NetBackup™ for VMware Administrator's Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.5)
  1. Introduction
    1.  
      About NetBackup for VMware
    2.  
      About the virtual machine backups that include database data
    3.  
      About the NetBackup appliance as a VMware backup host
    4.  
      NetBackup for VMware components
    5.  
      Appliance as backup host: component overview
    6.  
      Media servers as backup or discovery hosts
    7.  
      Overview of the VMware backup process
    8.  
      NetBackup for VMware terminology
  2. Required tasks: overview
    1.  
      Overview of VMware tasks
    2.  
      Overview of NetBackup tasks
  3. Configuring RBAC roles for VMware administrators
    1.  
      RBAC roles for the VMware administrator
    2.  
      Assigning permissions at specific VMware object levels
    3.  
      Create a custom role for a VMware server or datacenter
    4.  
      Create a custom role for an Organization VDC administrator
    5.  
      Create a custom role to manage specific VMs
    6.  
      Manage permissions for a datacenter
    7.  
      Manage permissions for a single VM
    8.  
      Apply RBAC role permissions for a VM to other VMs
  4. Notes and prerequisites
    1.  
      NetBackup for VMware: notes and restrictions
    2.  
      Notes on VMware Virtual Volumes (VVols)
    3.  
      NetBackup IPv6 parameter required for backups in VMware IPv6 environments
    4.  
      NetBackup for VMware: notes on Linux virtual machines
    5.  
      Notes on the NetBackup appliance as a VMware backup host
    6.  
      NetBackup for VMware support for SAN multi-pathing
    7.  
      NetBackup for VMware support for fault tolerant VMs
    8.  
      NetBackup character restrictions for the Primary VM identifier
    9.  
      In the policy Query Builder, display names, resource pool names, and vApp names are case-sensitive
    10.  
      Notes on the hotadd transport mode
    11.  
      Notes and limitations for tag usage in VMware Intelligent Policy queries
    12.  
      Notes and limitations for the backup and restore of VMware tag associations
    13.  
      Notes and limitations for the backup and restore of VMware storage policies
    14.  
      Support for LVM thin pool based volumes
  5. VMware vSphere privileges
    1.  
      About VMware vSphere privileges
    2.  
      VMware vSphere privileges for virtual machine backups
    3.  
      VMware vSphere privileges for a full VM restore
    4.  
      VMware vSphere privileges to create an instant access VM
    5.  
      VMware vSphere privileges for NetBackup plug-in operations
    6.  
      VMware vSphere privileges for instant rollback
    7.  
      VMware vSphere privileges for agentless SFR privileges
    8.  
      VMware vSphere privileges for individual vmdk restore privileges
    9.  
      VMware vSphere privileges for vApp restore and vApp restore to template
    10.  
      Optional permissions for better integration with VMware vSphere
  6. Managing VMware servers
    1. About VMware discovery
      1.  
        Change the autodiscovery frequency of VMware assets
      2.  
        Discover VMware server assets manually
    2. Add VMware servers
      1.  
        Using the VMware Managed Object Browser to verify the server name
    3.  
      Validate and update VMware server credentials
    4.  
      Browse VMware servers
    5.  
      Remove VMware servers
    6.  
      Create an intelligent VM group
    7.  
      Remove an intelligent VM group
    8.  
      Add a VMware access host
    9.  
      Remove a VMware access host
    10. Change resource limits for VMware resource types
      1.  
        VMware resource types and limits
    11.  
      Setting privileges for posting events to vCenter
    12.  
      Authentication token for the NetBackup vSphere plug-ins
    13.  
      Validating VMware virtualization server certificates in NetBackup
  7. Configuring backup policies for VMware
    1.  
      Configure a VMware policy
    2.  
      Limit jobs per policy on the Attributes tab (for VMware)
    3. Backup options on the VMware tab
      1.  
        VMware backup host
      2.  
        Optimizations options (VMware)
      3.  
        Primary VM identifier options (VMware)
      4.  
        Existing snapshot handling options (VMware)
      5.  
        Transport modes options (VMware)
      6.  
        Application protection options (VMware)
      7.  
        VMware - Advanced attributes
      8.  
        Post vCenter events option (VMware advanced attributes)
    4. Exclude disks tab
      1.  
        About the exclude disk options for virtual disk selection
      2.  
        Exclude disks from backups: an example to avoid
      3.  
        Restoring data from the backups that excluded the boot disk or data disks
    5.  
      Browse for VMware virtual machines
    6.  
      Limiting the VMware servers that NetBackup searches when browsing for virtual machines
    7.  
      Virtual machine host names and display names should be unique if VMs are selected manually in the policy
    8.  
      Primary VM identifier option and manual selection of virtual machines
    9.  
      About incremental backups of virtual machines
    10.  
      Configuring incremental backups
    11.  
      Storage Foundation Volume Manager volumes in the virtual machine
  8. Configuring a VMware Intelligent Policy
    1.  
      About automatic virtual machine selection for NetBackup for VMware
    2.  
      Support and use of VMware tag associations
    3.  
      The basics of a NetBackup query rule
    4.  
      Important notes on automatic virtual machine selection
    5.  
      NetBackup requirements for automatic virtual machine selection
    6.  
      Automatic virtual machine selection: Task overview
    7.  
      Options for selecting VMware virtual machines
    8. About the Reuse VM selection query results option
      1.  
        The effect of virtual machine discovery on vCenter
    9.  
      Configure automatic virtual machine selection
    10.  
      Editing an existing query in Basic mode
