Loading...

Advanced Configuration - SnapProtect for VMware

Table of Contents

Understanding the CommCell Console

The Virtual Server Agent uses three main components to perform backup and restore operations from the CommCell Console.

  • Virtualization Client - Defines the following entities:
    • vCenter to be backed up
    • Proxy computers to be used for backups
  • Backup Set - Collects information for all the virtual machines contained in the vCenter.
  • Subclient - Selects specific virtual machines for backup; each subclient can be used to perform a separate backup operation.

Managing a VMware vCenter Client

After creating a VMware vCenter client, you can perform following tasks to manage the VMware vCenter client:

Add or Remove Proxies to a VMware vCenter Client

Follow the steps given below to add or remove proxies to an existing VMware vCenter client:

  1. From the CommCell Console, navigate to Client Computers | <vCenter Client> | Virtual Server.
  2. Right-click the VMware and select Properties.
  3. Click the Proxies tab.
  4. Click Add.
  5. From the Exclude list select one or more proxy computers.

    The list displays all the clients which has Virtual Server iDataAgent installed on it and all the client groups. You can select one or more clients or client groups. When you select a client group, ensure that at least one client in the group has Virtual Server iDataAgent installed on it.

  6. Click Include or Include All and click OK.
  7. Review the Client /Client Groups list.
    • The proxies are selected for performing backup based on the order of the Client /Client Groups list.
    • You can change the order of the proxies in the list by clicking upward arrow or the downward arrow  .
    • The first proxy in the list serves as a coordinator proxy.
    • You can specify up to 6 proxies for each VMware instance.
  8. If you want to remove any proxy from the list, select the client name for the proxy and click Remove.
  9. Click OK.

Designate a Proxy to Back Up Virtual Machines in a Subclient

By default, the first proxy in the list of proxies will be used to backup all the virtual machines in a VMware vCenter client. You can configure a subclient and designate a specific proxy which you want to use for backup of all the virtual machines in the subclient. This will be useful when you want to use a specific transport mode while backing up the virtual machines.

  1. From the CommCell Console, navigate to Client Computers | <vCenter Client> | Virtual Server | VMware.
  2. Right-click the defaultBackupSet and select All Tasks | New Subclient.
  3. Enter the subclient name.
  4. Click the Contents tab.
  5. Click Browse and select required vCenter object. (e.g. virtual machines, host, datastore, datacenter etc.)

    Otherwise, define a rule for automatic discovery of virtual machines.

  6. Click the Advanced Options tab.
  7. Click Add.
  8. Select a proxy computer from the Exclude list and click Include.

    You can also select more than one proxy from the Exclude list. This list displays all the computers which has Virtual Server iDataAgent installed. You can also select proxies different than the proxies specified for the VMware instance.

  9. Click OK.
  10. Review the Client /Client Groups list.

    If you do not want to use any proxy for the backup, select the client name for the proxy and click Remove.

  11. Click OK.

Rename the VMware vCenter Client

By default, the VMware vCenter client name is same as vCenter Host Name. You can change the default name. This will be useful when you want to create two or more VMware vCenter clients for the same vCenter. Follow the steps given below to change the name of the VMware vCenter client:

  1. From the CommCell Console, expand the Client Computers node
  2. Right-click the <VMware vCenter client> and select Properties.
  3. Click Edit.
  4. Enter the new Client Name.
  5. Click OK.

Modifying the Default Subclient to Remove Coverage for Unprotected Virtual Machines

By default, all the virtual machines from a vCenter are automatically included in the default subclient of any backup set. This behavior is designed to ensure all virtual machines are backed up. However, when a virtual machine is included in a user defined subclient, it is automatically excluded from the default subclient.  This prevents the duplicate backup of any virtual machine by the default subclient. (Duplicate backups still occur if a virtual machine is included in multiple user-defined subclients.)

In a VMware instance, at least one subclient for the vCenter should be able to cover unprotected VMs. If you disable this feature for all subclients, some data in the vCenter may not get backed up.

To protect specific virtual machines using the default subclient, instead of automatically including all unprotected virtual machines, perform the following steps.

  1. From the CommCell Browser, navigate to Client Computers > virtualization_client > Virtual Server > VMware > backup_set.
  2. Right-click the default subclient and then select Properties.
  3. Click the Content tab.

    The Contents of subclient list displays All unprotected VMs as the content Type. That entry indicates that all virtual machines from the vCenter that are not included in any other subclient in the given backup set will automatically be backed up by the default subclient.

  4. Use the Add or Browse button to add one or more entries to back up specific VMs or sets of VMs. You can select specific virtual machines or add rules to identify VM name patterns, hosts, datastores, folders, or resource pools.
  5. To remove the default coverage for all virtual machines not covered by other subclients, select All unprotected VMs from the list and then click Delete.
  6. Click OK.

If you remove all entries from the Contents of subclient list, All unprotected VMs will appear in the list again.

If all virtual machines are backed up by other subclients, a backup job for the default subclient fails.

  • To enable backup jobs for the default subclient to complete successfully when no virtual machines are discovered for the default subclient, configure the AllowEmptyDefaultSubclient additional setting on the Virtual Server Agent proxy and set the value to true.
  • To enable backup jobs for non-default subclients to complete successfully when no virtual machines are discovered for non-default subclients, configure the AllowEmptySubclient additional setting on the Virtual Server Agent proxy and set the value to true.

Adding Virtual Machines to Client Computer Groups

To easily manage the backed up virtual machines (VM), you can add the virtual machines in the subclient content to an existing client computer group automatically. During virtual machine discovery, the virtual machines are automatically added to the assigned client computer group and replaces any previously assigned VMs in the client computer group.

Before You Begin

  • Client computer groups must be defined before selecting a group in the subclient properties.

Procedure

  1. Right-click the subclient and click Properties.
  2. In the Subclient Properties dialog box, click the Advanced Options tab.
  3. Select an existing client computer group from the Select VM Client Group list.
  4. Click OK.

Virtual machines are displayed under the specified client computer group as well as the client group for the virtualization client.

Identifying Virtual Machine Owners Automatically

Virtual machine owners can be assigned automatically during virtual machine discovery, based on privileges and roles defined in vCenter that indicate rights to virtual machines. When this feature is enabled, users and user groups who have appropriate capabilities in vCenter and are also defined in the CommCell interface are automatically assigned as VM owners in the client computer properties for the virtual machine.

This feature enables administrators and end users to access virtual machine data without requiring that they be assigned as VM owners manually. Depending on the permissions and role a user has in vCenter, they can view virtual machine data or recover VM data. Any user with Remove VM, VM Power On, and VM Power Off capabilities for a virtual machine will be assigned as an owner of that VM during VM discovery.

Owner IDs are only assigned during discovery for a streaming or SnapProtect backup, and are not modified by backup copy or auxiliary copy operations.

vCloud Support

In addition to identifying virtual machine owners based on vCenter roles and privileges, SnapProtect identifies vCloud users and groups as VM owners. If the Auto Detect VM Owner option is selected in the Advanced Options tab of the subclient properties, the following users and groups are automatically assigned as VM owners:

  • Owner of the vApp or catalog that contains the VM
  • All users who have Full Control permissions to the vApp or catalog that contains the VM
  • All users and groups that are assigned the Organization Administrator role

vCloud users are mapped with SnapProtect users if a user entry with the same name is defined in SnapProtect . Groups imported from an LDAP source are mapped to external groups defined for a domain in SnapProtect.

Before You Begin

  • Single sign on must be  enabled on the vCenter and required vCenter capabilities must be configured for users and groups.
  • Users or user groups defined in vCenter must also be defined in the CommCell interface, either through a local user definition or a Name Server user definition (such as an Active Directory user or group).

Procedure

  1. Right-click the subclient and click Properties.
  2. In the Subclient Properties dialog box, click the Advanced Options tab.
  3. Select Auto Detect VM Owner.
  4. Click OK.

If client creation fails for any virtual machine, no owners are assigned for that VM.

Configuration for Live File Recovery

Specify the Default File Recovery Enabler for Linux for a Virtual Server Instance

When you modify a VMware instance, you can identify a default File Recovery Enabler for Linux. The File Recovery Enabler is used for Live File Recovery.

To modify an existing Virtual Server Instance and identify the default File Recovery Enabler:

  1. From the CommCell Browser, go to Client Computers > virtualization_client > Virtual Server.
  2. Right-click the VMware object and select Properties.
  3. Click the Proxies tab.
  4. Select a virtual machine that contains the File Recovery Enabler from the File Recovery Enabler for Linux list.
  5. Click OK.

By default, the default File Recovery Enabler for the VMware instance is used for all of the instance's Browse and Restore operations.

Selecting a File Recovery Enabler when performing a browse overrides the instance setting; and selecting a File Recovery Enabler when performing a restore overrides all other settings. Ensure that the File Recovery Enabler used for restores is the same as the File Recovery Enabler used for the browse operation.

Identify the Proxy ESX Server

A proxy ESX server is used to mount an NFS datastore that can be used for Live Browse or Live File Recovery operations.

Before You Begin

The ESX server used to mount the NFS datastore for the browse and restore must meet the following requirements:

  • Be able to resolve the File Recovery Enabler for Linux. To ensure connectivity, create a host file entry for the File Recovery Enabler on the ESX server.
  • Provide support for the highest virtual machine hardware version supported for the environment.
  • The ESX server version installed and the default VM compatibility setting on the host server must be the same as or higher than the ESX server version on the production server.

