Veritas NetBackup Supports Nutanix AHV Virtual Machines Backup. In the below article will discuss how we can integrate Nutanix & Veritas NetBackup.

• Confirm NetBackup & Nutanix AOS Compatibility.https://download.veritas.com/resources/content/live/OSVC/100046000/100046445/en_US/nbu_100_scl.html?__gda__=1700526274_031b706c04f3bbd134e1494e6a6899e0#virtual_systems_compatibility-nutanix_aos_versions_and_backup_host
  
• Before proceeding, some of the key points need to be considered. If NetBackup Environment is based on Windows, then in this case, we must introduce one Linux Media Server. Otherwise, any existing Linux Master/Media Server can be used as AHV Backup host.
• If Single File/Folder restore is desirable then we need to configure Backup using New Nutanix WebUI only.

Establishing communication between NetBackup and Nutanix AHV

• The NetBackup master server, media server needs to establish communication with the Nutanix Acropolis cluster through a backup host to complete a backup or restore job.

Configuring communication between the Nutanix Acropolis Hypervisor server and NetBackup host

we can go with secure or unsecure communication for the backup.

1. Unsecure communication between Nutanix AHV & NetBackup Host.

Disable SSL Validation in nb_nutanix-ahv.conf

/usr/openv/netbackup/nb_nutanix-ahv.conf

{ “enable_ssl_validations”:false, “cert_authority_file”:””}

Default is True to keep SSL enabled, False to disable SSL

2. Secure communication between Nutanix AHV & NetBackup Host.
   1. Use the openssl s_client -connect <Nutanix Cluster FQDN>:9440 -showcerts < /dev/null command from a Linux system to obtain the Nutanix certificates.
   2. Scroll to the end of the results and copy the last certificate which starts from:
      —–BEGIN CERTIFICATE—–
      <Certificate>
      —–END CERTIFICATE—–
   4. Paste the information to a text file and then rename it as <certificate file name>.pem and copy it to a path to your backup host. Recommended path “/usr/openv/netbackup”
   5. Enter the PEM file path ECA_TRUST_STORE_PATH=/usr/openv/netbackup/<certificate file name>.pem in the bp.conf on the backup host.

Use the nbsetconfig command to configure the following NetBackup configuration options on the access host. ECA_TRUST_STORE_PATH	Specifies the file path to the certificate file that contains all trusted root CA certificates.
ECA_CRL_PATH	Specifies the path to the directory where the certificate revocation lists (CRL) of the external CA are located.
VIRTUALIZATION_HOSTS_SECURE_CONNECT_ENABLED	This option affects AHV, RHV, and VMware secure communication. Without this option, each workload and plug-in separately determine the secure or the insecure communication.Disabling this option lets you skip the security certificate validation. It is recommended by NetBackup that secure communication should be enabled using the ECA_TRUST_STORE_PATH option.
VIRTUALIZATION_CRL_CHECK	Let you validate the revocation status of the virtualization server certificate against the CRLs. By default, the option is enabled.

Whitelist NetBackup backup host IPs on Nutanix.

Adding Nutanix Cluster in NetBackup Console

• Login to NetBackup WEBUI Console
  https://localhost/webui

Create AHV Protection Plan:

• Create Protection plan for AHV Backup, Protection à Protection Plan

• Click Add to add the new Protection plan.

• Specify the Protection Plan, Select the Workload and Click Next

• Create the Desire backup schedule & Specify the Backup retention.

• Click Next to continue.

• Specify the Backup Destination Storage and click Select to continue.

• Click Next to Continue

• Specify the user if you want to enable the RBAC

• Click Next to Continue, review the configuration and click Finish.

Add AHV Cluster:

• Expand workload à Nutanix AHV

• Click on AHV Cluster to add the AHV Cluster

• Click Start
  
• Specify Nutanix Cluster IP, Specify Backup host and add a new credential.

• Specify the Credential name, username, password for Nutanix Cluster and click next

• AHV Cluster is added in NetBackup & AHV VMs will be discovered under Virtual Machines Section.

Assign AHV VMs to Protection Plan:

• Workload à Nutanix AHV à Virtual Machines
• Select Virtual Machine and click Add Protection to assign VM to Protection Plan.
  
• Select Protection Plan and click Next to continue.
• Click Close
  

In Today’s article will look at some of the common Nutanix CLI Commands you must know. Commands listed below are some of the most useful and most frequently used Nutanix CLI commands.

