1 Rookie
•
10 Posts
0
785
January 9th, 2023 07:00
EMC Networker 19.5 - Keystore password clarification
I need to install Networker 19.5 version on the Networker DR environment. Is it mandatory to use the same keystore password used on the Production environment?
If I create a new keystore password, is there an option to change in the future? I am not sure if there is an impact by creating a new keystore password. Please clarify my doubt. Thanks in advance!
No Events found!
barry_beckers
393 Posts
0
January 10th, 2023 00:00
haven't been actively involved with cyber recovery into a vault, but the PPCR 19.12 documentation states in the NW server recovery:
"The recovery sandbox is created for the NetWorker application. The latest NetWorker configuration is recovered."
So I expect it to answer Y(es) to all questions that nsrdr is asking except for the recovery of the client indices, nor running a scanner -i, in case there were also backups made after the time of the NW bootstrap backup being recovered from.
Hence scanner -i and nsrck -L7 are mentioned as optional.
however it also states these prereqs where there is some mentioning also about obtaining credentials also for the NW application (my guess however is that one can do something with the NW server in the vault and has configured access to manage the NW server in the vault to be able to use NW NMC or NWUI, whose credentials can very likely be setup different from the original backups server, for example if the vault is to be managed by another team for clear separation of duties, as nsrdr would only restore the bootstrap of the NW server and not restore NW NMC):
"Prerequisites
Ensure that the following prerequisites are met before you initiate a NetWorker recovery:
● You have obtained the credentials for the Cyber Recovery vault host on which the NetWorker application is installed and for the NetWorker application.
● The NetWorker server host in the Cyber Recovery vault has the same IP address and hostname as the NetWorker production host.
NOTE: It is not mandatory that the IP address of the server host in the Cyber Recovery vault be the same as the NetWorker production host. However, if you use a different IP address, you might encounter issues with components and agents referring to the NetWorker server by IP address, which require manual intervention. You can avoid these issues if the IP addresses are the same.
● The NetWorker application is installed in the Cyber Recovery vault and defined as an application asset in Cyber Recovery.
● The DD Boost user within the vault has the same UID as the production DD Boost user.
● A policy has created a point-in-time (PIT) copy to use for the recovery.
● The UID associated with this copy has been created in the Cyber Recovery vault DD system.
● If your deployment includes NetWorker on Windows, ensure that a Windows host and Cygwin are installed in the Cyber Recovery vault, and Cygwin OpenSSH is enabled. For more information, see the Dell PowerProtect Cyber Recovery
Installation Guide.
"
So in short, I don't think having different keystore passwords would matter, however after a DR it would be using the password from the original server, hence you could make life easier by keeping both in sync. But in the end it would also not matter too much, because as soon as any recoveries are performed, the NW server in the vault is very likely to be stopped or used for a next DR recovery.
If in between NW in the vault would need to be updated to have it have the same version as NW prod, then not using the existing authc database, but having a new one created wouldn't matter that much either I guess, because as soon as another DR is to be performed, it will overwrite the authc DB anyways with that of the original NW server again...
You would only use the NW server in the vault for recoveries, not to actually to start backups, for that you would very likely rebuild the original NW server in case it would have been affected.
barry_beckers
393 Posts
0
January 9th, 2023 10:00
what do you mean with the NW DR environment? Another server that you would be restoring the NW bootstrap backup unto? Anything that you setup now, would be overwritten when restoring the data from another backup server. So you'd only have it running and configured with only the one backup device that contains the bootstrap backup, once restored, it would have overwritten or renamed the existing configuration.
However if the DR server is always supposed to be ready and waiting to take over, it is easier to keep them the same, for example when upgrading production also to upgrade production in the exact same way. However it isn't much more that noting the password down in a password vault and look it up if and when you'd be prompted to insert the authc keystore password.
What is your DR approach? As from NW9 onwards NW does not any longer support renaming a backup server, so the server restoring on, needs to have the same hostname as the NW server the data is being restored from.
a screenshot from the NSRDR recovery https://www.youtube.com/watch?v=sdqnIOox-w4 states clearly the NW server authentication database is being overwritten (at least if you tell it to).
Karthick_1
1 Rookie
•
10 Posts
0
January 9th, 2023 19:00
Hello Barry, Thanks for your prompt response. The DR setup that I mean here is cyber vault environment. Cyber vault networker server will be recovered based on the recovery requirement everytime. Pls confirm if the applicable for the same as well. The reason why I am asking is during the bootstrap cyber vault will not ask for any prompt like above...
bingo.1
2.4K Posts
0
January 10th, 2023 03:00
A DR is a DR. The intention is to restore a system/application to the exact state as it was. Consequently, it is not only logical but mandatory to use the same parameters as before.
Karthick_1
1 Rookie
•
10 Posts
0
January 10th, 2023 10:00
Thanks for your inputs..i will apply the same on my setup and perform the testing..