Procedure

To identify a proxy ESX server to be used by the File Recovery Enabler for Linux to mount the NFS datastore:

  1. From the CommCell Browser, go to Client Computers > virtualization_client > Virtual Server > VMware > backup_set.
  2. Right-click the subclient and select Properties; then click the Advanced Options tab.
  3. Under Proxy ESX Server, click Select ESX server for snap mount and identify the host. Ensure that the fully qualified host name or IP address is entered in the Host box.
  4. Click OK.

Adding Subclient Content

Automatic discovery rules can discover virtual machines in the vCenter and automatically select virtual machines for backup. Automatic discovery is useful in environments where virtual machines are added, removed, or relocated on a routine basis, or when you want to manage groups of similar virtual machines using different subclients.

You can also browse for and select virtual machines or other vCenter objects.

Notes:

  • If you have deployed MediaAgents, VSA proxies, or vCenter on virtual machines, filter those virtual machines from VSA backups. (If you need to protect files on those virtual machines, install in-guest agents on those virtual machine to perform file backups.)
  • Ensure that names of virtual machines and datastores do not contain the following special characters:

    +   &   @   %   =   #   %   *   $   #   !   \   /   :   *   ?   "   <   >   |   ;   '

You can use wildcard characters when adding a pattern to define a rule.

Missing Content

If an automatic discovery rule for a subclient identifies an entity that cannot be found, a backup job for the subclient fails. For example, if a rule points to a datastore that has been retired, that is treated as a failure during discovery, and the backup job fails.

To enable backup jobs to continue when an entity is not found, add the bAllowMissedContent additional setting on the Virtual Server Agent proxy and set the value to true.

To generate a warning message when a content entity or rule does not return any results, add the bWarnEmptyContentRule additional setting on the Virtual Server Agent proxy and set the value to true.

For steps to add an additional setting, see Add or Modify an Additional Setting.

vSphere Tag Support

With vSphere 5.5 and later, you can identify virtual machines based on vSphere tags and categories. When you browse and select a tag or category, or when you add a rule that identifies a tag or category, you can automatically discover and select all virtual machines under any VMware entities that are marked with that tag or category.

In order to use vSphere tags, you must install PowerCLI 6.0 or later on the VSA proxy (the latest version that is compatible with your vSphere version).

The following tags are supported:

  • Cluster
  • Datacenter
  • Datastore
  • Datastore Cluster
  • Folder
  • Host
  • Resource Pool
  • vApp
  • Virtual Machine

The following tags are not supported:

  • Distributed Port Group
  • Distributed Switch
  • Library
  • Library Item
  • Network

Procedure

For an existing subclient, perform the following steps. You can also modify subclient content when creating a new subclient.

  1. From the CommCell Browser, expand Client Computers > virtualization_client > Virtual Server > VMware > backup_set.
  2. Right-click the subclient and then click Properties.
  3. In the Subclient Properties dialog box, click the Content tab.
  4. Browse or define a rule to select an object:
    • To browse for an object:
      1. Click Browse.
      2. Select a view from the list at the top left of the Browse dialog box:
        • Hosts and Clusters: Select a cluster, host, or resource pool.
        • Datastores and Datastore Clusters: Select a datastore or datastore cluster.
        • VMs and Templates: Select a virtual machine, datacenter, VM folder, or vApp.
        • Tags and Categories: Select a tag or category to identify all virtual machines under VMware entities that are marked with the tag or category.
      3. To define a rule:
        1. Click Add.
        2. In the Rule Group box, select the rule type from the drop-down list and enter the appropriate information in the box on the right:
          VM Name/Pattern Enter the display name of the virtual machine or a pattern using wildcards (for example, Test* to identify VMs for which the VM name begins with "Test"). You can also click ... to browse for a VM.
          Host Enter the host name as it appears in vCenter, the IP address of the host, or a host name pattern using wildcards. You can also click ... to open the Browse dialog box. When you add a host, all virtual machines on the host are included in the backup.
          Datastore Enter the datastore name or a pattern. You can also click  ... to open the Browse dialog box.
          Guest OS Enter the exact name of the operating system or a pattern to identify an operating system group (for example, Microsoft* to identify any virtual machine that has a version of the Windows operating system).
          Guest DNS Hostname Enter a hostname or a pattern to identify a hostname or domain (for example, myhost.mycompany.com to identify a specific host or *mycompany.com to identify all hosts on that domain).
          Power State Select the power on status of virtual machines to be included in the subclient content. You can select one of the following options:
          • Powered On - to identify VMs that are powered on.
          • Powered Off - to identify VMs that are powered off.
          • Other - to identify VMs with a different power on status, such as Suspended.
          Notes Enter a pattern to identify virtual machines based on notes text contained in vCenter annotations for the VM summary (for example, Test* to identify VMs with a note that begins with "Test").
          Custom Attribute Enter a pattern to identify virtual machines based on custom attributes in vCenter annotations for the VM summary. You can enter search values for the names and values of custom attributes. For example:
          • Name Contains *resize* to identify VMs where the name of a custom attribute contains the word "resize").
          • Value Contains *128* to identify VMs where the value of a custom attribute contains the number "128").
          Tags and Categories Select a tag or category to identify all virtual machines under VMware entities that are marked with that tag or category.
        3. To define multiple rules in a rule group, click + and define another rule. The following options are available for a rule group with multiple rules:
          • If you define multiple rules, you can indicate whether virtual machines are selected when they match all of the rules, or when they match any of the rules. For rule groups that include Power State, Notes, or Custom Attribute rules, you can only select virtual machines that match all of the rules.
          • To exclude virtual machines based on any of the criteria, you can use the Does Not Equal operator for one or more of the rules in a rule group. (For rule groups with a single rule, the only operator you can use is Equals.)
          For simple rules defined in the Contents of subclient list (not in a rule group), virtual machines are selected if they match any of the rules defined for the subclient. 
        4. Click OK.
      4. Click OK.

      The rules you defined and the objects you selected appear in the Contents of subclient list on the Content tab.

  5. Click Preview to view all virtual machines identified by the rules or selections you have made. These virtual machines will be backed up when you perform a backup for the subclient.
  6. Click OK.

Results

Virtual machines:
If you browse to select a specific virtual machine or template based on the display name, the rule for that virtual machine uses the VM GUID. If you change the display name later, the virtual machine will still be included in the subclient as long as its GUID remains the same. For example, if you select a virtual machine with the display name "Test-VM1" and later change the display name of the virtual machine to "Test-VM3", the next backup of the subclient will back up the virtual machine "Test-VM3" because the GUID of the virtual machine has not changed.
Datastores:
  • If a vCenter has the same datastore names under different datacenters, all virtual machines are discovered, even if they are on datastores that have duplicate names.
  • If you add a rule to back up virtual machines from a specific datastore and one of the VMs has virtual machine disks on multiple datastores, all of the virtual machine disks are backed up. The VMX file (primary configuration file) for the VM tracks the locations of virtual machine disks.
  • All virtual machines that have VMX files on the selected datastore will be added to the subclient. If any virtual machine has disks on the selected datastore but the VMX file for the VM is located on a different datastore, that virtual machine will not be selected for backup. If you want to select all virtual machines with disks on the datastore, even if the VMX file is on another datastore, you must configure the DiscoverAllVMsOnDatastore additional setting on the client computer where you have installed the Virtual Server Agent.
DNS hostnames:
If you change the DNS hostname of any virtual machine, you must power on the virtual machine before performing the backup. Otherwise, the virtual machine will not be discovered and included in the backup of a subclient.
Resource pools:
If you delete and recreate the resource pool or change the location of the resource pool, you must define the rule again. Otherwise, the resource pool will not be included in the backup of a subclient.
Datacenters:
If you delete and recreate the datacenter or change the location of the datacenter, you must define the rule again. Otherwise, the datacenter will not be included in the backup of a subclient.
Clusters:
If you delete and recreate the cluster or change the location of the cluster, you must define the rule again. Otherwise, the cluster will not be included in the backup of a subclient.
 Datastore clusters:
If you delete and recreate the datastore cluster or change the location of the datastore cluster, you must define the rule again. Otherwise, the datastore cluster will not be included in the backup of a subclient.
vApps:
If you delete and recreate the vApp or change the location of the vApp, you must define the rule again. Otherwise, the vApp will not be included in the backup of a subclient.
VM folders:
If you delete and recreate the folder or change the location of the folder, you must define the rule again. Otherwise, the folder will not be included in the backup of a subclient.

Wildcards

You can use wildcards to define content and filters. You can use wildcards when defining a rule for a VM Name Pattern, Guest OS, Guest DNS Hostname, Host, or Datastore.

The following table describes how to use wildcards when defining the subclient content or filters:

If a subclient's content consists of wildcard characters and no eligible virtual machines are found for backup, the backup operation completes successfully even though no VMs are backed up.

Letters used in wildcard expressions are matched regardless of case; for example, 'a' matches both 'a' and 'A'.

Wildcards Description Examples
* Any number of characters

This wildcard is used to match all objects where the object name contains a specific pattern.

For a VM name pattern, *test* matches any virtual machine whose name contains the string 'test' (at the beginning, end, or middle of the name).

For a datastore, DC* matches any datastore whose name begins with 'DC' (to back up or filter all virtual machines on the matching datastores).

