Veritas Backup Exec for VMware Cloud on AWS
Article ID: 320028
Updated On:
Products
VMware
Issue/Introduction
This article provides information about the support of Veritas Backup Exec on VMware Cloud that covers VMware Cloud on AWS and VMware Cloud on Dell EMC..
Disclaimer: The partner solution referenced in this article is a solution that is developed and supported by a partner. Use of this product is also governed by the end user license agreement of the partner. You must obtain from the partner the application, support, and licensing for using this product. For more information, see https://www.veritas.com/protection/backup-exec.
Resolution
Here is a summary of target use cases, solution architecture, solution components, and support information.
Note the following:
Following Backup Exec architectures are available to suit a variety of requirements.
Architecture 1: Backup Exec Server in VMC and backup repository in S3
In this architecture, the Backup Exec server is installed in VMC. Backup Exec accesses AWS S3 backup repository using S3 Endpoint. All use cases mentioned earlier are supported with this architecture.
Architecture 2: Backup Exec Server with local backup repository in VMC and remote backup repository in S3
In this architecture, the Backup Exec server is installed in VMC. The local backup repository and AWS S3 cloud storage is configured in Backup Exec. The local backup repository can be local disk storage or deduplication storage. The backup is taken to local repository first and then replicated/duplicated to AWS S3. All use cases mentioned earlier are supported with this architecture using both local repository and AWS S3 backup repository.
Architecture 3: Managed Backup Exec Server (MBES) in VMC and Backup Exec Centralized Administration Server (CAS) on AWS VPC
In this architecture, the Backup Exec is installed using Central Administration Server Option in AWS VPC and using Managed Backup Exec Server option in VMC virtual machine. You can create or monitor backup and restore jobs through either of the Backup Exec servers. Backup is taken to MBES local repository in VMC and then replicated to the CAS backup repository. All use cases mentioned earlier are supported with this architecture.
For more information, refer Backup Exec 21.1 Administrator's Guide. Additionally, refer to Backup Exec’s latest Administrator’s Guide.
Ensure that communication between Backup Exec Servers (Managed and Central Administration Server) and Agents works as described in the article: Using Backup Exec with firewalls.
For Architecture 1 and Architecture 2:
For Architecture 3:
Interoperability with VMware Cloud on AWS Features
Backup Exec does not distinguish between on-premises or VMC environment. All VMC features interoperate well with Backup Exec with respect to data protection.
VMware Cloud on AWS and VMware Cloud on Dell EMC:
Use cases that are supported
Veritas Backup Exec 21.1 and later supports the following use cases in VMware Cloud on AWS and VMware Cloud on Dell EMC:- Image level backup and restore of virtual machines.
- Restore to existing and new virtual machines.
- Granular restore from image level backup.
- In-guest backup and restore of file system data and application data using Backup Exec Agent for Windows and Agent for Linux/Unix.
Use cases that are not supported
Veritas Backup Exec 21.1 and later does not support the following use cases in VMware Cloud on AWS and VMware Cloud on Dell EMC:- Instant Recovery and Recovery Ready features.
- The nbd, nbdssl, and san transport modes.
Solution Architecture
Backup Exec provides data protection services for virtual machines hosted on VMware vSphere. The Backup Exec server uses the hotadd transport mode for efficient backup and restore of virtual machines that reside on a vSAN datastore. The hotadd transport mode requires a backup host installed in a virtual machine per cluster.Note the following:
- The Backup Exec needs to be installed in a virtual machine per SDDC cluster.
- The hotadd transport mode is the only transport mode that VMC supports.
- VMware recommends that backups not be stored in the vSAN datastore.
Following Backup Exec architectures are available to suit a variety of requirements.
Architecture 1: Backup Exec Server in VMC and backup repository in S3
In this architecture, the Backup Exec server is installed in VMC. Backup Exec accesses AWS S3 backup repository using S3 Endpoint. All use cases mentioned earlier are supported with this architecture.
Architecture 2: Backup Exec Server with local backup repository in VMC and remote backup repository in S3
In this architecture, the Backup Exec server is installed in VMC. The local backup repository and AWS S3 cloud storage is configured in Backup Exec. The local backup repository can be local disk storage or deduplication storage. The backup is taken to local repository first and then replicated/duplicated to AWS S3. All use cases mentioned earlier are supported with this architecture using both local repository and AWS S3 backup repository.
