This page provides you an end-to-end overview about protecting a VMware VM running in Google Cloud VMware Engine using backup vault, how to backup and restore your Google Cloud VMware Engine, and monitor backups.
Before you begin
Before you can start backing up Google Cloud VMware Engine instances, use the following procedures and deploy Backup and DR Service:
Prerequisites to configure backups
Google Cloud VMware Engine is a fully managed service that lets you run the VMware platform in Google Cloud. Google manages the infrastructure, networking, and management services. For more detailed information, refer to VMware engine documentation. This quickstart helps you protect and recover VMware VM workloads using Backup and DR Service. To start backing up a Google Cloud VMware Engine instance, you must read and complete the following procedures:
- VMware - API access and quota
- Networking requirements
- IAM roles and permissions
- Create a Google Cloud VMware Engine private cloud
- Add a private connection between your Google Cloud VMware Engine private cloud and the VPC where your backup/recovery appliance is deployed.
Configure backup/recovery appliance network settings
During Google Cloud VMware Engine backup jobs, the backup/recovery appliance needs to resolve the fully qualified names of the ESX servers running in your Google Cloud VMware Engine private cloud. To achieve this, add a DNS from your private cloud to the backup/recovery appliance.
On Google Cloud VMware Engine
In the Google Cloud VMware Engine, complete the following:
Click Resources, then select your private cloud.
Using the Private cloud DNS servers option, copy either one or both IPs.
If you can't add a DNS from your private cloud, you need to manually add a host entry for each ESX host in the System management > Host resolution tab.
In the Backup and DR management console
In the Backup and DR management console, complete the following:
Go to Manage > Appliances.
Right-click the appliance and select Configure appliance networking.
The System management page opens in a new window.
In the DNS, NTP page:
Add the DNS as either primary or secondary. Enter the IP address of your primary DNS server and your secondary DNS server, the secondary DNS is optional.
Remove any unneeded DNS suffix searches. If you set any entries in DNS Suffix Search, then the DNS Domain will NOT be searched.
To troubleshoot problematic network connections, try the following in the Troubleshooting section:
Click the Utility drop-down and select Test DNS.
Click the Resolve drop-down and select IP, then enter the source or destination IP in the IP to resolve field. The test DNS should resolve to a name. If it doesn't, validate the connectivity between the Google Cloud VMware Engine private cloud and the Backup and DR VPC.
Set NFS ingress firewall rules for the backup/recovery appliance
When performing VMware VM mounts using NFS, the backup/recovery appliance provides access to the VMDKs (Virtual Disk File file format) using an NFS datastore. You need to set the ingress firewall rules for the backup appliance to ensure NFS mounts don't encounter unexpected errors.
In the Google Cloud console, go to the Firewall page.
Find the VPC firewall rule for your backup/recovery appliance that contains the following:
Target: Service account for your backup appliance.
tcp: 26, 443, 3260,5107
Edit the firewall rules and add the following:
In the Source IPv4 range, add the system management subnet of your Google Cloud VMware Engine private cloud. Find the system management subnet in Google Cloud VMware Engine portal by navigating to Resources, then Select your private cloud, then Subnets.
tcp: 26, 111, 443, 756, 902, 2049, 3260, 4001, 4045, 5107
udp: 111, 756, 2049, 4001, 4045
Click Save.
To authenticate to the Google Cloud VMware Engine vCenter, you need to retrieve or reset the solution user password using Google Cloud CLI or API commands. For instructions on retrieving or resetting the solution user password, see Get a solution user password.
Add a new vCenter host to the management console
Backup and DR uses VMware vSphere Storage APIs data protection to create backup images of VMware VMs, placing these backup images either in the snapshot pool of the backup/recovery appliance or in OnVault pools. OnVault pools created with the backup vault type store data in the backup vault. See Add vCenter and ESX server hosts to the management console.
To issue API calls, the backup/recovery appliance needs to connect to the vCenter host with a username and password that have authorization to perform the required backup creation actions. In this section, add the vCenter as a host and supply those user credentials that are stored securely by the service.
To add a new vCenter host to the management console, complete the following:
In the management console, go to Manage then Hosts.
