Source:NetApp-specific NDMP configuration

From SEPsesam
Revision as of 12:59, 16 April 2019 by Dho (talk | contribs)

Copyright © SEP AG 1999-2024. All rights reserved.

Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.

Docs latest icon.png Welcome to the latest SEP sesam documentation version 4.4.3/4.4.3 Grolar. For previous documentation version(s), check Documentation archive.


Overview

SEP sesam enables you to protect and manage your storage file servers by providing support for Network Data Management Protocol (NDMP). To find out more about NDMP, see NDMP Backup.

The following configuration steps represent a NetApp specific part of the NDMP host configuration. They are based on the NetApp article on using NDMP-based copy utilities. The steps below explain how to enable NDMP and set a password on the source and destination storage systems.

Procedure

Depending on your configuration, use the NDMP activation and authentication procedure specific to your mode.

7-Mode

  1. Enable NDMP.
  2. netapp> ndmpd on
  3. Create a new user specifically for NDMP:
  4. netapp> useradmin user add sepbackup -g "Backup Operators" New password: XXXXXXXXX Retype new password: XXXXXXXXX User <sepbackup> added.
  5. Non-root users have a special NDMP password that is different from their login password and is displayed by this command:
  6. netapp> ndmpd password sepbackup password MzUV5p6R Note: This NDMP password must be set in the client configuration together with the user name!
  7. Set NDMP to accept plaintext and md5 authentication methods:
  8. netapp> options ndmpd.authtype plaintext,challenge

Clustered Data ONTAP

Run the following command to verify that your cluster is running in vserver scope and not in node-scope mode:

cluster::> system services ndmp node-scope-mode status

If node-scope-mode is disabled, the cluster is configured for vserver scope.

Vserver scope

  1. Enable NDMP on your vserver.
  2. cluster::> vserver services ndmp on -vserver <SVM-name>
  3. Verify that NDMP is allowed on the vserver.
  4. cluster::> vserver show -vserver <SVM-name> -fields allowed-protocols
  5. Optionally, create a user account on the vserver for NDMP. You may also use the vserver vsadmin account.
  6. cluster::> security login create -user-or-group-name ndmpuser -application ssh -authmethod password -vserver <SVM-name> -role vsadmin-backup Please enter a password for user 'ndmpuser': Please enter it again:
  7. Generate an NDMP password for the user account. This password will not be the same as the password for the user account!
  8. cluster::> vserver services ndmp generate-password -vserver <SVM-name> -user ndmpuser Vserver: svm2 User: ndmpuser Password: yMGg5d0LyUG8l1kn

Node scope

  1. Enable NDMP.
  2.  ::> system services ndmp on -node *
  3. Set a password.
  4.  ::> system services ndmp modify -node * -user-id root Please enter password: XXXXXXXXX Confirm password: XXXXXXXXX X entries were modified.
  5. Set NDMP to accept both plaintext and md5 authentication requests.
  6.  ::>system services ndmp modify -node * -clear-text true

Firewall Settings

In the environments where the source and target networks are separated by a network firewall, NDMP connection uses a control port 10000 by default to manage backups and restores. This connection is used to send and receive NDMP requests. However, the NDMP data connection that is used for transferring data may use any available port from the firewall configuration randomly.


As of DOT 7.3.5.1 and 8.0.1 the NDMP data port can be specified by using the option: options ndmpd.data_port_range {start_port-end_port}.

Its usage is explained in the NetApp article Designating the range of ports for NDMP data connections. The following information are based on this article.

To specify a range of ports to be used by NDMP data connection, use the following command on NetApp Controller:

options ndmpd.data_port_range {start_port-end_port}
Syntax:      options      ndmpd.data_port_range      {<start_port>-<end_port> | all }. 
                                                     start_port and end_port can have values between 1024 and 65535
                                                     start_port must be less than or equal to end_port
                                                     It is best to use start_port and end_port values between 18600 and 18699.

Example:

options ndmpd.data_port_range {11400-11800}

The default value for this option is all, which means that any available port may be used. By specifying a valid range, a port within this range is used. A listen request fails if no ports in the specified range are free. The additional ports must be open in both directions for backup and restore purposes.

Information sign.png Note
The ndmpd.data_port_range option is persistent across reboots.

Once you have specified the ports, restart ndmpd on NetApp Controller by using ndmpd {on|off}.


For more details about ndmp with firewalls, see also:

ndmp backups with firewalls

Can the Network Data Management Protocol (NDMP) port number be changed?

ONTAP port usage on a storage system

See also

NDMP Backup