Install and activate the disaster recovery gateway in your on-premises VMware environment. After activation, create backup and restore jobs from the Cloud Backup console. Cloud Backup backs up and restores on-premises VMware virtual machines.
(Recommended) Use a RAM user AccessKey for disaster recovery
Resource Access Management (RAM) is an Alibaba Cloud service that lets you create and manage multiple identities under one account with different permissions.
To activate a disaster recovery gateway, you need an AccessKey. Your Alibaba Cloud account AccessKey grants full access to all resources — if exposed, all resources are at risk. Use a RAM user AccessKey instead. Create a RAM user and AccessKey before starting: Create a RAM user, Create an AccessKey pair.
Prerequisites
-
You have activated the Alibaba Cloud Cloud Backup service. While activating Cloud Backup is free, using the VMware backup and disaster recovery feature of Cloud Backup incurs fees for Cloud Backup storage capacity and VMware backup software. VMware backup and disaster recovery fees.
-
You have the credentials for a VMware account with permissions to access vCenter Server and its resources.
Notes
-
Support for operating systems and VMware platforms is limited, and permission locations and categories vary by vCenter version. Limits on VMware disaster recovery.
-
The gateway AccessKey can expire or be rotated. If rotated, reactivate the gateway or backups will fail. How do I change the AccessKey for a VMware disaster recovery gateway to reactivate it?.
Step 1: Create a backup account
Create a VMware role and user in vCenter Server, then assign the role to the user. This account allows Cloud Backup to access vCenter Server resources.
-
Log in to the vSphere Web Client.
-
Create a VMware role.
-
Click Menu > Administration.
-
On the Roles tab, click the plus icon.
-
In the New Role dialog box, select the required permissions from the following table, and then click NEXT.
NoteThe locations and categories of permissions can differ between vCenter versions. Be sure to verify them carefully.
-
-
Enter a role name and description, and then click Finish.
Use an easily identifiable name, such as HBRBackupAdminRole.
-
-
Create a VMware user.
-
Click Menu and select Administrator.
-
On the Users and Groups tab, from the Domain drop-down list, select the local domain and click ADD USER.
-
In the Add User dialog box, enter the User name and Password, and click ADD.
Use an easily identifiable name, for example, BackupAdmin.
ImportantSave the username and password in a secure location. You will need these credentials to add a vCenter Server in the Cloud Backup console.
-
-
Assign the VMware role to the VMware user.
-
Click Menu and select Administration.
-
On the Global Permissions tab, click the plus icon.
-
In the Add Permission dialog box, configure the following parameters and click OK.
-
Step 2: Add a disaster recovery gateway
A disaster recovery gateway runs backup and restore jobs. Configure and download the gateway on the server where vSphere Client is deployed.
-
On the server where the vSphere Client is deployed, sign in to the Cloud Backup console.
-
In the left-side navigation pane, choose .
-
In the upper-left corner of the top menu bar, select a region.
-
In the upper-right corner of the VMware Backup & Disaster Recovery page, click Create Backup & Disaster Recovery Gateway.
-
In the Create Backup & Disaster Recovery Gateway panel, configure the parameters and click Create.
Parameter
Description
Backup Vault
Configure the backup vault for storing backups.
-
Create backup vault: Enter a name for the new backup vault, or leave it blank to have a name automatically assigned.
-
Select backup vault: Select an existing backup vault.
ImportantAfter you create a backup vault and store data, Cloud Backup charges for resources such as storage capacity. Billing methods and billable items.
To maximize data redundancy, Cloud Backup uses zone-redundant storage (ZRS) vaults by default where available. In regions with only locally redundant storage (LRS), Cloud Backup uses an LRS vault. You do not need to select the vault type manually.
Vault Name
The name of the backup vault.
Vault Resource Group
This parameter is required only when Backup Vault is set to Create backup vault. It specifies the resource group to which the backup vault belongs.
Resource groups let you manage and authorize resources in logical groups. Create a resource group.
Gateway name
Gateway name. Maximum 64 characters.
VMware environment
The VMware platform where the VM is deployed. For this tutorial, select On-premise vSphere.
-
On-premise vSphere: The VM is deployed on a server in your local data center.
-
Alibaba Cloud VMware Service (ACVS): The VM is deployed within Alibaba Cloud VMware Service.
Network type
The network type. For this tutorial, select Internet.
-
VPC: Select this option for VMs that use a VPC in the same region as the backup vault.
NoteThe VMware backup client must have a network route to the Alibaba Cloud VPC. The route from your on-premises network to the cloud must allow traffic to the service CIDR blocks: 100.64.0.0/10, 100.64.0.0/11, or 100.96.0.0/11.