How to Start Nutanix Cluster

To Start the Nutanix Cluster you need to run the below command on any of the CVM.

nutanix@NTNX-b8c39436-A-CVM:~$ cluster start

How to Stop Nutanix Cluster

To Stop the Nutanix Cluster you need to run the below command on any of the CVM.

nutanix@NTNX-b8c39436-A-CVM:~$ cluster stop

How to Check Nutanix Cluster Status

To check the Nutanix Cluster status need to run the below command on any of the CVM.

nutanix@NTNX-b8c39436-A-CVM:~$ cluster status

output will be as below.

How to get Nutanix Cluster Info

To get the Nutanix Cluster information need to run the below command on any of the CVM.

nutanix@NTNX-b8c39436-A-CVM:~$ ncli cluster info

How to get all Host IP Address in the Cluster

To get all hosts IP Address in the Cluster you need to run the below command on any of the CVM.

nutanix@NTNX-b8c39436-A-CVM:~$ hostips

How to get all CVM IP Address in the Cluster

To get all CVM IP Address in the cluster you need to run the below command on any of the CVM.

nutanix@NTNX-b8c39436-A-CVM:~$ svmips

How to Check if Hypervisor Upgrade State

To Check the Hypervisor(AHV, VMWare) Upgrade State, you need to run the below command.

nutanix@NTNX-b8c39436-A-CVM:~$ host_upgrade_status

Nutanix Community Edition is ideal for learning to manage your infrastructure on your own hardware. Included is Prism, the user-friendly interface that provides unified management.

You can download the Nutanix CE from the link below.

https://next.nutanix.com/discussion-forum-14/download-community-edition-38417

CE Can be configured as Single Node cluster , 3-Node Cluster.

Virtual Machine Specifications:

• CPU: 4 VCPU (Enable Expose Hardware assisted virtualization to guest OS)
• RAM: 16GB (Better 32GB)
• HDD: 70GB (For Hypervisor)
• HDD2: 200GB (For CVM)
• HDD3: 200GB (For DATA)
• NIC: Single NIC
• 2 IP Address per Node: 1 for Hypervisor & 1 for CVM

Create New Virtual Machine:

Click next

Browse & Select Downloaded ISO and Click Next

Select Linux as Operating System and click next.

Specify the Virtual Machine name and click Next.

Specify the First HDD 60GB for Hypervisor and click Next.

Click Finish to Create the VM. Right Click VM and Edit the hardware. Add additional HDDs and enable Virtualization to Guest OS.

Power-On VM and boot from the CE download ISO.

If You are going to create the Single Node Cluster, then select Create Single-Node Cluster, Select Next to Continue.

Scroll down the license and accept the agreement, Select Start and Enter to Start the installation.

Installation will take 10-15 minutes, wait for installation, press Y to reboot. If you are creating the 3-node cluster, then repeat the above steps for node 2 and 3.

After the reboot Both AHV Host & CVM should be reachable.

SSH to CVM IP using default Credentials.

User: nutanix

Password: nutanix/4u

If you have not created the cluster initially than you can create the single node cluster using below command.

Single Node Cluster:

cluster -s –redundancy_factor=1 –cluster_external_ip= create

Multi-Node Cluster:

cluster -s Node1_CVM_IP,Node2_CVM_IP,Node3_CVM_IP create

Once cluster is created you can check the cluster status using “Cluster status” command

Once the cluster services is UP. We can login to PRISM.

https://CVM-IP:9440

User: admin

Password: Nutanix/4u

During First time login you will be asked to change the default password.

Provide New Password and enter.

Enter your Nutanix Portal Username and password.

Your Nutanix CE cluster is ready 😊 enjoy .

Let me know if you guys need any help while installating Nutanix CE.

Nutanix DR implementation to protect guest VMs and orchestrate disaster recovery to other Nutanix Cluster when event causing service disruption to occur at primary site.

Nutanix DR Terminologies:

Availability Zone (AZ): A zone that can have one or more independent datacenters inter-connected by low latency links. An AZ can either be in your office premises (on-prem) or in Xi Cloud Services. AZs are physically isolated from each other to ensure that a disaster at one AZ does not affect another AZ. An instance of Prism Central represents an on-prem AZ.

Recovery Availability Zone: An AZ where you can recover the protected guest VMs when a planned or an unplanned event occurs at the primary AZ causing its downtime. You can configure at most two recovery AZs for a guest VM.

