VMware backup using the
Symantec Netbackup
Overview:-
Symantec
Netbackup has the ability to take the backup of VMs in the ESXi host level as a
VMDK file. This feature will enable to the Full VM recovery in case of system
recovery. This ability in Netbackup helps to reduce the recovery time and gives
the better recovery time objective (RTO).
Taking the backup in VM host
level is the one of the advanced features in Netbackup which has been enhanced
in Netbackup 7.5. This can be integrated with the VSphere to have the centralized management of backups and also
it can be integrated with the individual ESXi hosts.
Using the Symantec Netbackup
VMware backup Method Full VM can be recovered and also individual directories
and files also can be recovered.
·
Symantec
Netbackup deals with the ESXi hosts so that it will not have any performance
impact and resource utilization on VM guest level.
·
Full VM recover
is possible in to the same location and also in Different locations like data
store / ESXi /resource pool /VCenter is possible.
·
Capable of taking
backups even the VM guest is powered off.
·
It do use
Snapshot technology to minimize the backup access to the Original VM and reduce
the performance impact.
Compatibility matrix:-
Netbackup 7.5.0.5 version is
the full supported Netbackup version for VSphere
5.1 including with the VM Hardware version 9. It is
always recommended to have the updated version/patch in Netbackup backup host
level to catch up with all enhanced features in Netbackup.
Refer the below Document for
the latest updates on the compatibility and support matrix for the virtual
environments
Configuration
overview:-
Netbackup integration with VMware can be completed with
different ways which has been discussed in detail in below scenarios section.
Below are the few considerations that need to consider for
the Netbackup configuration with VMware level backups.
License: -
Symantec Netbackup
needs to have the Enterprise Client
License to have the VMware backup configured. This can be obtained from the
Symantec before going for the VMware backup configurations.
Access privileges: -
Integration of Netbackup with VMware requires
access privileges in VSphere level or in ESXi level to browse the VMs, data
stores and also to handle the snapshot requests for VMs in backup.
Read privileges over the
VCenter or ESXi host is enough to perform the backup operations where are to
perform the restore activities Full
Privileges is required to create a Virtual machines at the time of restores.
ESXi recovery host can be
used to recover the VMs with Full privileges if it is not possible to get the
Full privileges over the VCenter.
All VCenter or ESXi
credentials needs to be add in the Netbackup before staring the policy configurations.
Netbackup GUIà
Media and Device ManagementàCredentialsàVirtual
Machine Servers
Backup host:-
Backup host is the server that actually communicates with
the VM environment for the backup and restores activities; this backup host can
be the Netbackup Master/media server or also a Netbackup client.
When backup host is the Netbackup master or Media server the
is not additional configuration require to define as a backup host.
if its requires to
use as a backup host other than Netbackup master and media servers that backup
host needs to have the Netbackup client software installed and need to defined
as a backup host for VMs in Master server host properties à
VMware access hosts.
Currently Windows, RHEL and SUSE Linux OS are supported as
Backup hosts.
Support platforms for backup hosts are listed in support
matrix
Port requirement:-
Ports 443 and 902 TCP ports are required to have
communication. These 2 ports have specific purpose in the VADP setup.
Port 443:- is used to communicate with the VCenter for the
VM Discovery and the backup and restore operations like snapshot creations and
snapshot deletions.
Port 902:- is to have the communication with ESXi host in
case of using the transport method NBD or NBDSSL transport.
If SAN transport is being used for Backup and restores
activities then having the communication with the port 902 is not required.
Transport methods:-
Transport defines the path of the data travel from the
source to the backup host. Netbackup provides multiple transport methods to
send the data to backup host.
To take the backups 4 different transport methods are
available in Netbackup.
1)
SAN Transport
2)
NBD Transport
3)
HOTADD Transport
4)
NBDSSL Transport
SAN transport and NBD transport are widely used methods.
