All Products
Search
Document Center

Cloud Backup:Before you begin (on-premises VMware)

Last Updated:Dec 06, 2024

This topic describes how to install and activate a disaster recovery gateway in an on-premises VMware environment. After you activate the disaster recovery gateway, you can create backup and restore jobs in the Cloud Backup console. Cloud Backup allows you to back up on-premises VMware virtual machines (VMs) and restore the backup VMs if required.

(Recommended) Use the AccessKey pair of a RAM user for backup and disaster recovery

Resource Access Management (RAM) is an Alibaba Cloud service that allows you to manage user identities and control access to resources. RAM allows you to create and manage multiple identities for an Alibaba Cloud account, and grant multiple permissions to a single identity or a group of identities. This way, you can authorize different identities to access different Alibaba Cloud resources.

An AccessKey pair is required when you activate a disaster recovery gateway. If you use the AccessKey pair of your Alibaba Cloud account, all cloud resources that belong to your account may be exposed to security risks. We recommend that you use an AccessKey pair of a RAM user to activate the disaster recovery gateway. Before you back up data, make sure that you have created a RAM user and an AccessKey pair. For more information, see Create a RAM user and Create an AccessKey pair.

Prerequisites

  • Cloud Backup is activated. You are not charged for activating Cloud Backup. If you use the VMware backup and disaster recovery feature of Cloud Backup, you are charged for the Cloud Backup client that you use to back up VMware VMs and the storage usage of backup vaults. For more information, see Billing.

  • The VMware username and password used to access the vCenter Server and its resources are obtained.

Usage notes

Step 1: Create a backup account

To ensure that Cloud Backup can back up on-premises VMware VMs as expected, you must create a VMware username and password for Cloud Backup to access vCenter Server and its resources. In vCenter Server, you can create a VMware role and a VMware user and then assign the VMware role to the VMware user.

  1. Log on to the vSphere Web Client.

  2. Create a VMware role.

    1. Click Menu and select Administration.

      administrator

    2. On the Roles tab, click the plus icon.

      role

    3. In the New Role dialog box, select the required permissions for the role based on the following tables. Click NEXT.

      Note

      The locations and categories of permissions may vary with the vCenter version. Proceed with caution when you query the information.