Source Virtual Network: The virtual network from which guest VMs migrate during a failover or failback.

Recovery Virtual Network: The virtual network to which guest VMs migrate during a failover or failback operation.

Network Mapping: A mapping between two virtual networks in paired AZs. A network mapping specifies a recovery network for all guest VMs of the source network. When you perform a failover or failback, the guest VMs in the source network recover in the corresponding (mapped) recovery network.

Category: A VM category is a key-value pair that groups similar guest VMs. Associating a protection policy with a VM category ensures that the protection policy applies to all the guest VMs in the group regardless of how the group scales with time. For example, you can associate a group of guest VMs with the Department: Marketing category, where Department is a category that includes a value Marketing along with other values such as Engineering and Sales.

Recovery Point: A copy of the state of a system at a particular point in time.

Recovery Point Objective (RPO): The time interval that refers to the acceptable data loss if there is a failure. For example, if the RPO is 1 hour, the system creates a recovery point every 1 hour. On recovery, you can recover the guest VMs with data as of up to 1 hour ago. Take Snapshot Every in the Create Protection Policy GUI represents RPO.

Recovery Time Objective (RTO): The time period from failure event to the restored service. For example, an RTO of 30 minutes enables you to back up and run the protected guest VMs in 30 minutes after the failure event.

Protection and DR Between on-prem Availability zone:

Leap protects your guest VMs and orchestrates their disaster recovery (DR) to other Nutanix clusters when events causing service disruption occur at the primary AZ.

Before proceeding further let me introduce to my environment, I have two Nutanix Clusters, both clusters are registered with their own prism central hosting on same cluster. Logical design between two cluster will as below

Enabling Nutanix Discovery:

1. Login to Prism Central on Both Clusters
2. Click Gear Icon à Click Disaster Recovery

3. Click Enable

4. Click Enable

Nutanix Disaster Recovery is enabled.

Connect AZ:

1. Browse Navigation Bar à Administration à Availability Zones

2. Click Connect to Availability Zone

3. Select Physical Location, provide 2nd Prism Central IP, User and Password and click Connect

Connection will be created between both prism Central.

Creating Category:

1. Browse Navigation Bar à Administration à Categories

2. Click New Category

3. Specify the Category Name and enter value (subcategories)

Creating Protection Policy:

1. Browse Navigation Bar à Data Protection à Protection Policy

2. Click Create Protection Policy

3. Specify the Primary Location, Cluster and Click Save.

4. Specify Recovery Location PC & Cluster and click save

5. Specify the Snapshot frequency & retention on local and remote.

6. Specify the desire Category and click add

7. Click Create to create the Policy

Assigning VM to Category:

1. Navigate to VM
2. Select the desire VM à Action à Manage Categories

3. Select Desire Category and Click Save

Review Protection Summary:

1. Browse Navigation Bar à Data Protection à Protection Summary

Protection Summary Dashboard, will show the RPO Status

2. Browse Navigation Bar à VM à Recovery Points will shows the VM recovery points and protection status of selected VM.

Creating Recovery Plans:

1. Browse Navigation Bar à Data Protection à Recovery Plans

2. Create New Recovery Plan

3. Specify Recovery plan name, specify primary and recovery location and click Next.

4. Click Add VMs

5. Select the VM and click add

6. Click Next to proceed

7. Select Network Type ( Stretch , Non-Stretch) and Specify source and Target Network Subnet and click Done.

Initating Failover:

1. Select Recovery Plan

2. Click Failover to initate failover

3. Select the Desire Failover type, Incase of Planned Failover (Source VM will be shutdown and after finnal sync , VM will be registered in target cluster and powered-on). Incase if unplanned Failover desire recovery points and be selected for restore .

