All Products
Search

This Product

    Database Backup:Install a backup gateway

    Document Center

    Database Backup:Install a backup gateway

    Last Updated:Dec 28, 2023

    A Database Backup (DBS) backup gateway is a client program that is installed on a database server. You can use a DBS backup gateway to migrate on-premises databases to DBS as a backup, create physical backup or restore tasks, and enable automatic download of backup sets to on-premises servers. This topic describes how to install a DBS backup gateway.

    Scenarios

    Scenario

    Description

    Feature

    Physical backup

    Physical backup is the database file-level backup. The database files in the operating system are backed up.

    The backup gateway starts a process on the database server to receive the tasks that you run in the DBS console to perform related operations and configure backup schedules. The backup gateway also performs operations to back up and restore data in databases.

    Private network backup

    If your database is a private network-type database, such as a database that is deployed on an on-premises data center or in a private network provided by a third-party cloud vendor, DBS cannot directly access or back up the database.

    In this scenario, you can use a backup gateway as the middleware to access DBS and Object Storage Service (OSS) on the cloud.

    Automatic download of backup sets

    DBS supports automatic download of backup sets to on-premises servers.

    If you install a backup gateway, the backup gateway accesses the cloud storage on a regular basis and automatically downloads the backup sets to your on-premises server to ensure data security and reliability.

    Note

    • The procedure that is described in this topic is suitable only for scenarios in which a network topology that does not contain a bastion host is used. In such scenarios, you need to only install a DBS backup gateway on your database server.

    • For scenarios in which a network topology that contains a bastion host is used, you must install a bastion host proxy to access the Internet because the database server resides in a private network. The backup gateway can communicate with the Internet only by using the proxy gateway of the bastion host. Therefore, you must install a backup gateway of the bastion host architecture. For more information, see Add a backup gateway of the bastion host architecture.

    Prerequisites

    • The physical backup method is specified when you configure a DBS backup schedule. Logical backup does not require a backup gateway.

    • The Java environment is installed on the database server. The following requirements must be met:

      • If the database server runs Linux, make sure that Java Runtime Environment (JRE) 1.8 is installed on the database server. You can visit the official website to download and install JRE 1.8.

      • If the database server runs Windows, make sure that Java SE Development Kit (JDK) 8u261 is installed on the database server. You can visit the official website to download and install JDK 8u261. Other versions may fail the backup precheck.

      Note

      You can run the java -version command in the CLI to check whether the current version of Java is supported.

    • The following operations are complete:

      • An AccessKey pair is created, and the AccessKey ID and AccessKey secret are obtained. The AccessKey pair is used for identity authentication when you register with or log on to the DBS console from your backup gateway. For more information, see Obtain an AccessKey pair.

      • The AliyunDBSFullAccess and AliyunOSSFullAccess permissions are granted to a Resource Access Management (RAM) user if you want to add a backup gateway as the RAM user. For more information, see Grant permissions to a RAM user.

        Note

        • By default, the preceding permissions are granted to your Alibaba Cloud account when you activate DBS.

        • After a backup gateway is installed, the backup gateway is available in the DBS console to all RAM users that belong to your Alibaba Cloud account.

    • More than 1 GB of disk space is available in the directory in which the database server is installed, and you have the following permissions on the database server:

      • The root permissions if the database server runs Linux

      • The administrator permissions if the database server runs Windows

    • The Sysadmin role is assigned to the NT AUTHORITY\SYSTEM account if you want to back up an SQL Server database. You can execute the following SQL statements to assign the Sysadmin role to the NT AUTHORITY\SYSTEM account:

      ALTER SERVER ROLE [sysadmin] ADD MEMBER [NT AUTHORITY\SYSTEM]
GO
      Note

      By default, the NT AUTHORITY\SYSTEM account is used to start AliyunDBSAgent.

    Usage notes

    • If you installed a backup gateway before and want to install a new backup gateway, we recommend that you uninstall the previous backup gateway, delete the dbs_agent backup folder, and clear the environment settings before you install the new backup gateway. For more information, see the Update a backup gateway section of this topic.

    • Backup gateways of some earlier versions have the Apache Log4j2 remote code execution (RCE) vulnerability.For more information, see Alibaba Cloud Statement on the Impact Assessment of Apache Log4j2 RCE Vulnerability (CVE-2021-44228). We recommend that you update a backup gateway whose version is 0.0.129 or earlier to the latest version at the earliest opportunity and reconnect to the backup gateway for your physical backup schedule. For more information, see the Update a backup gateway section of this topic.

    Installation methods

    DBS automatically determines an installation method for backup gateways, such as installation by using a GUI or a CLI, based on your system environment. You can also install a backup gateway in unattended mode.

