not supported for NVE as Storage Node.
1. Follow steps 1 to 5 as mentioned in Configuring NVE from NetWorker Installation manager.
2. Check the option Storage Node only.
This hides the non-applicable tabs like Authc settings, DataDomain Settings, so on.
3. Enter required details such as operating system admin password and root password under Passwords tab.
4. On the Passphrase tab, specify passphrase for the rootid and click Save.
The passphrase requirements are as mentioned below:
● The password must be between 9 and 20 characters in length.
● The password must contain alphanumeric characters only. Any special characters or symbols are not allowed.
NOTE: Configuring and upgrading NVE using avi-cli command is not supported in the 19.10 release.

5. On the Server Settings tab, select the time zone.

6. (Optional) To install or upgrade the password hardening package, on the Security Settings tab, select Show advanced
settings, and then select the box in the Value column. Click Save.
7. Click Continue.
The Installation Progress window appears, and displays information about the status of the installation actions. The
Information Log pane displays messages about the status of each task. To generate a file that contains each message, click
Export, and then select Excel to export the information to an Excel spreadsheet or select PDF to export the information to
a PDF file. The NetWorker Installation Manager installs the NVE as Storage Node.

Configuring the NetWorker Virtual Edition 33

Configuring NVE using NetWorker Installation
Command Line Interface
You can configure the NetWorker software using the NetWorker Installation Command Line Interface to perform NVE
configuration.

You can setup the NVE by performing the following steps:

NOTE: Configuring and upgrading NVE using avi-cli command is not supported in the 19.10 release.

1. List the available packages in the NVE repository by running the command: avi-cli <server> --password
<password> --listbycategory <category name>
For example, avi-cli nve.com --password default_password --listbycategory "SW Releases"

Title: | Version: | Priority: | Description:

NveConfig-xx.x.xx.xxxx | xx.x.xx.xxx | normal | NetWorker Virtual Edition
Configuration

2. The user input options are required for the package installation. You can list all the user input options for the
specified package by running the command: avi-cli <server> --password <password> --listuserinputs
<title>[:<version>]
For example, avi-cli nve.com --password default_password --listuserinputs NveConfig-
xx.0.xx.xxxx:xx.0.xx.xxxx

The output is the YAML format file of user input options of specified package.

# user input configuration file

---
# Java Directory
# Enter the directory where Java is located
javadir: /opt/nre/java/latest

# Tomcat User
# Enter the user name used by Tomcat
tomcat_user: nsrtomcat………
……………………………………………………………contd…

NOTE: If userinput.yaml is generated from an earlier version of NVE, then ensure that 'javadir' is updated
to /opt/nre/java/latest .

3. Copy and save the output of user input configuration file as userinput.yaml on the NVE VM.
For example: /root
4. Update the userinput.yaml file with the mandatory required fields.
5. Before installing the package, verify whether that the package is in ready state by running the command: avi-cli
<server> --password <password> --listhistory | grep NveConfig
6. Install the specified package by running the command: avi-cli <server> --password <password> --install
<title>[:<version>] --userinput <input_file>
For example, avi-cli nve.com --password default_password --install NveConfig-99.0.99.xxxx --
userinput /root/userinput.yaml
7. Check the information of the installed package by running the command: avi-cli <server> --password
<root_password> --listhistory | grep NveConfig
NOTE: For more information on avi-cli options run the command avi-cli --help.

NveConfig-99.0.99.xxxx | 99.0.99.xxx | completed | NetWorker Virtual Edition

Configuration

NOTE: NVE as Storage Node cannot be configured using avi-cli.

34 Configuring the NetWorker Virtual Edition

Launching the NetWorker Management Web UI
The NetWorker Management Web UI, introduced in NetWorker 18.2, is a web-based management interface that provides
support for the following NetWorker VMware-integrated operations:
● Managing VMware vCenter servers
● Managing VMware Proxies
● Installing the vCenter Plugin
● Recovering virtual machines
● Monitoring recovery operations
The following table provides more information about the functionality available in the NetWorker Management Web UI.

Table 7. Supported operations in the NetWorker Management Web UI

Operation Description
Protection VMware vCenter servers
● Manage vCenter servers.
● Refresh and view the vCenter inventory.
● View the properties of entities in the vCenter Inventory
tree.
VMware vProxies
● Manage vproxies.
● Monitor progress of vProxy registration.
Recovery Recover virtual machines. Supports both image-level and file-
level recovery.
Monitoring ● View and monitor the progress of virtual machine
recovery; includes the list of completed and currently
running recover jobs.
● View recover logs.

You can log in to the NetWorker Management Web UI by using following link:
https://<IP_address_or_hostname>:9090/nwui
NOTE: Enclose the IPv6 address within [] brackets for accessing the NetWorker Management Web UI. For example,
https://[IP_address]:9090/nwui
The NetWorker and VMware Integration Guide provides more information about how to use the NetWorker Management Web
UI to perform the supported tasks.

Supported browsers
The NetWorker Management Web UI supports the following browsers:
● Microsoft Internet Explorer 11
● Google Chrome
● Microsoft Edge
● Mozilla Firefox

Starting the NMC server GUI for the first time

The NMC server is a web-based Java application that manages NetWorker server operations. An NMC client is a host that
connects to the NMC server through a supported web browser to display the NMC server GUI. Dell recommends you to use
NMC launcher to launch the NMC. For more information on installation of NMC launcher, see NetWorker Runtime Environment
Readme Guide
The following sections outline how to prepare the NMC client and how to connect to the NMC server GUI.

Configuring the NetWorker Virtual Edition 35

Launching the Networker Management Console
Complete the following procedure to connect to the NMC Server GUI from an NMC client. By default, the NetWorker
Authentication Service uses the local user database for user authentication. Specify the NetWorker Authentication Service
administrator account to log in to the NMC Server. The NetWorker Security Configuration Guide describes how to configure the
NetWorker Authentication Service to use LDAP or AD for user authentication.
1. From a supported web browser session, type the URL of the NMC Server:
https://server_name:https_service_port
where:

● server_name is the name of the NMC Server.

● https_service_port is the port for the embedded HTTP server. The default https port is 9000.

For example: https://houston:9000

The gconsole.jnlp file downloads to the host. When the download completes, open the file.
2. Optional, associate the jnlp file with a program.
When you use Mozilla Firefox on Windows, and the jnlp extension is not associated with Java, you are prompted to choose
the program that opens the jnlp file. In the dialog box that appears, select Open with, and then select Java (TM) Web
Start Launcher. If this application does not appear, browse to the Java folder and select the javaws.exe file.
3. On the Welcome page, click Start.
NOTE: If the Start button does not appear but you see a warning message that states that Java Runtime Environment
cannot be detected, click the here hyperlink.