Architecture 3: Managed Backup Exec Server (MBES) in VMC and Backup Exec Centralized Administration Server (CAS) on AWS VPC
In this architecture, the Backup Exec is installed using Central Administration Server Option in AWS VPC and using Managed Backup Exec Server option in VMC virtual machine. You can create or monitor backup and restore jobs through either of the Backup Exec servers. Backup is taken to MBES local repository in VMC and then replicated to the CAS backup repository. All use cases mentioned earlier are supported with this architecture.
SDDC supported versions
Backup Exec supports following Software-Defined Data Center (SDDC) versions:- Backup Exec 21.1 supports SDDC 1.12
- Backup Exec 21.2 supports SDDC 1.14
Solution Components
Backup Exec works with the following components:- Software-Defined Data Center (SDDC) 1.12 and later
- Backup Exec Server or Managed Backup Exec Server in the VMC to provide hotadd backup and restore.
- Backup Exec Centralized Administration Server to manage one or more Managed Backup Exec Servers.
- Backup Exec Agent for Windows and Agent for Linux/Unix in the virtual machines for in-guest backup and restore.
For more information, refer Backup Exec 21.1 Administrator's Guide. Additionally, refer to Backup Exec’s latest Administrator’s Guide.
Backup Exec Installation Notes
To install Backup Exec Server or Backup Exec Agent for Windows and Agent for Linux/Unix on virtual machine in VMC refer, Backup Exec 21.1 Installation Guide.Ensure that communication between Backup Exec Servers (Managed and Central Administration Server) and Agents works as described in the article: Using Backup Exec with firewalls.
Network configuration
After the SDDC is created, use the following steps to create firewall rules for Backup Exec Server in all three supported architectures.For Architecture 1 and Architecture 2:
- In the VMware Cloud on AWS console, click View Details > Network & Security
- Navigate to Security > Gateway Firewall > Management Gateway.
- Click ADD RULE to allow traffic from virtual machines to vCenter.
Name: VM-to-VC
Action: Allow
Services: HTTPS
Sources: IP Address of Backup Exec Server
Destination: vCenter
Services: HTTPS
Sources: IP Address of Backup Exec Server
Destination: vCenter
- Click ADD RULE to allow traffic from virtual machines to ESXi.
Name: VM-to-ESXi
Action: Allow
Services: HTTPS, Provisioning
Sources: IP Address of Backup Exec Server
Destination: ESXi
Action: Allow
Services: HTTPS, Provisioning
Sources: IP Address of Backup Exec Server
Destination: ESXi
- Click PUBLISH to publish the rules.
- To create an S3 endpoint and access s3 buckets from VMC, see the VMware document Access an S3 Bucket Using an S3 Endpoint.
- Navigate to Security->Gateway Firewall->Compute Gateway.
- Click ADD RULE to allow traffic from virtual machines to S3 in us-east-1
Name: VM-to-S3USEast
Action: Allow
Services: HTTPS
Sources: IP Address of Backup Exec Server
Destination: Public IPs of S3 us-east-1 region
Applied To: Internet Interface
Action: Allow
Services: HTTPS
Sources: IP Address of Backup Exec Server
Destination: Public IPs of S3 us-east-1 region
Applied To: Internet Interface
- Click ADD RULE to allow traffic from S3 Endpoint to virtual machines.
Name: S3-to-VM
Action: Allow
Services: HTTPS
Sources: S3 Prefixes
Destination: IP Address of Backup Exec Server
Applied To: VPC Interface
Action: Allow
Services: HTTPS
Sources: S3 Prefixes
Destination: IP Address of Backup Exec Server
Applied To: VPC Interface
- Click ADD RULE to allow traffic from virtual machines to S3 Endpoint
Name: VM-to-S3
Action: Allow
Services: HTTPS
Sources: IP Address of Backup Exec Server
Destination: S3 Prefixes
Applied To: VPC Interface
Action: Allow
Services: HTTPS
Sources: IP Address of Backup Exec Server
Destination: S3 Prefixes
Applied To: VPC Interface
For Architecture 3:
- In the VMware Cloud on AWS console, click View Details > Network & Security
- Navigate to Security > Gateway Firewall > Management Gateway.
- Click ADD RULE to allow traffic from VPC to vCenter
Name: VPC-to-VC
Action: Allow
Services: HTTPS
Sources: Public IP address of compute gateway and private IP address of EC2
Destination: vCenter
Action: Allow
Services: HTTPS
Sources: Public IP address of compute gateway and private IP address of EC2
Destination: vCenter
- Click PUBLISH to publish the rules.
- Navigate to Security > Gateway Firewall > Management Gateway.
- Click ADD RULE to allow traffic from VPC to virtual machines.
