To perform physical backups and restores for a self-managed database or enable automatic download of backup sets to the database server, you must install a backup gateway on the database server. Then, Database Backup (DBS) connects to the database server by using the backup gateway. This way, you can back up, restore, and download data.
Prerequisites
- A Java environment is installed on a database server.
- For a Linux server, Java Runtime Environment (JRE) 1.8 is installed. You can download the installation package from Java SE Development Kit 8 Downloads and install it.
- For a Windows server, Java SE Development Kit (JDK) 8u261 is installed. You can download the installation package from Java SE 8 Archive Downloads and install it.
Note- You must install JDK 8u261 on a Windows server. If you install JDK of other versions, the backup precheck fails.
- You can run the
java -version
command on the CLI to check the current Java version.
- Before you begin, make sure that the following operations are complete:
- An AccessKey pair is created, and the AccessKey ID and AccessKey secret are obtained. The AccessKey pair is used for identity verification when you register with or log on to the DBS console from your backup gateway. For more information, see Create an AccessKey pair.
- The AliyunDBSFullAccess and AliyunOSSFullAccess permissions are obtained if you want
to add a backup gateway as a RAM user. For more information, see Grant permissions to the RAM user.
Note
- By default, the preceding permissions are granted to your Alibaba Cloud account when you activate DBS.
- After a backup gateway is added, the backup gateway is available in the DBS console to all RAM users that belong to your Alibaba Cloud account.
- The database server on which you want to install the backup gateway has more than
1 GB of disk space and the following permissions:
- Linux: root permissions
- Windows: administrator permissions
- If you want to back up SQL Server databases, you must assign the Sysadmin role to
the NT AUTHORITY\SYSTEM account. You can perform this operation by executing the following
SQL statements:
ALTER SERVER ROLE [sysadmin] ADD MEMBER [NT AUTHORITY\SYSTEM] GO
Note By default, the NT AUTHORITY\SYSTEM account is used to start AliyunDBSAgent.
Usage notes
- If a backup gateway was installed before, we recommend that you uninstall the backup gateway, delete the dbs_agent folder that stores backups, and clear the environment. For more information about how to uninstall the backup gateway and delete the folder, see Step 1 in the Update a backup gateway section of this topic.
- Backup gateways of some earlier versions have the Apache Log4j2 remote code execution (RCE) vulnerability. For more information, see Alibaba Cloud Statement on the Impact Assessment of Apache Log4j2 RCE Vulnerability (CVE-2021-44228). If you use a backup gateway whose version is earlier than V0.0.129, we recommend that you update the backup gateway to the latest version, and reconnect to the backup gateway for your physical backup schedule. For more information about how to update a backup gateway, see the Update a backup gateway section of this topic.
Features
Purposes
A backup gateway is a backup client that is installed on a database server. The backup gateway can be used to back up databases from the database server to DBS.
Purpose | Concept | Description |
---|---|---|
Physical backup | Physical backup is the database file-level backup. The database files in the operating system are backed up. | The backup gateway starts a process on the database server to receive the tasks that you run in the DBS console to perform related operations and configure backup schedules. The backup gateway also performs operations to back up and restore data in databases. |
Private network backup | For databases in private network environments, such as private network databases deployed in your data center or on third-party clouds, DBS cannot directly access or back up these databases. | The backup gateway can access the DBS server and Object Storage Service (OSS) to allow DBS to access databases in private network environments. |
Automatic download | DBS provides automatic download of backup sets to your database server. | To further protect the databases that are stored on the cloud, the backup gateway downloads backup sets from the cloud to your database server on a regular basis. |
Scenario configurations
DBS provides the backup gateway component to connect to a database server and the database gateway component to connect to a bastion host.
Scenario | Description |
---|---|
A network topology that does not contain a bastion host is used. | You need to only install a backup gateway on a database server. |
A network topology that contains a bastion host is used.
A database server on an internal network must use a bastion host proxy to connect to the Internet. |
The backup gateway on the database server can communicate with the Internet by using the database gateway that is installed on a bastion host. For more information, see Add a backup gateway of the bastion host architecture. |
Installation method
Install a backup gateway by using a CLI
You can run the following commands to manage the backup gateway in Linux:
- Start a backup gateway:
/usr/local/aliyun/dbs_agent/bin/aliyun-dbs-agent.sh start
- Stop a backup gateway:
/usr/local/aliyun/dbs_agent/bin/aliyun-dbs-agent.sh stop
- Restart a backup gateway:
/usr/local/aliyun/dbs_agent/bin/aliyun-dbs-agent.sh restart
- Uninstall a backup gateway:
java -jar Uninstaller/uninstaller.jar -c
in the installation directory
Install a backup gateway by using a GUI
Install a backup gateway in unattended installation mode
Update a backup gateway
FAQ
- Q: What do I do if the backup account does not have the required permissions to back
up SQL Server databases?
A: When you back up SQL Server databases, you must assign the Sysadmin role to the NT AUTHORITY\SYSTEM account. You can perform this operation by executing the following SQL statements:
ALTER SERVER ROLE [sysadmin] ADD MEMBER [NT AUTHORITY\SYSTEM] GO
- Q: Does the name of a backup gateway change after I update or reinstall the backup
gateway?
A: If your hardware environment does not change, including the CPU model and MAC address, the name of the backup gateway does not change.
- Q: What do I do if the Apache Log4j2 RCE vulnerability exists on a backup gateway?
A: Backup gateways of some earlier versions have the Apache Log4j2 RCE vulnerability. For more information, see Alibaba Cloud Statement on the Impact Assessment of Apache Log4j2 RCE Vulnerability (CVE-2021-44228). If you use a backup gateway whose version is earlier than V0.0.129, we recommend that you update the backup gateway to the latest version, and reconnect to the backup gateway for your physical backup schedule. For more information about how to update a backup gateway, see the Update a backup gateway section of this topic.