      • Required permissions in vCenter 8.0

        Category

        vCenter 8.0

        Datastore

        Datastore > Configure datastore

        Datastore > Allocate space

        Datastore > Browse datastore

        Datastore > Low level file operations

        Global

        Global > Disable methods

        Global > Enable methods

        Global > Licenses

        Global > Log event

        Global > Manage custom attributes

        Global > Set custom attribute

        Host

        Host > Local operations > Create virtual machine

        Network

        Network > Assign network

        Resource

        Resource > Assign virtual machine to resource pool

        vApp

        vApp > Add virtual machine

        vApp > Assign resource pool

        vApp > Unregister

        VirtualMachine

        VirtualMachine > Configuration > Add or remove Device

        Virtual machine > Configuration > Acquire disk lease

        Virtual machine > Configuration > Add new disk

        Virtual machine > Configuration > Advanced configuration

        Virtual machine > Configuration > Toggle disk change tracking

        Virtual machine > Configuration > Configure Host USB device

        Virtual machine > Configuration > Extend virtual disk

        Virtual machine > Configuration > Query unowned files

        Virtual machine > Configuration > Change Swapfile placement

        Virtual machine > Guest Operations > Guest operation program execution

        Virtual machine > Guest Operations > Guest operation modifications

        Virtual machine > Guest Operations > Guest operation queries

        Virtual machine > Interaction > Connect devices

        Virtual machine > Interaction > Guest operating system management by VIX API

        Virtual machine > Interaction > Power Off

        Virtual machine > Inventory > Create new

        Virtual machine > Inventory > Remove

        Virtual machine > Inventory > Register

        Virtual machine > Provisioning > Allow disk access

        Virtual machine > Provisioning > Allow file access

        Virtual machine > Provisioning > Allow read-only disk access

        Virtual machine > Provisioning > Allow virtual machine download

        Virtual machine > Snapshot management > Create snapshot

        Virtual machine > Snapshot management > Remove Snapshot

        Virtual machine > Snapshot management > Revert to snapshot

      • Required permissions in vCenter 7.0

        Category

        vCenter 7.0

        Datastore

        Datastore > Configure datastore

        Datastore > Allocate space

        Datastore > Browse datastore

        Datastore > Low level file operations

        Global

        Global > Disable methods

        Global > Enable methods

        Global > Licenses

        Global > Log event

        Global > Manage custom attributes

        Global > Set custom attribute

        Host

        Host > Local operations > Create virtual machine

        Network

        Network > Assign network

        Resource

        Resource > Assign virtual machine to resource pool

        vApp

        vApp > Add virtual machine

        vApp > Assign resource pool

        vApp > Unregister

        VirtualMachine

        VirtualMachine > Configuration > Add or remove Device

        Virtual machine > Configuration > Acquire disk lease

        Virtual machine > Configuration > Add new disk

        Virtual machine > Configuration > Advanced configuration

        Virtual machine > Configuration > Toggle disk change tracking

        Virtual machine > Configuration > Configure Host USB device

        Virtual machine > Configuration > Extend virtual disk

        Virtual machine > Configuration > Query unowned files

        Virtual machine > Configuration > Change Swapfile placement

        Virtual machine > Guest Operations > Guest operation program execution

        Virtual machine > Guest Operations > Guest operation modifications

        Virtual machine > Guest Operations > Guest operation queries

        Virtual machine > Interaction > Connect devices

        Virtual machine > Interaction > Guest operating system management by VIX API

        Virtual machine > Interaction > Power Off

        Virtual machine > Inventory > Create new

        Virtual machine > Inventory > Remove

        Virtual machine > Inventory > Register

        Virtual machine > Provisioning > Allow disk access

        Virtual machine > Provisioning > Allow file access

        Virtual machine > Provisioning > Allow read-only disk access

        Virtual machine > Provisioning > Allow virtual machine download

        Virtual machine > Snapshot management > Create snapshot

        Virtual machine > Snapshot management > Remove Snapshot

        Virtual machine > Snapshot management > Revert to snapshot

      • Required permissions in vCenter 6.7

        Category

        vCenter 6.7

        Datastore

        Datastore > Configure datastore

        Datastore > AllocateSpace

        Datastore > Browse datastore

        Datastore > Low-level file operations

        Global

        Global > Disable methods

        Global > Enable methods

        Global > Licenses

        Global > Log event

        Global > Manage custom attributes

        Global > Set custom attribute

        Host

        Host > Local operations > Create virtual machine

        Network

        Network > Assign network

        Resource

        Resource > Assign virtual machine to resource pool

        vApp

        vApp > Add virtual machine

        vApp > Assign resource pool

        vApp > Unregister

        VirtualMachine

        VirtualMachine > Configuration > Add Or Remove Device

        Virtual machine > Configuration > Acquire disk lease

        Virtual machine > Configuration > Add new disk

        Virtual machine > Configuration > Advanced configuration

        Virtual machine > Configuration > Toggle disk change tracking

        Virtual machine > Configuration > Configure Host USB device

        Virtual machine > Configuration > Extend virtual disk

        Virtual machine > Configuration > Query unowned files

        Virtual machine > Configuration > Change Swapfile placement

        Virtual machine > Guest Operations > Guest Operation Program Execution

        Virtual machine > Guest Operations > Guest Operation Modifications

        Virtual machine > Guest Operations > Guest Operation Queries

        Virtual machine > Interaction > Device connection

        Virtual machine > Interaction > Guest operating system management by VIX API

        Virtual machine > Interaction > Power Off

        Virtual machine > Inventory > Create new

        Virtual machine > Inventory > Remove

        Virtual machine > Inventory > Register

        Virtual machine > Provisioning > Allow disk access

        Virtual machine > Provisioning > Allow file access

        Virtual machine > Provisioning > Allow read-only disk access

        Virtual machine > Provisioning > Allow virtual machine download

        Virtual machine > Snapshot management > Create snapshot

        Virtual machine > Snapshot management > Remove Snapshot

        Virtual machine > Snapshot management > Revert to snapshot

    4. Specify Role name and Description, and then click Finish.

      We recommend that you specify an informative name to identify the role, for example, HBRBackupAdminRole.role name

  3. Create a VMware user.

    1. Click Menu and select Administration.

    2. On the Users and Groups tab, select a local domain name from the Domain drop-down list and click ADD USER.

      add user

    3. In the Add User dialog box, specify User name and Password, and then click ADD.

      We recommend that you specify an informative name to identify the user, for example, BackupAdmin.

      Important

      You must remember the username and password and keep them confidential. When you add a vCenter Server in the Cloud Backup console, you must specify the username and password.