Name: VPC-to-VM
Action: Allow
Services: Backup Exec Ports
Sources: Connected VPC Prefixes
Destination: Public IP address of compute gateway and private IP address of EC2
Applied To: VPC Interface
Action: Allow
Services: Backup Exec Ports
Sources: Connected VPC Prefixes
Destination: Public IP address of compute gateway and private IP address of EC2
Applied To: VPC Interface
- Click ADD RULE to allow traffic from virtual machines to VPC
Name: VM-to-VPC
Action: Allow
Services: Backup Exec Ports
Sources: compute segment group
Destination: Connected VPC Prefixes
Applied To: VPC Interface
Action: Allow
Services: Backup Exec Ports
Sources: compute segment group
Destination: Connected VPC Prefixes
Applied To: VPC Interface
- To know the list of ports used by Backup Exec, refer Backup Exec ports.
| Questions | Choose from the list (all that apply) Provide free text when there is no list |
| What backup repositories are supported? | AWS S3 and any other cloud storage supported by Backup Exec: https://www.veritas.com/content/support/en_US/doc/BE_21_HCL |
| How is backup data transmitted to the repository? | ENI, Public Internet |
| Describe the implementation of the Datamover component | Backup Exec server itself acts as backup proxy/host. |
| Datamover Scale | One Backup Exec server per cluster; you can deploy multiple Backup Exec servers or Managed Backup Exec Servers in VMC depending on the environment. |
| In large SDDCs (>500 VMs, >nTBs), your solution may scale data movers. How do you scale? | You can deploy multiple Backup Exec servers or Managed Backup Exec servers in VMC depending on the need. |
| How are additional data movers provisioned? | Customer controlled |
| Describe additional functionalities of image-based backups | File based recovery; Application/Databases consistent backup (Microsoft Exchange Server, Microsoft SQL Server, Microsoft Active Directory, Microsoft SharePoint Server); Forever Incremental Backups (also known as Backup Exec Accelerator). |
| Describe if in-guest backup options are available | Backup Exec Agent for Windows and Agent for Linux/Unix can be installed in-guest to protect file system or application data. |
| Describe security features | Backup Exec supports encryption in-rest and encryption in transit. |
| Describe network bandwidth/utilization control features | Backup Exec allows you to prioritize virtual machine backups. |
| Describe design of deduplication/compression features | Backup Exec supports server-side deduplication for virtual machine backups, only unique blocks are stored in deduplication storage. |
| Describe added-value services/features not listed above | |
For a 1TB VM Full backup/Full restore, describe
|
|
| Hybrid centralized management: Describe how on-premises and VMC backups can be managed. Do you support single management console? | Backup Exec Central Administration Server can be installed in on-premise server which can manage Managed Backup Exec Servers installed in VMC from single console. |
Hybrid restore/migration mode: Describe how a VM can be restored from on-premises backup to VMC or from VMC to on-premises | Backup Exec’s device sharing option in Backup Exec Centralized Administration Server allows backup to be replicated from on-premise to VMC. After replication Managed Backup Exec Server can restore virtual machine from replicated backup to VMC. |
| For example, let’s say that you have a hybrid configuration. On-premise with local backup, in VMC with cloud backup. What happens if an on-premise VM is migrated to VMC? Will the backup solution automatically update the location of the repository or will the VM still be backed up on premise? | Backup Exec dynamic inclusion allows to backup new resources depending on the backup selections. If the migrated virtual machine in VMC is part of the backup selection list, it will be automatically backed up in VMC. |
| Scale: What are your supported maximums (# of VMs, # of TBs) both in number, and/or in simultaneous backup streams? | Backup Exec does not have published information for maximum number of VMs. It varies on multiple factors such as compute, memory of the Backup Exec server. Typically, a single Backup Exec server can protect 50-100 virtual machines with size ranging from 500GB-5TB. |
Interoperability with VMware Cloud on AWS Features
Backup Exec does not distinguish between on-premises or VMC environment. All VMC features interoperate well with Backup Exec with respect to data protection.
Additional Information
Link to download site: https://www.veritas.com/form/trialware/backup-exec
Link to Backup Exec Administrator’s Guide: Backup Exec 21.1 Administrator’s Guide.
For more information on Veritas Backup Exec: https://www.veritas.com/protection/backup-exec
Link to Backup Exec Administrator’s Guide: Backup Exec 21.1 Administrator’s Guide.
For more information on Veritas Backup Exec: https://www.veritas.com/protection/backup-exec
Feedback
Yes
No
Powered by