    11.  
      Using the Query Builder in Advanced mode
    12.  
      AND vs. OR in queries
    13.  
      Examples for the NetBackup Query Builder
    14.  
      The IsSet operator in queries
    15.  
      About selecting virtual machines by means of multiple policies
    16.  
      Order of operations in queries (precedence rules)
    17.  
      Parentheses in compound queries
    18.  
      Query rules for resource pools
    19.  
      Query rules for datacenter folders (host folder)
    20.  
      Query rules for duplicate names
    21.  
      Query rules for tags
    22.  
      Query Builder field reference
    23.  
      Test Query screen for VMware
    24.  
      Test Query: Failed virtual machines
    25.  
      Effect of Primary VM identifier parameter on Selection column in Test Query results
    26.  
      Effect of Primary VM identifier parameter on VM Name column in Test query results
    27.  
      Refreshing the display of virtual environment changes in the Query Builder
    28.  
      Reducing the time required for VM discovery in a large VMware environment
  9. Use Accelerator to back up virtual machines
    1.  
      About the NetBackup Accelerator for virtual machines
    2.  
      Accelerator: full vs. incremental schedules
    3.  
      How the NetBackup Accelerator works with virtual machines
    4.  
      Accelerator notes and requirements for virtual machines
    5.  
      Accelerator forced rescan for virtual machines (schedule attribute)
    6.  
      Accelerator requires the OptimizedImage attribute
    7.  
      Accelerator backups and the NetBackup catalog
    8.  
      Accelerator messages in the backup job details log
    9.  
      About reporting the amount of Accelerator backup data that was transferred over the network
    10.  
      Replacing the Accelerator image size with the network-transferred data in NetBackup command output
  10. Configuring protection plans for VMware
    1. Protect VMs or intelligent VM groups
      1.  
        Schedules
      2.  
        Backup options and Advanced options
      3.  
        Exclude disks from backups
      4.  
        Snapshot retry options
    2.  
      Customize protection settings for a VMware asset
    3.  
      Remove protection from VMs or intelligent VM groups
    4.  
      View the protection status of VMs or intelligent VM groups
  11. Malware scan
    1.  
      Assets by workload type
  12. Instant access
    1.  
      Prerequisites of instant access
    2.  
      Things to consider before you use the instant access feature
    3.  
      Create an instant access VM
    4.  
      Restore files and folders from a VM backup image
    5.  
      Download files and folders from a VM backup image
    6. Instant access Build Your Own (BYO)
      1.  
        Prerequisites of Instant Access Build Your Own (BYO)
      2.  
        Hardware configuration requirement of Instant Access Build Your Own (BYO)
      3.  
        Frequently asked questions
    7.  
      VM malware scan
  13. Instant rollback
    1.  
      Prerequisites of instant rollback
    2.  
      Things to consider before you use the instant rollback feature
    3.  
      Instant rollback from a VM backup image
  14. Continuous data protection
    1.  
      About continuous data protection
    2.  
      CDP terminology
    3.  
      CDP architecture
    4.  
      Prerequisites
    5.  
      Capacity-based licensing for CDP
    6.  
      Steps to configure CDP
    7.  
      Removing VMs from the CDP gateway
    8.  
      Defining the CDP gateway
    9.  
      Sizing considerations
    10.  
      Limiting concurrent CDP backup jobs
    11.  
      Controlling full sync
    12.  
      Monitoring CDP jobs
    13.  
      Using accelerators with CDP
    14.  
      Recovering CDP protected VMs
    15.  
      Some limitations of CDP
    16.  
      Troubleshooting for CDP
  15. Backing up virtual machines
    1.  
      Manually back up virtual machines
    2.  
      Trial backup for VMware
    3.  
      Using the Activity monitor to monitor virtual machine backups
    4.  
      Restarting jobs individually in the Activity monitor
    5.  
      Viewing NetBackup activity in vSphere Client (HTML5)
  16. VM recovery
    1.  
      Restore notes and restrictions
    2.  
      Restore notes and restrictions on Linux
    3. Recover a full VMware virtual machine
      1.  
        Recovery options
      2.  
        Storage policy
      3.  
        Advanced recovery options
      4.  
        Advanced recovery options: Format of restored virtual disks
      5.  
        Advanced recovery options: Transport mode
    4. Restoring VMware virtual machine disks
      1.  
        About VMware virtual machine disk restore
      2.  
        Selecting virtual disks or file systems
      3.  
        Recovery options for virtual machine disks
      4.  
        Storage target restore options
  17. VMware agentless restore
    1.  
      About VMware agentless restore
    2.  
      Prerequisites and limitations of VMware agentless restores
    3. Provide access to a credential for agentless single file recovery to a guest VM
      1.  
        Add a credential for a VMware guest VM
      2.  
        Create a custom role for agentless single file recovery to a guest VM, with a credential
    4.  
      Recover files and folders with VMware agentless restore
    5.  
      About restricted restore mode
  18. Restoring Individual files and folders from VMware backups
    1.  
      About restoring individual VMware files and folders
    2.  
      Restore individual files and folders
    3.  
      Recovery options for restore of VMware files
    4.  
      Setting up NetBackup Client Service for VMware restores to a Windows shared virtual machine drive
  19. Using NetBackup to back up Cloud Director environments
    1.  
      About NetBackup for vCloud Director
    2.  
      Notes on creating a NetBackup policy for vCloud
    3.  
      Notes on restoring virtual machines into vCloud Director
    4. Recover VMware Cloud Director virtual machines
      1.  
        Recovery target
      2.  
