Backup and Recovery
Backup and Recovery 7.1
Backup and Recovery 7.0Backup and Recovery 7.1Backup and Recovery 7.2
Backup and Recovery 7.1
Backup and Recovery 7.0Backup and Recovery 7.1Backup and Recovery 7.2
  • Storware Backup & Recovery documentation
    • Table of Contents
  • Changelog
  • Overview
    • Main Features
    • Storware Backup and Recovery concepts
      • Support Matrix
      • Architecture
      • Components
      • Backup types
      • Typical Scenarios
    • Licensing
    • Product Life Cycle
  • Deployment
    • Component requirements
    • Supported platforms requirements
    • Sizing Guide
      • Small
      • Medium
      • Large
    • Installation
      • ISO-based installation
      • Quick Installation using all-in-one script
      • Installation using Ansible playbook
      • Installation with RPMs
      • Deployment in Microsoft Azure
      • Virtual Appliance
        • RHV/oVirt/OLVM Virtual Appliance
        • Citrix Hypervisor | XCP-ng Virtual Appliance
        • VMware Virtual Appliance
        • Nutanix Acropolis Hypervisor (AHV)
    • Initial Configuration
    • Backup Destinations
      • File System
        • Synthetic File System
          • XFS
          • DD Boost
        • isoLayer (Synthetic)
        • File system
          • Virtual Data Optimizer (VDO)
        • Catalogic Software vStor
      • Deduplication Appliances
        • Dell EMC Data Domain
        • Huawei OceanProtect
        • HPE StoreOnce
        • Exagrid
        • Neverfail HybriStor
      • Object Storage
        • Alibaba Cloud OSS
        • AWS S3 or S3-compatible
        • Ceph Rados Gateway
        • Cloudian S3
        • Wasabi
        • Google Cloud Storage
        • IBM Cloud Object Storage
        • Microsoft Azure Blob Storage
        • Nutanix Objects
        • OpenStack SWIFT
        • Oracle Cloud Infrastructure Object Storage
        • Scality RING
      • Enterprise Backup Providers
        • Dell EMC Avamar
        • Dell EMC Networker
        • IBM Spectrum Protect
        • Micro Focus Data Protector
        • Veritas NetBackup
        • Rubrik Managed Volumes
      • Tape Pools
    • High Availability
      • 2 Node Cluster
      • 3 Node Cluster
    • Common tasks
      • Staging space configuration
      • Enabling HTTPS connectivity for nodes
      • LVM setup on Storware Backup & Recovery Node for disk attachment backup mode
      • Full versions of libvirt/qemu packages installation
      • SSH public key authentication
      • Enabling HTTP(S) Proxy for Storware Backup & Recovery
  • Protecting Virtual Environments
    • Virtual Machines
      • VMware vSphere/ESXi
      • Microsoft Hyper-V
      • Azure Stack HCI
      • Nutanix Acropolis Hypervisor (AHV)
      • Red Hat Openshift Virtualization
      • Red Hat Virtualization
      • oVirt
      • Oracle Linux Virtualization Manager
      • Oracle VM
      • Proxmox VE
      • KVM/Xen
      • OpenStack
      • OpenNebula
      • Virtuozzo
      • Verge
      • Citrix Hypervisor (XenServer)
      • XCP-ng
      • Huawei FusionCompute
      • HPE SimpliVity
      • SC//Platform
    • Cloud
      • Amazon EC2
      • GCP GCE
      • Azure Cloud
    • Containers
      • Kubernetes
      • Red Hat OpenShift
      • Proxmox VE
    • Backup & Restore
    • v2v migration
  • Protecting Microsoft 365
    • Microsoft 365 organization management
      • Configure Microsoft 365 access
      • Add Microsoft 365 organization manually
      • Add Microsoft 365 organization using the Setup Assistant
      • Account auto-synchronization
    • Backup & Restore
    • Suppoted Sharepoint templates and limitations
  • File Level Backup and Restore - OS Agent
  • Protecting Applications
    • Applications
      • MSSQL
      • MySQL/MariaDB
      • PostgreSQL
      • DB2
      • Oracle
      • Relax and Recover - ReaR
      • Git
      • oVirt/RHV/OLVM
      • Kubernetes/OpenShift etcd
    • Backup & Restore
  • Protecting Storage Providers
    • Storage Providers
      • Ceph RBD
      • Nutanix Files
      • Nutanix Volume Groups
    • Backup & Restore
  • Administration
    • Dashboard
    • Virtual Environments
      • Instances
        • Backup on-demand
        • Restore on-demand
        • Snapshot Management
      • Virtualization Providers
      • Backup SLAs
        • Policies
        • Schedules
      • Snapshot SLAs
        • Policies
        • Schedules
      • Recovery Plans
        • Policies
        • Schedules
      • Mounted Backups (File-level Restore)
    • Storage
      • Instances
        • Backup on-demand
        • Restore on-demand
      • Infrastructure
      • Backup SLAs
        • Policies
        • Schedules
      • Snapshot SLAs
        • Policies
        • Schedules
      • Mounted Backups (File-level Restore)
    • Cloud
      • Instances
      • Service Providers
      • Backup SLAs
        • Policies
        • Schedules
      • Download
    • Applications
      • Instances
      • Execution Configurations
      • Backup SLAs
    • Endpoints
      • Environment
      • Administrators
      • Endpoints Server Management
        • Dashboard
        • Packages
        • Organizations
      • Endpoints Administrator
        • Dashboard
        • Users
          • Local users
          • LDAP users
        • Devices
          • Devices list view
          • Device status
        • Backup SLA
          • Create a Backup SLA
            • GENERAL
            • WINDOWS
            • MAC OS (technical preview)
            • EMAIL CLIENTS
          • Backup SLA management
          • Backup SLA removal
        • Restore Jobs
        • Client Deployments
    • Reporting
      • Virtual Environments
      • Storage
      • Microsoft 365
      • Applications
      • Notifications
      • Audit Log
    • Nodes
      • Instances
      • Node Configurations
    • Access Management
      • Users
      • Groups
      • Roles
      • OS Credentials
    • Settings
      • Global Settings
      • Internal DB Backup
      • Notification Rules
      • Mailing Lists
      • Endpoints Global Settings
    • Upgrade
    • CLI Reference
    • CLI v2 Reference
  • Integration
  • Integration Plugins
    • Red Hat Virtualization UI Plugin
    • oVirt UI Plugin
    • Oracle Linux Virtualization Manager UI Plugin
    • OpenStack UI Plugin
  • Troubleshooting
    • Enable DEBUG mode in Storware Backup and Recovery
    • Collecting logs
    • External log targets
    • Disaster Recovery
  • Known software issues and limitations
  • Glossary
Powered by GitBook
On this page
  • Storware Backup & Recovery Server (when using own certificate)
  • Storware Backup & Recovery Node (any SSL certificate)
  • Notes on using your own certificate with CSR and your own CA
  1. Deployment
  2. Common tasks

