You might think that your machines are safe and that you have nothing to worry about once you virtualize your infrastructure, but that’s not true. Virtual machines need backups, the same as physical machines do. This is not necessarily because of a host crash or any other hardware problem, but sometimes a “reverse in time” is needed; someone messed up a database, or a guest VM is just not booting anymore or any other situations like this, and snapshots are not an option. Using snapshots in a production environment just so you can reverse the machine in case something might go wrong is not recommended because of a performance issue. Well yeahh, if you are using it for a short period of time, before a patching or an application installation, that’s fine, but not for months or years. And this is why you need to backup your virtual infrastructure, and VMware vSphere Data Protection (VDP) does just that and a little bit more. Some of the VDP (version 6) features are:
– up to 400 VMs per appliance
– up to 8 TB of backup storage
– data deduplication
– agent for file level backup
and many more can be found in the VMware vSphere Data Protection Overview document.
To deploy the latest version of VDP, which is version 6 at the time of this writing you need to have at least VMware vCenter 5.1 and a lot of CPU and RAM on your ESXi hosts or cluster. This resources can increase or decrease, depending on how much backup storage you provision on the virtual appliance. To give you an idea, here is a table for all the minimum CPU and memory allocation needed:
|0.5 TB||1 TB||2 TB||4 TB||6 TB||8 TB|
|Memory||4 GB||4 GB||4 GB||8 GB||10 GB||12 GB|
|Disk Space||873 GB||1.6 TB||3 TB||6 TB||9 TB||12 TB|
Besides hardware and software requirements, there are some infrastructure prerequisites needed also, like DNS, user accounts, and time configuration (NTP). Since I mentioned VDP 6, this will also be the version I will use in this article, but the installation is the same for older versions.
Now log in on one of your domain controllers, open the DNS console, select your DNS zone, right-click it and choose New Host (A or AAA). In the New Host window, fill the Name and IP address boxes with the required information then check the Create associated pointer (PTR) record box and click Add Host. This will be the name and IP address of the VDP appliance.
Once DNS was taking care of, a service/user account needs to be prepared in order for the VDP appliance to be able to access vCenter, and to run tasks needed to perform backup and restore jobs. This user needs to be added as administrator on the vCenter root node, and must not inherit permissions from group roles or is not going to be valid. There are two options for this: create the user in the SSO database or in AD. And since I have an Active Directory environment, I will create the user account in AD then add it to vCenter as administrator.
Right-click the OU where you want to create the user account and choose New > User.
Type a name for the new user and a logon name then click Next. When you get to the Password page, don’t forget to check the Password never expires box, or your backups will start failing (after the password expires) since the VDP appliance can’t authenticate to vCenter anymore.
Now open the VMware vSphere Web Client and log in with administrative privileges. Click the vCenter server from the root level of the tree structure, go to the Manage tab, and then select Permissions. Click the green plus button to add permissions.
On the Add Permission window click Add.
From the Domain drop-down box select your domain then search for the user account created earlier. Add it to the Users list and click OK.
Back on the Add Permission window assign the account to the Administrator role and hit OK.
The new user/service account should now be present in vCenter. More information about adding users in vCenter can be found here, and assigning the proper roles to those users can be found in this article.
The last infrastructure prerequisite, and the most sensitive one is the NTP configuration (the clock). This needs to be properly set-up/synchronized on all you ESXi servers and your vCenter server because VDP takes advantage of VMware Tools to synchronize time through NTP. As a caution here, do not configuring NTP directly on the VDP appliance because it will causes time synchronization errors:
Error: The most recent request has been rejected by the VDP appliance.
The most common cause of this error is that the time on the VDP appliance and the SSO server are not synchronized. See NTP configuration in the vSphere Data Protection Administration Guide for more information.
I usually set the domain controller (the PDC) as the NTP server on my ESXi hosts.
Once all of the above are meet, we can start deploying the virtual appliance. Open the vSphere Web Client, right-click the host or cluster where you want the virtual appliance to be deployed and choose Deploy OVF Template.
On the first page on the Deploy OVF Template wizard click the Browse button and provide the virtual appliance file then hit Next.
Review the template details then continue the wizard.
Accept the EULA and hit Next.
On the Select name and folder page, you can specify a different name for the appliance than the default one. Also, if you choose to put the appliance in a folder, you can do it from the Select a folder or datacenter section. The folder needs to be created beforehand, because there is no option to create it from the wizard.
Select the disk format you want to use for the appliance and on what datastore to sit. I usually go with thin provisioning, since it doesn’t take all the space at once, and is not much of a performance difference compared to the other disk provisioning types.
