Protect and recover a VMware VM

This page provides you an end-to-end overview about protecting a VMware VM running in Google Cloud VMware Engine, how to backup and restore your Google Cloud VMware Engine and monitor backups.

Configuring backup for VMware VMs

Google Cloud VMware Engine is a fully managed service that lets you run the VMware platform in Google Cloud. Google manages the infrastructure, networking, and management services. For more detailed information, refer to VMware engine documentation.

Prerequisite to configure backup

Before you start backing up Google Cloud VMware Engine instances, read the following procedures and deploy Backup and DR Service:

• Plan a Backup and DR deployment

• Prepare to deploy Backup and DR

• Deploy Backup and DR

To start backing up Google Cloud VMware Engine instance, you must read and complete the following procedures in the same order:

• VMware - API access and quota
• Networking requirements
• IAM roles and permissions
• Create a Google Cloud VMware Engine private cloud
• Add a private connection between your Google Cloud VMware Engine private cloud between your Google Cloud VMware Engine private cloud and the VPC where your backup/recovery appliance is deployed.

Configure backup

During VMware VM backup jobs, the backup/recovery appliance needs to resolve the fully qualified names of the ESX servers running in your Google Cloud VMware Engine private cloud. The easiest way to achieve this is to add a DNS from your private cloud to the backup/recovery appliance. If you don't want to do this, you need to manually add a host entry for each ESX host in the Host resolution tab on the System management page which is accessed as defined in step two.

1. On Google Cloud VMware Engine:

   1. Select Resources, then select your private cloud.

   2. Under Private cloud DNS servers copy either one or both IPs.

2. In the Backup and DR management console, complete the following:

   1. Go to Manage, then Appliances.

   2. Right-click the appliance and choose Configure appliance networking.

      The System management page opens in a new window.

   3. Under DNS, NTP page:

      • Add the DNS as either primary or secondary.
      • Remove any unneeded DNS suffix searches.

   4. Under Troubleshooting, complete the following:

      • Click the Utility drop-down and select Test DNS.

      • Click the Resolve drop-down and select IP, then enter the IP in the IP to resolve field. It should resolve to a name. If it doesn't, validate the connectivity between Google Cloud VMware Engine private cloud and the Backup and DR VPC.

Set NFS ingress firewall rules for the backup/recovery appliance

When performing VMware VM mounts using NFS, the backup/recovery appliance provides access to the VMDKs using an NFS datastore. You need to set the ingress firewall rules for the backup appliance to ensure NFS mounts don't encounter unexpected errors.

1. Go to the firewall page in the Google Cloud console.

2. Find the VPC firewall rule for your backup/recovery appliance. It contains the following:

   • Target: Service account for your backup appliance.

     For example: backup-server-27816-sa@projectname.iam.gserviceaccount.com

   • tcp: 26, 443, 3260,5107

3. Edit the firewall rules and add the following:

   • In the Source IPv4 range, add the system management subnet of your Google Cloud VMware Engine private cloud. Find the system management subnet in Google Cloud VMware Engine portal by navigating to Resources, then Select your private cloud, then Subnets.

   • tcp: 26, 111, 443, 756, 2049, 3260, 4001, 4045, 5107

   • udp: 111, 756, 2049, 4001, 4045

4. Click Save.

Configure a solution user account

To perform backup actions the backup/recovery appliance needs to connect to the vCenter server using an authenticated user that has the correct permissions. The easiest way to set this up is by using a solution user account. You need to set the solution user account password beforehand:

1. Access the VMware Engine portal

2. Select Resources, then select your private cloud.

3. Select Change your vSphere privileges.

4. Leave the user type and time interval to the default option, and select I understand.

5. Click Confirm.

6. Click Launch vSphere client (HTML5).

7. Go to Menu and click Administration.

8. Select Single sign on and click Users and groups.

9. From the main panel, select the gve.local domain and select the solution user account.

10. Click Edit.

11. Enter a strong password in the Password and Confirm password fields. Optionally, add the description. Take a note of which solution user you use (e.g., solution-user-01).

12. Click Save.

Add a new vCenter host to the management console

Backup and DR uses VMware vSphere Storage APIs data protection (formerly known as vStorage APIs for data protection or VADP) to create backup images of VMware VMs, placing these backup images either in the snapshot pool of the backup/recovery appliance or in OnVault Pools.

To issue API calls, the backup/recovery appliance needs to connect to the vCenter host with a username and password that have authority to perform the required actions. In this section, we add the vCenter as a host and supply those user credentials (which are stored securely by the service).

To add a new vCenter host to the management console, complete the following:

1. In the management console, go to Manage then Hosts.

2. Select + Add host.

3. In the Add host form, enter the name and an optional friendly name. The name of a host should start with a letter, and can contain letters and digits (0-9). Underscore (_) characters are not valid in host names.

4. Enter the IP address of the vCenter server appliance in IP address.

5. In the Appliances section, select the management console managed appliances that you want to serve this host. If the list is long, you can use the search box to find a specific appliance or group of appliances.