4. For Internet Explorer only, if a security warning appears, select I accept the risks and want to run this application, and
then click Run.
5. On the Log in page, specify the NetWorker Authentication Service administrator username and password, and then click
OK.
6. On the NetWorker Server Login Disclaimer, select Accept.
NOTE: If the banner.txt is empty, banner is not displayed. The NetWorker Security Configuration Guide provides more
information. In NMC, if you reject the login banner disclaimer, NMC is closed.

7. If you did not install a supported version of JRE on the host, then a dialog box that prompts you to install JRE appears.
Cancel the application installation, install JRE, and then rerun the application installation.
8. On the Welcome to the NMC Server Configuration Wizard page, click Next.
The following figures shows the Welcome to the NMC Server Configuration Wizard page.

36 Configuring the NetWorker Virtual Edition

 Figure 11. Welcome to the NMC Server Configuration Wizard page

9. On the Specify a list of managed NetWorker Servers page:

a. Specify the names of the NetWorker Servers that the NMC Server will manage, one name per line.
NOTE: If the NMC Server is also the NetWorker Server, specify the name of the NetWorker Server.

b. Leave the default Capture Events and Gather Reporting Data options enabled.
Consider the following options:

● To allow the NMC Server to monitor and record alerts for events that occur on the NetWorker Server, select Capture
Events.
● To allow the NMC Server to collect data about the NetWorker Server and generate reports, select Gather Reporting
Data.

The following figure shows the Specify a list of managed NetWorker servers page.

Figure 12. Specify a list of managed NetWorker servers page

Configuring the NetWorker Virtual Edition 37

10. Click Finish. The installation starts the default web browser and connects to the NMC server. The NetWorker
Management Console and Getting Started windows appear.
11. In the Enterprise window, right-click the NetWorker Server, and then select Launch Application.
NOTE: If you do not specify any NetWorker Servers in the Specify a list of managed NetWorker servers page, the
NMC Enterprise window does not display any NetWorker Servers. To add a host, in the left navigation pane, right-click
Enterprise, and then click New > Host. The Add New Host wizard appears.

After you launch the NVE appliance, see the standard NetWorker documentation for any additional configuration.

Configuring Postfix and NetWorker notifications

Review this section to configure the Postfix application and modify NetWorker email notifications.
The NetWorker Administration Guide provides more information about server notifications and how to configure notifications
when you create the Policy, Workflow and Action resources.

Configure the Postfix application

The postfix application is automatically installed on the NVE. To configure the NetWorker server to send notifications,
configure postfix.
The postfix application is an SMTP Mail Transfer Agent, not an SMTP server. To use the postfix application, the
environment must have a configured SMTP relay host, which the NVE uses to send email messages.
1. Connect to the NVE.
If you connect by using the vSphere client to open a VM Console session, log in to the NVE with the root or admin account.
If you connect by using SSH, you must log in as admin, and then use the su command to change to the root account. The
default password for the root and admin accounts is changeme.
2. Launch the command prompt, and stop the postfix services by running the command:
systemctl stop postfix.service
3. Edit the postfix/main.cf file, and update the root server domain name, hostname, and SMTP relay host.
For example:

cd/etc
vi postfix/main.cf

masquerade_exceptions = "root" (To receive mail from server root domain Ex:root
<[email protected])
myhostname = "NVE Server FQDN" (Ex:mailhub.com)
relayhost = "mailhub" (Ex:mailhub.com)

4. Save the file.

5. Start the Postfix services by running the command:
systemctl start postfix.service
When the test succeeds, output similar to the following example appears:
postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; disabled; vendor preset:
enabled)
Active: active (running) since Thu 2020-10-08 11:24:37 IST; 14s ago
Process: 6431 ExecStartPost=/etc/postfix/system/cond_slp register (code=exited, status=0/
SUCCESS)
Process: 6427 ExecStartPost=/etc/postfix/system/wait_qmgr 60 (code=exited, status=0/
SUCCESS)
Process: 6356 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)

38 Configuring the NetWorker Virtual Edition

Configuring NetWorker to send operation notifications by email
By default, NetWorker writes operation notifications to log files.
To configure NetWorker to send system notifications to email recipients, perform the following steps:

1. On the taskbar, click the Enterprise icon .

2. In the navigation tree, highlight a host:
a. Right-click NetWorker.
b. Select Launch Application. The NetWorker Administration window appears.
3. On the main toolbar, click Server, and then from the left navigation pane, select Notifications.
4. Right-click a notification and select Properties.
5. In the Action field, specify the mail command in the following format:
/usr/bin/mail -s "subject_text" recipient_email
where:
● subject_text is the subject of the email address, enclosed in quotation marks.
● recipient_email is the email address for the recipient of the notification.
For example, to edit the Bus/Device Reset action, type:
/bin/mail -s "host <domain.com>: Bus/Device reset detected" root

Edit policy notifications

To modify the notification configuration for an existing policy resource, when the Send notification option is set to On
Completion or On Failure, perform the following steps.

1. On the taskbar, click the Enterprise icon .

2. In the navigation tree, highlight a host:
a. Right-click NetWorker.
b. Select Launch Application. The NetWorker Administration window appears.
3. In the NetWorker Administration window, click Protection.
4. In the left navigation pane, expand Policies, right-click the policy, and then select Properties.
5. Edit the Command field, and then type the mail command in the following format:
/usr/bin/mail -s "subject_text" recipient_email
where:
● subject_text is the subject of the email address, enclosed in quotation marks.
● recipient_email is the email address for the recipient of the notification.
6. Click OK.

Edit workflow notifications

To modify a workflow notification, when the Send notification option is set to On Completion or On Failure, perform the
following steps.

1. On the taskbar, click the Enterprise icon .

2. In the navigation tree, highlight a host:
a. Right-click NetWorker.
b. Select Launch Application. The NetWorker Administration window appears.
3. In the NetWorker Administration window, click Protection.
4. In the left navigation pane, expand Policies, and then expand the policy that contains the workflow.
5. Right-click the workflow, and then select Properties.
6. In the Command field, type the mail command in the following format:
/usr/bin/mail -s "subject_text" recipient_email

Configuring the NetWorker Virtual Edition 39

 where:
● subject_text is the subject of the email address, enclosed in quotation marks.
● recipient_email is the email address for the recipient of the notification.
7. Click OK.

Edit action notifications

To modify an action notification when the Send notification option is set to On Completion or On Failure, perform the
following steps.