Click
Add host.In the Add host field, enter the name and an optional friendly name. The name of a host should start with a letter, and can contain letters and digits (0-9). Underscore (
_
) characters aren't valid in host names.Enter the IP address of the vCenter server appliance in IP address.
In the Appliances section, select the management console managed appliances that you want to serve this host. If the list is long, you can use the search box to find a specific appliance or group of appliances.
From the Host type drop-down, select vCenter and add the following:
Validate the data transport mode, either NFS or SAN. NFS is the default setting and we recommend you don't change it.
Enter the username and password of the solution user you configured earlier to connect to the vCenter server appliance and then use the Test button to validate the added credentials.
Click Add.
Create a backup plan
A backup plan includes a template that defines when and how to capture a backup, and a resource profile that defines where to save the backup.
Refer to Create a backup template to create a template and assign a backup policy.
A resource profile specifies the storage media for VMware VM data backup images. Resource profiles define which snapshot pool is used (if a snapshot policy is in the template) and which OnVault pools are used. For more information, see Create a resource profile.
In this quickstart you will create a resource profile that assigns a backup vault as the storage for the VM backup.
OnVault pools can point to backup vaults (Preview) or to Cloud Storage to store Google Cloud Google Cloud VMware Engine backups. Sending backups to a backup vault provides protection against modification (immutability) and deletion (indelibility). For more information about backup vault, see Backup vault for immutable and indelible backups.
To create and store data in a backup vault (Preview), see Back up VMware Engine into a backup vault.
After you have created a resource profile, you can apply a backup plan template and profile to the VMware VMs.
Discover the VM and apply a backup plan template
You can use the onboarding wizard to discover VMware virtual machines (VMs) managed by a vCenter. Once you have discovered one or more applications, you can protect them all at once by applying a backup template, and resource profile, or you can add them to the applications list as unmanaged or ignored VMs.
Use the following instructions to discover and protect VMware VMs by applying a backup template and resource profile.
Discover VMware VMs
Click App Manager, and select Applications, then click Add Application.
Select Google Cloud VMware Engine.
From the server list, select a vCenter where you want to perform VM discovery and click Next.
On the Manage page, a list of VMs appears. Select a VM to discover and click Next.
Protect VMware VMs
The following steps help you back up Google Cloud VMware Engine:
Apply the backup policy template and resource profile to the Google Cloud VMware Engine instance:
Select a VM that you want to protect.
Select Manage backup configuration.
From the Choose action drop-down list, select Manage backup configuration. The Choose template drop-down list opens.
Select a template. The Choose profile drop-down list opens.
Click Apply backup plan.
If there are multiple VMs and you want to make the same changes to all the VMs, click Define settings for all applications and make the necessary changes.
Click Application Settings for each VM in the list to make changes to the default configuration.
The Application Details and Settings page opens. See Configure application settings for VMs.
Click Next.
Review the summary screen. If everything is accurate, select Finish to complete the onboarding process. The selected VMs are backed up based on the backup policy template you select.
After onboarding is complete, a dialog appears. Click Finish again. Once the policy template is attached to the selected VMs, the status changes to a green check mark. The green check indicates that a backup job can be run for the VM within the schedule by the policy.
If you want to run the job immediately, run an on-demand backup as follows:
- Click the App Manager tab and select Applications from the list. The Applications page opens.
- Select an Google Cloud VMware Engine instance and then click Manage Backup Configuration from the drop-down list at the bottom right corner of the page.
- From the Policies drop-down, select Snapshot.
- Enter a name into the Label field, and click Run Now. An on-demand backup is triggered for the selected policy.
- You can view the progress of the Google Cloud VMware Engine backup job from the Jobs tab. See monitor jobs.
Recover a VMware VM
There are two ways to recover your VMware VM:
Use the restore function to restore data from a backup image. To restore a VM, see Restore data from a backup image..
Cloning a VMware VM backup creates a new VMware VM that has no dependency on a backup/recovery appliance. As with a restore operation, it copies all the data before the VM is available. To clone a VM, see Clone an image of a VM.
Monitor
You can view the progress of the Google Cloud VMware Engine backup job from the Jobs tab. See monitor jobs.