1) SAN Transport:-
Backup data traffic moves over the SAN
transport from storage to directly to the Backup host. SAN transport method
requires mapping the storage LUNs that are begin used by the data stores to the
backup host also. It will enable the SAN transport to the backup shots and
sends data directly from storage to the Backup servers
LAN communication is only to require having the VM Discovery
and the backup and restore operations like snapshot creations and snapshot
deletions over the TCP port 443.
2) NBD (LAN) Transport
Backup data will travel form over the network from the ESXi
hosts or VCenter (in case of using the VCenter) to the backup host using the
port number 902. This transport depends on the network and increases the
process load on the ESXi servers.
Configuration scenarios:-
Scenario 1:- using VCenter for Backup and
Restore activities over the SAN Transport
VCenter for SAN
backups:-
VCenter needs to use
for the environments those are configured to use the VCenter for managing the
ESXi servers, this scenario is fits very well for the large environments where
multiple ESXi hosts are managed by the VCenter.
·
VCenter credentials needs to provide in the
Netbackup as a VMware Virtual Center.
·
These credentials used by the backup host at the
time of backup request to discover the VMs in VCenter and also to initiate the
snapshot request for backups.
·
All the storage LUNs that are being assigned to
the ESXi hosts for data stores also need to present to the backup host to
enable to SAN transport.
·
The Data store LUNs that are presented to the
backup host should not get initialize in backup host.
·
Port 443 requires to be opened to communicate
with the VCenter.
·
Configure the policy in Netbackup using the
Policy type as VMware and select the SAN transport method in VMware tab of the
policy to make use of SAN transport for backups.
VCenter for SAN
Restores:-
The only additional requirement for the restore to use the
VCenter when the backups also configured via VCenter is Privileges. Backup can
happened with the Read privileges over the VCenter whereas Restore requires
Full privileges over the VCenter to get the successful restore.
In case if of difficulty in getting the Full Privileges over
the VCenter, can try to get the Experimental
custom role by follow the below Tech note.
This approach of restore will increase the resources
utilization on the VCenter which may impact the Restore time and overall RTO.
So in the larger environments having the configured Recovery ESXi host would be
recommended to have the better restore performance.
·
Using the Recovery ESXi host does not require to
have the full VCenter privileges, having the Full Privileges over the Recovery
ESXi host would be enough which is discussed in Scenario 3
Scenario 2:- using VCenter for Backup and
Restore activities over the NBD transport
VCenter for backups:-
NDB transport enables
the backups over the LAN by using the Network Block Device (NBD) driver
Protocol. In this method VCenter receives the backup request
form the Netbackup backup host.
·
VCenter creates the snapshot for the VMs.
·
VCenter takes the backup from the Snapshot and
sends to Backup host over LAN.
·
Requires the TCP ports 443 and 902 have the
backup data transfer to backup host.
Ø
Backup over the VCenter would be slower than the
SAN transport backups
Ø
VCenter is directly impacted with the backup
traffic and may encounter with performance issues.
Ø
Does not require any LUN masking to the backup
hosts.
VCenter for
Restores:-
·
NBD restore over the VCenter requires the Full
Privileges to the account that is added in the Netbackup.
·
Backup host directly communicates with the
VCenter for the VM creation and also sends the restore data directly to
VCenter.
·
VCenter will receive the data from backup host
and creates the VMs and gets the restore done.
Ø
VCenter is directly impacted with the load and
Full Privileges over the VCenter is required to get this restore successful.
Ø
Restore Process would be slower when compare
with Restore using the ESXi recover host.
Scenario 3:- using VCenter for backup and
ESXi for restore activates over the SAN transport
VCenter for backups:-
VCenter enables the centralized backup management through
Netbackup for the ESXi hosts that are being managed VCenter.
·
It has the flexibility to take the backup of VMs
across the multiple ESXi hosts.
·
VCenter will only be used to browse the VMs to initiates
the requests for the snapshot creation (before backup) and snapshot deletion(
after backup)
·
LUN masking is required to the backup hosts to
enable the SAN transport
·
Backup data directly travels from the Data
stores to the backup host over the SAN
·
No performance impact on VCenter and also on
ESXi hosts.