1. On the taskbar, click the Enterprise icon .

2. In the navigation tree, highlight a host:
a. Right-click NetWorker.
b. Select Launch Application. The NetWorker Administration window appears.
3. In the NetWorker Administration window, click Protection.
4. In the left navigation pane, expand Policies, and then expand the policy that contains the workflow.
5. Select the workflow. In the Workflow pane, click the Action tab.
6. Right-click the action, and then select Properties.
7. In the Policy Action wizard, browse to the Specify the Action Information page.
8. In the Command field, type the mail command in the following format:
/usr/bin/mail -s "subject_text" recipient_email
where:
● subject_text is the subject of the email address, enclosed in quotation marks.
● recipient_email is the email address for the recipient of the notification.
9. Click OK.

40 Configuring the NetWorker Virtual Edition

 9
Upgrading the NetWorker Virtual Edition
This chapter includes the following topics:
Topics:
• Upgrade the NVE appliance using User Interface
• Upgrading the NVE using CLI

Upgrade the NVE appliance using User Interface

The installation manager automates the upgrade process on an NVE appliance.
Before upgrading the NVE, perform the NetWorker catalog consistency check and take bootstrap backups. For more
information, see NetWorker Updating guide from the previous version.
NOTE:
● If the base operating system is upgraded to SLES12 SP5, then the associated NVE appliance is rebooted automatically
during the upgrade process.
● The LDLS service is not enabled for NetWorker Virtual Edition. Hence, the Configuration tab in the Installation
Manager displays the Error happened when getting LDLS configuration message.

Perform the following steps from a host that has network access to the NVE appliance. You can also follow these steps to
upgrade NVE as Storage Node.
1. Download the NetWorker 19.11 Virtual Edition Upgrade file (*.avp) from Dell Support.
NOTE: For NVE version 9.x, extract the compressed avp file and use a file transfer program to copy the AVP file to
the /data01/avamar/repo/packages folder on the NVE appliance.

For more information about enabling SSH for root, see the topic Enable SSH for root
2. Open a web browser, and type the following URL:
https://NVE_address:7543/avi
Where NVE_address is the hostname or IP address of the NVE appliance.

NOTE: Enclose the IPv6 address within [] brackets. For example, https://[<NVE_IPv6_Address>]:7543/avi

When you use Internet Explorer, if any security messages appear, click Continue. When you use Firefox, if any connection
warnings appear, select I understand the risks, and then add an exception for the website.
The NetWorker Installation Manager login page appears.
3. In the User field, type root.
4. In the Password field.
5. On the Repository tab, in the Package upload field, upload the AVP file.
The NVE upgrade package is listed in the Packages in Repository section.
6. On the SW upgrades tab, to the right of the NveUpgrade package, click Install.
The Installation Setup page appears.
7. On the Passphrase tab, specify passphrase for the rootid and click Save.
The passphrase requirements are as mentioned below:
● The password must be between 9 and 20 characters in length.
● The password must contain alphanumeric characters only. Any special characters or symbols are not allowed.
NOTE: Enter the old passphrase, if you have the passphrase set already using the same process.

NOTE: Configuring and upgrading NVE using avi-cli command is not supported in the 19.10 release.

Upgrading the NetWorker Virtual Edition 41

8. Click the Password Validation tab and enter Admin and root password.
9. Click Continue.
10. When the upgrade completes, to connect to the NMC server, click Launch NMC.

Upgrading the NVE using CLI

You can upgrade the NetWorker Virtual Edition (NVE) by using the command-line interface.
● Before upgrading the NVE, perform the NetWorker catalog consistency check and take bootstrap backups. For more
information, see NetWorker Updating guide from the previous version.
● NVE appliance should be updated with the latest security update. For more information, see Performing NVE appliance
Security Rollup Update.
NOTE: If the base operating system is upgraded to SLES12 SP5, the associated NVE appliance is rebooted automatically
during the upgrade process.

NOTE: Configuring and upgrading NVE using avi-cli command is not supported in the 19.10 release.

Perform the following steps from a host that has network access to the NVE appliance.
1. Download the NetWorker 19.11 Virtual Edition Upgrade file (*.avp) from Dell Support.
2. Extract the compressed avp file and use a file transfer program to copy the AVP file to the /data01/avamar/repo/
packages/ folder on the NVE appliance.
For more information about enabling SSH for root, see the topic Enable SSH for root
3. List the software package by running the command avi-cli <server_ipaddress> --password <password> --
listcategories <"SW Upgrades">
4. Run the command avi-cli <server_ipaddress> --password <password> --install <package>
The following command upgrades the NVE to NVE 19.x:
avi-cli 10.x.x.10 --password Root_Password --install NveUpgrade-19.x
5. Create a user input file.
a. The user input options are required for the package installation. You can list all the user input options for the
specified package by running the command: avi-cli <server> --password <password> --port 7543 --
listuserinputs <title>[:<version>]
For example, avi-cli nve.com --password default_password --listuserinputs NveUpgrade-
xx.0.xx.xxxx:xx.0.xx.xxxx

The output is the YAML format file of user input options of specified package.

# user input configuration file

---
# Authc Hostname
# Enter the hostname used for the Authc Service
authc_hostname: nve.com

# Authc Port
# Enter the port number used by the Authc Service
authc_port: 9090
.................................
.........................................
..............................................

b. Copy and save the output of the user input configuration file as userinput_upgrade.yaml on the NVE VM.
For example: /root
c. Update the userinput_upgrade.yaml file with the mandatory required fields.
d. Before installing the package, verify whether that the package is in a ready state by running the command: avi-cli
<server> --password <password> --listhistory | grep NveUpgrade
e. Install the specified package by running the command: avi-cli <server> --password <password> --
install <title>[:<version>] --userinput <input_file>
For example, avi-cli nve.com --password default_password --install NveUpgrade-99.0.99.xxxx
--userinput /root/userinput_upgrade.yaml

42 Upgrading the NetWorker Virtual Edition

6. Check the information of the installed package by running the command: avi-cli <server> --password
<root_password> --listhistory | grep NveUpgrade

NveUpgrade-99.0.99.xxxx | 99.0.99.xxx | completed | NetWorker Virtual Edition

Upgrade

Upgrading the NetWorker Virtual Edition 43

 10
Maintenance
This chapter includes the following topics:
Topics:
• Performing NVE appliance Security Rollup Update
• Password maintenance
• Expanding the Data Disk Capacity
• Federal Information Processing Standards

Performing NVE appliance Security Rollup Update

The installation manager automates the operating system rollup update on NVE appliance.
Perform the following steps from a host that has network access to the NVE appliance.
1. Download the NVE platform operating system Security Rollup package from Dell Support.
2. Open a web browser, and type the following URL:
https://NVE_address:7543/avi
Where NVE_address is the hostname or IP address of the NVE appliance.

