You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/backup/backup-azure-backup-server-vmware.md
+48-66Lines changed: 48 additions & 66 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,23 +22,22 @@ This article explains how to:
22
22
- Set up a protection group that contains the VMware VMs you want to back up, specify backup settings, and schedule the backup.
23
23
24
24
## Before you start
25
+
25
26
- Verify that you're running a version of vCenter/ESXi that's supported for backup - versions 6.5, 6.0, and 5.5.
26
27
- Make sure you've set up Azure Backup Server. If you haven't, [do that](backup-azure-microsoft-azure-backup.md) before you start. You should be running Azure Backup Server with the latest updates.
27
28
28
-
29
29
## Create a secure connection to the vCenter Server
30
30
31
31
By default, Azure Backup Server communicates with VMware servers over HTTPS. To set up the HTTPS connection, download the VMware Certificate Authority (CA) certificate, and import it on the Azure Backup Server.
32
32
33
-
34
-
### Before you start
33
+
### Before you begin
35
34
36
35
- If you don't want to use HTTPS, you can [disable HTTPS certificate validation for all VMware servers](backup-azure-backup-server-vmware.md#disable-https-certificate-validation).
37
-
- You typically connect from a browser on the Azure Backup Server machine to the vCenter/ESXi server using the vSphere Web Client. The first time you do this the connection isn't secure and will show the following.
36
+
- You typically connect from a browser on the Azure Backup Server machine to the vCenter/ESXi server using the vSphere Web Client. The first time you do this, the connection isn't secure and will show the following.
38
37
- It's important to understand how Azure Backup Server handles backups.
39
-
- As a first step Azure Backup Server backs up data to local disk storage. Azure Backup Server uses a storage pool, a set of disks and volumes on which Azure Backup Server stores disk recovery points for its protected data. The storage pool can be directly attached storage (DAS), a fiber channel SAN, or iSCSI storage device or SAN. It's important to ensure that you have sufficient storage for local backup of your VMware VM data.
40
-
- Azure Backup Server then backs up from the local disk storage to Azure.
41
-
-[Get help](https://docs.microsoft.com/system-center/dpm/create-dpm-protection-groups?view=sc-dpm-1807#figure-out-how-much-storage-space-you-need) to figure out how much storage space you need. The information is for DPM but can be used for Azure Backup Server too.
38
+
- As a first step Azure Backup Server backs up data to local disk storage. Azure Backup Server uses a storage pool, a set of disks and volumes on which Azure Backup Server stores disk recovery points for its protected data. The storage pool can be directly attached storage (DAS), a fiber channel SAN, or iSCSI storage device or SAN. It's important to ensure that you have sufficient storage for local backup of your VMware VM data.
39
+
- Azure Backup Server then backs up from the local disk storage to Azure.
40
+
-[Get help](https://docs.microsoft.com/system-center/dpm/create-dpm-protection-groups?view=sc-dpm-1807#figure-out-how-much-storage-space-you-need) to figure out how much storage space you need. The information is for DPM but can be used for Azure Backup Server too.
42
41
43
42
### Set up the certificate
44
43
@@ -62,42 +61,38 @@ Set up a secure channel as follows:
62
61
- The root certificate file with an extension that begins with a numbered sequence like .0 and .1.
63
62
- The CRL file has an extension that begins with a sequence like .r0 or .r1. The CRL file is associated with a certificate.
6. Change the root certificate's extension to .crt, and confirm. The file icon changes to one that represents a root certificate.
70
+
7. Change the root certificate's extension to .crt, and confirm. The file icon changes to one that represents a root certificate.
72
71
73
-
7. Right-click the root certificate and from the pop-up menu, select **Install Certificate**.
72
+
8. Right-click the root certificate and from the pop-up menu, select **Install Certificate**.
74
73
75
-
8. In **Certificate Import Wizard**, select **Local Machine** as the destination for the certificate, and then click **Next**. Confirm if you're asked if you want to allow changes to the computer.
74
+
9. In **Certificate Import Wizard**, select **Local Machine** as the destination for the certificate, and then click **Next**. Confirm if you're asked if you want to allow changes to the computer.