? Any one character

This wildcard is used to match any object for which a single character in the object name is variable.

DC? matches any object that starts with DC followed by a single additional character (such as DC1, DC2, DCa. or DCX).
[ ] Set or range of characters

Not supported for datastores or host names.

[a-m]* matches any object whose name begins with the letters 'a' through 'm'.
[ ! ] The negation of a set or range of characters

This wildcard matches objects for which the name does not include the specified set or range of characters.

Not supported for datastores or host names.

For example, [!AEIOU]* matches all object names that start with a letter other than A, E, I, O, or U.

[!A-C]* matches all names that do not start with the letters 'A' through 'C'.

Defining Filters for Content

Filters can be configured to exclude virtual machines from backups.  You can define filters on a subclient (only applies to that subclient) or on a backup set (applies to all subclients under the backup set).

About This Task

For each subclient under a backup set, the filtering specified for the backup set is combined with the filtering for the subclient to determine which content is excluded from backups. Any filtering defined in a backup set can also be viewed in the subclients under the backup set when the Show Backupset Filters option is selected. (Backup set filters are applied even when filtering is not displayed in subclients.)

You can use wildcard characters when adding a pattern to define a rule.

Notes:

  • If a virtual machine is explicitly added to the content of a subclient, the virtual machine will be discovered by its GUID. If the display name changes later, the machine is still included in the subclient as long as its GUID remains the same. Any virtual machines identified in a subclient and discovered by their GUIDs will not be filtered from backups.
  • For subclients that are upgraded from SnapProtect Version 9 and have virtual machines marked using the Do Not Backup option, those items are automatically added to the filters for subclients and backup sets.
  • Disk filtering is supported only for streaming backups, not for SnapProtect or backup copies.
  • During backups, the VMX configuration file for a VM is used for VM discovery and backup processing. If you filter a datastore or datastore cluster, any VMX files and disk files that reside on a filtered datastore or cluster are not included in backups. For example:
    • If the VMX file and disk files for a VM are on a filtered datastore or cluster, the VM and its disks are not backed up.
    • If the VMX file resides on a datastore that is not filtered, the VM is backed up but any disk files that are on a filtered datastore are not backed up.
    • If the VMX file resides on a datastore that is filtered, the VM is not included for backup. Any disk files for that VM are also not included in backups, even if they reside on a datastore that is not filtered.

vSphere Tag Support

With vSphere 5.5 and later, you can identify virtual machines based on vSphere tags and categories. When you browse and select a tag or category, or when you add a rule that identifies a tag or category, you can automatically discover and select all virtual machines under any VMware entities that are marked with that tag or category.

In order to use vSphere tags, you must install PowerCLI 6.0 or later on the VSA proxy (the latest version that is compatible with your vSphere version).

The following tags are supported:

  • Cluster
  • Datacenter
  • Datastore
  • Datastore Cluster
  • Folder
  • Host
  • Resource Pool
  • vApp
  • Virtual Machine

The following tags are not supported:

  • Distributed Port Group
  • Distributed Switch
  • Library
  • Library Item
  • Network

Procedure

  1. From the CommCell Browser, navigate to Client Computers > virtualization_client > Virtual Server > VMware > backup_set.
  2. Right-click the backup set or subclient, and then select Properties.
  3. Click the Filters tab.
  4. In the VM Filters area, browse or define a rule to add filters for virtual machines:
    • To browse for an object:
      1. Click Browse.
      2. Select a view from the list in the top left of the Browse dialog box:
        • Hosts and Clusters: Select a cluster, host, datacenter, or resource pool.
        • Datastores and Datastore Clusters: Select a datastore or datastore cluster.
        • VMs and Templates: Select a virtual machine, datacenter, VM folder, or vApp.
        • Tags and Categories: Select a tag or category to identify all virtual machines under VMware entities that are marked with the tag or category.
    • To define a rule:
      1. Click Add.
      2. In the Rule Group box, select the filter type from the drop-down list and enter the appropriate information in the box on the right:
        VM Name/Pattern Enter the display name of the virtual machine or a pattern using wildcards (for example, Test* to identify VMs for which the VM name begins with "Test"). You can also click ... to browse for a VM.
        Host Enter the host name as it appears in vCenter, the IP address of the host, or a host name pattern using wildcards. You can also click ... to browse for a host. When you filter a host, all child objects for the host (such as datastores, resource pools, and virtual machines) are automatically excluded from backups.
        Datastore Enter the datastore name or a pattern. You can also click ... to browse for a datastore.

        Note: If datastores are filtered, a hardware snapshot for the datastore is still performed as part of the primary SnapProtect backup. The filter only applies for the backup copy operation.

        Guest OS Enter the exact name of the operating system or a pattern to identify an operating system group. For example, enter Microsoft* to identify any virtual machine that has a version of the Windows operating system, *windows2012r2 to filter Windows 2012 R2 machines, or *linux* to filter all Linux machines.
        Guest DNS Hostname Enter a hostname or a pattern to identify a hostname or domain (for example, myhost.mycompany.com to identify a specific host or *mycompany.com to identify all hosts on that domain).

        Only virtual machines that have VMware Tools installed can be filtered by Guest DNS Hostname.

        Power State Select the power on status of virtual machines to be filtered. You can select one of the following options:
        • Powered On - to identify VMs that are powered on.
        • Powered Off - to identify VMs that are powered off.
        • Other - to identify VMs with a different power on status, such as Suspended.
        Notes Enter a pattern to identify virtual machines based on notes text contained in vCenter annotations for the VM summary (for example, Test* to identify VMs with a note that begin with "Test").
        Custom Attribute Enter a pattern to identify virtual machines based on custom attributes in vCenter annotations for the VM summary. You can enter search values for the names and values of custom attributes. For example:
        • Name Contains *resize* to identify VMs where the name of a custom attribute contains the word "resize").
        • Value Contains *128* to identify VMs where the value of a custom attribute contains the number "128").
        Tags and Categories Select a tag or category to identify all virtual machines under VMware entities that are marked with that tag or category.
      3. Click + and repeat this step to include additional rules. If you define multiple rules, you can indicate whether virtual machines are selected when they match all of the rules, or when they match any of the rules. For rule groups that include Power State, Notes, or Custom Attribute rules, you can only select virtual machines that match all of the rules.
      4. Click OK.
  5. Click OK.

    The rules you defined and the objects you selected appear in the VM Filters area on the Filters tab.

  6. To verify the list of virtual machines that are selected for backup, click Preview on the subclient properties Content tab. The Preview display includes an Add to Filters button that you can click to add selected virtual machines to filters.
  7. Click OK to save the properties.

LAN-Free Backups

Virtual Server Agent (VSA) clients can use proxies to send backup data directly to shared connected storage, without using the local area network (LAN) to route backup data through another proxy. This approach simplifies library configuration, automatically distributes jobs across all proxies for load balancing, significantly reduces the amount of time required for backups, and minimizes the impact on the network and other resources.

This feature is only concerned with how backup data is routed by proxies to backup media. For a fuller discussion of transport throughout the VMware data protection environment, see Transport Methods for VMware.

To enable VSA clients to perform LAN-free backups, configure proxies and shared storage resources:

  • Install the Virtual Server Agent (VSA) and MediaAgent on each proxy. For more information, see Getting Started.
  • Configure a library to use directly connected storage. Identify a MediaAgent for the proxy that will act as the coordinator for job streams directed to the library, and add a mount path for the library. 
  • Configure sharing for the mount path properties, using the same mount path for each MediaAgent that is selected for sharing.
  • Create a storage policy to be used for LAN-free jobs, identifying the library and MediaAgent. Add the data paths for all proxies to the Primary copy for the storage policy.
  • Add all proxies to the Proxies tab for the VMware virtual server instance. 
  • Ensure that all subclients point to the LAN-free storage policy.

When a client initiates a job for a virtual machine, the coordinator proxy determines which MediaAgent is local to the VM. The job stream is moved to the local MediaAgent, which sends data directly to shared storage without routing it through the LAN. Index updates for all clients are managed at the coordinator proxy.

If data multiplexing is enabled but there are not enough streams available, backups might not be able to use LAN-free transport.

Configure LAN-Free Resources

After the Virtual Server iDataAgent and MediaAgent are installed on all proxies, perform the following steps to configure the resources required for LAN-free jobs.

  1. Configure a shared library:
    1. In the CommCell Browser, go to Storage Resources > Libraries.
    2. Right-click Libraries and select Add > Disk Library.
    3. On the Add Disk Library dialog, enter the library name and select a MediaAgent.
    4. Specify either local or network storage:
      • Select Local Path. For Disk Device, enter the path or click the ... button and browse to select a folder.
      • Select Network Path, enter the user name (Connect As) and password, and enter the network path for the Folder field or browse to the network location.
    5. Click OK.

    A library is created under Libraries. Under the library, a mount path is created that corresponds to the path information you entered.

  2. Configure sharing for the mount path:
    1. Right-click the mount path under the library you created and select Properties.
    2. On the Mount Path Properties dialog, go to the Sharing tab and click Share.
    3. Select the MediaAgents with which to share the library.
    4. For each selected MediaAgent, change the Access value to Read/Write.
    5. Specify the same path that was entered for the shared library.
    6. Click OK to add the shared MediaAgents, and OK again to save the mount path properties.

      The mount path name changes; the new name includes the date when mount path sharing was configured.

