I finished my testing several weeks ago, but been quite busy getting ready for my summer vacation. I guess those negotiations with Veritas, about delaying 7.7GA ’till after my vacation didn´t go well :-), so here it is.
For those of you searching for the 2.7 version for the Symantec appliances – hold your breath, it´s not coming out until 2.7.1 (it appears they might be dropping the 4th digit in versions again, but let´s see what happens). It´s not clear why it´s being delayed, some good reasons could be the planned OS change underneath the hood or perhaps the support for the new 54xx series. I don´t think it´s because they don´t trust the GA release, because it has proven to be very stable, that being said, Proact usually still try to hold back major releases until the first patch is release – like we do with most other software releases.
As expected I did not have time to test every little aspect of 7.7 but I got around to a lot of the important stuff, and spoke to other beta testers about some of the rest.
SQL Intelligent Policy (SIP)
It´s here and I think it´s pretty great. Let’s clear out the most important thing, the old scripted way works just as always, so you can migrate whenever you feel like it at your own pace.
So how does it work? Well very similar to the Oracle Intelligent Policy, you install the client on your SQL servers, the client presents the SQL server instances that it detects (with a little delay) to the master server in the new Applications view:
So several annoying things about the previous SQL agent has been addressed. Let’s start with authentication. After the agent presents the SQL instances to the interface, you can either group them together or register each of them individually. During registration, you have the choice of either using the legacy authentication (setting a SQL service account on the NetBackup client service on each SQL server) or provide authentication from the NetBackup interface (this can also be done remotely by a DBA so NBU admins doesn´t know the login).
Another annoying thing was generating and distributing BCH scripts to all the SQL servers, no more of that, now you just browse your registered SQL instances and select the ones you want in your policy:
Select what “kind” of backup you want, both “ALL/WHOLE_DATABASE” and browse to individual File Groups, Files or Databases:
and log backups doesn´t require individual exclude for Databases in Simple Mode now, so no more of those annoying status 1 backups.
Nothing is perfect though, a few things a missing from the first version of this, some will obviously prove to be an issue to some environments:
- No support for clustered MS-SQL servers or Always On. Symantec has ensured that this is the highest priority on the SIP roadmap, and I think we might see something already in 184.108.40.206.
- Currently no support for excluding individual databases, like the old “DATABASE $ALL + EXCLUDE XYZ_DB”. This is also on the roadmap.
- Alternate restores still requires you to manually edit BCH files, I get the impression that a makeover is in the works for the SQL client side GUI, but nothing specific.
I am really hoping this old client side GUI soon goes away for something better
Hyper-V Intelligent Policy (HIP)
Most of you probably already knows the VMware Intelligent Policy, well now Hyper-V has it (for 2012R2). No more manual selection of VMs, you can now create queries for Hyper-V backups:
Resource Limits option is also there to help distribute the backup load automatically across the Hyper-V cluster(s). There is also integration to Microsoft SCVMM (which I have no experience with).
- A few more query options fields would be nice, like VHD location (datastore).
- Resource limits is primarily limited to snapshot operations.
- SMB3 support still not there – IF this is an issue to you, please let me know because Symantec is not aware of whether this is a big issue or not!
I didn´t have the chance to install the new Instant Recovery plugin to vSphere (I am sharing some of my test environment with others, so this will have to wait for GA), but supposedly it works great. Just select a VM, request an Instant Recovery and few seconds later its available in VMware using the backup storage.
This has been included since 7.6 so if you are not already using it, what´s your excuse?
So what about VMware tags, this replacement for annotations, which many use to automate VM selection, has been out there for years now. Those of you which have migrated fully to the Web Client, must be missing this as much as me.
Well the thing is, that VMware didn´t include tags support in the VADP (backup API) until 6.0, and since the information isn´t stored with the VM anymore, but in the SSO database, there were some theoretical scenarios that needed to be dealt with, like what happens if you restore a VM whose tags have since the backup been removed from the vSphere environment. Recreate it (much to the annoyance of the VMware admin) or skip it (but then the VM is not as it was when backed up) – and more.
There was a vote amongst larger customers and partners, most people are rooting for a partial implementation process, where step one is the ability to search them out in the intelligent policy, and step 2 is backing up and restoring tags information with the VM. I am hoping to see step 1 in 7.7.1 at the very latest.
Auditing and Security
This is something that more and more people worry about. Focus was on two things in 7.7GA release:
- NBU has suffered from quite a few “World Writeable Files”, i.e. files which any user can read on the client/servers. Especially log and config files can contain sensitive information, and many of these have been fixed now. Focus is on removing the last for the 7.8 release.
- In 7.5 a default audit function arrived which few people know about, but it didn´t always log the login-user in multi-user environments, just administrator/root, this has been partially updated, more to come.
Refer to the NetBackup Security and Encryption Guide on how to enable this new granularity.
Next focus area will be on improving the audit function further and limiting the amount of operations which require administrator/root access, so junior admins can work with NetBackup without having these access rights – something which is almost already there on the Appliance today.
PS, this was the area I didn´t have time to test myself…
JAVA GUI – the one and only!
Not sure there is much to say. The Windows GUI is gone… For those of us used to working with both the Windows and JAVA GUI, it´s not really a big thing – actually quite an improvement in the environments using the JAVA GUI, finally some of the most annoying lacks of the GUI has been (or will be) fixed. Personally I reported in a lot of small things back during beta testing, which the product team has agreed to fix. All things which will make the transition easier for you guys using the Windows GUI.
An important improvement is the removed requirement to do apply before changing policy tabs, you can now go up/down in the detailed view of the activity monitor and Filter “By Example” has been added. Check out the “User interface enhancements” of the release notes a full list of updates to the JAVA GUI – https://support.symantec.com/en_US/article.DOC8512.html
What I have reported back as the most important features still lacking is:
- Quick jumping by typing “letters” is not working (like when browsing large policy/client lists)
- Filter previous results in the Activity monitor is missing from the “By Example” view.
So to all the Windows admins out there, wipe away those tears and accept that the world moves on it´s really not that bad. If you disagree, don´t kill the messenger…
Didn´t get around to play with NetApp cDot support (but obviously it should just work), but I did look into the new S3 cloud support. This means that any S3 compatible cloud storage provider can get certified and sell you storage which plugs directly into NetBackup (Google, Amazon and others are doing this, also in Europe). The things is, they are only selling you storage, so all data that travels to the cloud is un-deduplicated, unless you put a media server into the same cloud as well, and then I can suggest better solutions J Check out my previous 7.7 beta post.
What to be aware of
- NetBackup 7.7 software does NOT support Windows Server 2003(R2)!
If your master/media is on this platform and you want to upgrade, it might be the right time to migrate.
For clients just keep them at the latest 7.6 client and everything works as always, fully supported.
- Legacy log file names have changed, remember to update your potential custom scripts if you parse them.
- The NetBackup Search “product” is being decommissioned, it simply wasn´t used. Some features are being migrated to NetBackup though (hold features).
- If you have appliances in your environment, make sure you follow supported upgrade paths, or call us first!
Have a great summer out there!