Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. IT Analytics Data Collector Installation and Configuration Guide for Cohesity NetBackup
  3. Configure a Veritas NetBackup Data Collector Policy
  4. Prerequisites for collection from Cohesity NetBackup deployed on Kubernetes clusters
IT Analytics Data Collector Installation and Configuration Guide for Cohesity NetBackup

Prerequisites for collection from Cohesity NetBackup deployed on Kubernetes clusters

This section describes the portal configurations required, before adding a Cohesity NetBackup policy, when Cohesity NetBackup is deployed on Kubernetes clusters in the cloud and it is using the cloud resources to perform backups.

SSH key-based authentication

Since Cohesity NetBackup is deployed on Kubernetes clusters, it must communicate with the Data Collector using SSH key-based authentication.

  1. Generate an SSH public/private key pair. This key will be required later during configuration. To generate this key pair, run the ssh-keygen command on a Linux system or an equivalent command on Windows.

    Save the public and private key pair along with the passphrase used while generating the key, as you will need to provide the private key path and the passphrase while creating the NetBackup Collection policy in IT Analytics Portal.

  2. Copy the public key to the itAnalyticsPublicKey spec of the Environment Custom Resource environment.yaml. You can find this file on the jumpserver that was used to create the initial NetBackup setup on Kubernetes cluster.
  3. Apply the update to itAnalyticsPublicKey spec using kubectl apply -f environment.yaml. The environment.yaml file is available on the jumpserver used to create the NetBackup primary server setup on Kubernetes cluster.

    Alternatively, if the jumpserver is not accessible, use kubectl edit environment <environment_name> -n <namespace> command to edit the environment to add the public key to the itAnalyticsPublicKey sec

  4. On a successful deployment, describe the Environment Custom Resource using kubectl describe PrimaryServer <primary-server-name> -n <namespace>.
Get Cohesity NetBackup API key

This API key is required when you add or edit a Cohesity NetBackup primary server for the Cohesity NetBackup policy configuration. This API key is essential especially when IT Analytics has to collect metrics from NetBackup deployed on Kubernetes clusters in the cloud.

See the Manage API keys section from the NetBackup Web UI Security Administrator's Guide for steps to get the API key.

Firewall consideration

If the Firewall of the NetBackup primary server is turn on, follow these steps to communicate through the Firewall port:

  1. Open and edit the file /etc/firewalld/zones/public.xml.
  2. Add the following lines in the file:
    <service-name="https"/> 
    
    <port protocol = "tcp" port="1556">
  3. Save the file.

Feedback

Was this page helpful?
Previous

Veritas NetBackup Data Collector policy configuration prerequisites

Next

Create NetBackup Data Collector Role, Service Account, and API Key

Feedback

Was this page helpful?