Editing an Enterprise Configuration

The fields displayed in the Edit Node pane depend on which mode is chosen in the Authentication Mode field: Catalogic DPX native mode or LDAP mode. In the field descriptions below, if a field is present for only one of the modes, the mode is indicated in [brackets] after the field name. Otherwise, the field is displayed in both modes.

To check the status of an Enterprise or edit an Enterprise definition:

1. Click the Configure tab on the Function Tab bar then click Enterprise to open the Configure Enterprise window.

2. Open the Edit Enterprise dialog in the right pane by doing one of the following:

   • Right-click the Enterprise name or icon to display a context menu. The selection check box indicates the selected Enterprise, and the Edit Enterprise dialog appears in the right pane. Then select Edit.

   • Click the Enterprise name or icon in the left pane and do one of the following:

     • From the menu bar, select Enterprise > Edit Enterprise.

     • On the task panel, click Edit Enterprise.

1. In the Edit Enterprise pane, revise fields as needed. The following describes the displayed fields:

   • Enterprise Name

     Enter a name (for example, XYZ_Enterprises) for your Enterprise. You can use up to 48 alphanumeric characters, no spaces. The Enterprise is the total system, as defined: nodes, backup devices, media volumes, administrators, etc.

   • Administrator User ID

     This field displays the system administrator ID, which is sysadmin.

   • Administrator Password

     Enter a new password and then confirm the new password for the administrator (up to 14 characters, no spaces). This password is for DPX login and is unrelated to the system administrator passwords on the operating system or network.

     Tip. If you are an administrator without privileged access to the Configure Enterprise window, you can change your administrator password by clicking Change Administrator Password in the Edit menu or from the Generic Tasks pane.

   • Administrator Email Address

     Enter the email address of the system administrator. Be sure to enter a full email address including a domain (for example, [email protected]). Whenever DPX performs a job, the log file for that job is sent to this address. It is a good idea to keep these logs on file in case you need to troubleshoot your system. If you do not want to have the log files sent via email, you can leave this field blank.

     Note. DPX does not support e-mail server authentication.

   • SMTP Host Name

     The resolvable host name or IP address of your mail server.

   • SMTP Port

     The SMTP port number used by the mail server. The standard mail port number is 25.

   • Reconstructive Catalog

     This option controls how DPX tracks files in the Catalog. If you select Yes, a Reconstructive Catalog entry is built. A reconstructive Catalog is necessary for a reconstructive restore. Reconstructive restore is only available for file mode backup and restore.

     Note. Reconstructive restore is not supported for Micro Focus Netware and OES Linux platforms. Read knowledge base article 39609.

     If you select Yes, a check box labeled Reconstructive Restore appears in the Set Browse Criteria dialog and the configure defaults dialog when defining a restore job This check box indicates that a reconstructive Catalog is desired. If you select No for Reconstructive Catalog, the check box does not appear.

     Note. It is highly recommended that once you choose to enable or not to enable the Reconstructive Catalog, you stick with your choice. This option controls how DPX tracks files in the Catalog. Changing it midstream can cause DPX to lose track of deleted files.

     When performing a Reconstructive Restore with mount points, DPX automatically uses Restore Data and Mount Point; Replace Existing Mount Point no matter what setting you choose in the Mount Point Handling restore destination option.

     See also.

     • Setting Restore Default Destination Options

     • Source Considerations for File Restore

     in the DPX 4.9 Reference Guide.

   • Enterprise Authentication

     Select the Enabled box to set up Enterprise Authentication. Enterprise Authentication ensures that communication occurs only among nodes in the same Enterprise.

     Enterprise Authentication is useful for environments where multiple master servers are deployed and access to client nodes must be separated and protected. Without Enterprise Authentication, any DPX master server can access any client with the DPX client software installed. For centralized data protection, this is usually not an issue. Security-conscious organizations with requirements to isolate data protection activities between groups can use Enterprise Authentication to help with this effort.

     Enterprise Authentication can prevent access to the DPX client in semi-secured or unsecured host environments. Enterprise Authentication would prevent an employee, guest, or other outsider from procuring a copy of the DPX master server software, loading it to a laptop with a temporary key, and backing up sensitive data from servers. Enterprise Authentication would prevent the rogue master server from being able to connect to the clients and running backup jobs.