  4. Assign the VMware role to the VMware user.

    1. Click Menu and select Administration.

    2. On the Global Permissions tab, click the plus icon.

      global permissions

    3. In the Add Permission dialog box, configure the parameters and then click OK. The following table describes the parameters.

      add permissions

      Parameter

      Description

      Domain

      Select a local domain name.

      User/Group

      Select the VMware user that you created in Step 3.

      Role

      Select the VMware role that you created in Step 2.

      Propagate to children

      Select the check box.

Step 2: Create a disaster recovery gateway

A disaster recovery gateway helps you back up and restore data. To configure a disaster recovery gateway and download the gateway to the server where the vSphere Client is deployed, perform the following steps:

  1. On the server where the vSphere Client is deployed, log on to the Cloud Backup console.

  2. In the left-side navigation pane, choose Backup > VMware Backup & Disaster Recovery.

  3. In the top navigation bar, select a region.

  4. On the VMware Backup & Disaster Recovery page, click Create Backup & Disaster Recovery Gateway.

  5. In the Create Backup & Disaster Recovery Gateway panel, configure the parameters and then click Create.

    The following table describes the parameters.

    Parameter

    Description

    Backup Vault

    The backup vault to which you want to store backup data.

    • Create Vault: If you select this option, specify a name for the backup vault in the Vault Name field. If you do not configure this parameter, a random name is specified.

    • Select Vault: If you select this option, select a backup vault from the Vault Name drop-down list.

    Important

    After you create a backup vault and store backup data, you are charged for the storage usage of the backup vault. For more information, see Billing methods and billable items.

    To maximize the redundancy of your backup data, Cloud Backup uses zone-redundant storage (ZRS)-enabled backup vaults by default in regions that support ZRS-enabled backup vaults. For regions that support only locally redundant storage (LRS)-enabled backup vaults, Cloud Backup uses LRS-enabled backup vaults. You do not need to manually select a backup vault type.

    Vault Name

    The name of the backup vault.

    Vault Resource Group

    This parameter is required only if you set the Backup Vault parameter to Create Vault. This parameter specifies the resource group to which the backup vault belongs.

    You can use resource groups to manage resources owned by your Alibaba Cloud account. Resource groups help you simplify the resource and permission management of your Alibaba Cloud account. For more information, see Create a resource group.

    Gateway Name

    The gateway name. The name must be 1 to 64 characters in length.

    VMware Platform

    The VMware platform on which the VM is deployed. In this example, select On-premise vSphere.

    • On-premise vSphere: The VM is deployed in a VMware environment on the on-premises server.

    • Alibaba Cloud VMware Services (ACVS): The VM is deployed on Alibaba Cloud VMware Service (ACVS).

    Network Type

    The network type. In this example, select Internet.

    • VPC: Select this option if the VM that you want to back up resides in a virtual private cloud (VPC) and the VPC is in the same region as the backup vault.

      Note

      VMware VM backup clients must be connected to VPCs by using routes. You must also make sure that you can use a VMware VM backup client to access one of the following CIDR blocks from an on-premises VMware VM: 100.64.0.0/10, 100.64.0.0/11, and 100.96.0.0/11.

    • Internet: Select this option if no VPCs are available.

    Use HTTPS

    Specifies whether to use HTTPS to transmit encrypted data that is stored in the backup vault. If you use HTTPS to transmit data, the performance of data transmission is degraded. If you modify the setting of the Use HTTPS switch, the modification takes effect on the next backup or restore job.

  6. In the Create Backup & Disaster Recovery Gateway panel, click Download Gateway and Download Certificate.

    Note

    The disaster recovery gateway is used to connect your VM to Cloud Backup, and the certificate is used to activate the disaster recovery gateway. On the Backup & Disaster Recovery Gateway tab, you can download and deploy a disaster recovery gateway at any time.

Step 3: Install the disaster recovery gateway

After you download the gateway and certificate, you need to install the gateway in your VMware environment. After the gateway is installed, you can run backup and restore jobs in the Cloud Backup console. To install the gateway, perform the following steps:

  1. Log on to the vSphere Web Client.

    • Cloud Backup supports only vCenter Server 6.7 and later.

    • You can use a browser to log on to the Flash-based or HTML5-based vSphere Web Client.

  2. In the left-side navigation pane, right-click the VM and select Deploy OVF Template from the shortcut menu.

    deploy ovfFor more information, see Deploying OVF and OVA Templates.

    1. In the Deploy OVF Template dialog box, select Local file. Click UPLOAD FILES, select the gateway package that you downloaded, and then click NEXT.

      upload

      Note

      To reduce the download time, Cloud Backup provides a client package in the Open Virtual Appliance (OVA) format. You can use the package to deploy Open Virtual Format (OVF) templates on the vSphere Web Client.