    Note

    DBS checks whether the current environment has a GUI. By default, a GUI such as Windows, GNOME-Based Linux, and KDE is used to install a backup gateway. If the current environment does not have a GUI, a CLI is used to install a backup gateway.

    Install a backup gateway by using a GUI

    1. Log on to the Database Backup (DBS) console.

    2. In the left-side navigation pane, click Backup Gateways. In the top navigation bar, select a region.

      Select a region to install a backup gateway

      Note

      We recommend that you select a region that is nearest to your database. For example, if your database resides in the China (Hangzhou) region, we recommend that you install the backup gateway in the China (Hangzhou) region.

    3. Click Install Backup Gateway in the upper-right corner of the page.

    4. Copy the command that is used to install backup gateways and run the command on the Windows CLI.

      Run the installation command

      Note

      You can also find the latest download link in the installation command in the DBS console and manually download the installation package.

      1. Select an installation language and click Next.

      2. Read and accept the terms of the agreement and click Next.

      3. Select DBS Backup Gateway and click Next.

        Note

        In this example, a DBS backup gateway is installed to access on-premises data. To access the data on a bastion host, see Add a backup gateway of the bastion host architecture.

      4. Select an installation directory, click Next, and then click Yes.

      5. Confirm the region that is specified by the Agent Region parameter, enter the AccessKey ID and AccessKey secret, and then click Next.

        Note

        • Check whether the Agent Region parameter specifies the region that is nearest to your database. If you want to change the region, select another region.

        • The AccessKey pair is stored in plaintext in the .\config\dbs-agent.conf file of the installation directory.

        • If you use a network topology that contains a bastion host, you must enter the private IP address and port number of the bastion host in the Database Gateway Address and Database Gateway Port fields. The default port number is 9797. For more information, see Add a backup gateway of the bastion host architecture.

      6. Confirm the component package that you want to install and click Next.

        The installation starts. The installation requires approximately one to five minutes to complete.

      7. After the installation is complete, click Next.

      8. Click Done. The backup gateway is installed.

    5. In the Run dialog box of Windows, enter services.msc and click OK. The service manager dialog box of the system appears.

    6. In the service manager, check whether the AliyunDBSAgent service is started. If the service is not started, right-click AliyunDBSAgent and select Start.

      Note

      The system starts the backup gateway by default. You can also start and stop the AliyunDBSAgent service in the service manager.

    7. In the DBS console, click Complete Installation.

      On the Backup Gateways page, click Refresh to view the installed backup gateway.

      image.png

    Install a backup gateway by using a CLI

    1. Log on to the Database Backup (DBS) console.

    2. In the left-side navigation pane, click Backup Gateways. In the top navigation bar, select a region.

      Select a region to install a backup gateway

      Note

      We recommend that you select a region that is nearest to your database. For example, if your database resides in the China (Hangzhou) region, we recommend that you install the backup gateway in the China (Hangzhou) region.

    3. Click Install Backup Gateway in the upper-right corner of the page.

    4. Configure the Backup Gateway Network Type parameter and copy the command that is used to install backup gateways. Run the command on your database server.

      Note

      • Public Network: You can access DBS by using a public IP address.

      • ECS Private Network/VPC: You can access DBS by using an Express Connect circuit.

      1. Run the installation command in the Linux CLI. The system downloads and runs the installation package. Example:

        [root@iZbp****** ~]# wget -O aliyunDBSAgentInstaller.jar https://aliyun-dbs.oss-cn-hangzhou-internal.aliyuncs.com/installer/0.0.141/aliyunDBSAgentInstaller-0.0.141.jar && sudo java -Dregion=cn-hangzhou -jar aliyunDBSAgentInstaller.jar
--2023-08-25 15:44:35--  https://aliyun-dbs.oss-cn-hangzhou-internal.aliyuncs.com/installer/0.0.141/aliyunDBSAgentInstaller-0.0.141.jar
Resolving aliyun-dbs.oss-cn-hangzhou-internal.aliyuncs.com (aliyun-dbs.oss-cn-hangzhou-internal.aliyuncs.com)... 100.XXX.XX.XX, 100.XXX.XX.XX, 100.XXX.XX.XX, ...
Connecting to aliyun-dbs.oss-cn-hangzhou-internal.aliyuncs.com (aliyun-dbs.oss-cn-hangzhou-internal.aliyuncs.com)|100.XXX.XX.XX|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 247955671 (236M) [application/x-java-archive]
Saving to: 'aliyunDBSAgentInstaller.jar'

100%[=====================================================================================================================================================================>] 247,955,671 17.4MB/s   in 13s    

2023-08-25 15:44:49 (17.6 MB/s) - 'aliyunDBSAgentInstaller.jar' saved [247955671/247955671]

      2. Select an installation language. Enter 0 to select Chinese. Enter 1 to select English. 

        Select your language
0  [x] chn
1  [ ] eng
Input selection: 
0

      3. Enter 1 and read the backup gateway protocol. 

        Press 1 to continue, 2 to quit, 3 to redisplay
1

      4. Enter 1 to agree to the gateway protocol. 

        Press 1 to accept, 2 to reject, 3 to redisplay
1

      5. Select the component that you want to install. If you enter Y, the component is a backup gateway. If you enter N, the component is a proxy gateway. In this example, Y is entered, which indicates that a backup gateway is installed. 

        ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Component selection
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

-----
Agent
-----
Enter Y for Yes, N for No: 
Y
DG Not Selected
Done!
        Note

        In this example, a DBS backup gateway is installed to access on-premises data. If you want to access the data on a bastion host, enter N in this step. After the system switches to the installation of a database gateway, enter Y. For more information, see Add a backup gateway of the bastion host architecture.

      6. Enter 1 to continue the installation. 

        Press 1 to continue, 2 to quit, 3 to redisplay
1

      7. Select an installation path. If you press the Enter key, the default path /usr/local/aliyun/dbs_agent is used. If you do not want to use the default path as the installation path, enter the path in which you want to install the backup gateway. In this example, the default path is used.

      8. Confirm the installation path. Enter O to confirm the installation or C to cancel the installation. 

        The directory is to be created in:
/usr/local/aliyun/dbs_agent
--------------------------------------
Enter O for OK, C to Cancel: 
O

      9. Confirm the region in which you want to install the backup gateway and press the ENTER key.

        Note

        Make sure that the region of the backup gateway is the region where the database resides. To change the region, enter the number of the destination region as prompted.

      10. Enter the Alibaba Cloud AccessKey pair. If you enter an invalid AccessKey pair, the installation will fail. 

        Alibaba Cloud AccessKey pair (Make sure that the account has been granted the AliyunDBSFullAccess and AliyunOSSFullAccess permissions.)
AccessKey ID: [] 
LTAI5t*****************
Access Key Secret: [] 
YaVXD8*************************

      11. Optional. Enter the information about the proxy gateway. This step is required in scenarios in which a network topology that contains a bastion host is used. In scenarios in which a network topology that does not contain a bastion host is used., press the Enter key to skip this step. 

        Proxy gateway information (Optional. The information is required in scenarios in which a network topology that contains a bastion host is used.)
Proxy gateway IP address: [] 

Proxy gateway port number: [9797]
        Note

        If you use a network topology that contains a bastion host, enter the private IP address and port number of the bastion host. The default port number is 9797. For more information, see Add a backup gateway of the bastion host architecture.

      12. Enter 1 to confirm the component that you want to install, and then enter 1 to continue the installation.

        The installation takes about one to five minutes to complete. 

        Press 1 to continue, 2 to quit, 3 to redisplay
1

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Select Install Components
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Select the package that you want to install:

  [x] Pack 'DBS backup gateway base file' required
Done!

Press 1 to continue, 2 to quit, 3 to redisplay
1

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Installing
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

====================
Installation started

Platform: linux,version=3.10.0-1160.XX.X.el7.x86_64,arch=x64,symbolicName=null,javaVersion=1.8.0_372
[ Starting to unpack ]
[ Processing package: DBS backup gateway base file (1/1) ]
Cleaning up the target folder ...
[ Unpacking finished ]
Installation finished

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Installed
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Installation was successful
Application installed on /usr/local/aliyun/dbs_agent
[ Writing the uninstaller data ... ]
[ Console installation done ]

    5. Return to the Install Backup Gateway page and click Complete Installation in the lower-right corner of the page.

      image.png

    6. On the Backup Gateways page, click Refresh to view the installed backup gateway.

      image.png

    7. Optional. Run the following commands in the Linux CLI to manage the backup gateway:

      • Start the backup gateway: Run /usr/local/aliyun/dbs_agent/bin/aliyun-dbs-agent.sh start.

      • Stop the backup gateway: Run /usr/local/aliyun/dbs_agent/bin/aliyun-dbs-agent.sh stop.

      • Restart the backup gateway: Run /usr/local/aliyun/dbs_agent/bin/aliyun-dbs-agent.sh restart.

      • Uninstall the backup gateway: Run java -jar Uninstaller/uninstaller.jar -c in the installation directory.

    Install a backup gateway in unattended mode

    1. Log on to the Database Backup (DBS) console.

    2. In the left-side navigation pane, click Backup Gateways. In the top navigation bar, select a region.

      Note

      We recommend that you select a region that is nearest to your database. For example, if your database resides in the China (Hangzhou) region, we recommend that you install the backup gateway in the China (Hangzhou) region.

