NBD and NBDSSL Transport

NBD serves as a fallback when other transport modes are not available.  The local area network (LAN) can be the production network or a dedicated backup network.

NBDSSL is similar to NBD mode, but data transfer between the proxy computer and the ESX server is encrypted. Encryption should be used for sensitive information, even within a private network.

To enable incremental backups of virtual disks, Changed Block Tracking (CBT) must be used for the first full backup. (CBT is enabled for backups by default.)

Network Backup

You can deploy the VSA on a virtual machine and the MediaAgent and deduplication node on a separate physical server. The VSA in the VM reads the data from the source VMDKs using HotAdd and transfers data over the network to the MediaAgents to be written to disk. Although source side deduplication and CBT reduce the amount of data transferred on the network, this method is the least preferred option and is recommended in exception conditions (for example, when there is not shared storage or backups need to be written directly to tape).

Best Practices for NBDSSL Transport

  • In ESXi 5.0 and later, default NFC timeouts can be set in the VixDiskLib configuration file. If no timeout is specified, older versions of ESX or ESXi hold the corresponding disk open until vpxa or hostd is restarted.  As a starting point for NBD and NBDSSL transport, set Accept and Request timeouts to 3 minutes, Read timeouts to 1 minute, Write timeouts to 10 minutes, and timeouts for nfcFssrvr and nfcFssrvrWrite to 0.  You might need to lengthen timeouts on slow networks, especially for NBDSSL.
  • A VMDK can fail to open if too many NFC connections are made to an ESX host. For more information, see VDDK library returns the error: Failed to open NBD extent, NBD_ERR_GENERIC (1022543).