To perform physical backups and restores for a self-managed database or enable automatic download of backup sets to the database server, you must install a backup gateway on the database server. Then, Database Backup (DBS) connects to the database server by using the backup gateway. This way, you can back up, restore, and download data.

Prerequisites

  • A Java environment is installed on a database server.
    • For a Linux server, Java Runtime Environment (JRE) 1.8 is installed. You can download the installation package from Java SE Development Kit 8 Downloads and install it.
    • For a Windows server, Java SE Development Kit (JDK) 8u261 is installed. You can download the installation package from Java SE 8 Archive Downloads and install it.
    Note
    • You must install JDK 8u261 on a Windows server. If you install JDK of other versions, the backup precheck fails.
    • You can run the java -version command on the CLI to check the current Java version.
  • Before you begin, make sure that the following operations are complete:
    • An AccessKey pair is created, and the AccessKey ID and AccessKey secret are obtained. The AccessKey pair is used for identity verification when you register with or log on to the DBS console from your backup gateway. For more information, see Create an AccessKey pair.
    • The AliyunDBSFullAccess and AliyunOSSFullAccess permissions are obtained if you want to add a backup gateway as a RAM user. For more information, see Grant permissions to the RAM user.
      Note
      • By default, the preceding permissions are granted to your Alibaba Cloud account when you activate DBS.
      • After a backup gateway is added, the backup gateway is available in the DBS console to all RAM users that belong to your Alibaba Cloud account.
  • The database server on which you want to install the backup gateway has more than 1 GB of disk space and the following permissions:
    • Linux: root permissions
    • Windows: administrator permissions
  • If you want to back up SQL Server databases, you must assign the Sysadmin role to the NT AUTHORITY\SYSTEM account. You can perform this operation by executing the following SQL statements:
    ALTER SERVER ROLE [sysadmin] ADD MEMBER [NT AUTHORITY\SYSTEM]
GO
    Note By default, the NT AUTHORITY\SYSTEM account is used to start AliyunDBSAgent.

Usage notes

  • If a backup gateway was installed before, we recommend that you uninstall the backup gateway, delete the dbs_agent folder that stores backups, and clear the environment. For more information about how to uninstall the backup gateway and delete the folder, see Step 1 in the Update a backup gateway section of this topic.
  • Backup gateways of some earlier versions have the Apache Log4j2 remote code execution (RCE) vulnerability. For more information, see Alibaba Cloud Statement on the Impact Assessment of Apache Log4j2 RCE Vulnerability (CVE-2021-44228). If you use a backup gateway whose version is earlier than V0.0.129, we recommend that you update the backup gateway to the latest version, and reconnect to the backup gateway for your physical backup schedule. For more information about how to update a backup gateway, see the Update a backup gateway section of this topic.

Features

Purposes

A backup gateway is a backup client that is installed on a database server. The backup gateway can be used to back up databases from the database server to DBS.

Note No backup gateway is required for logical backups.
Purpose Concept Description
Physical backup Physical backup is the database file-level backup. The database files in the operating system are backed up. The backup gateway starts a process on the database server to receive the tasks that you run in the DBS console to perform related operations and configure backup schedules. The backup gateway also performs operations to back up and restore data in databases.
Private network backup For databases in private network environments, such as private network databases deployed in your data center or on third-party clouds, DBS cannot directly access or back up these databases. The backup gateway can access the DBS server and Object Storage Service (OSS) to allow DBS to access databases in private network environments.
Automatic download DBS provides automatic download of backup sets to your database server. To further protect the databases that are stored on the cloud, the backup gateway downloads backup sets from the cloud to your database server on a regular basis.

Scenario configurations

DBS provides the backup gateway component to connect to a database server and the database gateway component to connect to a bastion host.

Table 1. Scenario configurations
Scenario Description
A network topology that does not contain a bastion host is used. You need to only install a backup gateway on a database server.
A network topology that contains a bastion host is used.

A database server on an internal network must use a bastion host proxy to connect to the Internet.

The backup gateway on the database server can communicate with the Internet by using the database gateway that is installed on a bastion host. For more information, see Add a backup gateway of the bastion host architecture.

Installation method

Backup gateways automatically determine an installation method, such as installation by using a GUI or a CLI, based on your system environment. You can also install a backup gateway in unattended installation mode. For more information, see the Install a backup gateway by using a CLI, Install a backup gateway by using a GUI, or Install a backup gateway in unattended installation mode section of this topic.
Note By default, a GUI is used to install a backup gateway. DBS determines whether the current environment supports GUIs, such as Windows or Linux GNOME and KDE. If the current environment does not support GUIs, a CLI is used to install a backup gateway.