  3. For each of the media agents sharing the library, add and share the mount path:
    1. Right-click the library and select Add Mount Path.
    2. Select a MediaAgent that shares the library.
    3. Enter the same path that was entered for the shared library.
    4. Click OK.
    5. Right-click the new mount path and select Properties.
    6. On the Mount Path Properties dialog, go to the Sharing tab and click Share.
    7. Select the MediaAgents with which to share the library.
    8. For each selected MediaAgent, change the Access value to Read/Write.
    9. Specify the same path that was entered for the shared library.
    10. Click OK to add the shared MediaAgents, and OK again to save the mount path properties.
    11. Repeat these steps for any other MediaAgents sharing the library.
  4. Configure the storage policy:
    1. Go to Policies | Storage Policies.
    2. Right-click Storage Policies and select New Storage Policy.
    3. On the Create Storage Policy Wizard, select Data Protection and Archiving and click Next.
    4. Enter the storage policy name and click Next.
    5. Select the library you created for LAN-free jobs and click Next.
    6. Select the MediaAgent for the coordinator proxy and click Next.
    7. Accept the defaults for device streams and aging rules and click Next.
    8. Accept the defaults for deduplication and click Next.
    9. Provide the location for the deduplication database and click Next.
    10. Click Finish to create the storage policy.
  5. Add data paths for all proxies to the Primary copy for the storage policy:
    1. In the CommCell Browser, expand the storage policy you created. Right-click the Primary copy and select Properties.
    2. Select the Data Paths tab and click Add to add data path candidates for all MediaAgents sharing the library.
    3. Click OK to save the data paths and OK again to save the Copy Properties.

    Adding the data paths for all MediaAgents enables failover to a different MediaAgent, in the event the MediaAgent handling a job fails.

  6. Add all proxies to each client:
    1. Go to Client Computers > virtualization_client > Virtual Server > VMware.
    2. Right-click VMware and select Properties.
    3. Click the Proxies tab and click Add to include the other proxies.
    4. On the Select Clients / Client Groups dialog, select clients in the Exclude list and click Include to add them as proxies for the virtual server instance.
    5. Click OK to save the proxy selections and OK again to save the Virtual Server Instance Properties.
    6. Repeat for all clients.
  7. Specify the LAN-free storage policy for all subclients:
    1. Expand the VMware entry to show the backup sets, then right-click a subclient under the backup set and select Properties.
    2. Select the Storage Device tab and choose the storage policy created for LAN-free jobs.
    3. Click OK to save the subclient properties.
    4. Repeat for each subclient that will use LAN-free backups.

Displaying Backed Up Virtual Machines in the CommCell Console

All virtual machines backed up by the Virtual Server iDataAgent can be displayed as client computers in a CommCell Console. By default, virtual machines are not displayed in the CommCell Console.

Once a virtual machine appears as a client computer in the CommCell Console, you can perform the following operations:

  1. You can remotely install any software or custom packages on the virtual machine if VMware Tools are installed on the virtual machine. For more information, refer to Installing SnapProtect Software Remotely Using the CommCell Console.
  2. You can view the job history of all backup and restore jobs that include the virtual machine. For more information, refer to Job History.

Prerequisites

  • The virtual machine must be turned on at the time of the backup.
  • VMware Tools must be installed and updated on the virtual machine.

If these prerequisites are not satisfied, the virtual machine appears as a client computer, but the host name and DNS do not appear in the Client Computer Properties dialog box.

If you remotely install any software on a virtual machine and any required information such as the host name is missing from the database, the installation fails. If you interactively install any software on the virtual machine and any information such as the client name or host name is different, the virtual machine is treated as a new client and a duplicate client is created. To avoid duplicate client entries caused by different client or host names, use the install software option for the client level in the CommCell Console rather than interactively installing software to the virtual machine guest operating system.

Show Virtual Machines in Client Computers List

Follow the steps given below to display virtual machines for all subclients under Client Computers:

  1. From the CommCell Console ribbon, click the Tools tab, and then click User Preferences.
  2. Click the Client Computer Filter tab.
  3. Select the Show Virtual Machines check box.

    If this check box is cleared, virtual machines are only displayed under subclients that include them, and any virtual machines without installed packages are not displayed.

  4. Click OK.
  5. Expand the Client Computers node to view the virtual machines.

    All virtual machines that are configured to be backed up by any subclient are displayed in the CommCell Browser. Any virtual machines that do not have packages installed are grayed out.

Show Virtual Machines in the Client Computer Groups List

A new client computer group is created for each VMware vCenter client. All virtual machines backed up by that VMware vCenter client are added to the group.

Virtual machines in the group can be displayed independently of the Client Computers list. Perform the following steps to display virtual machines in the Client Computer Groups list in the CommCell Console:

  1. From the CommCell Console ribbon, click the Tools tab, and then click User Preferences.
  2. Click the Client Computer Group Filter tab.
  3. Select the Show Virtual Machines check box.

    If this check box is cleared, virtual machines are only displayed under subclients that include them, and any virtual machines without installed packages are not displayed.

  4. Click OK.
  5. Expand the Client Computer Groups node to view the groups.
  6. Expand the node for each group to view the virtual machines backed up by that VMware vCenter client.

    All virtual machines backed up by any subclient are displayed in the CommCell Browser. Any virtual machines that do not have packages installed are grayed out.

Quiescing the Operating System and Applications before Backup

Quiescing indicates pausing or altering the state of running processes on a computer, particularly those that might modify information stored on disk during a backup, to guarantee a consistent and usable backup.

For windows Microsoft VSS inside the guest will be used to quiesce the file system and applications. This ensures that the data consistency of the file system and all VSS supported applications. By default VMware will engage all of the VSS writers that are configured inside the guest. If it is necessary to exclude a writer please refer to http://kb.vmware.com/kb/1031200

For Linux, the vmsync driver will be used to quiesce the file system.  This is included with VMware tools. The vmsync driver ensures that the file system is in a consistent state prior to the VMware snapshot being created. The vmsync driver is only supported with vSphere 5.0 and above.

Consider the following before enabling or disabling the quiescing during the backup:

  • Hardware Snapshot with Quiescing - When you perform the SnapProtect backup of a subclient, a hardware snapshot of all the virtual machines is created. Before the snapshot creation, the quiescing will be performed automatically for the operating system and applications on all the virtual machines in the subclient.
  • Crash consistent hardware snapshot - The backup process may slow down because of the quiescing. If you do not want to perform quiescing before the snapshot creation, you can disable the quiescing. If you disable the quiescing, the crash consistent hardware snapshot will be created.

You can also perform an application aware backup as described in Agent Assisted Application Protection.

Follows the steps given below to disable quiescing:

  1. From the CommCell Console, navigate to Client Computers | virtualization_client | Virtual Server | VMware | backup_set.
  2. Right-click a subclient and click Properties.
  3. Click the Backup Options tab.
  4. Select Crash Consistent.
  5. Click OK.

When you perform the backup of a subclient, the quiescing will not be performed on all the virtual machines in the subclient.

Notes:

  • By default, when creating a snapshot on a VM, the file system and applications within the VM are quiesced. If the file system and applications cannot be quiesced, a non-quiesced snapshot is taken instead, and a warning is generated. When the requireSnapshotGuestFileSystem additional setting is configured on the VSA proxy with the value true, the automatic fall back to a non-quiesced snapshot is disabled and the backup of the VM fails.
  • To ignore quiesce failure errors for virtual machine backups, create the ignoreQuiesceGuestErrors additional setting on the Virtual Server Agent proxy and set the value to 1.

Pre-Freeze and Post-Thaw Processing Using VMware Tools

You can use VMware tools to perform specific operations before or after a backup. For example, if a virtual machine hosts an Oracle database and you want to enable the hot backup of the database before performing the backup, you can run a script using VMware tools.

For more information about running scripts on Windows virtual machines, refer to http://kb.vmware.com/kb/1006671.

For ESX version4.x, the VMware tools scripts should be located in C:\Program Files\VMware\VMware Tools\backupScripts.d.

If a virtual machine hosts a VSS-aware application such as Microsoft SQL Server, Microsoft Exchange, or Oracle, enable the File System and Application Consistent option at the subclient level to provide the ability to back up the database and perform an image level application-consistent database recovery.

On Linux virtual machines, the script /usr/sbin/pre-freeze-script is executed when the software snapshot is created and /usr/sbin/post-thaw-script is executed when the software snapshot is finalized. Ensure that these scripts are executable by the VMware tools user.

The following scripts are available to perform pre-freeze or post-thaw processing using VMware tools:

Operation

Procedure

Scripts

Scripts can be used to take a snapshot of a VM with the DB2 application. These scripts enable VMware to suspend I/O updates to the DB2 database until the VMware Linux guest snapshot is completed.
  1. On a Linux virtual machine, copy the pre-freeze-script and post-thaw-script to the /usr/sbin directory.
  2. Copy the write_suspend and write_resume scripts to a location where the DB2 database can execute them (preferably to a directory under DB2 home).
pre-freeze-script.sh

post-thaw-script.sh

write_resume.sh

write_suspend.sh

Scripts can be used to take a snapshot of a VM with the MAXDB application. These scripts enable VMware to suspend I/O updates to the MAXDB database until the VMware Linux guest snapshot is completed.
  1. On a Linux virtual machine, copy the pre-freeze-script and post-thaw-script to the /usr/sbin directory.
  2. Copy suspend_logwriter and resume_logwriter scripts to a location where MAXDB database can execute them (preferably to a directory under MAXDB home).
pre-freeze-script.sh

post-thaw-script.sh

resume_logwriter.sh

suspend_logwriter.sh

 

Scripts can be used to take a snapshot of a VM with the Oracle application. These scripts enable VMware to suspend I/O updates to the Oracle database until the VMware Linux guest snapshot is completed.
  1. On a Linux virtual machine, copy the pre-freeze-script and post-thaw-script to the /usr/sbin directory.
  2. Copy the pre-freeze-script.sql and post-thaw-script.sql scripts to a location where the Oracle database can execute them (preferably to a directory under Oracle home).