    2. Enter the name of the VM, select the location where you want to deploy the VM, and then click NEXT.

      vmname

    3. Select the location where you want to run the deployed template and click NEXT.

      ziyuan

    4. Verify the template details and click NEXT.

      yanzheng

    5. Select the format of the virtual disk, select a storage resource to which you want to store the files of the deployed template, and then click NEXT.

      storage

    6. Select a destination network for each source network and click NEXT.

      network

    7. Configure the required deployment properties for the software solution and click NEXT.

      • If you use DHCP to obtain an IP address, you do not need to specify the Gateway, IP, and Netmask parameters. If you use a static IP address, you must specify the preceding parameters based on the obtained IP address.

      • You must make sure that the specified primary DNS server and secondary DNS server can resolve the domain names of Cloud Backup, vCenter, and ESXi.

      • Set the Admin User Name and Admin User Password parameters to the username and password of the gateway VM that you created. This user has root permissions and can be used to log on to the VM.

      zidingyi

    8. Verify the configurations and click FINISH.

      check

  3. On the Recent Tasks page, view the progress of each deployment task.

    recenttask

Step 4: Activate the disaster recovery gateway

  1. After the deployment tasks are completed, start the VM on which the OVF template is deployed.

  2. Open a browser, and then enter http://hostname:8011 in the address bar.

    The value of hostname is the IP address of the VM on which the OVF template is deployed.

  3. On the Register page, configure the parameters and click Register to log on to the disaster recovery gateway. The following table describes the parameters.

    注册

    Parameter

    Description

    AccessKey ID

    The AccessKey ID and AccessKey secret of the RAM user that is used to access Cloud Backup. You can obtain the AccessKey ID and AccessKey secret of a RAM user from your Alibaba Cloud account for which Cloud Backup is activated. For more information, see How do I create an AccessKey pair for a RAM user?

    Note

    The AccessKey pair used to activate the disaster recovery gateway may expire and be rotated. If the AccessKey pair is rotated, you must reactivate the disaster recovery gateway. Otherwise, the backup fails. For more information, see How do I change the AccessKey pair of a gateway used for VMware backup and disaster recovery?

    AccessKey Secret

    Password

    The password that is used to log on to the gateway. The password must be at least six characters in length.

    Certificate

    The certificate that you downloaded from the Cloud Backup console. If the gateway is shut down for more than five days after you use the certificate to activate the gateway, the certificate expires. You must download a new certificate and reactivate the gateway.

    After the gateway is installed, the status of the gateway changes to Activated on the Backup & Disaster Recovery Gateway tab of the VMware Backup & Disaster Recovery page. You can perform the following operations in the Actions column:

    • Throttle Bandwidth: You can set traffic limits in different time periods to prevent backup jobs from consuming excessive VMware resources.

    • More:

      • Download Gateway: You can download the installation package of the disaster recovery gateway.

      • Download Certificate: You can download the certificate used to activate the disaster recovery gateway.

      • Delete: After you delete a Cloud Backup client, the backup data is also deleted and running backup and restore jobs fail. Before you delete a Cloud Backup client, make sure that you no longer need the backup data generated by the client and no backup or restore jobs are being performed by the client.

      • Gateway Settings: You can specify whether to transfer data over HTTPS, the maximum number of worker threads, and the maximum number of CPU cores.

Why am I unable to upload an OVA template?

You may be unable to upload an OVA template because the vCenter Server version of the vSphere Web Client is not supported, the browser is not supported by the vCenter Server, or the language of the browser is not supported. Perform the following steps to troubleshoot the error:

  • Check whether the vCenter Server version of the vSphere Web Client is supported by Cloud Backup. Cloud Backup supports only vCenter Server 6.7 and later.

  • If a message appears to remind you of a common error when you deploy an OVA template, we recommend that you change the language of your browser to English and then deploy the OVA template again.

Why am I unable to add a vCenter Server instance to the disaster recovery gateway even if the IP address, username, and password are correct?

A vCenter Server may fail to be added if the password contains the following special characters:

` ^ ~ = ; ! / ( [ ] { } @ $ \ & # % +

Note

We recommend that you create a vCenter Server account that is dedicated for backup. The account must have the permissions of the administrator role. We recommend that you use periods (.) instead of other special characters in the password of the account. For more information, see Step 1: Create a backup account.

What to do next

Back up VMware VMs