Enabling HTTPS connectivity for nodes

The default certificate presented by the application server uses localhost.localdomain. This works only for local node installations (server and node on a single host).

Note:

  • You can use the default certificate - remember that you may need to use the ./node_add_ssl_cert.sh script after future updates to refresh the certificate on the node

  • Default password for our keystore is changeit

  • For the default certificate - jump to the Node configuration and use the localhost.localdomain instead of the storware.local

  • When registering the node locally over HTTPS note that the URL you should use is localhost.localdomain - NOT localhost

  • When registering a node via HTTPS, please note that the server must have an FQDN that is different from the IP address (hostname like 10.10.10.10 can be processed incorrectly).

This section presents the steps necessary for generating an SSL certificate, for setup Storware Backup & Recovery to use it and how to register a remote node.

Storware Backup & Recovery Server (when using own certificate)

This section describes certificate generation and import on the Storware Backup & Recovery Server side. It uses a self-signed certificate. If you would like to use CSR and your own CA instead - check for additional steps described in the next section.

  1. SSH to Storware Backup & Recovery Server host

  2. Enable root priveleges and generate the key and certificate (remember to provide a valid Storware Server DNS hostname - in our example it was storware.local):

    openssl req -x509 -newkey rsa:4096 -keyout storware.key -out storware.crt -days 365
    Generating a 4096 bit RSA private key
...............................................................................++
.............................................................................................................................................................................................................................................................................................................................................++
writing new private key to 'storware.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:PL
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:Warsaw
Organization Name (eg, company) [Default Company Ltd]: your Company
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:storware.local
Email Address []:

  3. Create the PKCS12 bundle from the certificate and the key:

    openssl pkcs12 -export -in storware.crt -inkey storware.key -out storware.p12 -name storware

    You need to input passphrase defined before and define export password:

    Enter pass phrase for storware.key:
Enter Export Password:
Verifying - Enter Export Password:

  4. Create a keystore for the Storware Backup & Recovery Server with the PKCS12 bundle (as a root):

    Note: Default password for our keystore is changeit.