-
Internet: Select this option if a VPC connection is not available.
Use HTTPS for data transfer
Transfers data over HTTPS. May reduce performance. Data is always encrypted before storage. Takes effect on the next backup or restore job.
-
-
In the Create Backup & Disaster Recovery Gateway panel, click Download Gateway and Download Certificate.
The downloaded disaster recovery gateway package is the OVF template required for Step 3: Install the disaster recovery gateway.
NoteThe installation package connects the gateway to Cloud Backup, and the certificate activates it. You can download and deploy the gateway from the client list at any time.
Step 3: Install the disaster recovery gateway
After downloading the gateway and certificate, install the gateway in your VMware environment.
-
Log on to the vSphere Web Client.
-
Cloud Backup supports only vCenter Server 6.7 and later.
-
Use a browser to access the vSphere Web Client (Flash or HTML5).
-
-
In the left navigation pane, right-click the virtual machine where you want to deploy the gateway, and then select Deploy OVF Template.
Full OVF deployment instructions: Deploy OVF template.-
On the Deploy OVF Template page, select Local file. Click UPLOAD FILES, select the downloaded disaster recovery gateway installation package, and then click NEXT.
NoteCloud Backup provides the client package in OVA format for simplified downloads. This package deploys directly as an OVF template in the Web Client.
-
Enter a name for the virtual machine, select a deployment location, and then click NEXT.
-
Select a compute resource for the deployed template and click NEXT.
-
Verify the template details and click NEXT.
-
Select a virtual disk format, select a storage location for the deployed template files, and then click NEXT.
-
Select a destination network for each source network and click NEXT.
-
Customize the deployment properties and click NEXT.
-
If you use DHCP, you do not need to specify Gateway, IP, and Netmask. For a static IP, specify these values.
-
Ensure the Primary DNS and Secondary DNS servers can resolve domain names for Cloud Backup, vCenter Server, and ESXi.
-
The Admin User Name and Admin User Password set the credentials for the gateway VM. This user has root permissions for VM login.
-
-
Review the configuration data and click FINISH.
-
-
In the Recent Tasks pane, monitor the task until it completes.
Step 4: Activate disaster recovery gateway
The system automatically deletes a VMware disaster recovery gateway if it is not activated within 48 hours of its creation.
-
After the deployment, start the VM deployed from the OVF template.
-
Open a browser and enter
http://hostname:8011in the address bar.The
hostnameis the IP address of the gateway VM deployed from the OVF template. -
On the Register page, configure the parameters and click Register to log on to the disaster recovery gateway. The following table describes the parameters.
Parameter
Description
AccessKey ID
Obtain the AccessKey ID and AccessKey Secret of a RAM user from the Alibaba Cloud account with Cloud Backup activated. Create an AccessKey pair for a RAM user.
NoteThe gateway AccessKey can expire or be rotated. If rotated, reactivate the gateway or backup jobs will fail. How do I reset a VMware backup gateway (change the AccessKey pair)?.
AccessKey Secret
Password
Gateway login password. Minimum 6 characters.
Certificate file
Select the certificate downloaded from the console. If the gateway is powered off for more than five days after activation, the certificate expires and you must download a new one to reactivate.
After you activate the gateway, its status changes to Activated on the Backup & Disaster Recovery Gateway tab of the VMware Backup & Disaster Recovery page. You can also perform the following operations in the Actions column:
-
Throttle Bandwidth: Set traffic limits for different time periods to prevent backup jobs from consuming excessive VMware resources.
-
<hd> More </hd>:
-
Download Gateway: Download the disaster recovery gateway installation package.
-
Download Certificate: Download the activation certificate for the disaster recovery gateway.
-
Delete: Deletes the client and all its backup data. Running backup or restore jobs will fail. Ensure you no longer need the data and no jobs are in progress.
-
Gateway Settings: Configure HTTPS for data transfer, maximum worker threads, and CPU cores.
-
-
FAQ
Error deploying an OVA template?
To deploy an OVA template, use a vSphere Web Client managed by vCenter Server 6.7 or later. If an error occurs, perform the following checks:
-
Verify that Cloud Backup supports your vCenter Server version.
-
If a "general error" message appears during deployment, change your browser's language to English and deploy the template again.
Failed to add a vCenter Server?
This operation can fail if the password contains any of the following special characters:
` ^ ~ = ; ! / ( [ ] { } @ $ \ & # % +
As a best practice, create a dedicated vCenter Server backup account with the administrator role. Use only periods (.) as special characters in the password to prevent authentication failures. Create a backup account.