Install a backup gateway by using a CLI

  1. Log on to the DBS console.
  2. In the left-side navigation pane, click Backup Gateways and select a region in the upper-left corner of the page.
    Select a region to install a backup gateway
    Note Select a region nearest to your databases. For example, if your databases reside in Hangzhou, we recommend that you install a backup gateway in the China (Hangzhou) region.
  3. Click Install Backup Gateway in the upper-right corner of the page.
    Install Backup Gateway
  4. Configure the Backup Gateway Network Type parameter and copy the command that is used to install backup gateways. Run the command on your database server.
    Note
    • Public Network: You can access DBS by using a public IP address.
    • ECS Private Network / VPC: You can access DBS by using an Express Connect circuit from Alibaba Cloud.
    Copy the installation command of backup gateways for Linux
    1. Run the command on the Linux CLI.
      Run the command on the Linux CLI
      The system downloads and runs the installation package.
    2. Select an installation language. Enter 0 to select English.
      Select an installation language on the Linux CLI
    3. Enter 1 to read the backup gateway agreement.
      Read the agreement
    4. Enter 1 to accept the backup gateway agreement.
      Accept the agreement
    5. Select your installation component. By default, a backup gateway (Agent) is installed. Enter Y to confirm the installation.
      Confirm the installation
      Note In this example, a backup gateway is installed. If you want to install a database gateway (DG), enter N in this step. After the system switches to the installation of a database gateway, enter Y.

      The database gateway is used to connect to a bastion host. For more information, see the Scenario configurations section of this topic.

    6. Confirm the installation directory and enter 0.
      The destination directory is created in /usr/local/aliyun/dbs_agent.
    7. Confirm the region in which you want to install the backup gateway and press the ENTER key.
      Note Confirm again that the Agent Region parameter specifies the region nearest to your databases. If you want to change the region, enter the number corresponding to the region that you want to select.
    8. Enter the AccessKey ID and AccessKey secret.
      Enter the AccessKey pair
      Note If the AccessKey pair is invalid, the installation fails.
    9. Enter the database gateway information.
      Note
      • If you use a network topology that does not contain a bastion host, press the ENTER key to skip this step.
      • If you use a network topology that contains a bastion host, you must enter the internal IP address and port number of the bastion host. The default port number is 9797. For more information, see the Scenario configurations section.
    10. Confirm the component that you want to install. Enter 1 to start the installation.
      Wait for the installation to complete. The installation takes about 1 to 5 minutes.
  5. In the DBS console, click Complete Installation.
    On the Backup Gateways page, click Refresh to view the added backup gateway.

You can run the following commands to manage the backup gateway in Linux:

  • Start a backup gateway: /usr/local/aliyun/dbs_agent/bin/aliyun-dbs-agent.sh start
  • Stop a backup gateway: /usr/local/aliyun/dbs_agent/bin/aliyun-dbs-agent.sh stop
  • Restart a backup gateway: /usr/local/aliyun/dbs_agent/bin/aliyun-dbs-agent.sh restart
  • Uninstall a backup gateway: java -jar Uninstaller/uninstaller.jar -c in the installation directory

Install a backup gateway by using a GUI

  1. Log on to the DBS console.
  2. In the left-side navigation pane, click Backup Gateways and select a region in the upper-left corner of the page.
    Select a region to install a backup gateway
    Note Select a region nearest to your databases. For example, if your databases reside in Hangzhou, we recommend that you install a backup gateway in the China (Hangzhou) region.
  3. Click Install Backup Gateway in the upper-right corner of the page.
    Install Backup Gateway
  4. Copy the command that is used to install backup gateways and run the command on the Windows CLI.
    Run the installation command
    Note You can also find the latest download link in the installation command in the console and manually download the installation package.
    1. Select an installation language and click Next.
    2. Read and accept the terms of the agreement and click Next.
    3. Select DBS Agent and click Next.
      Note In this example, DBS Agent is installed. You can also install the database gateway that is used to connect to a bastion host. For more information, see the Scenario configurations section.
    4. Select an installation directory, click Next, and then click Yes.
    5. Confirm the region specified by the Agent Region parameter, enter the AccessKey ID and AccessKey secret, and then click Next.
      Note
      • Confirm again that the Agent Region parameter specifies the region nearest to your databases. If you want to change the region, select another region.
      • The AccessKey pair is stored in the plaintext format in the .\config\dbs-agent.conf file of the installation directory.