    These scripts change the entire database to backup  mode.

    If the virtual machine has the Oracle iDataAgent installed on it, you can also use the consistent-archivelog-backup.rman script as a sample to run archivelog backup. This script gets a consistent snap, all the latest archived logs, and the current control file.

pre-freeze-script.sh

post-thaw-script.sh

pre-freeze-script.sql

post-thaw-script.sql

consistent-archivelog-backup.rman

Scripts can be used to take a snapshot of a VM with the Sybase application. These scripts enable VMware to suspend I/O updates to the Sybase database until the VMware Linux guest snapshot is completed.
  1. On a Linux virtual machine, copy the pre-freeze-script and post-thaw-script to the /usr/sbin directory.
  2. Copy pre-freeze-script.sql and post-thaw-script.sql scripts to a location where the Sybase database can execute them (preferably to a directory under Sybase home).

    These scripts execute sybase quiesce commands that stop updates to the databases.

pre-freeze-script.sh

post-thaw-script.sh

pre-freeze-script.sql

post-thaw-script.sql

Scripts can be used to take a snapshot of a VM with the MySQL application. These scripts enable VMware to suspend I/O updates to the MySQL database until the VMware Linux guest snapshot is completed.
  1. On a Linux virtual machine, copy the pre-freeze-script and post-thaw-script to the /usr/sbin directory.
  2. Copy the quiesce.py and unquiesce.py scripts to a location where the MySQL database can execute them (preferably to the /usr/sbin directory).

    Python script is used to quiesce and unquiesce the databases. Python and MySQL-Python modules must be installed on the client computer

pre-freeze-script.sh

post-thaw-script.sh

unquiesce.py

quiesce.py

Setting Threshold for Free Space on a Datastore

During the backup of any virtual machine, a snapshot of the virtual machine gets created on its datastore. If the datastore of any virtual machine does not have sufficient space for snapshots, the backup job completes with one or more errors. Before performing the backup, you can set a threshold of required free space. If a datastore does not have the required free space, the software does not back up the virtual machines residing in that datastore.

Follow the steps given below to set the threshold for free space on a datastore:

  1. From the CommCell Console, navigate to Client Computers | virtualization_client | Virtual Server | VMware | backup_set.
  2. Right-click a subclient and click Properties.
  3. Click the Backup Options tab.
  4. Select Perform Datastore freespace check.
  5. In the Datastore freespace required box, enter the threshold value. By default, the threshold is set to 10%.
  6. Click OK.

When you perform the backup of a subclient, a virtual machine will be skipped from the backup if its datastore doesn't have the required free space. If a virtual machine has disks on multiple datastores, and if any one datastore doesn't have the required free space, the virtual machine will be skipped from the backup.

This threshold applies to datastores of all the virtual machines in a subclient.

Configuring Transport Modes for Backup Copy

By default, the software automatically determines the transport mode currently being used in your environment prior to each backup copy operation. This process can be eliminated by configuring the subclient to use a specific transport mode for all backup copy operations. Once you do this configuration, the software no longer search your environment for the appropriate mode, thereby increasing backup performance.

  1. From the CommCell Browser, expand Client Computers > virtualization_client > Virtual Server > VMware > backup_set.
  2. Right-click the subclient and click Properties.
  3. Click the Transport Mode for VMware list and select any of the following transport modes:
    • Auto (default) - The transport mode is selected automatically based on the backup environment:
      • If the datastore for VMDKs is accessible to a physical proxy, SAN mode is used.
      • If the datastore for VMDKs is accessible to the ESX server for a virtual proxy, HotAdd mode is used.
      • Otherwise, NBD mode is used.
    • SAN - For directly connected storage using Fibre Channel (FC) or Internet SCCI (iSCSI) protocols. The Virtual Server Agent must have access to the datastore LUNs (logical drives) that provide storage for virtual machine disks. Data is read directly from the storage where virtual machines reside, without going through the ESX host or transferring data over the local area network (LAN). The ESX host is contacted only to coordinate access to the LUN. SAN transport mode cannot be used if the proxy computer is a virtual machine.
    • HotAdd - The Virtual Server Agent is installed on a virtual machine residing on an ESX Server. In HotAdd mode, the data volumes containing the virtual machines to be backed up are automatically mounted to the proxy, so they can be accessed by the proxy as a local disk. The ESX host the proxy is running on must have access to all datastores for the virtual machine. If the virtual machine and the proxy are not on the same host, all datastores must be shared between the hosts.
    • Licensing: In vSphere 5.0, the SCSI HotAdd feature is enabled only for vSphere editions Enterprise and higher, which have Hot Add licensing enabled. No separate Hot Add license is available for purchase as an add-on. In vSphere 4.1, Hot Add was also enabled in the Advanced edition. Customers with vSphere Essentials or Standard editions are not able to perform proxy-based backup, which relies on SCSI HotAdd. Those customers must use alternate transport modes.

      SCSI Controllers: HotAdd relies on the SCSI protocol and does not support IDE disks. Use the LSI SCSI controller. The paravirtual SCSI controller (PVSCSI) is not supported for HotAdd.

    • NBD - Data is transferred using the TCP/IP connection between the ESX server and the proxy computer. The local area network (LAN) can be the production network or a dedicated backup network.
    • NBDSSL - Similar to NBD mode, but data transfer between the proxy computer and the ESX server is encrypted. Encryption should be used for sensitive information, even within a private network.
  4. Click OK.

Forcing Transport Modes in vSphere VADP Environments

In vSphere VADP environments, you can force a specific transport mode to be used for all virtual machine backups performed by a proxy by configuring the vStorageTransportMode additional setting. This additional setting can be configured on each proxy computer selected for the virtualization client.

The following transport modes can be forced using this additional setting:

  • san
  • hotadd
  • nbd

Follow the steps below to configure this additional setting:

  1. From the CommCell Browser, navigate to Client Computers.
  2. For each proxy listed for the vCenter client:
    1. Right-click the client, and then click Properties.
    2. Click Advanced, and then click the Additional Settings tab.
    3. Click Add.
    4. On the Add Additional Settings dialog box, provide the following information:
      • Name: vStorageTransportMode
      • Category: VirtualServer
      • Type: STRING
      • Value: Type the transport mode you want to use in lower-case letters (for example, san, hotadd, or nbd).
    5. Click OK to save additional settings, advanced properties, and client properties.

Modifying an Agent, Instance, or Subclient

Certain properties of agents, instances, and subclients can be modified to accommodate changes to your configuration, data, or desired backup behavior.

The following table describes the properties that can be configured from these levels.

Option Description Related Topics
Change the user account details

In order to perform discovery, backup, and restore operations within a single instance, you need administrator-level global, virtual machine, and resource privileges.

You can configure the user account associated with the Virtual Center.

  1. From the CommCell browser, right-click the virtual server instance.
  2. Click Properties.
  3. Click Configure Password.
  4. Type the user name.
  5. Type password and confirm password.

You can configure the user account associated with the ESX Server.

  1. Click Configure ESX Server.
  2. Select the ESX server.
  3. Click Edit.
  4. Type the username.
  5. Type the password and confirm password.
 
Change storage policies You can modify the storage policies in any of the following situations:
  • To include a different media for the backup operation.
  • To use a storage policy with a different retention criteria.

You can change the storage policies from the subclient level.

  1. From the CommCell Browser, right-click the subclient.
  2. Click Properties.
  3. Click Storage Device.
  4. Select the Storage policy from the drop-down menu.
  5. Click OK.
Refer to Storage Policies.
Rename a backup set or subclient

You can rename a subclient:

  1. From the CommCell Browser, right-click the subclient.
  2. Click Properties.
  3. Type the new name in the  Subclient name field.
  4. Click OK.
 
Data transfer options You can configure the available resources for transferring data secured by data protection operations from the subclient level. This includes the following:
  • Enable or disable Data Compression either on the client or on the MediaAgent.
  • Configure the transfer of data in the network using the options for Network Bandwidth Throttling and Network Agents.

You can configure the data transfer options.

  1. From the CommCell Browser, right-click the subclient.
  2. Click Properties.
  3. Click Storage Device.
  4. Click Data Transfer Option tab.
  5. Choose the appropriate software compression option for this subclient.
  6. Select Throttle Network Bandwidth and set the required bandwidth.
  7. Click OK.
Refer to Data Compression and Network Bandwidth Throttling.
View data paths You can view the data paths associated with the primary storage policy copy of the selected storage policy or incremental storage policy. You can also modify the data paths including their priority from the subclient level.
  1. From the CommCell browser, right-click the subclient.
  2. Click Properties.
  3. Click Storage Device.
  4. Select Storage Policy from the drop-down menu.
  5. Click Data Paths.
 
