Vxss Security

[tddp]

Hello, new member here. If this question has been asked before please pardon me, but is anyone using Vxss Security portion of Access control in version 5.x? What we want to do is restrict access to just monitoring, restarting jobs and doing restores everything else is off limits throught Netbackup Administrator console.

Environment: Windows

Thanks

 

[nbadmin]

It will do all of that for you. But you need to be on MP1 or 2 and request the CD from Veritas. It uses windows and unix authentication brokers.

 

[tddp]

Thanks nbadmin, but we do have the CD and we are at MP1. Just wanted to know the process to set it up, the instructions from Veritas are not exactly clear. Do you have to install both authentication and authorization clients on remote pc?

Thanks

 

[sebasg]

I don't know if you already resolved this.
I'm in the process of testing VxSS.
In the remote PC you'll need to install both clients.
Do not follow the VxSS instructions; check on Sysadmin Guide Vol II "Access Management".
If you have it already working, any comment will be appreciated.

S.

 

[tddp]

No I haven't resolved this as yet. Other projects have come up and have been working on those. Thanks for the tip and I will be resuming testing in about a week.

If you have any success, please let me know the steps.

Thanks again sebasg for the tip.

tddp

 

[sebasg]

I set it up on Unix machine with local at and az. Locally everything works fine (except for some bugs). I started (didn't got there yet) to set up a mixed authorization (NT Domain users authenticating agains Unix VxSS Broker).
Just follow the steps of the NBU guide and you'll have it.
If you need something else just ask, and if you have any updates please let me know.
Also id you find ANY documentation other that the two mentioned manuals, because i founded NOTHING.

S.

 

[bucksh0t]

So has anyone gotten this working yet? Let me throw another curveball into the mix....I'm also using VxSS for SFWHA 4.2 (VCS 4x for Windows).

 

[xxx01]

we just had it installed a few weeks ago in a windows NB environment. our users are monitoring the backups using the java console. so far it's been ok, it does have slower loading times and i've had to restart services occasionally when adding clients. however, i wish it had better logging info.

 

[bucksh0t]

I can't find anywhere what CAN be secured. Job, polcies, clients, etc.

I want to enable my DBA's to restore specific jobs, for specific clients to a specific mount point only.

Can it be done?

 

[xxx01]

i don't know if you can drill down deep with the permissions. for example, we wanted to allow a group to have access to view and configure only their policy with their servers. but we were told that this was not possible. permissions can only be given at "policies" and not down to individual ones.

But at the group properties, there should be a permissions tab where you can assign read/operate/configure permissions to the menu items like drives, policies, etc.

 

[kiger]

We have been testing this in our test lab and have decided not to proceed into production. We have SUN Solaris as the master server Veritas NetBackup 5.1 and have ran into sooooo many problems that Veritas support cannot get resolved. Note: In calling Veritas we have never been able to get a hold of a tech that knew anything about Vxss, they always had to do "research" and then would return calls several days later stating that they could not find any documents related to our issues. So if it was me.... I would wait until Veritas Tech Support catches up and learns the technology themselves.

 

[2skis]

My first impression on reading the admin guide on this is that it is fairly complex, but it could be that the docs are just too simplistic. Does anyone have any ballpark ideas as to how much time it takes to implement this, including testing,etc? We are running multiple NB environments, some all windows, some all Unix, and some mixed, with the intention of combining much (if not all) into a single master environment, but use VAC to limit access to the various business units. Anybody have any majot negative experiences doing something like this?

thanks much!