[VMC on AWS] Veritas NetBackup for VMware Cloud on AWS
search cancel

[VMC on AWS] Veritas NetBackup for VMware Cloud on AWS

book

Article ID: 329484

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

This article provides information about Veritas NetBackup 10 support for VMware Cloud on AWS.

Disclaimer:  The partner solution referenced in this article is a solution that is developed and supported by a partner. The use of this product is also governed by the end-user license agreement of the partner. You must obtain from the partner the application, support, and licensing for using this product. For more information, see NetBackup Virtual Data Protection.


Resolution

Here is a summary of target use cases, solution architecture, solution components, and support information.

Use cases that are supported on VMware Cloud on AWS
Veritas NetBackup 10 and later provides a wide range of virtual machine protection and recovery operations. For details on all the features of NetBackup for VMware, see the Veritas NetBackup for VMware Administrator's Guide, available here.

Use cases that are not supported on VMware Cloud on AWS
Veritas NetBackup 10 does not currently support the following features as the required infrastructure is not supported by VMware Cloud on AWS:
  • The NetBackup Instant Recovery feature for virtual machines, or the Instant Access virtual machines feature of the NetBackup Web User Interface.  AWS does not support the mounting of NFS data stores which is required for IA and IR.
  • The NetBackup vSphere Client (HTML5) plugin.
  • Virtual machine locking or unlocking for virtual machine backups or restores.   VMware does not allow permissions to enable and disable methods for locking/unlocking in VMware Cloud on AWS.
  • The “Post vCenter events” option of NetBackup VMware policies and setting the NB_LAST_BACKUP attribute. 
  • The NBD, NBDSSL, and SAN transport modes.  VMware Cloud on AWS supports the HotAdd transport mode only.
  • Agentless- requires connection to ESX server from the restore host (firewall rules to access).
  • Instant rollback is not supported.  This feature depends upon NBD transport mode.  As VMware Cloud on AWS does not support NBD, NetBackup Instant rollback is not supported.
For further updates and limitations, see “Support for NetBackup in a Virtual Environment” available here.

Solution Architecture
NetBackup employs a primary server and optional media servers to provide data protection services for virtual machines hosted on VMware vSphere. The NetBackup primary server uses the HotAdd transport mode for efficient backup and restore of VMs that reside on a vSAN datastore cluster.  The HotAdd transport mode requires a backup host (proxy) installed in a VM. The backup host in the VM performs the backup and restore processing. The backup host can be a NetBackup client, a NetBackup media server, or a NetBackup virtual appliance. NetBackup media servers provide higher scalability and improve restore performance.

Note the following:
  • The backup host must reside on a VMware server that has access to the datastore where the vmdk files to be backed up are deployed.
  • The HotAdd transport mode is the only transport mode that VMC supports. 
  • VMware recommends that backups not be stored in the vSAN datastore.
Three NetBackup architectures are available to suit a variety of requirements.   

Architecture 1: NetBackup servers installed in AWS VPS
Graphical user interface  Description automatically generated

The NetBackup primary server and media server are installed in the Amazon Virtual Private Cloud (AWS VPC).  In this architecture, the only resources required on the VMware Cloud (VMC) are the backup hosts (proxies) installed in the VMs.  NetBackup uses client-side deduplication to reduce the data that is sent to AWS. This architecture is beneficial when VMC resources are limited or when the NetBackup servers in AWS must support other backup operations.

Architecture 2: NetBackup servers and backup hosts installed in VMC
Graphical user interface  Description automatically generated with medium confidence
All NetBackup components are installed in the VMC: primary server, media server, and backup hosts.  AWS S3 is used only for back-end storage. This architecture suits environments in which the VMC resources can easily accommodate the backup services.
For details on how NetBackup works with AWS S3 storage, see Chapter 3, “Configuring cloud storage,” in the Veritas NetBackup Cloud Administrator's Guide, available here.

Architecture 3: NetBackup virtual appliance installed in VMC

The NetBackup virtual appliance is installed in VMC. This architecture suits environments in which the VMC resources can easily accommodate the backup services.
For details on deploying a NetBackup virtual appliance, see the Veritas NetBackup Virtual Appliance Getting Started Guide, available here.