Change the number of data readers Use this option to specify the number of simultaneous backup data streams allowed for this subclient.
  1. From the CommCell browser, right-click the subclient.
  2. Click Properties
  3. Type the Number of Data Readers.
  4. Click OK.
Refer to Streams.
Select an ESX server to be used to mount snapshots for backup copies or live browse operations For clients with SnapProtect enabled:
  1. From the CommCell browser, right-click the subclient.
  2. Click Properties.
  3. On the Advanced Options tab, make the following changes under Proxy ESX Server:
    1. From the Virtual Center / ESX Server list, select the vCenter that contains the ESX host to be used for mounting snapshots.<

      You can select the vCenter where the source VMs reside or a different vCenter.

    2. In the Snap Mount ESX Host box, enter the host name for the ESX server that should be used to mount snapshots, or click Snap Mount Hosts to browse and select a host on the specified vCenter.

Note: If a different vCenter is chosen as the destination, the first available proxy for the destination virtualization client performs the mount operation.

 
Configure a subclient for pre- and post-processing of data protection You can add, modify or view Pre/Post processes for the subclient. These are batch files or shell scripts that you can run before or after certain job phases.
  1. From the CommCell browser, right-click the subclient.
  2. Click Properties.
  3. Click Pre/Post Process.
  4. Click one of the following phases and type the full path of the batch file that you want to execute during that phase.
    • PreBackup Process
    • PostBackup Process

    Alternatively, click Browse to locate the batch file (applicable only for paths that do not contain any spaces).

  5. Select Run Post Scan Process for all attempts to run a post scan process for all attempts.
  6. Select Run Post Backup Process for all attempts to run a post backup process for all attempts.

    The batch files will run on the first available proxy computer from the list of proxy computers. You can view the list of proxy computers on the Proxies tab of the Virtual Server Instance Properties dialog box.

  7. Click one of the following phases and type the full path of the batch file that you want to execute during that phase.
    • PreSnap Process
    • PostSnap Process

    The On Source option is selected by default. The batch files will the first available proxy computer from the list of proxy computers. You can view the list of proxy computers on the Proxies tab of the Virtual Server Instance Properties dialog box. The On Proxy option is not applicable for VMware. You cannot run the batch files on any other proxy computer.

  8. Click Change to specify the user account which has permissions to run these commands.

  9. In the User Account dialog box, select one of the following:
    • Use Local System Account - Select this option if you want to use the Local System Account to execute the batch files and click OK.
    • Impersonate User  - Select this option if you want to use a specific user account to execute the batch files. Enter the user name and password for the user account and click OK.
  10. Click OK.
Refer to Pre and Post Processes.
Configure activity control You can enable backup and restore operations from the agent and subclient level. However, you can enable restore operations only from the agent level.
  1. From the CommCell browser, right-click the subclient.
  2. Click Properties.
  3. Click Activity Control, select or clear option(s) as desired.
  4. Click OK.
Refer to Activity Control.
Configure user security You can configure user security from the agent or subclient level. You can perform the following functions:
  • Identify the user groups and roles associated with the CommCell object.
  • Associate this object with a user group and role.
  • Disassociate this object from a user group and role.
  1. From the CommCell browser, right-click the subclient and then click Properties.

    The Subclient Properties dialog box appears.

  2. Click the Security tab and then click Add.

    The Add Users and Groups dialog box appears.

  3. In the Users and Groups section, select the user group to associate with the CommCell object, and then click Add.
  4. In the Role section, select the role to associate with the CommCell object.
  5. Click OK.

    For this subclient, the users in the user group are restricted by the permissions in the role.

Refer to User Administration and Security.
Enable and disable data encryption When you configure encryption at the client level, it is configured automatically for all the subclients associated with all the agents installed on that client. If you want to disable or change the encryption at the subclient level, follow the steps given below:
  1. From the CommCell browser, right-click the subclient.
  2. Click Properties.
  3. Click Encryption.
  4. Select the desired encryption.
  5. Click OK.
Refer to Data Encryption.
View software version and installed updates The Version tab, at the Agent level displays the software version and post-release service packs and updates installed for the component.
  1. From the CommCell browser, right-click the agent.
  2. Click Properties.
  3. Click Version.
  4. Click OK.
 
CommCell Configuration Report The CommCell Configuration Report provides the properties of the CommServe, MediaAgents, clients, agents, subclients, and storage policies within the CommCell based on the selected filter criteria.
  1. From the CommCell browser, click Reports icon.
  2. Select CommCell Configuration.
  3. Click Run.
Refer to CommCell Configuration.

Deleting an Instance, Backup Set, or Subclient

The following sections describe the steps involved in deleting an instance, backup set, or subclient.

When you delete an instance or backupset, the associated data is logically deleted and you can no longer access the corresponding data from CommCell Console for recovery purposes.

Refer to the troubleshooting article on Recovering data associated with deleted clients and storage policies for information on how to recover data if you accidentally delete an entity.

Deleting an Instance

Consider the following before deleting an instance:

  • When you delete a specific instance all job schedules and job histories that pertain to any of the levels within the deleted instance are deleted.
  • You cannot delete an instance if it is being backed up. Attempts to delete an instance under such conditions cause the deletion to fail. If a backup is in progress, either wait for the backup to complete or kill the backup job using the Job Controller. Once the backup is no longer in progress, you can delete the instance level.
  • You cannot delete an instance if there is only one instance present for an agent. To delete the final instance, you must remove the agent software from the client computer.
  1. From the CommCell Browser, right-click the instance that you want to delete, click All Tasks and then click Delete.
  2. Click Yes to confirm the deletion. (Clicking No cancels the deletion and retains the node.)
  3. Type the requested phrase in the Enter Confirmation Text dialog box and click OK. This should delete the instance.

Deleting a Backup Set

Consider the following before deleting a backup set:

  • You cannot delete a default backup set.
  • Schedules associated with the backup set are also automatically deleted.
  1. From the CommCell Browser, right-click the user-defined backup set  that you want to delete, and then click Delete from the shortcut menu.
  2. A confirmation message is displayed, asking if you want to delete the backup set.

    Click No to cancel the deletion and retain the backup set, or click Yes to continue the deletion.

Deleting a Subclient

Consider the following before deleting a subclient:

  • You cannot delete a default subclient.
  • Schedules associated with the subclient are also automatically deleted.
  1. From the CommCell Browser, navigate to Client Computers | <Client> | <Agent> | <Backup Set>.
  2. Right-click the <subclient> that you want to delete, and then click Delete.
  3. A confirmation message is displayed, asking if you want to delete the subclient.

    Click No to cancel the deletion and retain the subclient, or click Yes to continue the deletion.

Configure Agent Preference for Browse Using VM File Recovery Plug-In

If a virtual machine has a Windows Agent installed inside the guest OS and has been backed up by both the File System Agent and the Virtual Server Agent, you can add a registry key to specify which backups should be displayed when using the VM File Recovery Plug-In in vCenter. If no entry is added, by default the most recent backup is displayed regardless of the agent used.

  1. On the server where the Web Console is installed, open the Registry Editor.
  2. Go to HKEY_LOCAL_MACHINE > SOFTWARE > CommVault Systems > Galaxy > Instance001 > WebConsole.
  3. Add the String key preferredVMAgent and set the value to VS.
  4. Restart Tomcat after each value change.

Disabling Restores Using Changed Block Tracking

Changed Block Tracking (CBT) is a VMware feature that enables efficient backup of virtual machines by tracking changes and only backing up changes rather than complete virtual machines. CBT is enabled by default, and is used automatically for restoring a full virtual machine when the Restore in place and Unconditionally overwrite VM with the same name restore options are used, providing significant performance improvements.

For SnapProtect, CBT restores are only supported from streaming backups (backup copy).

  1. From the CommCell Browser, go to Client Computers.
  2. Right-click the client and select Properties.
  3. On the General tab of the Client Computer Properties dialog, click Advanced.
  4. Click the Additional Settings tab.
  5. Configure additional settings:
    • To disable CBT restores, configure the bEnableSeekOptimization additional setting:
      1. Click Add.
      2. On the Add Additional Settings dialog box, provide the following information:
        • Name: bEnableSeekOptimization

        • Category: VirtualServer

        • Type: INTEGER

        • Value: 1 (enable) or 0 (disable). Enter 0 to disable this feature.

        • The Enable checkbox should be selected.
      3. Click OK to save the additional setting.
    • Optional: To change the threshold for performing CBT restores, configure the nSKDMinUnchangedSpace additional setting:
      1. Click Add.
      2. On the Add Additional Settings dialog box, provide the following information:
        • Name: nSKDMinUnchangedSpace
        • Category: VirtualServer
        • Type: STRING
        • Value: 50M (default). If the amount of unchanged disk space on the backup is less than this value, a classic restore is performed instead of a CBT restore. You can enter units as K (kilobytes), M (megabytes), or G (gigabytes). 
        • The Enable checkbox should be selected.
      3. Click OK to save the additional setting.
  6. Click OK twice more to save the advanced client properties and the client properties.

Configuring Data Protection Alerts for Virtual Machines

You can perform the steps provided in Creating an Alert from the Alert Wizard to configure a data protection alert for virtual machines. You can configure alerts to provide notification and details about specific virtual machines when jobs are started, suspended, resumed, killed, completed, or failed. The alert notification can include tokens for the virtual machine name, host, status, and protection failure reason.