10. On the **Certificate Store** page, select **Place all certificates in the following store**, and then click **Browse** to choose the certificate store.
79
79
80
-
9. On the **Certificate Store** page, select **Place all certificates in the following store**, and then click **Browse** to choose the certificate store.
10. In **Select Certificate Store**, select **Trusted Root Certification Authorities** as the destination folder for the certificates, and then click **OK**.
82
+
11. In **Select Certificate Store**, select **Trusted Root Certification Authorities** as the destination folder for the certificates, and then click **OK**.
11. In **Completing the Certificate Import Wizard**, verify the folder, and then click **Finish**.
86
+
12. In **Completing the Certificate Import Wizard**, verify the folder, and then click **Finish**.
89
87
90
88
91
89
92
-
93
-
12. After the certificate import is confirmed, sign in to the vCenter Server to confirm that your connection is secure.
94
-
95
-
96
-
90
+
13. After the certificate import is confirmed, sign in to the vCenter Server to confirm that your connection is secure.
97
91
98
92
### Disable HTTPS certificate validation
99
93
100
-
If you have secure boundaries within your organization, and don't want to use the HTTPS protocol between VMware servers and the Azure Backup Server machine, disable HTTPS as follows:
94
+
If you have secure boundaries within your organization, and don't want to use the HTTPS protocol between VMware servers and the Azure Backup Server machine, disable HTTPS as follows:
95
+
101
96
1. Copy and paste the following text into a .txt file.
102
97
103
98
```text
@@ -110,7 +105,6 @@ If you have secure boundaries within your organization, and don't want to use th
110
105
111
106
3. Double-click the file to activate the registry entry.
112
107
113
-
114
108
## Create a VMware role
115
109
116
110
The Azure Backup Server needs a user account with permissions to access v-Center Server/ESXi host. Create a VMware role with specific privileges, and then associate a user account with the role.
@@ -124,17 +118,17 @@ The Azure Backup Server needs a user account with permissions to access v-Center
4. In **Create Role** > **Role name**, enter *BackupAdminRole*. The role name can be whatever you like, but it should be recognizable for the role's purpose.
129
122
130
123
5. Select the privileges as summarized in the table below, and then click **OK**. The new role appears on the list in the **Roles** panel.
131
124
- Click the icon next to the parent label to expand the parent and view the child privileges.
132
125
- To select the VirtualMachine privileges, you need to go several levels into the parent child hierarchy.
133
126
- You don't need to select all child privileges within a parent privilege.
1. In vCenter Server **Navigator** panel, click **Users and Groups**. If you don't use vCenter Server, create the account on the appropriate ESXi host.
2. In the **vCenter Users and Groups** panel, select the **Users** tab, and then click the add users icon (the + symbol).
172
162
173
-
174
-
163
+
175
164
176
165
3. In **New User** dialog box, add the user information > **OK**. In this procedure, the username is BackupAdmin.
177
166
178
167
179
168
180
-
181
169
4. To associate the user account with the role, in the **Navigator** panel, click **Global Permissions**. In the **Global Permissions** panel, select the **Manage** tab, and then click the add icon (the + symbol).
7. In **Assigned Role**, from the drop-down list, select **BackupAdminRole** > **OK**.
181
+
7. In **Assigned Role**, from the drop-down list, select **BackupAdminRole** > **OK**.
196
182
197
183
198
184
199
-
200
185
On the **Manage** tab in the **Global Permissions** panel, the new user account and the associated role appear in the list.
201
186
202
-
203
187
## Add the account on Azure Backup Server
204
188
205
-
206
189
1. Open Azure Backup Server. If you can't find the icon on the desktop, open Microsoft Azure Backup from the apps list.
207
190
208
191
@@ -211,7 +194,6 @@ On the **Manage** tab in the **Global Permissions** panel, the new user account
211
194
212
195
213
196
214
-
215
197
3. In the **Manage Credentials** dialog box, click **Add**.
216
198
217
199
@@ -224,20 +206,17 @@ On the **Manage** tab in the **Global Permissions** panel, the new user account
224
206
225
207
226
208
227
-
228
209
## Add the vCenter Server
229
210
230
211
Add the vCenter Server to Azure Backup Server.
