Skip to main content
BlueXP backup and recovery
All cloud providers
  • Amazon Web Services
  • Google Cloud
  • Microsoft Azure
  • All cloud providers

Manage protection of applications

Contributors netapp-soumikd

You can manage protection of applications by viewing policies, viewing backups, viewing the changes to database layout, policies, and resource group, and monitoring all the operations from the BlueXP UI.

View policies

You can view all the policies. For each of these policies, when you view the details all the associated applications are listed.

Steps
  1. Click Backup and recovery > Applications.

  2. From the Settings drop-down, click Policies.

  3. Click View Details corresponding to policy whose details you want to view.

    The associated applications are listed.

    Note You cannot edit or delete a policy, which is associated with an application.

You can also view cloud extended SnapCenter policies, by running the Get-SmResources cmdlet in SnapCenter.
The information regarding the parameters that can be used with the cmdlet and their descriptions can be obtained by running Get-Help command name.

View backups on cloud

You can view the backups on cloud in the BlueXP UI.

Steps
  1. Click Backup and recovery > Applications.

  2. Click icon to select the action corresponding to the application and click View Details.

Important The time taken for the backups to be listed depends on ONTAP's default replication schedule.
  • For Oracle databases, both data and log backups, system change number (SCN) for each backup, end date for each backup are listed. You can select only the data backup and restore the database to original location. You can mount the data backup and log backup to alternate location.

  • For Microsoft SQL Server databases, only the full backups and the end date for each backup are listed. You can select the backup and restore the database to original or alternate location.

  • For Microsoft SQL Server instance, backups of the databases under that instance is listed.

  • For SAP HANA databases, only the data backups and the end date for each backup are listed. You can select the backup and perform storage export on a given host.

  • For MongoDB, MySQL, and PostgreSQL, only the data backups and the end date for each backup are listed. You can select the backup and perform storage export on a given host.

Note The backups created before enabling cloud protection are not listed for restore.

You can also view these backups by running the Get-SmBackup cmdlet in SnapCenter.
The information regarding the parameters that can be used with the cmdlet and their descriptions can be obtained by running Get-Help command name.

Deactivate backup

You can delete all the backups that are moved to object store from both SnapCenter and the object store.

Steps
  1. Click Backup and recovery > Applications.

  2. Click icon to select the action corresponding to the application and click Deactivate Backup.

    By default the check box is selected and it deletes all the backups that are moved to object store from both SnapCenter and the object store.

    If you clear the checkbox, the backups are retained only in the object store but these backups cannot be used for application level restore. Later when you activate the backup for this application, the backups retained in object store are not listed for restore.

  3. Click Deactivate Backup.

Database layout change

When volumes are added to the database, SnapCenter Server labels the snapshots on the new volumes automatically as per the policy and the schedule. These new volumes will not have the object store endpoint and you should refresh the volumes by executing the following steps:

Steps
  1. Click Backup and recovery > Applications.

  2. From the Settings drop-down, click SnapCenter Servers.

  3. Click icon to select the action corresponding to the SnapCenter Server hosting the application and click Refresh.

    The new volumes are discovered.

  4. Click icon to select the action corresponding to the application and click Refresh Protection to enable cloud protection for the new volume.

    • If a storage volume is added to the application after configuring the cloud provider, SnapCenter Server labels the snapshots for new backups on which the application is residing.

    • You should manually delete the object store relationship if the removed volume is not used by any other applications.

    • If you update the application inventory, it will contain the current storage layout of the application.

Policy or resource group change

If there is a change to the SnapCenter policy or resource group, you should refresh the protection relationship.

Steps
  1. Click Backup and recovery > Applications.

  2. Click icon to select the action corresponding to the application and click Refresh Protection.

Unregister SnapCenter Server

Steps
  1. Click Backup and recovery > Applications.