6. From the Host type drop-down, select vCenter and add the following:

   • Validate the data transport mode, either NFS or SAN. NFS is the default setting and we recommend you do not change it.

   • Enter the username and password of the solution user you configured earlier to connect to the vCenter server appliance and then use the Test button to validate the added credentials.

7. Click Add.

Create a backup plan template

VMware VMs are captured in their entirety using VMware API calls. You manage a VM by assigning a template and a resource profile to it to define the backup plan to capture the entire VM.

When a backup/recovery appliance associates a backup template with an entire VM it is not aware of VM content so no application-specific actions are performed.

When an entire virtual server is captured, a fully functional virtual server (operating system, applications, and their data) is captured. Having a copy of the entire virtual server guarantees that the data can be accessed fast and without issues. Since the image presented is a fully functional virtual server, it can be migrated to a new, permanent location if needed. Capturing whole virtual servers allows groups of virtual servers and their applications to be managed with a single backup template.

Templates are composed of backup policies. In policies, you can defines when to run a backup, how frequently to run a backup, how long to retain the backup image for (Days, Weeks, Months, or Years), and also additional configuration when the policy is applied to a VM. Refer to Create a backup template to create a template and assign a backup policy.

A resource profile specifies the storage media for VMware VM data backup images. Resource profiles define which snapshot pool is used (if a snapshot policy is in the template) and which OnVault pools are used (if OnVault or direct to OnVault policies are in the template). For more information, see Create a resource profile.

Apply a backup plan template

Use the onboarding wizard to discover VMware virtual machines (VMs) managed by a vCenter. Once you have discovered one or more applications, you can protect them all at once by applying a backup template and profile or you can add them to the applications list as unmanaged or ignored VMs.

Use the following instructions to discover and protect VMware VMs:

1. Click App Manager, and select Applications, then click Add Application.

2. Select Google Cloud VMware Engine.

3. From the server list, select a vCenter where you want to perform VM discovery and click Next.

4. On the Manage page, a list of VMs appears. Select a VM to discover and click Next.

5. Apply the policy template and profile to the Google Cloud VMware Engine instance:

   • Select a VM that you want to protect.

   • Select Manage backup configuration.

   • From the Choose action drop-down list, select Manage backup configuration.

     The Choose template drop-down list opens.

   • From the Choose template drop-down list, select a template.

     The Choose profile drop-down list opens.

   • Click Apply backup plan.

6. Click Application Settings for each VM in the list to make changes to the default configuration.

   The Application Details and Settings page opens. See Configure application settings for VMs.

7. In case there are multiple VMs and you want to make the same changes to all the VMs, click define settings for all applications and make the necessary changes.

8. Click Next.

9. Review the summary screen. If everything is correct, select Finish to complete the onboarding process. The selected VMs are backed up based on the Policy template you select.

10. After onboarding is complete, a dialog appears. Click Finish again. Once the policy template is attached to the selected VMs, the status changes to a green check mark. The green check indicates that your VMs is all set to run a backup job within the schedule by the policy. If you want to run the job immediately, see Run on-demand backups.

On-demand backups

On-demand backup is a type of backup that you can manually trigger at any time. On-demand backups are useful for situations where you need to backup your data before a specific event. For example, you might want to backup your VM before applying updates or patches to ensure that you can restore it to its previous state if any issues arise during the update process.

To run an on-demand backup of a managed application:

1. Click the App Manager tab and select the Applications option from the drop-down list. The Applications page opens.
2. Select an Google Cloud VMware Engine instance and then click Manage Backup Configuration from the drop-down list at the bottom right corner of the page.
3. From the Policies that is on the right, select Snapshot.
4. Enter a Label and click Run Now. An on-demand backup will be triggered for the selected policy.

Protect on-premises VMware VMs

Before you begin

To protect and recover on-premises VMware VMs, you must deploy the on-premises versions of the management console and the backup/recovery appliance.

1. Configure Private Google Access
2. Deploy an on-premises management console (formerly called the Actifio AGM).
3. Deploy an on-premises backup/recovery appliance (formerly called the Actifio Sky appliance).

Add vCenter hosts and discover the VMs

1. Add a new vCenter host to the management console
2. Discover and protect a VM

Recover VMware VM

To recover a VMware, you need to perform the mount for a VMWare VM. Mount can be performed in one of the two ways:

• Mount to an existing host
• Mount as a new VM

Once the mount process is completed, you can recover a mounted VMware VM to production storage.

Restore a VMware VM

Restore is the process of restoring data from a backup image. To restore a VM, see Restore a VMware VM.

To clone a VM, see Clone an image of a VM.

Monitor

You can monitor the Google Cloud VMware Engine jobs, from the monitor jobs and monitor events.

What's next

To backup VMware VM and database resource types, refer the following quickstarts links.

• Protect & Recover Compute Engine instance.

• Protect and recover Microsoft SQL Server databases.