      • If you use a network topology that contains a bastion host, you must enter the internal IP address and port number of the bastion host in the Database Gateway Address and Database Gateway Port fields. The default port number is 9797. For more information, see the Scenario configurations section.

    6. Confirm the component package that you want to install and click Next.
      The installation starts. The installation takes about 1 to 5 minutes to complete.
    7. After the installation is complete, click Next.
    8. Click Done.
      The backup gateway is installed.
  5. In the Run dialog box of Windows, enter services.msc and click OK.
    The service manager dialog box of the system appears.
  6. In the service manager, check whether the AliyunDBSAgent service is started. If the service is not started, right-click AliyunDBSAgent and select Start.
    Note By default, the system starts the backup gateway. You can also start and stop the AliyunDBSAgent service in the service manager.
  7. In the DBS console, click Complete Installation.
    On the Backup Gateways page, click Refresh to view the added backup gateway.

Install a backup gateway in unattended installation mode

  1. Log on to the DBS console.
  2. In the left-side navigation pane, click Backup Gateways and select a region in the upper-left corner of the page.
    Note Select a region nearest to your databases. For example, if your databases reside in Hangzhou, we recommend that you install a backup gateway in the China (Hangzhou) region.
  3. Click Install Backup Gateway in the upper-right corner of the page.
  4. Copy the download URL of the AliyunDBSAgent software and manually download the software to your database server.
    Copy the download URL
  5. Run the following command in the directory in which you want to install the backup gateway on the database server: 
    java -Dregion=cn-hangzhou -DINSTALL_GROUP=Agent -Dakid=xxx -Daksecret=xxx -DINSTALL_PATH=/usr/local/aliyun/dbs_agent -jar aliyunDBSAgentInstaller-version.jar -options-system -language eng
    Table 2. Parameters
    Parameter Description
    region The region in which you want to install the backup gateway. We recommend that you set this parameter to the region in which your databases reside.
    Note If you do not specify this parameter, cn-hangzhou is used.
    DINSTALL_GROUP The component that you want to install. Valid values:
    • Agent: backup gateway
    • DG: database gateway
    Dakid The AccessKey ID.
    Daksecret The AccessKey secret.
    DINSTALL_PATH The directory in which the backup gateway is installed.
    aliyunDBSAgentInstaller-version.jar The name of the installation package.

Update a backup gateway

  1. Uninstall the backup gateway, delete the dbs_agent folder that stores backups, and clear the environment.
    You can use the following methods to uninstall a backup gateway and delete the dbs_agent folder:
    • Linux
      1. Log on to the Linux operating system. Run the cd /usr/local/aliyun/dbs_agent command to go to the default installation directory of the backup gateway.
      2. Run the java -jar Uninstaller/uninstaller.jar -c command in the installation directory. The following figure shows that the backup gateway is uninstalled. 1
      3. Run the cd /usr/local/aliyun command to go to the parent directory.
      4. Run the sudo rm -rf dbs_agent command in the parent directory to delete the dbs_agent folder.
      Note The default installation directory is /usr/local/aliyun/dbs_agent.
    • Windows
      1. Uninstall AliyunDBSAgent from your database server.
      2. Manually delete the dbs_agent folder.
      Note The default installation directory is C:\Program Files\aliyun\dbs_agent.
  2. After the backup gateway is uninstalled, reinstall the backup gateway. For more information, see the Installation method section of this topic.

FAQ

  • Q: What do I do if the backup account does not have the required permissions to back up SQL Server databases?

    A: When you back up SQL Server databases, you must assign the Sysadmin role to the NT AUTHORITY\SYSTEM account. You can perform this operation by executing the following SQL statements: 

    ALTER SERVER ROLE [sysadmin] ADD MEMBER [NT AUTHORITY\SYSTEM]
GO
  • Q: Does the name of a backup gateway change after I update or reinstall the backup gateway?

    A: If your hardware environment does not change, including the CPU model and MAC address, the name of the backup gateway does not change.

  • Q: What do I do if the Apache Log4j2 RCE vulnerability exists on a backup gateway?

    A: Backup gateways of some earlier versions have the Apache Log4j2 RCE vulnerability. For more information, see Alibaba Cloud Statement on the Impact Assessment of Apache Log4j2 RCE Vulnerability (CVE-2021-44228). If you use a backup gateway whose version is earlier than V0.0.129, we recommend that you update the backup gateway to the latest version, and reconnect to the backup gateway for your physical backup schedule. For more information about how to update a backup gateway, see the Update a backup gateway section of this topic.