231
212
232
-
233
213
1. In the Azure Backup Server console, click **Management** > **Production Servers** > **Add**.
234
214
235
215
236
216
237
-
238
217
2. In **Production Server Addition Wizard** > **Select Production Server type** page, select **VMware Servers**, and then click **Next**.
239
218
240
-
219
+
241
220
242
221
3. In **Select Computers** **Server Name/IP Address**, specify the FQDN or IP address of the VMware server. If all the ESXi servers are managed by the same vCenter, specify the vCenter name. Otherwise, add the ESXi host.
243
222
@@ -263,14 +242,10 @@ Add the vCenter Server to Azure Backup Server.
263
242
264
243
If you have multiple ESXi hosts that aren't managed by vCenter server, or you have multiple instances of vCenter Server, you need to rerun the wizard to add the servers.
265
244
266
-
267
-
268
-
269
245
## Configure a protection group
270
246
271
247
Add VMware VMs for backup. Protection groups gather multiple VMs and apply the same data retention and backup settings to all VMs in the group.
272
248
273
-
274
249
1. In the Azure Backup Server console, click **Protection**, > **New**.
275
250
276
251
@@ -286,8 +261,7 @@ Add VMware VMs for backup. Protection groups gather multiple VMs and apply the s
286
261
- When you select a folder, or VMs or folders inside that folder are also selected for backup. You can uncheck folders or VMs you don't want to back up.
287
262
1. If a VM or folder is already being backed up, you can't select it. This ensures that duplicate recovery points aren't created for a VM.
288
263
289
-
290
-
264
+
291
265
292
266
1. In **Select Data Protection Method** page, enter a name for the protection group, and protection settings. To back up to Azure, set short-term protection to **Disk** and enable online protection. Then click **Next**.
293
267
@@ -300,7 +274,7 @@ Add VMware VMs for backup. Protection groups gather multiple VMs and apply the s
300
274
- Short-term backups are full backups and not incremental.
301
275
- Click **Modify** to change the times/dates when short-term backups occur.
1. In **Review Disk Allocation**, review the disk space provided for the VM backups. for the VMs.
306
280
@@ -311,41 +285,40 @@ Add VMware VMs for backup. Protection groups gather multiple VMs and apply the s
311
285
- **Automatically grow:** If you turn on this setting, if data in the protected group outgrows the initial allocation, Azure Backup Server tries to increase the disk size by 25 percent.
312
286
- **Storage pool details:** Shows the status of the storage pool, including total and remaining disk size.
313
287
314
-
288
+
315
289
316
290
1. In **Choose Replica Creation Method** page, specify how you want to take the initial backup, and then click **Next**.
317
291
- The default is **Automatically over the network** and **Now**.
318
292
- If you use the default, we recommend that you specify an off-peak time. Choose **Later** and specify a day and time.
319
293
- For large amounts of data or less-than-optimal network conditions, consider replicating the data offline by using removable media.
1. In **Consistency Check Options**, select how and when to automate the consistency checks. Then click **Next**.
324
298
- You can run consistency checks when replica data becomes inconsistent, or on a set schedule.
325
299
- If you don't want to configure automatic consistency checks, you can run a manual check. To do this, right-click the protection group > **Perform Consistency Check**.
326
300
327
301
1. In **Specify Online Protection Data** page, select the VMs or VM folders that you want to back up. You can select the members individually, or click **Select All** to choose all members. Then click **Next**.
1. On the **Specify Online Retention Policy** page, indicate how long you want to keep the recovery points that are created from the daily/weekly/monthly/yearly backups to Azure. then click **Next**.
339
313
340
314
- There's no time limit for how long you can keep data in Azure.
341
315
- The only limit is that you can't have more than 9999 recovery points per protected instance. In this example, the protected instance is the VMware server.
0 commit comments