Add a backup gateway - User Guide| Alibaba Cloud Documentation Center

To perform physical backups and restores for a self-managed database or enable automatic download of backup sets to the database server, you must install a backup gateway on the database server. Then, Database Backup (DBS) connects to the database server by using the backup gateway. This way, you can back up, restore, and download data.

Prerequisites

A Java environment is installed on a database server.
- For a Linux server, Java Runtime Environment (JRE) 1.8 is installed. You can download the installation package from Java SE Development Kit 8 Downloads and install it.
- For a Windows server, Java SE Development Kit (JDK) 8u261 is installed. You can download the installation package from Java SE Development Kit 8 Downloads and install it.
  
  Note You must install JDK 8u261 on a Windows server. If you install JDK of other versions, the backup precheck fails.
You can run the java -version command on the command-line interface (CLI) to check the current Java version.
Before you begin, make sure that the following operations are complete:
- An AccessKey pair is created, and the AccessKey ID and AccessKey secret are obtained. The AccessKey pair is used for identity verification when you register with or log on to the DBS console from your backup gateway. For more information, see Create an AccessKey pair.
- The AliyunDBSFullAccess and AliyunOSSFullAccess permissions are obtained if you want to add a backup gateway as a RAM user. For more information, see Grant permissions to a RAM user.
  Note
  - By default, the preceding permissions are granted to your Alibaba Cloud account when you activate DBS.
  - After a backup gateway is added, the backup gateway is available in the DBS console to all RAM users that belong to your Alibaba Cloud account.
The database server on which you want to install the backup gateway has more than 1 GB of disk space and the following permissions:
- Linux: root permissions
- Windows: administrator permissions

Usage notes

If a backup gateway was installed before, we recommend that you uninstall the backup gateway, delete the dbs_agent folder that stores backups, and clear the environment. You can use the following methods to uninstall a backup gateway:
- Linux
  1. Log on to the Linux operating system. Run the cd /usr/local/aliyun/dbs_agent command to go to the default installation directory of the backup gateway.
  2. Run the java -jar Uninstaller/uninstaller.jar -c command in the installation directory. The following figure shows that the backup gateway is uninstalled.
  3. Run the cd /usr/local/aliyun command to go to the parent directory.
  4. Run the sudo rm -rf dbs_agent command in the parent directory to delete the dbs_agent folder.
  Note The default installation directory is /usr/local/aliyun/dbs_agent.
- Windows
  1. Uninstall AliyunDBSAgent from your database server.
  2. Manually delete the dbs_agent folder.
  Note The default installation directory is C:\Program Files\aliyun\dbs_agent.
If you want to back up SQL Server databases, you must assign the Sysadmin role to the NT AUTHORITY\SYSTEM account. For more information, see FAQ.

Note By default, the NT AUTHORITY\SYSTEM account is used to start AliyunDBSAgent.

Features

Purposes

A backup gateway is a backup client that is installed on a database server. The backup gateway can be used to back up databases from the database server to DBS.

Note No backup gateway is required for logical backups.


Purpose	Concept	Description
Physical backup	Physical backup is the database file-level backup. The database files in the operating system are backed up.	The backup gateway starts a process on the database server to receive the tasks that you run in the DBS console to perform related operations and configure backup schedules. The backup gateway also performs operations to back up and restore data in databases.
Private network backup	For databases in private network environments, such as private network databases deployed in your data center or on third-party clouds, DBS cannot directly access or back up these databases.	The backup gateway can access the DBS server and Object Storage Service (OSS) to allow DBS to access databases in private network environments.
Automatic download	DBS provides automatic download of backup sets to your database server.	To further protect the databases that are stored on the cloud, the backup gateway downloads backup sets from the cloud to your database server on a regular basis.

Scenario configurations

DBS provides the backup gateway component to connect to a database server and the database gateway component to connect to a bastion host.

Table 1. Scenario configurations
Scenario	Description
A network topology that does not contain a bastion host is used.	You need only to install a backup gateway on a database server.
A network topology that contains a bastion host is used. A database server on an internal network must use a bastion host proxy to connect to the Internet.	The backup gateway on the database server can communicate with the Internet by using the database gateway that is installed on a bastion host. For more information, see Add a backup gateway of the bastion host architecture.

Installation method
Backup gateways automatically determine an installation method, such as installation by using a GUI or a CLI, based on your system environment. You can also install a backup gateway in unattended installation mode.

Note By default, a GUI is used to install a backup gateway. DBS determines whether the current environment supports GUIs, such as Windows or Linux GNOME and KDE. If the current environment does not support GUIs, a CLI is used to install a backup gateway.

You need to install a backup gateway only once. Backup gateways can be automatically updated when new versions are released.

For more information, see Install a backup gateway by using a CLI, Install a backup gateway by using a GUI, or Install a backup gateway in unattended installation mode.

Install a backup gateway by using a CLI

Log on to the DBS console.
In the left-side navigation pane, click Backup Gateways and select a region in the upper-left corner of the page.

Note Select a region nearest to your databases. For example, if your databases reside in Hangzhou, we recommend that you install a backup gateway in the China (Hangzhou) region.
Click Install Backup Gateway in the upper-right corner of the page.
Set the Backup Gateway Network Type parameter and copy the command that is used to install backup gateways. Run the command on your database server.
Note
- Public Network: You can access DBS by using a public IP address.
- ECS Private Network / VPC: You can access DBS by using a leased line from Alibaba Cloud.
1. Run the command on the Linux CLI.
  
  The system downloads and runs the installation package.
2. Select an installation language. Enter 1 to select English.
3. Enter 1 to read the backup gateway agreement.
4. Enter 1 to accept the backup gateway agreement.
5. Select your installation component. By default, a backup gateway (Agent) is installed. Enter Y to confirm the installation.
  
