Get started with Backup and DR: Protect and recover a VMware VM

This exercise guides you through the steps of discovering and protecting a VMware VM running in Google Cloud VMware Engine and finally mounting a fully-functional new VMware VM from a backup image.

Before you begin

Before you begin, you must read and complete the following procedures:

Create a Google Cloud VMware Engine private cloud

You must have successfully deployed Google Cloud VMware Engine and have access to the Google Cloud VMware Engine portal before you can begin to back up Google Cloud VMware Engine.

To back up Google Cloud VMware Engine, you need to have a private cloud. To create a private cloud, see Create a Google Cloud VMware Engine private cloud

Google Cloud VMware Engine private cloud and the VPC connection

After you create a Google Cloud VMware Engine private cloud, you need to add a private connection between your Google Cloud VMware Engine private cloud and the VPC where your backup/recovery appliance is deployed. Refer to Complete private connection creation in the Google Cloud VMware Engine portal.

Configure Backup and DR Service to use Google Cloud VMware Engine DNS

During VMware VM backup jobs, the backup/recovery appliance needs to resolve the fully qualified names of the ESX servers running in your Google Cloud VMware Engine private cloud. The easiest way to achieve this is to add a DNS from your private cloud to the backup/recovery appliance. If you do not wish to do this, you need to manually add a host entry for each ESX host in the Host resolution tab on the System management page which is accessed as defined in step two below.

  1. On Google Cloud VMware Engine:

    1. Select Resources, then select your private cloud.

    2. Under Private cloud DNS servers copy either one or both IPs.

  2. In the Backup and DR management console, complete the following:

    1. Go to Manage, then Appliances.

    2. Right-click the appliance and choose Configure appliance networking.

      The System management page opens in a new window.

    3. Under DNS, NTP page:

      • Add the DNS as either primary or secondary.
      • Remove any unneeded DNS suffix searches.
    4. Under Troubleshooting, complete the following:

      • Click the Utility drop-down and select Test DNS.

      • Click the Resolve drop-down and select IP, then enter the IP in the IP to resolve field. It should resolve to a name. If it doesn't, validate the connectivity between Google Cloud VMware Engine private cloud and the Backup and DR VPC.

Set NFS ingress firewall rules for the backup/recovery appliance

When performing VMware VM mounts using NFS, the backup/recovery appliance provides access to the VMDKs using an NFS datastore. You need to set the ingress firewall rules for the backup appliance to ensure NFS mounts do not encounter unexpected errors.

  1. Go to the firewall page in the Google Cloud console.

  2. Find the VPC firewall rule for your backup/recovery appliance. It contains the following:

    • Target: Service account for your backup appliance.

      For example:

    • tcp: 26, 443, 3260,5107

  3. Edit the firewall rules and add the following:

    • In the Source IPv4 range, add the system management subnet of your Google Cloud VMware Engine private cloud. Find the system management subnet in Google Cloud VMware Engine portal by navigating to Resources, then Select your private cloud, then Subnets.

    • tcp: 26, 111, 443, 756, 2049, 3260, 4001, 4045, 5107

    • udp: 111, 756, 2049, 4001, 4045

  4. Click Save.

Configure a solution user account

To perform backup actions the backup/recovery appliance needs to connect to the vCenter server using an authenticated user that has the correct permissions. The easiest way to set this up is by using a solution user account. You need to set the solution user account password beforehand:

  1. Access the VMware Engine portal

  2. Select Resources, then select your private cloud.

  3. Select Change your vSphere privileges.

  4. Leave the user type and time interval to the default option, and select I understand.

  5. Click Confirm.

  6. Click Launch vSphere client (HTML5).

  7. Go to Menu and click Administration.

  8. Select Single sign on and click Users and groups.

  9. From the main panel, select the gve.local domain and select the desired solution user account.

  10. Click Edit.

  11. Enter a strong password in the Password and Confirm password fields. Optionally, add the description. Take a note of which solution user you use (e.g., solution-user-01).

  12. Click Save.

Add a new vCenter host to the management console

Backup and DR uses VMware vSphere Storage APIs data protection (formerly known as vStorage APIs for data protection or VADP) to create backup images of VMware VMs, placing these backup images either in the snapshot pool of the backup/recovery appliance or in OnVault Pools.

To issue API calls, the backup/recovery appliance needs to connect to the vCenter host with a username and password that have authority to perform the required actions. In this section, we add the vCenter as a host and supply those user credentials (which are stored securely by the service).

To add a new vCenter host to the management console, complete the following:

  1. In the management console, go to Manage then Hosts.

  2. Select + Add host.

  3. In the Add host form, enter the name and an optional friendly name. The name of a host should start with a letter, and can contain letters and digits (0-9). Underscore (_) characters are not valid in host names.

  4. Enter the IP address of the vCenter server appliance in IP address.

  5. In the Appliances section, select the management console managed appliances that you want to serve this host. If the list is long, you can use the search box to find a specific appliance or group of appliances.

  6. From the Host type drop-down, select vCenter and add the following:

    • Validate the data transport mode, either NFS or SAN. NFS is the default setting and we recommend you do not change it.

    • Enter the username and password of the solution user you configured earlier to connect to the vCenter server appliance and then use the Test button to validate the added credentials.

  7. Click Add.

Create a backup template and profile

VMware VMs are captured in their entirety using VMware API calls. You manage a VM by assigning a template and a resource profile to it to define the backup plan to capture the entire VM.

When a backup/recovery appliance associates a backup template with an entire VM it is not aware of VM content so no application-specific actions are performed.