Select a network where traffic can reach the VDP appliance in order for you to be able to access it and configure it later on.
You are given the option to provide a static IP address configuration for the appliance, just in case DHCP is not running on your network segment. If you don’t complete the IP address information on this page, you will have to do it later, on the VDP configuration wizard. To simplify the deployment, you either provide an IP address here, or use a DHCP server. If the VDP appliance starts with no IP address assigned, it will be a little inconvenient to set it up from the console.
On the Ready to complete page click Finish to start the deployment. You are also given the option to power on the appliance after the deployment process is done by checking the Power on after deployment box.
Depending on your network and storage speed, this could take from a few minutes to a few dozen minutes.
After is deployed, power on the appliance (if you didn’t check the Power on after deployment box on the Deploy OVF Template wizard) and connect to it using the Remote Console. On the first boot the appliance might get stuck at:
Previous external properties removed ownership of “/data01′ retained as admin:admin
If that’s the case, press Ctrl+D to allow the appliance to boot.
Once booted up, the appliance needs to be configured. Open a web browser and type in the address you see on the Welcome screen (https://APPLIANCE IP:8543/vdp-configure). You can also use the FQDN not just the IP address, since DNS was already set-up beforehand. Authenticate using the default password, which is changeme.
On the first log in, a very neat configuration wizard is displayed. Click Next to skip the Welcome screen.
All the network settings should be automatically completed if you followed all the above steps correctly, since most of them were provisioned while deploying the appliance from the template. If something is missing, fill in the settings manually and continue the wizard.
Choose the time zone for the VDP appliance and click Next. This is a very important setting so make sure is the same time zone as your hypervisors and vCenter server.
Type in a new password and continue the wizard.
For the VDP appliance to be able to access the vCenter server a few details need to be completed on this page. Type in the user/service account created earlier with it’s password, then put in your vCenter server FQDN, and click Test Connection. If your domain is not set up in vCenter as the default domain (Identity Sources tab), you will need to type the username in the form domain\username.
In this page you provision the backup space on the appliance from 0.5 up to 8 TB. The more storage you provision, the more resources are needed for the appliance; as shown in the table at the beginning of the article. You allocate space depending on how many VMs you backup and for how long those VMs are stored. It is a waste of resources (CPU, memory and space on the datastores) to allocate all the 8TB now and use just half of it, or even less. Is better to provision only the space needed on the appliance, and expand it later on when is needed, because now you can do this. A few things to take into consideration when expanding the disk space on the appliance (more on the VDP 6.0 Administration guide) :
– Ensure the appliance configuration meets the minimum requirements before a disk expansion.
– Confirm that both CPU and Memory Hot‐Add are enabled.
– Make sure you have enough space on the datastores.
– The VDP appliance and its storage must NOT migrate during this operation.
– The disk provisioning type cannot be changed from thin to thick, or vice-versa. The disks inherit the provision type that was assigned to them during initial configuration.
Choose the datastore for the VDP storage disks and the provision type for them and click Next. If you go with thin provision, make sure you proactively monitor your datastores because VDP disks will grow very fast on first backups.
Here is the minimum CPU and memory required for the configured capacity. The numbers can be increased if you consider is needed (busy appliance).
If you want to participate in the CEIP program, check the Enable Customer Experience Improvement Program box and continue the wizard, if not, just click Next.
On the Ready to complete page, there is an option for the appliance to do some performance analysis on the storage configuration. Doing this will take a lot of time before it completes, so I’ll leave it up to you, but VMware recommends you do the performance analysis.
On the warning window that pops-up, click Yes to set-up the VDP appliance with the new configuration.
Once completed, a reboot is needed, so you can either do it manually by pressing Restart now, or let it reboot automatically after one minute. Be patient because the reboot will take a while.
If you look in vCenter, you should see the new configuration for the appliance.
Now log out from your VMware vSphere Web Client then authenticate again in order for the VDP icon and menu to be displayed in the console.
Clicking on that icon will take you to the VDP management page where you can create backup jobs, do restores, replications etc.; but first you need to connect to an appliance in order to be able to do those things. I’ve said “an appliance” because you can have multiple VDP appliances managed by the same vCenter server. Select the one we just deployed (in case you have more) and click Connect.
After a few seconds the VDP Getting Started page will be displayed along with all the other menus needed to perform the required tasks.
As you can see, deploying VDP is not difficult, neither configure it. The real challenge is creating a proper plan for the backup jobs, verify those backups, and do some successful restores. All this tasks will be presented in some future article, but until then, feel free to explore the product, see if it actually fits in your company.
Want content like this delivered right to your