Prerequisites for Adding Data Collectors (Veritas Backup Exec)
• 64-bit OS. See the APTARE IT Analytics Certified Configurations Guide for supported operating systems.
• Support Java Runtime Environment (JRE) 10.0.2.
• For performance reasons, do not install Data Collectors on the same server as the APTARE IT Analytics Portal. However, if you must have both on the same server, verify that the Portal and Data Collector software do not reside in the same directory.
• Install only one Data Collector on a server (or OS instance).
• For most Backup Manager systems, install the Data Collector on a server that is in the same time zone as the backup server from which you are collecting data. For Veritas NetBackup and IBM Spectrum Protect (TSM) collection, the Data Collector server and backup server can be in different time zones.
• Uses TCP port 1433. The BUE collector first connects via UDP on port 1434 to get information about available SQL Server instances, then connects via TCP to the port number that is returned for the specified instance. By default this is 1433.
• If your environment requires NTML v2 authentication (Windows authentication) for the data collection connection, create an Advanced Parameter named USE_NTML_V2 and set the value to Y. Note that the APTARE IT Analytics default is NTML v1 (database authentication). Windows authentication is used when the Backup Exec server credentials configured in the Data Collector Policy contain a Windows domain name, user name, and password. If Windows credentials are not in the policy, the connection defaults to using database authentication.
• The Backup Exec Administrator account used by the Data Collection policy must have the database role membership of db_datareader for the BEDB (Backup Exec Database).
• Note that the version of Backup Exec that is reported by the Backup Exec 15 installation is version 14.2.
Upgrade Troubleshooting: Microsoft SQL Server and Java 10
With release version 10.3 introducing support for Java 10, older versions of MS SQL Server may encounter compatibility issues. The following section covers potential workarounds. Collection occurs from the Microsoft SQL Server database used by the system the data collector is collecting from. The version of Java used by APTARE IT Analytics version 10.3 disables some insecure TLS algorithms by default. If collection fails with the following error in the collector logs, the version of MS SQL Server may be incompatible and not allow collection using the TLS algorithms enabled by default with Java 10.
Failed to establish JDBC connection to: jdbc:jtds:sqlserver://...
java.sql.SQLException: Network error IOException: null
at net.sourceforge.jtds.jdbc.JtdsConnection.<init>(JtdsConnection.java:437)
Upgrade MS SQL Server to the latest version to enable secure collection. Your MS SQL Server version may not be supported for APTARE IT Analytics version 10.3. If upgrade is not possible, a workaround can be attempted to restore compatibility. If the following steps do not resolve the issue, your version of MS SQL Server is not supported.
Use the following steps to modify the enabled algorithms to allow communication with the data collector:
1. Edit <collector install dir>/jre/conf/security/java.security.
2. Search for jdk.tls.disabledAlgorithms.
3. Copy the existing lines and comment (to have a backup for easy restore).
#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \
# EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
4. Remove 3DES_EDE_CBC.
#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \
# EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, DES40_CBC, RC4_40
5. Save the file.
6. Run checkinstall and verify collection succeeds.
If checkinstall does not succeed, each of the following algorithms can be individually re-enabled in an attempt to restore compatibility.
7. If checkinstall does not succeed, restore, remove RC4_40, save, re-run checkinstall.
#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \
# EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, DES40_CBC, 3DES_EDE_CBC
8. If checkinstall does not succeed, restore, remove DES40_CBC, save, re-run checkinstall.
#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \
# EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, RC4_40, 3DES_EDE_CBC
9. If checkinstall does not succeed, restore, change the DH keySize as follows, save, re-run checkinstall.
#jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 1024, \
# EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
jdk.tls.disabledAlgorithms=TLSv3, RC4, MD5withRSA, DH keySize < 768, \
EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC
10. After a working configuration is found, restart the collector service.