The following alerts are available for the Virtual Server Agent:

Alerts Type Description
Data Protection User-defined Sends notification on the status of running backup jobs.
Event Viewer Events User-defined Uses the vsbkp process to trigger backup job status in the Event Viewer.

When adding the alert, use the following options for the Add Alert Wizard:

  • On the General Information page, select Job Management for the Category and Data Protection for the Type.
  • On the Entities Selection page, select the Virtual Server clients to be included for the alert or client groups that include those Virtual Server clients.
  • Select options as needed on the Threshold and Notification Criteria Selection page.
  • On the Notification Type(s) Selection page, you can customize the email notification message by selecting an insertion point in the email message form, selecting a token from the drop-down list, and clicking Add Token. To help monitor protections operations for virtual machines, you can include the following tokens:
    • <PROTECTED OBJECTS>
    • <VIRTUAL MACHINE NAME>
    • <VIRTUAL MACHINE HOST NAME>
    • <VM STATUS>
    • <VM FAILURE REASON>
  • On the User(s) and User Group(s) Selection page, add users to receive notifications for the alert.

The notifications generated for the alert include information about all discovered virtual machines for the selected virtualization clients.

Note: For any subclients that have backups disabled (on the Activity Control tab of the subclient properties), discovered VMs are not included in alerts.

Creating Alerts for Specific Virtual Machines

  1. To view and select discovered virtual machines, display virtual machines before creating the alert:
    1. In the CommCell Browser, right-click the Client Computers node and select Customize View.

      The User Preferences dialog box displays the Client Computer Filter tab.

    2. Select Show Virtual Machines.
    3. Click OK.
  2. Add an alert as described in Creating an Alert from the Alert Wizard.
  3. On the General Information page, select Job Management for the Category and Data Protection for the Type.
  4. On the Entities Selection page, select the virtual machines under Association.
  5. Select other options as required.

Creating a Provisioning Policy for Live Mount

The provisioning policy for live mount specifies the total number of VMs that can be live mounted, how long live mounted VMs can run, and the resources that are dedicated for live mounts. This policy defines limits to the impact that live mount operations can have on the operating environment.

Before You Begin

  • Decide how you want to restrict the number of virtual machines that can be live mounted and the length of time that live mounted VMs can run.
  • Decide whether to specify a particular MediaAgent for live mounts.
  • Identify the vCenter, datacenter, ESX servers, and networks to use for live mounts.
  • Identify users or user groups who should be able to perform live mounts.

Procedure

  1. From the CommCell Browser, expand Policies, right-click VM Lifecycle Policies, point to New VMware Policy, and then click Live Mount.

    The VM Lifecycle Policy wizard appears.

  2. On the Enter the Policy Name and Description page, name the policy and configure advanced settings:
    1. In the Name field, enter a name for the policy.

      Make a note of the policy name, which users need to provide when live mounting virtual machines.

    2. In the Quota box, type or select the total number of concurrent live mounts that each user can run.
    3. In the Mount VM for box, type or select the number of hours that live mounted virtual machines can run before they are decommissioned.
    4. In the Description field, enter a description for the policy.
    5. To use a specific MediaAgent for live mounts, select Live Mount on MediaAgent and then choose a MediaAgent from the list.
    6. Click Next.
  3. On the Select the vCenter and Datacenter page, specify the vCenter and datacenter to use.
    1. From the Virtualization Client list, select the name of a previously configured vCenter.
    2. If you have not already refreshed datacenter information for the vCenter, click Update vCenter and datacenter information.
    3. From the Datacenter list, select the name of a datacenter.
    4. To modify default values for advanced settings, click Advanced Policy Features.

      In the Advanced Policy Features dialog box, you can modify the following values:

      • Associated Client Group: Select this option and choose a previously defined client computer group from the drop-down list.
      • E-mail addresses to notify: To identify users who should be notified about live mount operations, type one or more e-mail addresses separated by commas.
      • Sender's e-mail address: Type the e-mail address that should be listed as the sender for notifications.
      • Disable e-mail notifications for successful VM operations: To send e-mail notifications only for unsuccessful live mounts, select this option.
    5. Click OK to save advanced settings.
    6. Click Next.
  4. On the Select ESX Servers page, specify the ESX servers to make available for live mounts.

    By default, the Select All option is selected to make all configured ESX servers available for live mounts.

    1. To identify specific ESX servers to be used for live mounts with this policy, clear the Select All option.
    2. From the Available list, select the ESX servers, and then click Add to add them to the Selected list.
    3. Click Next.
  5. On the Enter Resources page, identify the networks that can be used for live mounted VMs:
    1. Under Network Names, select one or more networks from the Available list.
    2. Click Add to assign them to the Selected list.
    3. Click Next.
  6. On the Select User Membership page, select user groups to have access to the live mount feature.
    1. From the Available list, select user groups.
    2. Click Add to add them to the Selected list.
    3. Click Next.
  7. On the Summary page, verify the values entered for the policy and click Finish.

What to Do Next

Provide users who will perform live mounts with the policy name to be used when live mounting virtual machines. See Using Live Mount to Run a Virtual Machine.

Transport Modes for VMware

By default, the transport mode is selected automatically for backups and restores, based on the VSA proxy used and the virtual machines being backed up or restored. You can force a specific transport mode by configuring it at the subclient level, or by configuring an additional setting for all proxies that are used by a vCenter client.

The following transport modes are available in VMware. Advanced transport methods (SAN and HotAdd) replace the proxy-based VMware Consolidated Backup (VCB) solution.

  • SAN (storage area network) - SAN mode is supported for directly connected storage using Fibre Channel (FC) or Internet SCSI (iSCSI) protocols. With automatic transport mode selection, SAN mode is selected if SAN storage is connected to the ESX host. The Virtual Server Agent must have access to the datastore LUNs (logical drives) that provide storage for virtual machine disks. Data is read directly from the storage where virtual machines reside, without going through the ESX host or transferring data over the local area network (LAN). The ESX host is contacted only to coordinate access to the LUN.

    SAN transport mode is only supported for proxies on physical computers, and cannot be used if the proxy is a virtual machine.

    Changed Block Tracking (CBT) is disabled for SAN transport writes because the transport mechanism must account for thin disk allocation and clear lazy zero operations.

    SAN only supports writing to base disks; it does not support writing to redo logs for snapshots or child disks.

    SAN mode is not supported for VSAN datastores.

  • HotAdd - In HotAdd mode, the Virtual Server Agent is installed on a virtual machine residing on an ESX Server. The term HotAdd refers to the way the backups are completed. In HotAdd mode, the data volumes containing the virtual machines to be backed up are automatically mounted to the proxy, so they can be accessed by the proxy as a local disk. The ESX host the proxy is running on must have access to all datastores for the virtual machine. If the virtual machine and the proxy are not on the same host, all datastores must be shared between the hosts. If SAN mode is not available, HotAdd mode can achieve close to SAN mode performance.

    Licensing. In vSphere 5.0, the SCSI HotAdd feature is enabled only for vSphere editions Enterprise and higher, which have Hot Add licensing enabled. No separate Hot Add license is available for purchase as an add-on. In vSphere 4.1, Hot Add was also enabled in the Advanced edition. Customers with vSphere Essentials or Standard editions are not able to perform proxy-based backup, which relies on SCSI HotAdd. Those customers must use alternate transport modes.

  • Local Area Network (NBD and NBDSSL) - NBD (network block device) & NBDSSL (encrypted NBD) transmit data over the TCP/IP connection between the ESX server and the proxy computer. NBD serves as a fallback when other transport modes are not available.  The local area network (LAN) can be the production network or a dedicated backup network.

    NBDSSL is similar to NBD mode, but data transfer between the proxy computer and the ESX server is encrypted. Encryption should be used for sensitive information, even within a private network.

The following table summarizes the configurations based on the storage type:

Mode Datastore Storage Type VM Data Protected by Single Node Additional Comments
LAN Free SAN mode VMFS using Fibre Channel or iSCSI Up to 40 TB Virtual Server Agent and MediaAgent installed on the same physical computer with direct connection to datastore.

Eliminates data transfer over network during backup and restore. Provides best backup and restore performance.

LAN Free HotAdd mode VMFS, NFS, VSAN Up to 30 TB Virtual Server Agent and MediaAgent installed on virtual machine running on host with access to datastore.

Eliminates data transfer over network during backup and restore.

Network based (NBD, HotAdd) VMFS, NFS, VSAN, direct attached storage   Virtual Server Agent and MediaAgent installed on different computers. The Virtual Server Agent writes over the network to a remote MediaAgent.

Depends on infrastructure. Not recommended except with exceptional VMware configurations.

In most scenarios, backups and restores using SAN and HotAdd transport are faster than local area network (LAN) operations using network block device (NBD) or secure NBD (NBDSSL). SAN restores using thin disk provisioning can be slower than LAN restores; performance can be improved by using NBD or by setting the transport mode to SAN and forcing the disk type to thick, which uses eager zero provisioning.

Connectivity

Configure DNS on the backup proxy, ESX hosts, and vCenter Server. For any transport mode, missing or incorrect DNS configuration produces nslookup errors during fully qualified domain name (FQDN) resolution.