·
Faster backups
ESXi recovery host
for Restores:-
ESXi recover host can be used for restores jobs to bypass
the VCenter.it requires the have the credentials added to the Netbackup with
the Full Privileges.
Netbackup
GUIà
Media and Device ManagementàCredentialsàVirtual
Machine Servers
·
Full Privileges on VCenter does not require.
·
Avoid the performance issues on the VCenter at
the time of restores.
·
Faster recovery of the VMs to meet the better
RTO.
·
LUN masking is required to backup host to enable
the SAN recovery.
·
If ESXi recovery host is added in Netbackup
restore job automatically picks the ESXi host to perform the restore in case of
same location restore.
·
For alternate location restore VCenter needs to
select as NONE and needs to specify the Recovery ESXi host to perform the
restore.
Scenario 4:- using VCenter for backup and
ESXi for restore activities over the NBD transport
VCenter for backups:-
NDB transport enables
the backups over the LAN by using the Network Block Device (NBD) driver
Protocol. In this method VCenter receives the backup request
form the Netbackup backup host.
·
VCenter creates the snapshot for the VMs.
·
VCenter takes the backup from the Snapshot and
sends to Backup host over LAN.
·
Requires the TCP ports 443 and 902 have the
backup data transfer to backup host.
·
Suitable when
Data stores are created from the Local storage of ESXi
Ø
Backup over the VCenter would be slower than the
SAN transport backups
Ø
VCenter is directly impacted with the backup
traffic and may encounter with performance issues.
Ø
Does not require any LUN masking to the backup
hosts.
ESXi recovery host
for restores:-
ESXi recovery hosts helps to bypass the VCenter in case of
Recovery from Backup Image. It helps for the faster recovery of the VMs
eliminates the performance issues on VCenter due to the restore activities.
·
TCP port 443 is required for VCenter for VM
Discovery
·
TCP port 902 is required for ESXi for backup
data traffic.
·
No LUN making is required to backup host.
·
Better performance when compare with the
recovery through VCenter.
Scenario 5:- using ESXi for backup and
restore activities over the SAN Transport
Backup though ESXi
hosts:-
This approach is suitable when smaller infrastructure where
VCenter is not managing the ESXi hosts.
·
Read privileges over the ESXi is require to
perform the backup operations
·
Privileges needs to add as ESXi host in
Netbackup
Netbackup
GUIà
Media and Device ManagementàCredentialsàVirtual
Machine Servers
·
TCP ports 443 and 902 is require for
communication
·
LUN masking to the backup host is required to
enable the SAN transport.
Ø
Each ESXi host needs to add separately to the
Netbackup.
Ø
SAN transport is not possible when ESXi hosts
are using the local attached storage.
Restore with ESXi
host:-
It uses the SAN transport to send the backup data to the
Data stores; ESXi hosts helps to create a Virtual machine at the time of
recovery.
Full Privilege on ESXi host is required to create new
virtual machines in case of Recovery.
Better solution for all environments for the quick recovery
of the VMs
Scenario 6:- using ESXI for backup and
restore activities over the NBD transport
Backup through ESXi
host:-
This scenario fits for the small environment where the
infrastructure is not being managed by the VCenter, and also Data stores are
being created from the local attached storage of the ESXi hosts.
·
Backup host communicates with the ESXi host for
the Discovery and the snapshot creations and deletions
·
Port 443 and port 902 needs to have the
communication to enable to NBD backups and restores work.
·
Backup data travels directly from the ESXi host
to backup host.
Ø
Difficult to manage for larger environments
having multiple ESXi hosts.
Ø
Increase load on Network due to the backup data
travel.
ESXi recovery host
for restores:-
This is the best possible way to make the backups of VMS
from the ESXi hosts using the local attached storage.
·
Full Privileges over the ESXi is required to
have the successful restore.
·
Port 443 and port 902 needs to have the
communication to enable to NBD backups and restores work.
Thank you for this detailed and valuable Information.
ReplyDeleteYou never mentioned if this technique and scenario could also be applied for big VMs including big database tablespaces.