Backing up VMware data

Use a backup job to back up VMware resources such as virtual machines, datastores, folders, vApps, and datacenters with snapshots.

Before you begin

Review the following procedures and considerations before you create a backup job definition:
  • Register the providers that you want to back up. For more instructions, see Adding a vCenter Server instance.
  • Configure SLA policies. For more instructions, see Create backup policies.
  • Before an IBM Spectrum Protect Plus user can implement backup and restore operations, roles must be assigned to the user. Grant users access to hypervisors and backup and restore operations by using the Accounts pane. Roles and associated permissions are assigned during user account creation. For more information, see Managing user access and Managing user accounts.
  • If a virtual machine is associated with multiple SLA policies, ensure that the policies are not scheduled to run concurrently. Either schedule the SLA policies to run with a significant amount of time between them, or combine them into a single SLA policy.
  • If your vCenter is a virtual machine, to help maximize data protection, have the vCenter on a dedicated datastore and backed up in a separate backup job.
  • When backing up VMware virtual machines, IBM Spectrum Protect Plus downloads .vmx, .vmxf, and .nvram files if necessary, and then it transfers those files to the vSnap as needed. For this to work successfully, the IBM Spectrum Protect Plus appliance must be able to resolve and access all protected ESXi hosts; and when communicating with an ESXi host, the correct IP address must be returned.
  • If a VM is protected by an SLA policy, the backups of the VM will be retained based on the retention parameters of the SLA policy, even if the VM is removed from vCenter.
  • In some cases, VMware backup jobs fail with “failed to mount” errors. To resolve this issue, increase the maximum number of NFS mounts to at least 64 by using the NFS.MaxVolumes (vSphere 5.5 and later) and NFS41.MaxVolumes (vSphere 6.0 and later) values. Follow the instructions in Increasing the default value that defines the maximum number of NFS mounts on an ESXi/ESX host.
  • If an existing VM is vMotioned, IBM Spectrum Protect Plus will perform a rebase if necessary.
  • Ensure the latest version of VMware Tools is installed on VMware virtual machines.
Restriction: File cataloging, backup, point-in-time restores, and other operations that invoke the Windows agent will fail if a non-default local administrator is entered as the Guest OS Username when defining a backup job. A non-default local administrator is any user that has been created in the guest OS and has been granted the administrator role.

This occurs if the registry key LocalAccountTokenFilterPolicy in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] is set to 0 or not set. If the parameter is set to 0 or not set, a local non-default administrator cannot interact with WinRM, which is the protocol IBM Spectrum Protect Plus uses to install the Windows agent for file cataloging, send commands to this agent, and get results from it.

Set the LocalAccountTokenFilterPolicy registry key to 1 on the Windows guest that is being backed up with Catalog File Metadata enabled. If the key does not exist, navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] and add a DWord Registry key named LocalAccountTokenFilterPolicy with a value of 1.

Procedure

To define a VMware backup job, complete the following steps:

  1. In the navigation pane, click Manage Protection > Hypervisors > VMware.
  2. Select resources to back up.
    Use the search function to search for available resources and toggle the displayed resources by using the View filter. Available options are VMs and Templates, VMs, Datastore, Tags and Categories, and Hosts and Clusters. Tags are applied in vSphere, and allow a user to assign metadata to virtual machines.
  3. Click Select SLA Policy to add one or more SLA policies that meet your backup data criteria to the job definition.
  4. To create the job definition by using default options, click Save.

    The job runs as defined by the SLA policies that you selected. To run the job manually, click Jobs and Operations > Schedule. Select the job and click Actions > Start.

    Tip: The Runbutton is only enabled for a single hypervisor backup, and the hypervisor must have an SLA policy applied.

    When the job definition is saved, available virtual machine disks (VMDKs) in a virtual machine are discovered and are shown when VMs and Templates is selected in the View filter. By default, these VMDKs are assigned to the same SLA policy as the virtual machine. If you want a more granular backup operation, you can exclude individual VMDKs from the SLA policy. For instructions, see Excluding VMDKs from the SLA policy for a job.

  5. To edit options before you create the job definition, click Select Options.
    In the Backup Options section, set the following job definition options:
    Skip Read-only datastores

    Skip datastores that are mounted as read-only.

    Skip temporary datastores mounted for Instant Access

    Exclude temporary Instant Access datastores from the backup job definition.

    VADP Proxy

    Select a VADP proxy to balance the load.

    Priority

    Set the backup priority of the selected resource. Resources with a higher priority setting are backed up first in the job. Click the resource that you want to prioritize in the VMware Backup section, and then set the backup priority in the Priority field. Set 1 for the highest priority resource or 10 for the lowest. When a priority value is not set, automatically assigns a priority of 5 is set by default.

    In the Snapshot Options section, set the following job definition options:

    Make VM snapshot application/file system consistent

    Enable this option to turn on application or filesystem consistency for the virtual machine snapshot. All VSS-compliant applications such as Microsoft Active Directory, Microsoft Exchange, Microsoft SharePoint, Microsoft SQL, and the system state are quiesced. VMDKs and virtual machines can be instantly mounted to restore data that is related to quiesced applications.