     Enterprise Authentication might also be useful on networks that share machine access between multiple customers. A master server can be dedicated to each customer with an associated Enterprise Authentication key. The key would then only be loaded to clients that the customer should have access to, and it would prevent access to other clients with different keys. The same method could be applied between company departments where data access should be limited. For example, the finance and development groups could be deployed with dedicated master servers, where each master is limited to the client nodes each group should have access to. This would prevent the development group from connecting to finance servers, backing up data, and recovering data in an unauthorized environment.

     Enterprise Authentication is accomplished using keys you must distribute to all nodes. When you select the Enabled box and click OK, DPX generates a key and sets up authentication for the master server. For authentication to work, you must copy this key to all nodes in the same Enterprise (i.e., all nodes under the same master server.) If the master server contacts a node that has a different key, communication does not occur. However, if the master server contacts a node without any key, communication still takes place. Therefore, it is important to set up Enterprise Authentication for every Enterprise and node on your network.

     Enterprise Authentication does impose some extra complexity into a data protection environment. In some cases, it may be necessary to regenerate and redistribute keys to clients after a master server upgrade or migration to new hardware. For additional information about security features, read the knowledge base article 38710.

     To set up Enterprise Authentication for every Enterprise on your network:

     1. Select the Enabled box in the Enterprise Information dialog box and click OK.

     2. Leave the management console and go to the main directory.

     3. Find a file named auth.key.

     4. Copy this file to the main directory of all nodes in the Enterprise. One way to do this is to use FTP.

        Note. It is not necessary to perform these steps as soon as you click OK, but, if you choose to use Enterprise Authentication, distribute auth.key before running any backups or restores.

     For extra security, you can change the Enterprise Authentication key at any time. This is not necessary unless you have a security problem. To generate another key, click Generate. You then need to redistribute the auth.key file to all nodes in the Enterprise.

   • Admin Control

     This field may be present in an early release of DPX. The field has two radio buttons: Version 2 and Version 3. If the Admin Control field is present, note that Version 2 and LDAP authentication mode are not compatible. If either is selected, the other is not selectable. Version 3 is selected by default and is compatible with LDAP mode.

     See also. For information about assigning administrator privileges and resources, see User Configuration.

   • License Capacity Warning (%)

     Enter a percentage from 1 to 100 of licensed storage capacity which, when reached or exceeded, results in the display of a warning message. The warning message indicates the used storage capacity for the current license.

   • Authentication Mode

     The default mode is Native. For LDAP authentication, select LDAP. When LDAP is selected, the LDAP Server Settings fields are displayed.

   • LDAP Server Settings Options [LDAP mode]

     Fields under LDAP Server Settings Options apply to Active Directory (AD). The following fields are displayed if you select the LDAP authentication mode:

     • Hostname [LDAP mode]

       Enter the IP address or resolvable logical node name of the LDAP server.

     • Port [LDAP mode]

       The default port is 389. You can enter a different port number.

       Select the Use SSL check box to enable Secure Socket Layer connection to the LDAP server. If you select SSL, the default port changes to 636.

       If you select the Use SSL check box, note that you may need to import a server certificate manually to the DPX master server. If the master server cannot find a recognizable server certificate, a message will indicate that condition when you click the Test Settings button in the LDAP Server Setting Options section. To import server certificates, see Importing a LDAP Server Certificate to DPX the Master Server in the DPX 4.9 Reference Guide.

     • Bind DN [LDAP mode]

       Enter the Bind Distinguish Name. The Bind DN specifies the name used for authentication of connection to the LDAP server. Note that simple bind is used; SASL and anonymous bind are not supported.

       Specify a fully distinguished name in LDAP form. By default in AD, user accounts and groups are in the Users folder under your domain, which is specified in LDAP form as cn=Users,dc=<Your Domain>. If your domain is company.com and users are stored in the default Users folder, an acceptable Bind DN would be cn=Administrator,cn=Users,dc=company,dc=com.

       You can specify Bind DN in user Principal Name format, <username>@<domain, for example, [email protected].

     • Password [LDAP mode]

       Enter a password. Supported password length is 1 to 20 unicode characters.