        vApp options
      3.  
        Recovery options
    5.  
      Restore a vApp template that has multiple virtual machines
    6.  
      Reducing the time required for VM discovery in a large vCloud environment
  20. Restore virtual machines with Instant Recovery
    1.  
      About Instant Recovery for VMware
    2.  
      Task overview for Instant Recovery for VMware
    3.  
      Performance recommendations for Instant Recovery for VMware
    4.  
      Requirements for Instant Recovery for VMware
    5.  
      Notes on Instant Recovery for VMware
    6.  
      Restarting the Client for NFS service on a Windows restore host
    7.  
      Instant Recovery options on the nbrestorevm command
    8.  
      Restoring a virtual machine with Instant Recovery for VMware
    9.  
      Restoring a virtual machine to a different location with Instant Recovery for VMware
    10.  
      Restoring individual files with Instant Recovery for VMware while the current virtual machine is running
    11.  
      Job types for Instant Recovery for VMware
    12.  
      Reactivating a restored virtual machine with Instant Recovery for VMware
  21. Protecting VMs using hardware snapshots and replication
    1.  
      About virtual machines and hardware snapshots
    2.  
      Deployment and architecture
    3.  
      Features and applications supported
    4.  
      Prerequisites for hardware snapshot and replication
    5.  
      Operations supported with hardware snapshot
    6.  
      Configuring a VMware policy to use hardware snapshots
    7.  
      Configuring a VMware policy to use NetBackup snapshot manager replication
    8.  
      Jobs in the Activity Monitor that use hardware snapshot for VMs
    9.  
      Notes and limitations
    10.  
      Troubleshooting with VMware hardware snapshot and replication operations
  22. Best practices and more information
    1. NetBackup for VMware best practices
      1.  
        NetBackup for VMware with deduplication
    2.  
      How NetBackup handles VMware tag associations at restore
    3.  
      Best practices for VMware tag usage
    4. About reducing the size of VMware backups
      1.  
        Block-level backup (BLIB): full vs incremental
      2.  
        Deleting a vSphere Client snapshot
    5.  
      Further assistance with NetBackup for VMware
  23. Troubleshooting VMware operations
    1. NetBackup logging for VMware
      1.  
        NetBackup logs for Accelerator with virtual machines
      2.  
        Configuring VxMS logging
      3.  
        Format of the VxMS core.log and provider.log file names
      4.  
        Configuring the VDDK logging level
    2.  
      Troubleshooting VMware backups
    3.  
      Troubleshooting the restore of VMware and restores of files
    4.  
      Troubleshooting the adding of VMware servers
    5.  
      Troubleshooting the browsing of VMware servers
    6.  
      Troubleshooting the status for a newly discovered VM
    7.  
      Troubleshooting policy configuration
    8.  
      Troubleshooting the download of files from an instant access VM
    9.  
      Troubleshooting backups and restores of excluded virtual disks
    10.  
      How to determine the ESX network that NetBackup used for the backup or restore
    11.  
      Preventing browsing delays caused by DNS problems
    12.  
      Changing the browsing timeout for virtual machine discovery
    13.  
      Changing timeout and logging values for vSphere
    14.  
      Credentials for VMware server are not valid
    15. Snapshot error encountered (status code 156)
      1.  
        The origin of the snapshot failure: NetBackup or VMware?
    16.  
      Conflict between NetBackup and VMware Storage vMotion with vSphere 5.0 or later
    17.  
      Backup or restore job hangs
    18.  
      VMware SCSI requirements for application quiesce on Windows
    19.  
      VMware virtual machine does not restart after restore
    20.  
      A restored VM may not start or its file system(s) may not be accessible
    21.  
      NetBackup job fails due to update tasks on the VMware server
    22.  
      The vSphere interface reports that virtual machine consolidation is needed
    23.  
      Linux VMs and persistent device naming
    24.  
      For a VMware virtual machine with Windows dynamic disks, a restore from incremental backup fails with a Windows restore host and the hotadd transport mode
    25.  
      Simultaneous hotadd backups (from the same VMware backup host) fail with status 13
    26.  
      Troubleshooting VMware tag usage
    27.  
      Ensuring that guest customizations can be restored in vCloud Director
    28.  
      Troubleshooting vmdk restore to existing VM
    29.  
      Troubleshooting backups of virtual machines on Virtual Volumes (VVols)
    30.  
      Issues with the CA certificate during installation of the NetBackup client on VMware Cloud (VMC)
  24. Appendix A. Configuring services for NFS on Windows
    1.  
      About installing and configuring Network File System (NFS) for Granular Recovery Technology (GRT)
    2. About configuring services for NFS on Windows 2012 or 2016 (NetBackup for VMware)
      1.  
        Enabling Services for Network File System (NFS) on a Windows 2012 or 2016 media server (NetBackup for VMware)
      2.  
        Enabling Services for Network File System (NFS) on a Windows 2012 or 2016 restore host (NetBackup for VMware)
    3.  
      Disabling the Server for NFS (NetBackup for VMware)
    4.  
      Disabling the Client for NFS on the media server (NetBackup for VMware)
    5.  
      Configuring a UNIX media server and Windows backup or restore host for Granular Recovery Technology (NetBackup for VMware)
    6.  
      Configuring a different network port for NBFSD (NetBackup for VMware)
  25. Appendix B. Backups of VMware raw devices (RDM)
    1.  
      About VMware raw device mapping (RDM)
    2.  
      Configurations for backing up RDMs
    3.  
      About alternate client backup of RDMs
    4.  
      Requirements for alternate client backup of RDMs
    5.  
      Configure an alternate client backup of RDMs

