[VMC on AWS] Veritas NetBackup for VMware Cloud on AWS
book
Article ID: 329484
calendar_today
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
This article provides information about Veritas NetBackup 10 support for VMware Cloud on AWS.
Disclaimer: The partner solution referenced in this article is a solution that is developed and supported by a partner. The use of this product is also governed by the end-user license agreement of the partner. You must obtain from the partner the application, support, and licensing for using this product. For more information, see NetBackup Virtual Data Protection.
Resolution
Here is a summary of target use cases, solution architecture, solution components, and support information.
Use cases that are supported on VMware Cloud on AWS Veritas NetBackup 10 and later provides a wide range of virtual machine protection and recovery operations. For details on all the features of NetBackup for VMware, see the Veritas NetBackup for VMware Administrator's Guide, available here.
Use cases that are not supported on VMware Cloud on AWS Veritas NetBackup 10 does not currently support the following features as the required infrastructure is not supported by VMware Cloud on AWS:
The NetBackup Instant Recovery feature for virtual machines, or the Instant Access virtual machines feature of the NetBackup Web User Interface. AWS does not support the mounting of NFS data stores which is required for IA and IR.
The NetBackup vSphere Client (HTML5) plugin.
Virtual machine locking or unlocking for virtual machine backups or restores. VMware does not allow permissions to enable and disable methods for locking/unlocking in VMware Cloud on AWS.
The “Post vCenter events” option of NetBackup VMware policies and setting the NB_LAST_BACKUP attribute.
The NBD, NBDSSL, and SAN transport modes. VMware Cloud on AWS supports the HotAdd transport mode only.
Agentless- requires connection to ESX server from the restore host (firewall rules to access).
Instant rollback is not supported. This feature depends upon NBD transport mode. As VMware Cloud on AWS does not support NBD, NetBackup Instant rollback is not supported.
For further updates and limitations, see “Support for NetBackup in a Virtual Environment” available here.
Solution Architecture NetBackup employs a primary server and optional media servers to provide data protection services for virtual machines hosted on VMware vSphere. The NetBackup primary server uses the HotAdd transport mode for efficient backup and restore of VMs that reside on a vSAN datastore cluster. The HotAdd transport mode requires a backup host (proxy) installed in a VM. The backup host in the VM performs the backup and restore processing. The backup host can be a NetBackup client, a NetBackup media server, or a NetBackup virtual appliance. NetBackup media servers provide higher scalability and improve restore performance.
Note the following:
The backup host must reside on a VMware server that has access to the datastore where the vmdk files to be backed up are deployed.
The HotAdd transport mode is the only transport mode that VMC supports.
VMware recommends that backups not be stored in the vSAN datastore.
Three NetBackup architectures are available to suit a variety of requirements.
Architecture 1:NetBackup servers installed in AWS VPS
The NetBackup primary server and media server are installed in the Amazon Virtual Private Cloud (AWS VPC). In this architecture, the only resources required on the VMware Cloud (VMC) are the backup hosts (proxies) installed in the VMs. NetBackup uses client-side deduplication to reduce the data that is sent to AWS. This architecture is beneficial when VMC resources are limited or when the NetBackup servers in AWS must support other backup operations.
Architecture 2:NetBackup servers and backup hosts installed in VMC All NetBackup components are installed in the VMC: primary server, media server, and backup hosts. AWS S3 is used only for back-end storage. This architecture suits environments in which the VMC resources can easily accommodate the backup services. For details on how NetBackup works with AWS S3 storage, see Chapter 3, “Configuring cloud storage,” in the Veritas NetBackup Cloud Administrator's Guide, available here.
Architecture 3:NetBackup virtual appliance installed in VMC The NetBackup virtual appliance is installed in VMC. This architecture suits environments in which the VMC resources can easily accommodate the backup services. For details on deploying a NetBackup virtual appliance, see the Veritas NetBackup Virtual Appliance Getting Started Guide, available here.
Solution Components NetBackup works with the following components:
NetBackup 10 primary server to communicate with VMware vCenter servers.
NetBackup 10 media servers to allow for additional scalability of the NetBackup solution.
NetBackup 10 client in the VM to provide HotAdd backup and restore and allow for user-directed file and folder restores.
NetBackup installation notes When installing NetBackup, note the following:
When installing the NetBackup primary server in either AWS or VMC (architecture 1 or 2), use the private DNS name as the primary server name.
When installing the NetBackup primary server on AWS and the backup host on VMC (architecture 1), add the following entries to the hosts file on the primary server and the backup host:
The private IP and the private DNS of the primary server.
The IP and the DNS name of the backup host.
The hosts file location on Windows: C:\Windows\System32\drivers\etc\hosts The hosts file location on Linux: /etc/hosts Note: For troubleshooting assistance, see “Issues with the CA certificate during installation of the NetBackup client on VMware Cloud (VMC)” in the NetBackup for VMware Administrator's Guide, available here.
Make sure that NetBackup can communicate between the primary server, media server, and clients as described in the NetBackup firewall port requirements article.
Create a NetBackup authorization token. See the following topic in the NetBackup Security and Encryption Guide: Creating authorization tokens.
When adding credentials to NetBackup for a vCenter server, enter the vCenter name as a fully qualified domain name.
VMware Cloud on AWS Network configuration
Enter firewall rules Once the SDDC is created, do the following to create firewall rules for the NetBackup primary server, media server, and backup host (proxy). For architecture 1 (NetBackup primary and media server on AWS and the backup host on VMC):
In the VMware Cloud on AWS console, click View Details > Network.
Under Management Gateway > Firewall Rules, click ADD RULE to create a rule with the following values:
Rule name: Compute2VC Action: Allow Source: Public IP of the Compute Gateway Destination: vCenter Service: HTTPS (TCP 443) Ports: 443
To connect the ENI between VMC on AWS and AWS VPC, go to Compute Gateway > Firewall Rules andclick ADD RULE.
Rule Name: ENI-In Action: Allow Source: All connected Amazon VPC Destination: IP of the backup host Service: Custom TCP Ports: 1556, 13724, 10102, 10082
Rule Name: ENI-Out Action: Allow Source: IP of the backup host Destination: All connected Amazon VPC Service: Custom TCP Ports: 1556, 13724, 10102, 10082 4. Click ADD RULE again and enter the following: Rule Name: vms2vc Action: Allow Source: IP of the backup host Destination: vCenter Service: HTTPS (TCP 443) Ports: 443
For architectures 2and 3 (NetBackup primary server, media server, and backup host on VMC, or NetBackup virtual appliance on VMC; NetBackup storage on AWS S3):
Interoperability with VMware Cloud on AWS product features For a detailed list of VMware versions that NetBackup supports, see the “Virtual Systems Compatibility” section of the NetBackup Software Compatibility List (SCL) available here.
Support Information All Veritas customers with capacity, traditional or subscription licensing actively under maintenance are supported according to the terms of their Veritas support contract. For further information about NetBackup licensing, see the following or contact your Veritas support representative: About NetBackup licensing models Veritas Technical Support
For further information on the HotAdd transport mode with NetBackup, see Notes on the HotAdd transport mode in the Veritas NetBackup for VMware Administrator's Guide.
For log directories for NetBackup for VMware, see NetBackup logging for VMware in the Veritas NetBackup for VMware Administrator's Guide.
For broader information on NetBackup logging, see Using logs in the Veritas NetBackup Logging Reference Guide.