When an entire virtual server is captured, a fully functional virtual server (operating system, applications, and their data) is captured. Having a copy of the entire virtual server guarantees that the data can be accessed fast and without issues. Since the image presented is a fully functional virtual server, it can be migrated to a new, permanent location if needed. Capturing whole virtual servers allows groups of virtual servers and their applications to be managed with a single backup template.

Templates are composed of backup policies. In policies, you can defines when to run a backup, how frequently to run a backup, how long to retain the backup image for (Days, Weeks, Months, or Years), and also additional configuration when the policy is applied to a VM. Refer to Create a backup template to create a template and assign a backup policy.

Backup policies define schedules for jobs, when and how often to run a job, and how long to retain the data. A backup policy also allows you define whether its schedule runs within a window or continuously. Where applicable, backup policies allow you to define the rules for determining whether or not a data protected by a policy meets your requirements. If data is being protected according to your needs, then it is considered to be in compliance.

A resource profile specifies the storage media for VMware VM data backup images. Resource profiles define which snapshot pool is used (if a snapshot policy is in the template) and which OnVault pools are used (if OnVault or direct to OnVault policies are in the template). For more information, see Create a resource profile.

Discover and protect VMs

Use the onboarding wizard to discover VMware virtual machines (VMs) managed by a vCenter. Once you have discovered one or more applications, you can protect them all at once by applying a backup template and profile or you can simply add them to the applications list as unmanaged or ignored VMs.

Use the following instructions to discover and protect VMware VMs:

  1. Click App Manager, and select Applications, then click Add Application.

  2. Select Google Cloud VMware Engine.

  3. From the server list, select a vCenter where you want to perform VM discovery and click Next.

  4. On the Manage page, a list of VMs appears. Select a VM to discover and click Next.

  5. Apply the policy template and profile to the compute engine instance:

    • Select one or more VMs that you want to protect.

    • Select Apply backup plan.

    • From the Choose action drop-down list, select Apply backup plan.

      The Choose template drop-down list opens.

    • From the Choose template drop-down list, select a template.

      The Choose profile drop-down list opens.

    • Click OK.

  6. Click Application Settings for each VM in the list to make changes to the default configuration.

    The Application Details and Settings page opens. See Configure application settings for VMs.

  7. In case there are multiple VMs and you want to make the same changes to all the VMs, click define settings for all applications and make the necessary changes.

  8. Click Next.

  9. Review the summary screen. If everything is correct, select Finish to complete the onboarding process. The selected VMs are backed up based on the Policy template you select.

  10. After onboarding is complete, a pop-up appears. Click Finish again. Once the policy template is attached to the selected VMs, the status changes to a green check mark. The green check indicates that your VMs is all set to run a backup job within the schedule by the policy. If you want to run the job immediately, see Run on-demand job.

Configure application settings for a VMware VM

From the Application Details and Settings dialog, you can modify application-specific settings for configuring backup options for VMware VM. Application settings may be useful or required in certain circumstances. After you configure your application settings, click Save changes.

The following list has the application settings and a description of each one.

  • Application consistent (applies only for VMware VMs). Select one of the following:

    • Take crash consistent backup: Crash consistent backup is a fast backup of application data in storage as if power were lost at that moment. It does not pause application data I/O. All data on disk is saved, and data in memory is lost. The recovery of a crash consistent backup may take longer and introduce exceptions. It may be required to perform some additional manual recovery steps during the recovery, depending on the guest OS, file systems, and applications. Choose crash consistent if the application consistent process causes issues for your applications or workloads due to the quiescing process.

    • Take application consistent backup: Application consistent backup leverages VMware quiesced snapshots, which uses VMware tools to quiesce the file system of the virtual machine. A quiesce operation leverages Windows operating built-in capabilities to quiesce file systems and applications that support VSS. It also leverages any customer supplied freeze or thaw scripts (on all platforms) to get higher level application consistency. The result is a higher confidence level in the recoverability of the backup, as well as shorter recovery times in most cases. Application consistent backup images can sometimes cause a brief pause in I/O, and while uncommon, some busier applications may report I/O errors at the time of the backup. Occasionally, application consistent backup images fail if VMware is unable to quiesce the VM within a predetermined timeout during the snapshot operation. Use application consistent backup images when recoverability is most important, and the applications in the VM are not sensitive to the brief I/O pause.

    • Take crash consistent backup on last try: This option attempts to take application consistent backup images, but if the application consistent backup fails on three consecutive attempts it then takes a crash consistent backup on the fourth (and final) retry.

  • Truncate/purge log after backup. Specify whether to truncate or purge the database logs after every backup. When Truncate log after backup is enabled, application-related logs are truncated until the recent or current backup. If you truncate logs, you must also back up the transaction log to enable a roll forward recovery. The options are the following:

    • Do not truncate or purge log after backup

    • Truncate or purge log after backup

  • Job behavior when target VM needs snapshot consolidation. Select an action if the VM requires consolidation:

    • Fail the job if VM needs consolidation: Point-in-time jobs fail.

    • Run the job without performing consolidation: All jobs run normally even if consolidation is pending.

    • Perform consolidation at the beginning of the job: Point-in-time jobs try to perform consolidation at the beginning of the job. If consolidation fails, the job fails with an error message.

Protect on-premises VMware VMs

Before you begin

To protect and recover on-premises VMware VMs, you must deploy the on-premises versions of the management console and the backup/recovery appliance.

  1. Configure Private Google Access
  2. Deploy an on-premises management console (formerly called the Actifio AGM).
  3. Deploy an on-premises backup/recovery appliance (formerly called the Actifio Sky appliance).

Add vCenter hosts and discover the VMs

  1. Add a new vCenter host to the management console
  2. Discover and protect a VM

What's next