  2. From the Settings drop-down, click SnapCenter Servers.

  3. Click icon to select the action corresponding to the SnapCenter Server and click Unregister.

    By default the check box is selected and it deletes all the backups that are moved to object store from both SnapCenter and the object store.

    If you clear the checkbox, the backups are retained only in the object store but these backups cannot be used for application level restore. Later when you activate the backup for this application, the backups retained in object store are not listed for restore.

Monitor Jobs

Jobs are created for all the Cloud Backup operations. You can monitor all the jobs and all the sub tasks that are performed as part of each task.

Steps
  1. Click Backup and recovery > Job Monitoring.

    When you initiate an operation, a window appears stating that the job is initiated. You can click the link to monitor the job.

  2. Click the primary task to view the sub tasks and status of each of these sub tasks.

Configure CA Certificates

You can configure CA signed certificate if you want to include additional security to your environment.

Configure SnapCenter CA signed certificate in BlueXP Connector

You should configure SnapCenter CA signed certificate in BlueXP Connector so that the Connector can verify the SnapCenter’s certificate.

Before you begin

You should run the following command in the BlueXP Connector to get the <base_mount_path>:
sudo docker volume ls | grep snapcenter_volume | awk {'print $2'} | xargs sudo docker volume inspect | grep Mountpoint

Steps
  1. Log in to the Connector.
    cd <base_mount_path> mkdir -p server/certificate

  2. Copy the root CA and intermediate CA files to the <base_mount_path>/server/certificate directory.

    The CA files should be in .pem format.

  3. If you have CRL files, perform the following steps:

    1. cd <base_mount_path> mkdir -p server/crl

    2. Copy the CRL files to the <base_mount_path>/server/crl directory.

  4. Connect to the cloudmanager_snapcenter and modify the enableCACert in config.yml to true.
    sudo docker exec -t cloudmanager_snapcenter sed -i 's/enableCACert: false/enableCACert: true/g' /opt/netapp/cloudmanager-snapcenter/config/config.yml

  5. Restart cloudmanager_snapcenter container.
    sudo docker restart cloudmanager_snapcenter

Configure CA signed certificate for BlueXP Connector

If 2way SSL is enabled in SnapCenter, you should perform the following steps on the Connector to use the CA certificate as the client certificate when the Connector is connecting with the SnapCenter.

Before you begin

You should run the following command to get the <base_mount_path>:
sudo docker volume ls | grep snapcenter_volume | awk {'print $2'} | xargs sudo docker volume inspect | grep Mountpoint

Steps
  1. Log in to the Connector.
    cd <base_mount_path> mkdir -p client/certificate

  2. Copy the CA signed certificate and key file to the <base_mount_path>/client/certificate in the Connector.

    The file name should be certificate.pem and key.pem. The certificate.pem should have the entire chain of the certificates like intermediate CA and root CA.

  3. Create the PKCS12 format of the certificate with the name certificate.p12 and keep at <base_mount_path>/client/certificate.

    Example: openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

  4. Connect to the cloudmanager_snapcenter and modify the sendCACert in config.yml to true.
    sudo docker exec -t cloudmanager_snapcenter sed -i 's/sendCACert: false/sendCACert: true/g' /opt/netapp/cloudmanager-snapcenter/config/config.yml

  5. Restart cloudmanager_snapcenter container.
    sudo docker restart cloudmanager_snapcenter

  6. Perform the following steps on the SnapCenter to validate the certificate sent by the Connector.

    1. Login to the SnapCenter Sever host.

    2. Click Start > Start Search.

    3. Type mmc and press Enter.

    4. Click Yes.

    5. In File menu, click Add/Remove Snap-in.

    6. Click Certificates > Add > Computer account > Next.

    7. Click Local computer > Finish.

    8. If you have no more snap-ins to add to the console, click OK.

    9. In the console tree, double-click Certificates.

    10. Right-click the Trusted Root Certification Authorities store.

    11. Click Import to import the certificates and follow the steps in the Certificate Import Wizard.