NOTE: Enclose the IPv6 address within [] brackets. For example, https://[<NVE_IPv6_Address>]:7543/avi -i

When you use Internet Explorer, if any security messages appear, click Continue. When you use Firefox, if any connection
warnings appear, select I understand the risks, and then add an exception for the website.
The NetWorker Installation Manager login page appears.
3. In the User field, type root.
4. In the Password field, type the password for the root account.
5. On the Repository tab, in the Package upload field, upload the AVP file.
The uploaded package is listed in the Packages in Repository section.
6. On the SW Updates tab to the right of the NVE operating system rollup package, click Install.
The installation initialization begins. The initialization extracts files from the package and prepares the environment for the
installation. The process can take a few minutes. After the initialization is completed, the Installation Setup page appears.
In the Password field, type the password for the root account.
7. For any upgrade from NVE 19.x to NVE 19.10, apply Security Rollup 2023-R3-v4 version and later. Click Continue.

Password maintenance
This section describes how to manage the root and admin passwords.

Review password policies

Use the chage command to review the password policy configuration for an OS user.
1. Connect to the NVE, and perform the following tasks from a prompt.
NOTE: If you connect by using the vSphere client to open a VM Console session, you can log in to the NVE with the
root or admin account. If you connect by using SSH, you must log in as admin, and then use the su command to change
to the root account. The default password for the root and admin accounts is changeme.

2. Use the chage command to determine the password expiration policy and the scheduled expiration date for a user account.

44 Maintenance
 For example, to determine the policy that is assigned to the root user account, and the password expiration date, type:

chage -l root
Output similar to the following example appears:
Minimum: 1
Maximum: 60
Warning: 7
Inactive: -1
Last Change: Dec 07, 2015
Password Expires: Feb 05, 2016
Password Inactive: Never
Account Expires: Never

The following table provides more information about the chage output.

Table 8. chage output

Option Definition
Minimum Defines the minimum numbers of days that are allowed
between password changes. When this value is 0, a user can
change the password at any time.
Maximum Defines the maximum numbers of days that a password
remains valid, after which a password change is required.
Inactive Defines the number of days that a user account can remain
inactive after the password has expired and before the user
account is locked out of the system. When this value is -1,
the inactive feature is disabled.
Last change Displays the date that the password was last changed.
Password expires Defines the date that the current password will expire.
Password inactive Defines the date that the current password will become
inactive.
Account expires Defines the date that the user account will expire.

Modify passwords
By default, the password expiration policy for the admin and root user accounts is 60 days.
Perform the following steps to change the passwords.
1. Connect to the NVE, and perform the following tasks from a prompt.
NOTE: If you connect by using the vSphere client to open a VM Console session, you can log in to the NVE with the
root or admin account. If you connect by using SSH, you must log in as admin, and then use the su command to change
to the root account. The default password for the root and admin accounts is changeme.

2. To change the passwords for the root and admin user, run the command change-passwords
In the output prompt, specify whether you want to change the admin or root operating system user account passwords.
NOTE: If you want to change the password using change-passwords utility in upgraded NVE configurations, then you
must perform the following after logging in as superuser.
a. Change directory to NveConfig*: cd /space/avamar/var/avi/server_data/package_data/
NveConfig*
b. Create a workflow.log file: touch workflow.log
c. Create probe.xml file in /space/avamar/var/, copy the following content and replace the hostname and ip-
address.

cd /space/avamar/var/
vi probe.xml

Maintenance 45
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<dpn>
<module name='{hostname}'>
<node type="single-node server">
<network-interface id="1">
<address value='{ip_address}'/>
</network-interface>
</node>
</module>
</dpn>

3. Type y to change the passwords or n to skip, and then press Enter.

4. Follow the system prompts to change the passwords for admin or root operating system user accounts.

Expanding the Data Disk Capacity

Perform the following steps to expand the data disk capacity.
1. From the virtual machine console of the NVE appliance, perform the following configuration tasks:
a. Use the su command to change to the root account.
2. In the Vsphere Web Client, perform the following configuration tasks:
a. Right-click the appliance and select Edit Settings.
b. Update the Disk space as required.
c. Click OK.
3. From the virtual machine console of the NVE appliance, perform the following configuration tasks:
a. Rescan the SCSI devices, by typing the following command:
echo 1>/sys/block/sdb/device/rescan
b. Verify that the new /dev/sdc disk appears on the system, by typing the following command:
fdisk -l /dev/sdb
Output similar to the following example appears:
Disk /dev/sdb: 100 GiB, 107374182400 bytes, 209715200 sectorsDisk model: Virtual disk
c. Increase the partition by typing the command:
growpart /dev/sdb 1
Output similar to the following example appears:

partition=1 start=2048 old: size=104853504 end=104855552 new:

size=209713119,end=209715167
blrv09a227:/space/home/admin # fdisk -l /dev/sdb
Disk /dev/sdb: 100 GiB, 107374182400 bytes, 209715200 sectors
Disk model: Virtual disk

d. Verify the file system by typing the following command:

xfs_growfs -d /data01
Output similar to the following appears:

meta-data=/dev/sdb1 isize=512 agcount=4, agsize=3276672 blks

= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0 spinodes=0 rmapbt=0
= reflink=0
data = bsize=4096 blocks=13106688, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal bsize=4096 blocks=6399, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
data blocks changed from 13106688 to 26214139

e. Confirm the partition size and label by typing the following command:
df -h

46 Maintenance
 Output similar to the following appears:

Filesystem Size Used Avail Use% Mounted on

/dev/sdb1 100G 637M 100G 1% /data01

Federal Information Processing Standards

NetWorker Virtual Edition supports FIPS.
You can enable and disable FIPS by running /usr/local/networker/bin/fips_networker.sh script.
● Display FIPS mode
● Enable FIPS mode
● Disable FIPS mode

Display FIPS mode

By default, FIPS mode is disabled. You can check the FIPS mode on NVE by running fips_networker.sh script.
Type: sudo /usr/local/networker/bin/fips_networker.sh status and enter the credentials when prompted.
Depending on the FIPS mode, one of these messages is displayed:

Table 9. FIPS Mode

FIPS mode Message
Enabled FIPS: on
Disabled FIPS: off

Enable FIPS mode

You can enable FIPS mode on NVE by running fips_networker.sh script.
1. Using SSH, log in to data NVE as an admin user.
2. Switch to superuser by running the command sudo su and type the admin credentials.
3. Type: /usr/local/networker/bin/fips_networker.sh on
4. Type: /usr/local/networker/bin/fips_networker.sh status
The following message is displayed: FIPS: on

Disable FIPS mode

You can enable FIPS mode on NVE by running fips_networker.sh script.
1. Using SSH, log in to data NVE as an admin user.
2. Switch to superuser by running the command sudo su and type the admin credentials.
3. Type: /usr/local/networker/bin/fips_networker.sh off
4. Type: /usr/local/networker/bin/fips_networker.sh status
The following message is displayed: FIPS: off

Maintenance 47
 11
Configuring Firewall
This chapter includes the following topic:
Topics:
• NetWorker Virtual Edition firewall
• Editing the Firewall in NVE
• Configuring the NVE firewall

NetWorker Virtual Edition firewall

The host level firewall can be configured in NetWorker Virtual Edition using a firewall daemon called entfirewall.
The firewall controls the access to all inbound and outbound ports in NVE. When a change is made to the firewall rule, restart
entfirewall to load the new configuration.
The NetWorker firewall daemon uses the rules in /etc/entfirewall.base.