Related Topics

Configuring Transport Modes

Configuring LAN-Free Backups

Troubleshooting articles:

Scenarios

SAN Transport Scenarios

LAN Free Backup for SAN-Based Storage

LAN free backup is used automatically when:

  • Virtual machines to be backed up are on SAN datastores.
  • Each proxy that performs backup operations is a physical server running Windows Server.
  • The Virtual Server Agent (VSA) and MediaAgent are both deployed on each proxy.
  • Each MediaAgent has local access to directly connected storage using a shared mount path.

During backup, the VSA reads the virtual machine disks (VMDKs) directly over the SAN, performs block level deduplication, and sends the data to a local MediaAgent that writes to the shared library. SAN transport mode provides the fastest method for full or incremental backups because data is not sent over the LAN. Data is never transferred over the IP network, except when the library is configured on a network-attached storage (NAS) device.

Physical Proxy Installations

In a physical proxy configuration, the Virtual Server Agent and MediaAgent are installed on a physical server with visibility into the storage network. A purely physical implementation performs SAN-only backups and usually provides the best performance.

When to Use
  • Datastores are configured on Fibre Channel (FC) or iSCSI SAN.
  • Physical Windows server has SAN access to datastore LUNs.
  • Direct tape copies are required or physical MediaAgents are required for secondary operations.
When Not to Use
  • SAN access to datastore LUNs is only available within the ESX Server environment.
  • SAN transport is not available for storage accessed using the Network File System (NFS) protocol.

HotAdd Scenarios

LAN Free Backup for NFS Datastores

You can perform LAN free backups even when VMware datastores are configured on NFS volumes. The Virtual Server Agent and MediaAgent are configured on a Windows virtual machine. During backup, the VSA mounts the VMDKs of the source VMs to itself, using a process called HotAdd. The source VMDKs then appear as a local disk to the VSA. The VSA module reads the VMDK locally, performs deduplication, and sends the data to the MediaAgent module on the same VM to be written to the disk library.

While not as efficient as SAN mode, this configuration ensures that no data is transferred over the IP network during backup. Moreover, VM restores are LAN free as well. In this mode, a single VSA and deduplication node running on a virtual machine with the recommended resources can provide end-to-end protection for up to 30 TB of VM data.

HotAdd Installations - Virtualized Agent and Virtualized MediaAgent

In this configuration, the Virtual Server Agent and MediaAgent are both installed in HotAdd mode. The backup destination is typically network based (CIFS/NFS) or another VMFS datastore and tape out options are very limited. Shared storage is required for HotAdd backups of virtual machines living on other ESX hosts.

When To Use
  • All virtual environment where physical servers are not preferred.
  • Datastores are configured on NFS.
  • Each MediaAgent can write directly to a mount point presented to the virtual machine.
  • Able to segregate backup and production traffic on the network.
When Not To Use
  • Direct backup to tape is required.
  • Backup traffic cannot be segregated from production traffic.
HotAdd Installations - Virtualized Agent and Physical MediaAgent

In this configuration, the Virtual Server Agent is installed in HotAdd mode while the MediaAgent is installed on a physical computer. Data is transferred over the LAN to the physical MediaAgent. This model also allows for the use of a centralized Windows MediaAgent and Linux MediaAgents. Shared storage is required for HotAdd mode backups of virtual machines living on other ESX hosts.

When To Use
  • Direct backup to tape or SILO to cloud is required.
  • Segregation of backup and production data is possible.
  • Physical MediaAgent is required for other protection tasks and secondary operations.
When Not To Use
  • Segregation of backup and production data is not possible.
  • SAN-based datastores on Fibre Channel or iSCSI are in use. Use an all physical configuration instead.

NBD Scenarios

Network Backup

You can deploy the VSA on a virtual machine and the MediaAgent and deduplication node on a separate physical server. The VSA in the VM reads the data from the source VMDKs using HotAdd and transfers data over the network to the MediaAgents to be written to disk. Although source side deduplication and CBT reduce the amount of data transferred on the network, this method is the least preferred option and is recommended in exception conditions (for example, when there is not shared storage or backups need to be written directly to tape).

Best Practices

To enable incremental backups of virtual disks, Changed Block Tracking (CBT) must be used for the first full backup. (CBT is enabled for backups by default.)

Best Practices for SAN Transport

  • SAN transport cannot be used by virtual machine proxies; use a HotAdd configuration to deploy a virtual proxy.
  • SAN transport generally provides the best performance for thick disk restores, but the worst performance for restoring thin disks. For thin disk restores, NBD or NBDSSL is usually faster.
  • For Enterprise and Datacenter editions of Windows Server 2008, the default SAN policy is offline. SAN policy should be set to onlineAll for Windows Server 2008 proxies, and SAN disks should be set  to read-only except for restores. The diskpart utility can be used to clear the read-only flag.

Best Practices for HotAdd

  • HotAdd relies on the SCSI protocol; use the LSI SCSI controller. HotAdd does not support (PVSCSI) IDE disks or the paravirtual SCSI controller.
  • Helper virtual machines are not required for HotAdd proxies using VADP.
  • When deploying the Virtual Server Agent for HotAdd backups, choose the datastore with the largest VMFS block size to ensure backups can mount and back up virtual machines residing on all datastores. For VMFS-3, a proxy that needs to back up and restore very large virtual disks should be deployed on volumes that support a large block size, with the block size of the proxy datastore matching the block size of the datastore for the disk being backed up. VMFS-5 uses a consistent file block size and can handle volumes up to about 60TB.
  • When HotAdd disks are backed up, a snapshot and redo log are created. While the HotAdd disk is still attached, do not remove the snapshot or the virtual machine being backed up. If the VM is removed while the disk is still attached, clean up of redo logs fails, and you must remove virtual disks from the backup appliance manually. If the snapshot is removed, the redo log could be left in an unconsolidated state.
  • If you use the vSphere Client to remove all disks on a controller, the entry for the controller is also removed from vSphere.
  • Virtual Windows disks created by HotAdd backup or restore operations might have different disk signatures than the original virtual disks.

Best Practices for NBDSSL Transport

  • In ESXi 5.0 and later, default NFC timeouts can be set in the VixDiskLib configuration file. If no timeout is specified, older versions of ESX or ESXi hold the corresponding disk open until vpxa or hostd is restarted.  As a starting point for NBD and NBDSSL transport, set Accept and Request timeouts to 3 minutes, Read timeouts to 1 minute, Write timeouts to 10 minutes, and timeouts for nfcFssrvr and nfcFssrvrWrite to 0.  You might need to lengthen timeouts on slow networks, especially for NBDSSL.
  • A VMDK can fail to open if too many NFC connections are made to an ESX host. For more information, see VDDK library returns the error: Failed to open NBD extent, NBD_ERR_GENERIC (1022543).

Best Practices for SnapProtect

  • In environments leveraging Fibre Channel storage (required for HDS), install the Virtual Server Agent and MediaAgent on a physical computer.
  • In array management. enter storage addresses for iSCSI and NFS in the same format used for ESX servers. For example, use an IP Address for both entries.
  • When using NFS storage, enter each IP address that is used into array management. Entering only a single IP for a management interface is not sufficient.
  • The Virtual Server Agent proxy must have access to the storage network. If you have an isolated network, an additional network connection must be added to the proxy.
  • SnapProtect performs a full backup. Switching to or from a SnapProtect backup causes the next backup to be a full backup.

Disk Provisioning

A virtual disk can be provisioned with specific allocated space (thick disk) or with space allocated on an as-needed basis (thin disk).

Thin Disk Provisioning

Thin disks conserve space, consuming only the space that is required for data. A thin disk is created the first time data is written to the disk, so the first write has extra block allocation overhead, regardless of the transport mode. For an existing thin disk, the time required for reads and writes is slightly more than required for lazy zero thick disks; but the difference in performance can be significant for high transaction applications.

After writes to thin disks using random I/O or going to previously unallocated disk areas, backup sizes may increase, even when Changed Block Tracking (CBT) is used. Disk defragmentation may reduce the backup size.

SAN restores using thin disk provisioning can be slower than LAN restores; performance can be improved by using NBD or by setting the transport mode to SAN and forcing the disk type to thick, which uses eager zero provisioning.

When you are restoring a virtual machine that has thin disks on an NFS datastore, empty blocks on the disk are not restored. Only the actual data on the disk is restored.

Thick Disk Lazy Zero and Eager Zero Disk Provisioning

Thick disks can be provisioned using lazy zero or eager zero disk formatting.

  • Lazy Zero provisioning writes zeros for each write to a new block, rather than to all blocks when the disk is created, so that initial disk creation is quicker. Lazy zero thick disks provide better performance than thin disks, but worse than eager zero thick disks.

    With a lazy zeroed thick disk, a read returns only used blocks.

  • Eager zero provisioning writes zeros to all allocated space when creating a virtual disk. Initial disk creation takes longer, but this format provides the best performance for writes. A read for an eager zeroed thick disk returns the entire disk, including the zeros in unused blocks.

When backing up thick disks, the proxy datastore must have at least as much free space as the maximum configured disk size for the virtual machine being backed up.

If Changed Block Tracking (CBT) is not available when a full backup is performed, all blocks are included and data in unused blocks is written as zeros. When data is restored from a backup that did not use CBT, the result is an eager zero thick disk, even if the disk that was backed up used lazy zero.

When a virtual machine disk is restored using thick disk provisioning and SAN transport, the disk uses eager zero provisioning.

For more information, see About Virtual Disk Provisioning Policies.