Mount proxy node and data mover node requirements
Operations require specific node types and certain environment settings.
- Data mover nodes are required for the following operations:
- IFINCREMENTAL - indicates the incremental-forever incremental backup type.
- IFFULL - indicates the incremental-forever full backup type.
- Mount proxy nodes are required for the following operations:
- Full VM instant access
- Full VM instant restore
- Mount
- A mount operation accesses a Windows system and a Linux system that function as mount proxy systems. The Windows proxy system also requires the recovery agent to be installed. These two mount proxy nodes function together during a mount operation. Mount proxy nodes are created in pairs and are required by the datacenter node for each Windows or Linux system that serves as a proxy.
- Only one mount proxy node is allowed for each physical or virtual Windows mount proxy system. If you want to use multiple mount proxy node pairs, you must install each Windows mount proxy node on a separate system, along with a recovery agent.
- You cannot mount the backup of a Windows mount proxy node or Linux mount proxy node to itself.
- The following requirements are specific to data movers and mount proxy systems if
VMs are in a VVOL datastore:
- For stability, the data mover and mount proxy should reside on a non-VVOL datastore.
- For improved performance for file restore for Windows guest VMs, configure the Windows mount proxy system in the same datacenter and the same ESXi host as the guest VMs. This configuration takes advantage of the VMware virtual disk hot add capability.
- Linux only: The credentials for the vCenter must be set on the mount proxy system by using the dsmc Set Password command.
- Linux only: The VMCHOST option for the mount proxy must be specified in the dsm.sys options file.
The recovery agent is restricted to one node assignment. This node must be a mount proxy node. Although a Windows system might contain multiple data mover nodes, only one proxy mount node is allowed for the recovery agent to use. As a result, operations that use the recovery agent fail when you attempt to connect to a system with a node that is not assigned to the recovery agent.
- Mount operations
- When you run a mount operation with the mount proxy node from VMware datacenter DC1, the recovery agent connects to that mount proxy node. Because that connection to the mount proxy node is the only correct connection, the recovery agent does not use another mount operation with any other nodes on that mount proxy system. As a result, the mount operation fails when you use a mount proxy node from VMware datacenter DC2.
- Before you attempt a mount operation, you must disable multipathing on the Linux mount proxy
system.Note: Logical Volume Manager (LVM) filtering can block iSCSI connections.Note: The Linux mount proxy system does not support LVM auto activation.
- Instant access or instant restore operations
- You attempt to run an instant access or instant restore operation with a mount proxy node from a Windows system that is used as a mount proxy system. A Windows mount proxy system requires the recovery agent to be installed. Because the connection from the recovery agent to the Windows mount proxy node (to run the mount operation) is the only correct connection, an instant access or instant restore operation that attempts to use this mount proxy node (from the same Windows system) fails.
GRANT PROXYNODE TARGET=DC_NODE AGENT=LOCAL_MP_WIN
GRANT PROXYNODE TARGET=DC_NODE AGENT=LOCAL_MP_LNX
File sharing security
When you share a mounted virtual machine snapshot, certain security issues can occur that are related to NFS (Linux) and CIFS (Windows) protocols. Review these issues to better understand the security impact when you share a mounted virtual machine snapshot.
- The mounted volumes that belong to Linux system (B) are shared to a different Linux host (A).
- The Linux host (A) has the same user names as the Linux system (B) that was backed up
esx2vm55:/opt/tivoli/tsm/client/ba/bin # ls -la /CVT/TSM/ESX2VM21/2014-05-22-01_32_53/Volume7
total 19
drwx------ 4 500 500 1024 Apr 28 23:53 .
drwxr-xr-x 8 root root 4096 May 27 22:06 ..
drwxrwxr-x 2 500 500 1024 Apr 28 23:52 RAID_0
drwx------ 2 root root 12288 Apr 28 23:52 lost+found
This
output is an example of access to shared volumes:[tester1@ESX2VM51 Volume7]$ ls -la
total 19
drwx------ 4 nobody nobody 1024 Apr 28 23:53 .
drwxr-xr-x 8 nobody nobody 4096 May 27 22:06 ..
drwxrwxr-x 2 nobody nobody 1024 Apr 28 23:52 RAID_0
drwx------ 2 nobody nobody 12288 Apr 28 23:52 lost+found
Make sure that the correct Linux hostname/IP address or Windows user name is specified. If the correct hostname/IP address or user name is not specified, the share operation fails. This failure is identified by the operating system.
On Windows systems, a user with the same credentials as the backed up Windows virtual machine can access the shared volumes on any Windows system.