Editing the Firewall in NVE

Edit the status of the NVE firewall.
Firewall edit functionality allows the user to open and close nondependent ports for customized data transfer and to modify
associated rules. Rules and ports can be initiated, edited, and terminated through manual configuration of a designated text file,
running those changes, and then restarting the firewall on the NVE server.
Editing the firewall is essentially understanding the content of the config file, editing that content, and then running those
changes.
1. Log in as root.
Type the password.
2. Change the working directory to the following: /usr/local/avamar/lib/admin/security.
3. Open entfwb_custom_config.txt in a plain text editor.
See the section below for config file example and how to edit the file.
4. Save and close the file.
5. Run the following command:sh ent-manage-custom-rules.sh --execute-rules.
This command applies the new firewall rules to the system and restarts the firewall.
6. Exit the command session.
The firewall customization lines that you add to the entfwb_custom_config.txt file must be structured in a pipe-delimited
fashion such as the following:
Source IP | Source Port | Destination IP | Destination Port | Protocol | ICMP-type | Target | Chain | Run Order
Where:

Table 10. Firewall customization

Section Description
Source IP Source specification - address can be a network IPv4 or IPv6 address (with or without /mask) .
Source Port Port of origin for traffic.
Destination IP IP address of destination machine.
Destination Port Destination port or port range specification.

48 Configuring Firewall
Table 10. Firewall customization (continued)
Section Description
Protocol TCP, UDP, or ICMP.
ICMP-type If ICMP is entered for Protocol, enter the type.
Target ACCEPT, REJECT, DROP, or LOGDROP.
Chain INPUT, OUTPUT, or LOGDROP
Run Order ● A - Append: It the default behavior of the Run Order. It can also be a blank, with or without the "|"
● i - Insert: Inserts the rule before the Run Order.

If a field does not apply, leave the field blank.

Miscellaneous information
To delete all firewall rules, delete the rules in entfwb_custom_config.txt and run sh ent-manage-custom-rules.sh
--execute-rules again.
For diagnostic purposes, the log file is located in /var/log/custom-firewall.
To view the current state of the firewall iptable on the utility node or a single-node server, run the following command:
iptables –L -4 (for ipv4) or iptables –L - 6 (for ipv6).

Configuring the NVE firewall

Use the following instructions to open or close particular ports in the nve firewall, or restrict access to a particular IP address.
Users should be familiar with the operation of iptables, including order of precedence, before creating custom firewall rules.

Opening a firewall port

If the NVE server is a dual-stack configuration, repeat this task to create rules for both addressing systems.
1. Open a command shell:
a. Log in as the Admin.
b. Switch user to root by typing su -.
2. Change directory by typing the following command:
cd /usr/local/avamar/lib/admin/security
3. Run the firewall rules script by typing the following command:
sh ent-edit-firewall-rules.sh
The following output appears:

Choose an Action
----------------
1) Add a custom rule
2) Remove a custom rule
3) List Current Custom Rules
4) Exit
5) Save Changes
Enter desired action:
4. Type 1 to add a custom rule and press Enter.
The following output appears:

Firewall Rule Types

-------------------
1) IPv4 Rule
2) IPv6 Rule
Enter Firewall Rule Type:
5. Type the number that corresponds to the addressing system in use and press Enter.
The following output appears:

Configuring Firewall 49
 Firewall Chains
---------------
1) OUTPUT
2) INPUT
3) LOGDROP
4) FORWARD
Select Chain:
6. Type 1 to add an output rule or 2 to add an input rule and press Enter.
The following output appears:

Protocol
--------
1) TCP
2) UDP
3) ICMP
Enter Protocol:
7. Type the number that corresponds to the required protocol and press Enter.
The following output appears:

Enter source IP (leave blank for none):

8. For outbound connections, perform the following substeps:
a. Type the IP address of this NVE server and press Enter.
The following output appears:

Enter source port (leave blank for none):

b. Type the number of the port to open and press Enter.
The following output appears:

Enter Destination IP Address (leave blank for none):

c. Leave this field blank and press Enter.
If you want to restrict connections to a particular IP address, type the IP address instead and press Enter.
The following output appears:

Enter Destination Port (leave blank for none):

d. Leave this field blank and press Enter.
The following output appears:

Targets
-------
1) ACCEPT
2) REJECT
3) DROP
4) LOGDROP
Select Target:
9. For inbound connections, perform the following substeps:
a. Leave this field blank and press Enter.
If you want to restrict connections to a particular IP address, type the IP address instead and press Enter.
The following output appears:

Enter source port (leave blank for none):

b. Leave this field blank and press Enter.
The following output appears:

Enter Destination IP Address (leave blank for none):

c. Type the IP address of this NVE server and press Enter.
The following output appears:

Enter Destination Port (leave blank for none):

d. Type the number of the port to open and press Enter.

50 Configuring Firewall
 The following output appears:

Targets
-------
1) ACCEPT
2) REJECT
3) DROP
4) LOGDROP
Select Target:
10. Type 1 to allow packets for the specified port and press Enter.
The following output appears:

Run Order

---------
I) Insert (Inserts rule before default AV Firewall rules are applied)

A) Append (Standard behavior. Rule is appended, with default AV Firewall rules taking
precedent)

Select run order for this rule [A]:

11. Type the number that corresponds to the Run order and press Enter.
Unless otherwise indicated by the tables in this appendix, most ports only require the utility node.
Output similar to the following appears:

Add rule <IP Address>|Port Number|<IP Address>|Port Number|tcp||ACCEPT|OUTPUT|A

to custom rules file? (Y/N):
12. Type Y to save the new rule and press Enter.
The script writes the new rule to entfwb_custom_config.txt.
Output similar to the following appears:

Adding <IP Address>|Port Number|<IP Address>|Port Number|tcp||ACCEPT|OUTPUT|A

to pending actions...
Add another firewall rule? (Y/N):
13. If you require more rules, type Y and press Enter. Otherwise, type N and press Enter.
The following output appears:

Return to main menu? (Y/N):

14. Type N and press Enter.
The following output appears:

Save and execute rules now? (Y/N):

15. Type Y to save the new firewall rules and press Enter.
The script saves the new rules to the system firewall tables and automatically restarts the NVE firewall, then exits.
Output similar to the following appears:

Rules have been saved to /usr/local/avamar/lib/admin/security/entfwb_custom_config.txt

Applying rule /usr/sbin/iptables -A OUTPUT -p tcp -s <IP Address> -d <IP Address> --

dport 11
-j ACCEPT

Closing a firewall port

If the NVE server is a dual-stack configuration, repeat this task to create rules for both addressing systems.
1. Open a command shell:
a. Log in as the Admin.
b. Switch user to root by typing su -.
2. Change directory by typing the following command:

Configuring Firewall 51
 cd /usr/local/avamar/lib/admin/security
3. Run the firewall rules script by typing the following command:
sh ent-edit-firewall-rules.sh
The following output appears:

Choose an Action
----------------
1) Add a custom rule
2) Remove a custom rule
3) List Current Custom Rules
4) Exit
5) Save Changes
Enter desired action:
4. Type 1 to add a custom rule and press Enter.
The following output appears:

Firewall Rule Types

-------------------
1) IPv4 Rule
2) IPv6 Rule
Enter Firewall Rule Type:
5. Type the number that corresponds to the addressing system in use and press Enter.
The following output appears:

Firewall Chains
---------------
1) OUTPUT
2) INPUT
3) LOGDROP
4) FORWARD
Select Chain:
6. Type 1 to add an output rule or 2 to add an input rule and press Enter.
The following output appears:

Protocol
--------
1) TCP
2) UDP
3) ICMP
Enter Protocol:
7. Type the number that corresponds to the required protocol and press Enter.
The following output appears:

Enter source IP (leave blank for none):

8. For outbound connections, perform the following substeps:
a. Leave this field blank and press Enter.
The following output appears:

Enter source port (leave blank for none):

b. Type the number of the port to close and press Enter.
The following output appears:

Enter Destination IP Address (leave blank for none):

c. Leave this field blank and press Enter.
If you want to block connections to a particular IP address, type the IP address instead and press Enter.
The following output appears:

Enter Destination Port (leave blank for none):

d. Leave this field blank and press Enter.
The following output appears:

52 Configuring Firewall
 Targets
-------
1) ACCEPT
2) REJECT
3) DROP
4) LOGDROP
Select Target:
9. For inbound connections, perform the following substeps:
a. Leave this field blank and press Enter.
If you want to block connections from a particular IP address, type the IP address instead and press Enter.
The following output appears:

Enter source port (leave blank for none):

b. Leave this field blank and press Enter.
The following output appears:

Enter Destination IP Address (leave blank for none):

c. Type the IP address of this NVE server and press Enter.
The following output appears:

Enter Destination Port (leave blank for none):

d. Type the number of the port to close and press Enter.
The following output appears:

Targets
-------
1) ACCEPT
2) REJECT
3) DROP
4) LOGDROP
Select Target:
10. Type 2 to reject packets for the specified port, or 3 to drop packets for the specified port, and press Enter.
The following output appears:

Run Order
---------
I) Insert (Inserts rule before default AV Firewall rules are applied)
A) Append (Standard behavior. Rule is appended, with default AV Firewall rules taking
precedent)

Select run order for this rule [A]:

11. Type the number that corresponds to the node type and press Enter.
Unless otherwise indicated by the tables in this appendix, most ports only require the utility node.
Output similar to the following appears:

Add rule |80||66|tcp||REJECT|OUTPUT|A to custom rules file? (Y/N):

12. Type Y to save the new rule and press Enter.
The script writes the new rule to avfwb_custom_config.txt.
Output similar to the following appears:

Adding |80||66|tcp||REJECT|OUTPUT|A to pending actions...

Add another firewall rule? (Y/N):
13. If you require more rules, type Y and press Enter. Otherwise, type N and press Enter.
The following output appears:

Return to main menu? (Y/N):

14. Type N and press Enter.
The following output appears:

Save and execute rules now? (Y/N):

Configuring Firewall 53
15. Type Y to save the new firewall rules and press Enter.
The script saves the new rules to the system firewall tables and automatically restarts the NVE firewall, then exits.
Output similar to the following appears:

Rules have been saved to /usr/local/avamar/lib/admin/security/entfwb_custom_config.txt

Applying /usr/sbin/iptables -A OUTPUT -p tcp --sport 80 --dport 66 -j REJECT...

Removing a custom firewall rule

You can remove a custom firewall rule by updating the entfwb_custom_config.txt file.
1. Open a command shell:
a. Log in as the Admin.
b. Switch user to root by typing su -.
2. Change directory by typing the following command:
cd /usr/local/avamar/lib/admin/security
3. Run the firewall rules script by typing the following command:
sh ent-edit-firewall-rules.sh
The following output appears:

Choose an Action
----------------
1) Add a custom rule
2) Remove a custom rule
3) List Current Custom Rules
4) Exit
5) Save Changes
Enter desired action:
4. Type 2 to remove custom rules and press Enter.
Output similar to the following appears:

Rules in configuration file:

1 <IP Address>|22|<IP Address>|11|tcp||ACCEPT|OUTPUT|A

2 |80||66|tcp||REJECT|OUTPUT|A

Select line to remove (ENTER to go back):

5. Type the number of the line that corresponds to the custom rule and then press Enter.
Output similar to the following appears:

Line |80||66|tcp||REJECT|OUTPUT|A will be flagged for removal from custom configuration

file.
The script returns to the main menu.

Choose an Action
----------------
1) Add a custom rule
2) Remove a custom rule
3) List Current Custom Rules
4) Exit
5) Save Changes
Enter desired action:
6. If you want to remove additional custom rules, repeat the previous steps. Otherwise, type 5 to save changes and press
Enter.
The following output appears:

Rules have been saved to /usr/local/avamar/lib/admin/security/entfwb_custom_config.txt

Return to main menu? (Y/N):
7. Type N and press Enter.

54 Configuring Firewall
 The following output appears:

Save and execute rules now? (Y/N):

8. Type Y and press Enter.
The script removes the custom firewall rules from the system firewall tables, automatically restarts the NVE firewall, and
then exits.
The following output appears:

Rules have been saved to /usr/local/avamar/lib/admin/security/entfwb_custom_config.txt

Applying rule /usr/sbin/iptables -A OUTPUT -p tcp -s <IP Address> -d <IP Address>

--dport 11 -j ACCEPT

Configuring service port ranges on firewall

You can change the default service port range of 7937-9936 to another by configuring the port range on the firewall.
1. Open a command shell:
a. Log in as the Admin.
b. Switch user to root by typing su -.
2. Change directory by typing the following command:
cd /usr/local/avamar/lib/admin/security
3. Open customized_pre_rules in a plain text editor.
4. Reassign the variable NW_UPPER_PORT.