    VM Snapshot retry attempts

    Set the number of times that IBM Spectrum Protect Plus attempts to capture an application or file-consistent snapshot of a virtual machine before the job is canceled. If the Fall back to unquiesced snapshot if quiesced snapshot fails option is enabled, an unquiesced snapshot will be taken after the retry attempts.

    Fall back to unquiesced snapshot if quiesced snapshot fails

    Enable to fall back to a non-application or non-file-system consistent snapshot if the application consistent snapshot fails. Selecting this option ensures that an unquiesced snapshot is taken if environmental issues prohibit the capture of an application or file-system consistent snapshot.

    In the Agent Options section, set the following job definition options:
    Truncate SQL logs

    To truncate application logs for SQL Server during the backup job, enable the Truncate SQL logs option. The credentials must be established for the associated virtual machine by using the Guest OS user name and Guest OS Password option within the backup job definition. When the virtual machine is attached to a domain, the user identity follows the default domain\name format. If the user is a local administrator, the format local_administrator is used.

    The user identity must have local administrator privileges. On the SQL Server server, the system login credential must have the following permissions:
    IBM Spectrum Protect Plus generates log files for the log truncation function and copies them to the following location on the IBM Spectrum Protect appliance: 
    /data/log/guestdeployer/latest_date/latest_entry/vm_name

    Where latest_date is the date that the backup job and log truncation occurred, latest_entry is the universally unique identifier (UUID) for the job, and vm_name is the hostname or IP address of the VM where the log truncation occurred.

    Restriction: File indexing and file restore are not supported from restore points that were offloaded to cloud resources or repository servers.
    Catalog file metadata

    Turn on file indexing for the associated snapshot. When file indexing is completed, individual files can be restored by using the File Restore pane in IBM Spectrum Protect Plus. Credentials must be established for the associated virtual machine by using an SSH key, or a Guest OS Username and Guest OS Password options within the backup job definition. Ensure that the virtual machine can be accessed from the IBM Spectrum Protect Plus appliance either by using DNS or a host name.

    Restrictions: SSH Keys are not valid authorization mechanism for Windows platforms.

    File indexing and file restore are not supported from restore points that were offloaded to cloud resources or repository servers.

    Exclude Files

    Enter directories to skip when file indexing is performed. Files within these directories are not added to the IBM Spectrum Protect Plus catalog and are not available for file recovery. Directories can be excluded through an exact match or with wildcard asterisks specified before the pattern (*test) or after the pattern (test*). Multiple asterisk wildcards are also supported in a single pattern. Patterns support standard alphanumeric characters as well as the following special characters: - _ and *. Separate multiple filters with a semicolon.

    Use existing user

    Select a previously entered user name and password for the provider.

    Guest OS Username/Password

    For some tasks (such as cataloging file metadata, file restore, and IP reconfiguration), credentials must be established for the associated virtual machine. Enter the user name and password, and ensure that the virtual machine can be accessed from the IBM Spectrum Protect Plus appliance either by using DNS or a host name.

  6. To troubleshoot a connection to a hypervisor virtual machine, use the Test function.
    The Test function verifies communication with the virtual machine and tests DNS settings between the IBM Spectrum Protect Plus appliance and the virtual machine. To test a connection, select a single virtual machine, then click Select Options. Select Use existing user and select a previously entered user name and password for the resource. The Test button displays to the right of the Save button in the Options section. Click Test.
  7. Click Save.
  8. To configure additional options, click the Policy Options field that is associated with the job in the SLA Policy Status section. Set the additional policy options:

    Pre-scripts and Post-scripts

    Run a pre-script or a post-script. Pre-scripts and post-scripts are scripts that can be run before or after a job runs. Windows-based machines support Batch and PowerShell scripts while Linux®-based machines support shell scripts.

    In the Pre-script or Post-script section, select an uploaded script and a script server where the script will run. Scripts and script servers are configured by using the System Configuration > Script page.

    To continue running the job if the script associated with the job fails, select Continue job/task on script error.

    When this option is enabled, if a pre-script or post-script completes processing with a non-zero return code, the backup or restore operation is attempted and the pre-script task status is reported as COMPLETED. If a post-script completes with a non-zero return code, the post-script task status is reported as COMPLETED.

    When this option is disabled, the backup or restore is not attempted, and the pre-script or post-script task status is reported as FAILED.

    Run inventory before backup

    Run an inventory job and capture the latest data of the selected resources before starting the backup job.

    Exclude Resources

    Exclude specific resources from the backup job by using single or multiple exclusion patterns. Resources can be excluded by using an exact match or with wildcard asterisks specified before the pattern (*test) or after the pattern (test*).

    Multiple asterisk wildcards are also supported in a single pattern. Patterns support standard alphanumeric characters as well as the following special characters: - _ and *.

    Separate multiple filters with a semicolon.

    Force Full Backup of Resources

    Force base backup operations for specific virtual machines or databases in the backup job definition. Separate multiple resources with a semicolon.

  9. To save any additional options that you configured, click Save.

What to do next

After you define a backup job, you can complete the following actions:
Action How to
If you are using a Linux environment, consider creating VADP proxies to enable load sharing. See Creating VADP proxies.
Create a VMware restore job definition. See Restoring VMware data.