Validating VMware virtualization server certificates in NetBackup

NetBackup can validate VMware virtualization server certificates using their root or intermediate certificate authority (CA) certificates.

For more information on external CA support in NetBackup, refer to the NetBackup Security and Encryption Guide.

The following procedure is applicable for the NetBackup primary server and all VMware access hosts.

To configure secure communication between VMware virtualization server and VMware access host

  1. Configure an external CA trust store on the VMware access host.
  2. Add CA certificates of the required VMware servers (vCenter, ESX, or ESXi server) in the trust store on the access host.

    For the Windows certificate store, you need to add the CA certificate to the Windows Trusted Root Certification Authorities.

    Use the following command:

    certutil.exe -addstore -f "Root" certificate filename

  3. Use the nbsetconfig command to configure the following NetBackup configuration options on the access host. See the NetBackup Administrator's Guide, Volume I for details on these options.

ECA_TRUST_STORE_PATH

Specifies the file path to the certificate bundle file that contains all trusted root CA certificates.

This option is specific to file-based certificates. You should not configure this option if the Windows certificate store is used.

If you have already configured this external CA option, append the VMware CA certificates to the existing external certificate trust store.

If you have not configured the option, add all the required virtualization server CA certificates to the trust store and set the option.

ECA_CRL_PATH

Specifies the path to the directory where the certificate revocation lists (CRL) of the external CA are located.

If the configuration option is already configured, append the virtualization server CRLs to the CRL cache.

If the option is not configured, add all the required CRLs to the CRL cache and then set the option.

VIRTUALIZATION_HOSTS_SECURE_CONNECT_ENABLED

Lets you enable the validation of a virtualization server's certificate.

VIRTUALIZATION_CRL_CHECK

Lets you validate the revocation status of the virtualization server certificate against the CRLs.

By default, the option is disabled.

VIRTUALIZATION_HOSTS_CONNECT_TIMEOUT

Lets you specify the duration (in seconds) after which the connection between NetBackup and vCloud Director server ends.

VMWARE_TLS_MINIMUM_V1_2

Lets you specify the Transport Layer Security (TLS) version to be used for communication between NetBackup and VMware servers.