NW_UPPER_PORT=<PORT>
where, <PORT> is the value of the upper port number.
5. Save and close the file.
6. Restart firewall daemon by using the command: service entfirewall restart

Configuring Firewall 55
 12
Troubleshooting and Best Practices
This chapter contains the following topics:
Topics:
• Best Practices and Recommendations
• Accessing NetWorker Virtual Edition using SSH
• Enable SSH for root
• Enable SSH for root for NVE running in Cloud
• Restore a lockbox manually
• Support for NVE in Dual NIC configuration with different Subnets
• Binding to LDAP server error
• NVE installation log files
• About NVE Server Data Backup
• Security hardening for non-admin or non-root users
• Reset ssh rootid passphrase

Best Practices and Recommendations

Changing the default NVE hostname from Azure or AWS or GCP or
Alibaba cloud or Oracle Cloud (OCI) DNS to custom DNS
The default DNS of Microsoft Azure or AWS or GCP or Alibaba cloud or Oracle Cloud (OCI), limits the FQDN to 51 characters. It
is recommended to use a short NVE hostname. A short NVE hostname prevents the FQDN name from exceeding 64 characters,
that the NetWorker server name allows. The default resources of the NetWorker server such as, label template, pools uses the
NetWorker server name from its configuration database (resource DB). If the NetWorker server name is of 64 characters, then
the default resources creation might fail because the overall characters in the pool or the label template name might exceed 64
characters limit.
To use longer FQDN and host name it is recommended to use a custom DNS when configuring the NVE in Azure or AWS cloud
or GCP or Alibaba cloud or Oracle Cloud (OCI). However, if no custom domain is available, then use a short NVE name (up to 4
char), to ensure that the creation of default resources is not impacted.

Accessing NetWorker Virtual Edition using SSH

You can access NVE using an SSH client.
● You should have an SSH client installed on the system.
● You should have the private or public IP address of the NVE.
Connect to NVE using the private or public IP address from an SSH client.
The user is admin and the default password is the private ip address of the NVE

Enable SSH for root

By default, you cannot use SSH to log in to the NVE appliance with the root account. Enable SSH to allow root to transfer log
files from the NVE appliance for troubleshooting.
1. From a vSphere client, launch the console window for the NVE appliance.
2. Log in to the NVE as the root user.

56 Troubleshooting and Best Practices

3. Edit the /etc/ssh/sshd_config file.
For example, type the following command to edit the file with the vim application:
vim /etc/ssh/sshd.config

4. In the Authentication section, remove the # from the beginning of the line PermitRootLogIn yes
For example, the Authentication section will appear similar to the following:
#Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

5. Save the file.

6. Restart the SSH service, by typing the following command:
service sshd restart

Enable SSH for root for NVE running in Cloud

By default, you cannot use SSH to log in to the NVE appliance with the root account. Enable SSH to allow root to transfer log
files from the NVE appliance for troubleshooting.
1. Edit the /etc/ssh/sshd_config file.
type the following command to edit the file with the vim application:
vim /etc/ssh/sshd.config
2. Add the # to the beginning of the line and IP address of the workstation from where you want to login as shown in the
following example:
## disable root login if not access from self
# Match User root Address *,!::1,!127.0.0.1,!10.13.144.188
# ForceCommand echo'Please login as the user admin rather than the user root.';sleep 5
# Match all
## Permit local root login
Match
Address ::1,127.0.0.1,127.0.0.1,127.0.0.2,::1,10.13.144.188,fe80::ee:beff:fe36:cde8,<IP
Address of workstation>
PermitRootLogin yes
Match all
LogLevel INFO
PermitRootLogin no
3. Save the file.
4. Restart the SSH service, by typing the following command:
service sshd restart

5. To download the NVE logs to workstation, run the following command

● If you are running NVE on AWS, use the scp command with the option -i
● If you are running NVE on Azure or GCP, use the scp command
NVE running on AWS:
[root@ip-<AWS work station> ec2-user]#scp -i aws_key.pem
root@<NVE Address>:/etc/hosts /root/tmp

NVE running on Azure:[root@ip-<Azure work station>]#scp root@<NVE Address>:/etc/hosts /

root/tmp

Troubleshooting and Best Practices 57

Restore a lockbox manually
1. Backup the current lockbox by running the command avlockbox.sh -b.

root@du:~/#: avlockbox.sh -b

Backup lockbox file

Backup keystore files
Flush backup
Local backup dir: /usr/local/avamar/src/lockbox_backup/2020-03-30-23_22
Flush backup dir: /usr/local/avamar/var/mc/server_data/lockbox_backup

2. Restore the lockbox

RESTORE_DATE='2020-03-25-21_35'

SRC="/usr/local/avamar/var/mc/server_data/lockbox_backup/$RESTORE_DATE/avlockbox.clb*
"

TARGET='/usr/local/avamar/var/lockbox/'

cp "$SRC" "$TARGET"

3. Restore keystore files

cp /usr/local/avamar/var/mc/server_data/lockbox_backup/$RESTORE_DATE/avi_keystore
/usr/local/avamar/lib/avi/avi_keystore

cp /usr/local/avamar/var/mc/server_data/lockbox_backup/$RESTORE_DATE/rmi_ssl_keystore
/usr/local/avamar/lib/rmi_ssl_keystore

cp /usr/local/avamar/var/mc/server_data/lockbox_backup/$RESTORE_DATE/avamar_keystore
/usr/local/avamar/lib/avamar_keystore

# This file `ddr_rest_keystore` may not exits if ddr is attached. Skip copy
operation if it is needed.

cp /usr/local/avamar/var/mc/server_data/lockbox_backup/$RESTORE_DATE/
ddr_rest_keystore /usr/local/avamar/var/mc/server_data/ddr_rest_keystore

# This file `keystore.p12` may not exits due to if RabbitMQ gets started. Skip copy
operation it if needed

cp /usr/local/avamar/var/mc/server_data/lockbox_backup/$RESTORE_DATE/keystore.p12
/etc/rabbitmq/keystore.p12

cp /usr/local/avamar/var/mc/server_data/lockbox_backup/$RESTORE_DATE/.keystore /home/
admin/.keystore

4. Restore SSV files

cp /usr/local/avamar/var/mc/server_data/lockbox_backup/$RESTORE_DATE/readme /var/
vavavoom/readme

cp /usr/local/avamar/var/mc/server_data/lockbox_backup/$RESTORE_DATE/1.txt /var/news/
1.txt

cp /usr/local/avamar/var/mc/server_data/lockbox_backup/$RESTORE_DATE/agent.log
/var/era/agent.log

58 Troubleshooting and Best Practices

 cp /usr/local/avamar/var/mc/server_data/lockbox_backup/$RESTORE_DATE/kbls /var/temp/
kbls

Support for NVE in Dual NIC configuration with

different Subnets
If the secondary Network interface card is on a different subnet, then the NetWorker Virtual Edition does not route traffic to
that Network Interface card. You can route the traffic by including an additional storage node in the respective subnets.