4. Type Failover and click Failover

5. Click Tasks for see the Failover status

6. VM Successfully failed-over to DR successfully.

The Nutanix Controller VM (CVM) ‘nutanix’ Account

To change the nutanix default password, SSH to any of the CVM and run the below command to change password, it will replicate to all the CVMs.

nutanix@cvm$ sudo passwd nutanix

The Hypervisor Local Accounts

AHV Hypervisor:
To Change root account password on all Hosts in the cluster, run below command from any of the CVM.

nutanix@cvm$ echo -e “CHANGING ALL AHV HOST ROOT PASSWORDS. Note – This script cannot be used for passwords that contain special characters ( $ \ { } ^ &)\nPlease input new password: “; read -s password1; echo “Confirm new password: “; read -s password2; if [ “$password1” == “$password2” ] && [[ ! “$password1” =~ [\\\{\$\^\}\&] ]]; then hostssh “echo -e \”root:${password1}\” | chpasswd”; else echo “The passwords do not match or contain invalid characters (\ $ { } ^ &)”; fi

To Change admin account password on all Hosts in the cluster, run below command from any of the CVM.

nutanix@cvm$ echo -e “CHANGING ALL AHV HOST ADMIN PASSWORDS. Note – This script cannot be used for passwords that contain special characters ( $ \ { } ^ &)\nPlease input new password: “; read -s password1; echo “Confirm new password: “; read -s password2; if [ “$password1” == “$password2” ] && [[ ! “$password1” =~ [\\\{\$\^\}\&] ]]; then hostssh “echo -e \”admin:${password1}\” | chpasswd”; else echo “The passwords do not match or contain invalid characters (\ $ { } ^ &)”; fi

To Change nutanix account password on all Hosts in the cluster, run below command from any of the CVM.

nutanix@cvm$ echo -e “CHANGING ALL AHV HOST NUTANIX PASSWORDS. Note – This script cannot be used for passwords that contain special characters ( $ \ { } ^ &)\nPlease input new password: “; read -s password1; echo “Confirm new password: “; read -s password2; if [ “$password1” == “$password2” ] && [[ ! “$password1” =~ [\\\{\$\^\}\&] ]]; then hostssh “echo -e \”nutanix:${password1}\” | chpasswd”; else echo “The passwords do not match or contain invalid characters (\ $ { } ^ &)”; fi

VMware ESXi

To Change root account password on all Hosts in the cluster, run below command from any of the CVM.

nutanix@cvm$ echo -e “CHANGING ALL ESXi HOST PASSWORDS. Note – This script cannot be used for passwords that contain special characters ( $ \ { } ^ &)\nPlease input new password: “; read -s password1; echo “Confirm new password: “; read -s password2; if [ “$password1” == “$password2” ] && [[ ! “$password1” =~ [\\\{\$\^\}\&] ]]; then hostssh “echo -e \”${password1}\” | passwd root –stdin”; else echo “The passwords do not match or contain invalid characters (\ $ { } ^ &)”; fi

Microsoft Hyper-V

To change local administrator password for all Hyper-V hypervisors in the Nutanix cluster. Run the below command from any from the CVM.

nutanix@cvm$ echo -e “CHANGING ALL HYPER-V HOST PASSWORDS. Note – This script cannot be used for passwords that contain special characters ( $ \ { } ^)\nPlease input new password: “; read -s password1; echo “Confirm new password: “; read -s password2; if [ “$password1” == “$password2” ] && [[ ! “$password1” =~ [\ \”\’\\\{\$\^\}] ]]; then hostssh “net user administrator $password1”; echo “Updating Host and ManagementServer Entries…”; ncli host ls | grep -i id | grep -Eo “::[0-9]*” | cut -c 3- | while read hID; do ncli host edit id=$hID hypervisor-password=$password1;done > /dev/null; ncli host ls | grep “Hypervisor Address” | awk ‘{print $4}’ | while read hIP; do ncli managementserver edit name=$hIP password=$password1;done > /dev/null; else echo “The passwords do not match or contain invalid characters (\ $ { } ^)”; fi

VM NIC can works in two modes

• Access
• Trunk

Access nic are the default and NIC is associated with one VLAN. Whereas trunk can allow multiple VLAN on single NIC.

Note: Currently Trunk port can be added/ modifed from CLI only from the prism both access & trunk ports look same.

SSH on any of the CVM and run the below command.

nutanix@CVM~$ acli vm.nic_create <vm name> network=<network name> trunked_networks=<comma separated list of allowed VLAN IDs> vlan_mode=kTrunked

if VM name is DEMO & you want to allow VLAN 10,20,30,40 , we need to run below command.

nutanix@CVM~$ acli vm.nic_create DEMO network=network trunked_networks=10,20,30,40 vlan_mode=kTrunked

If incase if you want to convert Trunk NIC to Access NIC , then below is the command syntax.

acli vm.nic_update <vm name> <vm nic mac address> vlan_mode=kAccess update_vlan_trunk_info=true