Solution Components
NetBackup works with the following components:
  • NetBackup 10 primary server to communicate with VMware vCenter servers.
  • NetBackup 10  media servers to allow for additional scalability of the NetBackup solution.
  • NetBackup 10  client in the VM to provide HotAdd backup and restore and allow for user-directed file and folder restores.

NetBackup installation notes
When installing NetBackup, note the following:
  • When installing the NetBackup primary server in either AWS or VMC (architecture 1 or 2), use the private DNS name as the primary server name.
  • When installing the NetBackup primary server on AWS and the backup host on VMC (architecture 1), add the following entries to the hosts file on the primary server and the backup host:
    • The private IP and the private DNS of the primary server.
    • The IP and the DNS name of the backup host.
The hosts file location on Windows:
C:\Windows\System32\drivers\etc\hosts
The hosts file location on Linux:
/etc/hosts
Note: For troubleshooting assistance, see “Issues with the CA certificate during installation of the NetBackup client on VMware Cloud (VMC)” in the NetBackup for VMware Administrator's Guide, available here.
  • Make sure that NetBackup can communicate between the primary server, media server, and clients as described in the NetBackup firewall port requirements article.
  • Create a NetBackup authorization token. See the following topic in the NetBackup Security and Encryption Guide: Creating authorization tokens.
  • When adding credentials to NetBackup for a vCenter server, enter the vCenter name as a fully qualified domain name.

VMware Cloud on AWS Network configuration

Enter firewall rules
Once the SDDC is created, do the following to create firewall rules for the NetBackup primary server, media server, and backup host (proxy).
For architecture 1 (NetBackup primary and media server on AWS and the backup host on VMC):
  1. In the VMware Cloud on AWS console, click View Details > Network.
  2. Under Management Gateway > Firewall Rules, click ADD RULE to create a rule with the following values:
Rule name: Compute2VC
Action: Allow
Source: Public IP of the Compute Gateway
Destination: vCenter
Service: HTTPS (TCP 443)
Ports: 443
  1. To connect the ENI between VMC on AWS and AWS VPC, go to Compute Gateway > Firewall Rules and click ADD RULE.
Rule Name: ENI-In
Action: Allow
Source: All connected Amazon VPC
Destination:  IP of the backup host
Service: Custom TCP
Ports: 1556, 13724, 10102, 10082


Rule Name: ENI-Out
Action: Allow
Source: IP of the backup host
Destination: All connected Amazon VPC
Service: Custom TCP
Ports: 1556, 13724, 10102, 10082
         4. Click ADD RULE again and enter the following:
Rule Name: vms2vc
Action: Allow
Source: IP of the backup host
Destination: vCenter
Service: HTTPS (TCP 443)
Ports: 443


For architectures 2 and 3 (NetBackup primary server, media server, and backup host on VMC, or NetBackup virtual appliance on VMC; NetBackup storage on AWS S3):
  1. To create an S3 endpoint and access S3 buckets from VMC, see the VMware document Access an S3 Bucket Using an S3 Endpoint.
  2. In the VMware Cloud on AWS console, click View Details > Network.
  3. Under Management Gateway > Firewall Rules, click ADD RULE to create a rule with the following values:
Rule name: Compute2VC
Action: Allow
Source: Public IP of Compute Gateway
Destination: vCenter
Service: HTTPS (TCP 443)
Ports: 443
  1. Under Compute Gateway > Firewall Rules, click ADD RULE to enter the following:
Rule Name: vms2vc
Action: Allow
Source: IP of the primary server
Destination: vCenter
Service: HTTPS (TCP 443)
Ports: 443
  1. To create the ENI, under Compute Gateway > Firewall Rules, click ADD RULE:
Rule Name: vms2vpc
Action: Allow
Source: IP of the primary server
Destination: All Connected Amazon VPC
Service: HTTPS (TCP 443)
Ports: 443
  1. To create NetBackup cloud storage, see the following article in the NetBackup Cloud Administrator's Guide: Amazon S3 cloud storage provider options

Interoperability with VMware Cloud on AWS product features
For a detailed list of VMware versions that NetBackup supports, see the “Virtual Systems Compatibility” section of the NetBackup Software Compatibility List (SCL) available here.

Support Information 
All Veritas customers with capacity, traditional or subscription licensing actively under maintenance are supported according to the terms of their Veritas support contract. For further information about NetBackup licensing, see the following or contact your Veritas support representative:
About NetBackup licensing models
Veritas Technical Support