Figure 13. NetWorker in Dual NIC configuration

Binding to LDAP server error

The Name service switch (nsswitch.conf) provides a mechanism to identify sources of network information such as username,
password, LDAP and DNS. It also provides an order in which these sources are to be consulted during a network information
look up.
By default, the nsswitch.conf file in NetWorker Virtual Edition is not configured to support LDAP. When you configure an LDAP
client on a NetWorker Virtual Edition, it fails with an error "failed to bind to LDAP server". The error messages are logged
under /var/messages To prevent this issue, you must perform the following steps:
1. Open the /etc/nsswitch.conf file for editing.
2. Change the order of entries from "ldap files" to "files ldap"

Existing nsswitch file

passwd: ldap files

group: ldap files
shadow: ldap files

Updated nsswitch file

passwd: files ldap

group: files ldap
shadow: files ldap

Troubleshooting and Best Practices 59

NVE installation log files
The following table provides a summary of log files on the NVE, and NVE as Storage Node that are related to installation.

Table 11. NVE installation log files

Log file Purpose
/usr/local/avamar/var/avi/server_log/avinstaller.log.0 Installation log file
/data01/avamar/repo/temp/****/tmp/workflow.log Installation log files in case of failure

About NVE Server Data Backup

The NVE Server Backup workflow is used to backup the critical components used by the NetWorker Installation Manager.
The backed-up data can be used for restoring or recovering the NetWorker Installation Manager web page in the event of a
corruption or failure.
The information in the /usr/local/avamar/* directory is used by NetWorker Installation Manager web page (https://
NSR_IP/avi/avigui.html) to manage the NetWorker Virtual Edition appliance.
The NVE Server Backup workflow backs up the following savesets:
● /usr/local/avamar/var/avi/server_data
● /usr/local/avamar/var/lockbox
● /usr/local/avamar/lib/avi/avi_keystore

Backup of savesets in NVE server protection policy

By default, the backup of the savesets is performed daily. You can manually initiate the backup using NMC.
1. Log in to NMC using the admin credentials.
2. Click Protection Policy, click on Policies, Server Protection and, NVE Server Backup.
3. To initiate a manual backup, right-click NVE Server Backup and click Start
To check the status of the backup, click Monitor tab, under the Policies section, view the Policy name Server Protection, and
the workflow NVE Server Backup.
NOTE: The NVE Server Backup Workflow action name must match the default name. You cannot change the name of an
action.

Initiating a recovery
You can recover the backup data using Browse option only.
1. Click Recover tab, right-click and select New Recover, select Recovery Type as Traditional NetWorker Client Recovery
and then click Next.
2. In the Select the Recovery Hosts, select the server and file system and then click Next.
3. In the Select the Data to Recover, click Browse, select /space and /usr directories and then click Next.
You can choose the browse time of the backup, by default the text box displays the last backup for the source client.
4. Select the original file path for recovery and click Next.
5. Provide the recovery name and click Run Recovery.
The recovery status is displayed. Click Finish.

Workaround to recover savesets using saveset recovery option

You can recover the savesets using the saveset recovery option by replacing the saveset path.
1. In the Protection tab, click Client and then select the client mapped to NVE server.
2. Right click on savesets, click Edit saveset and then replace the saveset path from /usr to /space.

60 Troubleshooting and Best Practices

 ● Replace /usr/local/avamar/var/ avi/server_data with /space/avamar/var/avi/server_data
● Replace /usr/local/avamar/var/var/lockbox with /space/avamar/var/lockbox

Security hardening for non-admin or non-root users

Customers have the liberty to add users other than admin or root in NVE.
NOTE: Maintenance and management of the users should be resolved by the customer themselves. NVE will not be
responsible for the same.
To harden the security of these users:
1. Configure temporary non-admin ID lockouts for failed login attempts.
Edit /etc/pam.d/common-auth file, and add the following entries in the auth section.

auth required pam_env.so

auth [default=ignore success=1] pam_succeed_if.so user in admin
auth required pam_tally2.so deny=3 onerr=fail unlock_time=200
auth required pam_unix.so try_first_pass
account required pam_tally2.so

Table 12. Parameters to update

Parameters Description
deny Used to define the number of attempts (3 in this case),
after which the user account should be locked.
unlock_time Sets the time (300 seconds = 5 minutes) for which the
account should remain locked.
onerr=[fail|succeed] If something weird happens (like unable to open the file),
return with PAM_SUCCESS if onerr=succeed is given, else
with the corresponding PAM error code.
2. Since user passwords expire automatically after a configured duration, update the ogin.defs file to set up specific
duration in Password aging controls.

A new user uses the updated duration of password expiration post update of this file.

PASS_MAX_DAYS 10

PASS_MIN_DAYS 0

PASS_WARN_AGE 7

NOTE: Use chage -l <exisitng_user> to update the password expiration.

chage -l test_user

Minimum: 1
Maximum: 60
Warning: 7
Inactive: -1
Last Change: MMDDYY
Password Expires: MMDDYY
Password Inactive: Never
Account Expires: Never

3. Prevent a user from password reusability.

Edit or add the password line in /etc/common-password file and append remember=2 to prevent a user from re-using
any of the last two passwords.

password requisite pam_cracklib.so

password required pam_pwcheck.so nullok remember=2
password required pam_unix.so use_authtok nullok shadow try_first_pass

Troubleshooting and Best Practices 61

 A message Password has been used already. Choose
another. is displayed while changing the password using the passwd command.

NOTE: Due to the existing bug in pam_pwcheck.so, the password gets updated. Use the passwd command again to
update to new password.

Reset ssh rootid passphrase

This section provides you with the workaround to reset the ssh rootid passphrase.
1. Log in to the NVE using SSH as an admin user.
2. Switch to the root user by entering the command sudo su.
3. Delete the rootid_key and the rootid_passphrase_encrypted files from the /usr/local/networker folder. For example,
cd /usr/local/networker and rm -rf rootid_key rootid_passphrase_encrypted
4. Generate the rootid and the adminkey without passphrase using the following commands:
● Root id—ssh-keygen -q -t ecdsa -b 521 -N "" -C "root@`hostname`" -f /root/.ssh/rootid
● Admin key—ssh-keygen -q -t ecdsa -b 521 -N "" -C "admin@`hostname`" -f /home/
admin/.ssh/admin_key
Click Yes, if it prompts to overwrite.
5. Apply the latest NVEUpgrade.

62 Troubleshooting and Best Practices