  Note In this example, a backup gateway is installed. If you want to install a database gateway (DG), enter N in this step. After the system switches to the installation of a database gateway, enter Y.
  The database gateway is used to connect to a bastion host. For more information, see the Table 1 section.
6. Confirm the installation directory and enter 1.
7. Confirm the region in which you want to install the backup gateway and press the ENTER key.
  
  Note Confirm again that the Agent Region parameter specifies the region nearest to your databases. If you want to change the region, enter the number corresponding to the region that you want to select.
8. Enter the AccessKey ID and AccessKey secret.
  
  Note If the AccessKey pair information is invalid, the installation fails.
9. Enter the database gateway information.
  Note
  
  If you use a network topology that does not contain a bastion host, press the ENTER key to skip this step.
  
  If you use a network topology that contains a bastion host, you must enter the internal IP address and port number of the bastion host. The default port number is 9797. For more information, see Table 1.
10. Confirm the component that you want to install. Enter 1 to start the installation.
  Wait for the installation to complete. The installation takes about 1 to 5 minutes.
In the DBS console, click Complete Installation.
On the Backup Gateways page, click Refresh to view the added backup gateway.

You can run the following commands to manage the backup gateway in Linux:

Start a backup gateway: /usr/local/aliyun/dbs_agent/bin/aliyun-dbs-agent.sh start
Stop a backup gateway: /usr/local/aliyun/dbs_agent/bin/aliyun-dbs-agent.sh stop
Restart a backup gateway: /usr/local/aliyun/dbs_agent/bin/aliyun-dbs-agent.sh restart
Uninstall a backup gateway: java -jar Uninstaller/uninstaller.jar -c in the installation directory

Install a backup gateway by using a GUI

Log on to the DBS console.
In the left-side navigation pane, click Backup Gateways and select a region in the upper-left corner of the page.

Note Select a region nearest to your databases. For example, if your databases reside in Hangzhou, we recommend that you install a backup gateway in the China (Hangzhou) region.
Click Install Backup Gateway in the upper-right corner of the page.
Copy the command that is used to install backup gateways and run the command on the Windows CLI.

Note You can also find the latest download link in the installation command in the console and manually download the installation package.
1. Select an installation language and click Next.
2. Read and accept the terms of the agreement and click Next.
3. Select DBS Agent and click Next.
  
  Note In this example, DBS Agent is installed. You can also install the database gateway that is used to connect to a bastion host. For more information, see the Table 1 section.
4. Select an installation directory, click Next, and then click Yes.
5. Confirm the region specified by the Agent Region parameter, enter the AccessKey ID and AccessKey secret, and then click Next.
  Note
  
  Confirm again that the Agent Region parameter specifies the region nearest to your databases. If you want to change the region, select another region.
  
  The AccessKey pair information is stored in the plaintext format in the .\config\dbs-agent.conf file of the installation directory.
  
  If you use a network topology that contains a bastion host, you must enter the internal IP address and port number of the bastion host in the Database Gateway Address and Database Gateway Port fields. The default port number is 9797. For more information, see Table 1.
6. Confirm the component package that you want to install and click Next.
  The installation starts. The installation takes about 1 to 5 minutes to complete.
7. After the installation is complete, click Next.
8. Click Done.
  The backup gateway is installed.
In the Run dialog box of Windows, enter services.msc and click OK.
The service manager dialog box of the system appears.
In the service manager, check whether the AliyunDBSAgent service is started. If the service is not started, right-click AliyunDBSAgent and select Start.

Note By default, the system starts the backup gateway. You can also start and stop the AliyunDBSAgent service in the service manager.
In the DBS console, click Complete Installation.
On the Backup Gateways page, click Refresh to view the added backup gateway.

Install a backup gateway in unattended installation mode

Log on to the DBS console.
In the left-side navigation pane, click Backup Gateways and select a region in the upper-left corner of the page.

Note Select a region nearest to your databases. For example, if your databases reside in Hangzhou, we recommend that you install a backup gateway in the China (Hangzhou) region.
Click Install Backup Gateway in the upper-right corner of the page.
Copy the download URL of the AliyunDBSAgent software and manually download the software to your database server.

Run the following command in the directory in which you want to install the backup gateway on the database server:

java -Dregion=cn-hangzhou -DINSTALL_GROUP=Agent -Dakid=xxx -Daksecret=xxx -DINSTALL_PATH=/usr/local/aliyun/dbs_agent -jar aliyunDBSAgentInstaller-version.jar -options-system -language eng

Table 2. Parameters
Parameter	Description
region	The region in which you want to install the backup gateway. We recommend that you set this parameter to the region in which your databases reside. Note If you do not specify this parameter, cn-hangzhou is used.
DINSTALL_GROUP	The component that you want to install. Valid values: Agent: the backup gateway DG: the database gateway
Dakid	The AccessKey ID.
Daksecret	The AccessKey secret.
DINSTALL_PATH	The directory in which the backup gateway is installed.
aliyunDBSAgentInstaller-version.jar	The name of the installation package.

FAQ

Q: What do I do if the backup account does not have the required permissions to back up SQL Server databases?
A: When you back up SQL Server databases, you must assign the Sysadmin role to the NT AUTHORITY\SYSTEM account. You can perform this operation by executing SQL statements.
SQL statements
```
ALTER SERVER ROLE [sysadmin] ADD MEMBER [NT AUTHORITY\SYSTEM]
GO
```
Q: What do I do if a backup gateway of an earlier version is used?
A: Install a backup gateway of the latest version.