     • Base DN [LDAP mode]

       Enter the Base Distinguish Name. The base DN specifies where users and groups are loaded. By default in Active Directory, user accounts and groups are in the Users folder under your domain, which is specified in LDAP form as cn=Users,dc=<Your Domain>. If your domain is company.com and users are stored in the default Users folder, your base DN would be cn=Users,dc=company,dc=com.

       DPX uses Base DN for user provisioning when you add an administrator.

       See also. Adding an Administrator.

     • Username Attribute [LDAP mode]

       Select a username attribute from the pull-down list. This selection affects how usernames are imported to the Enterprise. The username attribute is used for user provisioning when you add an administrator. The following table lists the available username attributes and defines each attribute:

       Username Attribute

       Definition

       sAMAccountName

       The logon name for earlier versions of Windows.

       cn

       common name

       mail

       an email address

       DPX uses Username Attribute for provisioning when you add an administrator.

       See also. Adding an Administrator.

     • Test Settings button [LDAP mode] When you have completed the fields in the LDAP Server Settings section, click the Test Settings button. DPX attempts to connect to the Advanced Directory Server, using the information you have specified in the LDAP Server Settings fields. A message indicates the result of the test. If you selected the Use SSL check box in the Port field, note you may need to import a server certificate manually to the DPX master server. If the master server cannot find a recognizable server certificate, a message will indicate that condition. To import server certificates, see Importing a LDAP Server Certificate to DPX the Master Server in the DPX 4.9 Reference Guide.

   • Password Age [Native mode]

     The Password Age is the number of days that a password can be used by an administrator before it expires. The Password Age must be between 0 and 999, where 0 means "never expire."

     If your password has less than 8 days remaining before the maximum password age is reached, DPX alerts you to change the password. If you attempt to log in after the password expires, you will be granted one login and a "changing password" dialog box appears. If this one last chance fails, you must contact the system administrator to change the password.

     This password age setting is for the entire Enterprise, but if Password Age is also set on the Edit Administrator Group dialog, it is overridden for that administrator group, defaulting instead to the administrator group password age.

     See also. Adding an Administrator Group.

   • Account Lockout Threshold [Native mode]

     The Account Lockout Threshold is the number of consecutive failed log in attempts before a user is prevented from entering DPX. The Account Lockout Threshold must be between 0 and 999, where 0 means "never lock out." A locked-out account must be reset by the system administrator.

   • NetApp Volume Options for Block Backup Destinations

     Note. These default values are applied to all pertinent Enterprise nodes. The values can be revised for any specific node through the Editing a Node operation.

     • Snapshot Count Error Level

       Enter the maximum number of snapshots permitted on the target volume. If this number is met or exceeded, the job fails.

     • Snapshot Count Warning Level

       Enter the maximum number of snapshots on the target volume before a warning is issued. If this number is met or exceeded, the job issues a warning and continues.

     • Low Space Error (%)

       Enter the minimum percentage of space that must be available on the target volume. If the amount of available space falls below this percentage, the job fails.

     • Low Space Error (%)

     Enter the minimum percentage of space that must be available on the target volume before a warning is issued.

   • OSS Volume Options for Block Backup Destinations

     The OSS Volume Option fields only appear when at least one OSS node is recognized by the Enterprise.

     Note. These default values are applied to all pertinent Enterprise nodes. The values can be revised for any specific node through the Editing a Node operation.

     • Snapshot Count Error Level

       Enter the maximum number of snapshots permitted on the target volume. If this number is met or exceeded, the job fails.

     • Snapshot Count Warning Level

       Enter the maximum number of snapshots on the target volume before a warning is issued. If this number is met or exceeded, the job issues a warning and continues.

     • Low Space Error (%)

       Enter the minimum percentage of space that must be available on the target volume. If the amount of available space falls below this percentage, the job fails.

     • Low Space Warning (%)

       Enter the minimum percentage of space that must be available on the target volume before a warning is issued.

   • Preferred Landing Page

     Choose the DPX Management Console window that you want to display when first entering the console. Select Backup, Job Monitor, or Analytics. Selecting Analytics requires that the Analytics URL field is populated.

   • Analytics URL

     Enter the URL reference to the site that hosts the Power BI Analytics Dashboard. This is an optional field. See Analytics Tab.

2. Select Apply on the task menu at the top right of the right pane. If you are unable to see the task menu, resize the right pane.