This page describes how to back up Google Cloud VMware Engine into a backup vault.
Google Cloud VMware Engines are captured in their entirety using VMware API calls. You can manage a VM by assigning a template and a resource profile to it to define the backup plan and capture the entire VM.
When a backup/recovery appliance associates a backup template with an entire VM it is not aware of VM content, so no application-specific actions are performed.
When an entire virtual server is captured, a fully functional virtual server, including the operating system, and applications and their data is captured. Having a copy of the entire virtual server ensures that the data can be accessed quickly and without issues. Capturing whole virtual servers allows groups of virtual servers and their applications to be managed with a single backup template. See Application backup or capture wizard for information on how to discover VMs.
You can use a backup vault to store Google Cloud VMware Engine backups. Sending backups to a backup vault provides protection against modification (immutability) and deletion (indelibility). For more information about backup vault, see backup vault for immutable and indelible backups.
With a backup vault, you can store backups in a single region. If you need backups in multiple regions, consider the following options:
- You can define a backup plan and resource profile that sends backups to two or more OnVault pools with two or more backup vaults. You can create these backup vaults in different regions, which provides dual-region protection for your backups. Note that you will be charged for the storage in each backup vault separately.
- You can define an OnVault pool that uses a multi-regional Cloud Storage bucket. Note that this option doesn't provide the protection against modification and deletion that a backup vault provides.
Backing up Google Cloud VMware Engine into a backup vault involves the following steps.
Create a backup vault
A backup vault is a container to store backups. To back up Google Cloud VMware Engine to a backup vault, you need to create a backup vault. For instructions, see Create and manage a backup vault in the Google Cloud console.
Register a backup/recovery appliance as an authorized accessor for a backup vault
You can access a backup vault from the backup/recovery appliance project only
after the appliance service account is granted with the
Backup and DR Backup Vault Accessor (roles/backupdr.backupvaultAccessor
)
and Backup and DR Backup Vault Lister (roles/backupdr.backupvaultLister
)
IAM roles in the backup vault project. Without these roles, you cannot
access the backup vault to complete the setup to enable backup creation.
For instructions, see Grant roles to the backup/recovery appliance service account.
Create an OnVault pool associated with a backup vault
OnVault pools created with the backup vault type store data in the backup vault. A backup vault with a minimum enforced retention period prevents the deletion of backups before the enforced retention period is met.
Backup/recovery appliances that are registered with the backup vault pool type and updated to the version 11.0.12 or later are displayed for selection. To upgrade your appliances to the latest version, see Update backup/recovery appliances.
Use the following instructions to create an OnVault pool which points to a backup vault.
- Click Manage and select Storage pools from the menu.
- Click Add OnVault pool.
- Enter a name for the pool. Valid characters are letters, numbers, spaces, hyphens (-), and underscores (_).
- Check that the Pool type is set to Backup vault.
- From the Appliance list, select the appliance you want to add the OnVault pool to. If your appliance is not available to select, you will need to updated the appliance to the latest version.
- In the Project ID field, enter the Google Cloud project that contains your backup vault.
- From the Region list, select the region that contains your backup vault.
- From the Choose a backup vault section, select a backup vault.
- Click Save.
Create a profile associated with a backup vault based OnVault pool
A resource profile specifies the storage medium for Google Cloud VMware Engine backups. You can use a backup vault, a specialized storage for Backup and DR Service backups, designed with features that support resilience against malicious or accidental deletion of backups. After the profile is created and designated for use with backup vaults, the profile cannot be edited to use a different storage pool type and a backup vault must always be specified. Also, if the resource profile is in use to protect an application, the specified backup vaults cannot be changed.
Use the following instructions to create a resource profile which points to a backup vault.
- Click Backup plans and select Profiles from the menu.
- Click Create profile.
- Enter a name and optional description for the resource profile.
- Select Use OnVault pools that point to backup vaults (Recommended).
- In the Primary appliance section, from the Appliance list, select the appliance type that the backup pool type is associated with.
- From the Snapshot pool list, select a snapshot pool type.
- From the OnVault pool 1 list, select the OnVault pool associated with your backup vault.
- Optional. From the OnVault pool 2 list, select the OnVault pool associated with your backup vault that is created in a different region.
- Click Save profile.
Create a template with the backup policies
A backup plan template defines backup creation and management details, such as the backup schedule and the timeline for backup deletion. Backup plan templates are created within the management console. Create a backup template using the instructions in the Manage backup templates.
Apply a backup plan to protect a Google Cloud VMware Engine
Use the following instructions to apply a backup plan to protect Google Cloud VMware Engine VM.
Click the App Manager tab and select the Applications option from the drop-down list. The Applications page opens.
Select the VM that you want to manage, and then choose Manage Backup Plan from the drop-down list at the bottom right corner of the page. The Manage Backup Plan page opens.
From the Manage Backup Plan page, choose from the Template and Profile drop-down lists:
Template. An existing backup template that includes policies to define the snapshot, direct to onvault, or replication of the application data.
Profile. An existing resource profile that defines the resources used to store the data of the application as snapshot or replicated images.
The Manage Backup Plan page shows a view of the policies assigned to the selected applications in the backup plan policy map. Management comes from the template policies and profiles that you designed in the backup plans.
Click Apply Backup Plan. The Apply backup plan page opens.
Configure the application's details and settings or policy overrides settings.
Application Settings. Apply application-specific settings when managing a VM. Application settings may be useful or required in certain circumstances. See Configure application settings for protecting VM data for details.
Policy Overrides. Override specific policy settings previously configured in the selected backup template. See Configure policy overrides for details.
Click Apply Backup Plan to apply the backup template and resource profile. A success message opens.
Click Okay.
The application may not get backed up until the scheduled job runs according to the hours of operations defined in the backup template. For example, if at 10:00 (UTC) you assign a template that has hours of operation from 02:00 to 05:00 (UTC), then the first job won't start until the appliance has an available job slot at 02:00 (UTC) of the following day. To run a job immediately, see perform an on-demand capture.
To change backup plan settings for the application, see Modify backup plan management of a managed application. To disable a backup plan, see Removing backup plan management of an application.