Source:NetApp-specific NDMP configuration
Overview
SEP sesam enables you to protect and manage your storage file servers by providing support for Network Data Management Protocol (NDMP). To find out more about NDMP, see NDMP Backup.
The following configuration steps represent a NetApp specific part of the NDMP host configuration. They are based on the NetApp article on using NDMP-based copy utilities. The steps below explain how to enable NDMP and set a password on the source and destination storage systems.
Procedure
Depending on your configuration, use the NDMP activation and authentication procedure specific to your mode.
7-Mode
- Enable NDMP. netapp> ndmpd on
- Create a new user specifically for NDMP: netapp> useradmin user add sepbackup -g "Backup Operators" New password: XXXXXXXXX Retype new password: XXXXXXXXX User <sepbackup> added.
- Non-root users have a special NDMP password that is different from their login password and is displayed by this command: netapp> ndmpd password sepbackup password MzUV5p6R Note: This NDMP password must be set in the client configuration together with the user name!
- Set NDMP to accept plaintext and md5 authentication methods: netapp> options ndmpd.authtype plaintext,challenge
Clustered Data ONTAP
Run the following command to verify that your cluster is running in vserver scope and not in node-scope mode:
cluster::> system services ndmp node-scope-mode status
If node-scope-mode is disabled, the cluster is configured for vserver scope.
Vserver scope
- Enable NDMP on your vserver. cluster::> vserver services ndmp on -vserver <SVM-name>
- Verify that NDMP is allowed on the vserver. cluster::> vserver show -vserver <SVM-name> -fields allowed-protocols
- Optionally, create a user account on the vserver for NDMP. You may also use the vserver vsadmin account. cluster::> security login create -user-or-group-name ndmpuser -application ssh -authmethod password -vserver <SVM-name> -role vsadmin-backup Please enter a password for user 'ndmpuser': Please enter it again:
- Generate an NDMP password for the user account. This password will not be the same as the password for the user account! cluster::> vserver services ndmp generate-password -vserver <SVM-name> -user ndmpuser Vserver: svm2 User: ndmpuser Password: yMGg5d0LyUG8l1kn
Node scope
- Enable NDMP. ::> system services ndmp on -node *
- Set a password. ::> system services ndmp modify -node * -user-id root Please enter password: XXXXXXXXX Confirm password: XXXXXXXXX X entries were modified.
- Set NDMP to accept both plaintext and md5 authentication requests. ::>system services ndmp modify -node * -clear-text true
Firewall Settings
In the environments where the source and target networks are separated by a network firewall, NDMP connection uses a control port 10000 by default to manage backups and restores. This connection is used to send and receive NDMP requests. However, the NDMP data connection that is used for transferring data may use any available port from the firewall configuration randomly.
As of DOT 7.3.5.1 and 8.0.1 the NDMP data port can be specified by using the option: options ndmpd.data_port_range {start_port-end_port}.
Its usage is explained in the NetApp article Designating the range of ports for NDMP data connections. The following information are based on this article.
To specify a range of ports to be used by NDMP data connection, use the following command on NetApp Controller:
options ndmpd.data_port_range {start_port-end_port}
Syntax: options ndmpd.data_port_range {<start_port>-<end_port> | all }. start_port and end_port can have values between 1024 and 65535 start_port must be less than or equal to end_port It is best to use start_port and end_port values between 18600 and 18699.
Example:
options ndmpd.data_port_range {11400-11800}
The default value for this option is all, which means that any available port may be used. By specifying a valid range, a port within this range is used. A listen request fails if no ports in the specified range are free. The additional ports must be open in both directions for backup and restore purposes.
Note | |
The ndmpd.data_port_range option is persistent across reboots. |
Once you have specified the ports, restart ndmpd on NetApp Controller by using ndmpd {on|off}.
For more details about ndmp with firewalls, see also:
Can the Network Data Management Protocol (NDMP) port number be changed?
ONTAP port usage on a storage system