    [root@localhost ~]# keytool -importkeystore -destkeystore /opt/vprotect/keystore.jks -srckeystore storware.p12 -srcstoretype PKCS12 -alias storware
Enter destination keystore password: 
Re-enter new password: 
Enter source keystore password:

  5. Change ownership on the keystore to the vprotect user:

    chown vprotect:vprotect /opt/vprotect/keystore.jks

  6. Edit /opt/vprotect/server/quarkus.properties, change the path to the keystore and password (use password generated in step 3 of this instruction, default keystore password is changeit):

    eu.storware.vprotect.ssl.certname=[certificate alias]
javax.net.ssl.keyStore=/opt/vprotect/keystore.jks
javax.net.ssl.keyStorePassword=[keystorepassword]

  7. Restart the Server:

    systemctl stop vprotect-server
systemctl start vprotect-server

Storware Backup & Recovery Node (any SSL certificate)

  1. SSH to Storware Backup & Recovery Node host

  2. Make sure that your nodes resolve the hostname (FQDN) of the Storware Backup & Recovery Server. You also can add an entry in the /etc/hosts like this (example IP: 1.2.3.4):

    1.2.3.4 storware.local

  3. Check with your browser that https://STORWARE_HOST:8181 presents the certificate that you have just generated. You also can execute the openssl client from the node to print it (check the hostname that you have provided in the certificate):

    openssl s_client -connect storware.local:8181 < /dev/null

  4. Import the server certificate using the script under the /opt/vprotect/node/scripts folder:

    cd /opt/vprotect/node/scripts
./node_add_ssl_cert.sh [SERVER_HOST] [PORT] [KEYSTORE_PASS]

    • [SERVER_HOST] - FQDN name of Storware Backup & Recovery Server

    • [PORT] - port for SSL communication on Storware Backup & Recovery Server (you need to open it on server # firewall-cmd --permanent --add-port=[PORT]/tcp && firewall-cmd --reload)

    • [KEYSTORE_PASS] - password which you defined in step 3 of that instruction

    Note:

    If you have node on the same host as server, You could use default variables of script (and you can use script without arguments). Default variables are:

    • SERVER_HOST = 127.0.0.1

    • PORT = 8181

    • KEYSTORE_PASS = changeit

    It applies if you would not generated any certificate.

  5. Register the node with the NODE_NAME of your choice, the ADMIN_USER user name which you would like to use and the URL to Storware Backup & Recovery API, and provide the password when prompted:

    vprotect node -r NODE_NAME ADMIN_USER http(s)://STORWARE_SERVER:PORT/api

    Examples:

    • Remote server with a generated certificate:

    vprotect node -r node1 admin https://storware.local:8181/api PASSWORD

    • Local installation with default certificate:

    vprotect node -r node1 admin https://localhost.localdomain:8181/api

Notes on using your own certificate with CSR and your own CA

  1. Generate the CSR - answer the same set of questions as above:openssl req -new -newkey rsa:2048 -nodes -keyout storware.key -out storware.csr.

  2. Send your CSR and have it signed by your CA.

  3. Download your CRT file and save it as storware.crt (note that you should have your working directory set to /opt/vprotect).

  4. Download your CA certificate chain (for example for a singleca.crt) and import it with the CA_ALIAS of your choice as follows:

    keytool -import -trustcacerts -keystore /usr/lib/jvm/jre/lib/security/cacerts -storepass changeit -noprompt -alias CA_ALIAS -file ca.crt

  5. Now continue from PKCS12 bundle generation (step 3 in the section above).

PreviousStaging space configurationNextLVM setup on Storware Backup & Recovery Node for disk attachment backup mode

Last updated 2 months ago

When using CSR to get a trusted certificate, you need to replace step 2 in with several steps including CSR generation, and download the CRT signed by your CA. The steps are as follows:

Storware Backup & Recovery Server (when using own certificate)