    3. Click Install Backup Gateway in the upper-right corner of the page.

    4. Copy the download URL of the installation package and manually download the package to your database server.

      image.png

    5. Run the following command to install the DBS backup gateway in the specified path: 

      java -Dregion=<The region in which you want to install the backup gateway> -DINSTALL_GROUP=<Backup component> -Dakid=<AccessKey ID> -Daksecret=<AccessKey secret> -DINSTALL_PATH=/usr/local/aliyun/dbs_agent -jar aliyunDBSAgentInstaller.jar -options-system -language eng

      Parameter

      Description

      Dregion

      The region in which you want to install the backup gateway. We recommend that you set this parameter to the region in which your database resides.

      Note

      If you do not configure this parameter, the default value is cn-hangzhou.

      DINSTALL_GROUP

      The component that you want to install. Valid values:

      • Agent: the DBS backup gateway that is used to connect to on-premises databases.

      • DG: the database gateway that is used to connect to bastion hosts.

      Dakid

      The AccessKey ID.

      Daksecret

      The AccessKey secret.

      DINSTALL_PATH

      The path in which the DBS backup gateway is installed.

      aliyunDBSAgentInstaller.jar

      The name of the installation package.

    Update a backup gateway

    1. Uninstall the backup gateway, delete the dbs_agent backup folder, and then clear the environment settings. Procedures:

      Linux

      1. Log on to the Linux operating system. Run the cd /usr/local/aliyun/dbs_agent command to go to the default installation directory of the backup gateway.

      2. Run the java -jar Uninstaller/uninstaller.jar -c command in the installation directory. If the command output is similar to the following figure, the backup gateway is uninstalled.swss

      3. Run the cd /usr/local/aliyun command to go to the parent directory.

      4. Run the sudo rm -rf dbs_agent command in the parent directory to delete the dbs_agent backup folder.

      Windows

      1. Uninstall AliyunDBSAgent from Programs and Features.

      2. Manually delete the dbs_agent folder.

        Note

        The default installation directory of the backup gateway is C:\Program Files\aliyun\dbs_agent.

    2. After the backup gateway is uninstalled, reinstall the backup gateway. For more information, see the Installation methods section of this topic.

    FAQ

    • What do I do if the backup account does not have the required permissions to back up SQL Server databases?

      Solution: When you back up SQL Server databases, you must assign the Sysadmin role to the NT AUTHORITY\SYSTEM account. You can execute the following SQL statementsto assign the Sysadmin role to the NT AUTHORITY\SYSTEM account:

      ALTER SERVER ROLE [sysadmin] ADD MEMBER [NT AUTHORITY\SYSTEM]
GO

    • Does the name of a backup gateway change after I update or reinstall the backup gateway?

      If your hardware environment information, including the CPU model and MAC address, remains unchanged, the name of the backup gateway remains unchanged.

    • What do I do if the Apache Log4j2 RCE vulnerability exists in my backup gateway?

      Solution: Backup gateways of some earlier versions have the Apache Log4j2 RCE vulnerability.For more information, see Alibaba Cloud Statement on the Impact Assessment of Apache Log4j2 RCE Vulnerability (CVE-2021-44228). If you use a backup gateway whose version is earlier than 0.0.129, we recommend that you update the backup gateway to the latest version and reconnect to the backup gateway for your physical backup schedule. For more information, see the Update a backup gateway section of this topic.

    • What do I do if an installed backup gateway does not appear on the Backup Gateways page of the DBS console?

      • If your backup gateway is not started, this issue may occur. We recommend that you repeat Step 5 to Step 6 in the Install a backup gateway by using a GUI section to start the installed backup gateway.

      • If the region of the server backup gateway is different from the region that you specified for the backup gateway in the DBS console, this issue may occur. Make sure that the two regions are the same.

      • If your agent logs contain errors, such as invalid AccessKey pair, this issue may occur. Troubleshoot the issue based on the logs. For example, the AccessKey pair information is incorrect.

      • If the Backup Gateways page is not refreshed, this issue may occur. On the Backup Gateways page, click Refresh to view the installed backup gateway.

    • What do I do if an installed backup gateway is in the offline state in the DBS console?

      • If your backup gateway is not started, this issue may occur. We recommend that you repeat Step 5 to Step 6 in the Install a backup gateway by using a GUI section of this topic to start the installed backup gateway.

      • If the region of the server backup gateway is different from the region that you specified for the backup gateway in the DBS console, this issue may occur. Make sure that the two regions are the same.

      • If the network connectivity is not established or a routing error occurs, this issue may occur. Check your network or routing settings.

      • If the version of the JRE or JDK that is installed on your server is not supported, this issue may occur. You must install JRE 1.8 or JDK 8u261. For more information, see the Prerequisites section of this topic.