You can use Hybrid Backup Recovery (HBR) to back up on-premises VMware virtual machines (VMs) and restore VMs as needed.

(Recommended) Create an AccessKey pair for a RAM user

Resource Access Management (RAM) is an Alibaba Cloud service that allows you to manage user identities and control access to resources. RAM allows you to create and manage multiple identities associated with an Alibaba Cloud account and grant different permissions to a single identity or a group of identities. This way, you can authorize different identities to access different Alibaba Cloud resources.

An AccessKey pair is required when you activate a disaster recovery gateway. The AccessKey pair is an identity credential. If an AccessKey pair of your Alibaba Cloud account is used, all cloud resources that belong to the account are exposed to risks. Therefore, we recommend that you use an AccessKey pair of a RAM user to activate the disaster recovery gateway. Before you back up data, make sure that a RAM user is created and an AccessKey pair is created for the RAM user. For more information, see Create a RAM user and Create an AccessKey pair for a RAM user.

Step 1: Create a disaster recovery gateway

A disaster recovery gateway helps you back up and restore data. To configure a disaster recovery gateway and download the gateway to the server where the vSphere Client is deployed, perform the following steps:

  1. On the server on which the vSphere Client is deployed, log on to the HBR console.
  2. In the left-side navigation pane, choose Backup > VMware Backup & Disaster Recovery.
  3. In the top navigation bar, select a region.
  4. In the upper-right corner of the VMware Backup & Disaster Recovery page, click Create Backup & Disaster Recovery Gateway.
  5. In the Create Backup & Disaster Recovery Gateway panel, configure the parameters and click Create.
    The following table describes the parameters.
    Parameter Description
    Backup Vault The backup vault to which you want to store the backup data. Valid values:
    • Create Vault: If you select this option, specify a name for the vault in the Vault Name field. If you do not configure this parameter, a random name is specified for the backup vault.
    • Select Vault: If you select this option, select a backup vault from the Vault Name drop-down list.
    Notice After a backup vault is created, you are charged for the backup vault regardless of whether backup data is generated. For more information, see Billing methods and billable items.
    Vault Name The name of the backup vault.
    Vault Resource Group This parameter is required only if the Backup Vault parameter is set to Create Vault. This parameter specifies the resource group to which the backup vault belongs.

    You can use resource groups to manage resources owned by your Alibaba Cloud account. Resource groups simplify the resource and permission management of your Alibaba Cloud account. For more information, see Create a resource group.

    Data Redundancy Type This parameter is required only if the Backup Vault parameter is set to Create Vault. This parameter specifies the type of data redundancy for the backup vault. The data redundancy mechanism improves data reliability of the backup vault.
    • Locally redundant storage

      If LRS is enabled, HBR stores the copies of each object on multiple devices of different facilities in the same zone. This way, HBR ensures data durability and availability even if hardware failures occur.

    • Zone-redundant storage

      If ZRS is enabled, HBR uses the multi-zone mechanism to distribute data across three zones within the same region. If a zone becomes unavailable, the data can still be accessed.

    For more information, see Storage vault types.

    Gateway Name The name of the gateway. The name must be 1 to 64 characters in length.
    VMware Platform The VMware platform on which the VM is deployed. In this example, select On-premise vSphere.
    • On-premise vSphere: The VM is deployed in a VMware environment on the on-premises server.
    • Alibaba Cloud VMware Service (ACVS): The VM is deployed on Alibaba Cloud VMware Service (ACVS).
    Network Type The network type. In this example, select Internet.
    • VPC: If the VM that you want to back up resides in a virtual private cloud (VPC) and the VPC is in the same region as the backup vault, select this option.
      Note VM backup clients must be connected to VPCs by using routes. You must also make sure that you can use a VM backup client to access one of the following CIDR blocks from an on-premises VM: 100.64.0.0/10, 100.64.0.0/11, and 100.96.0.0/11.
    • Internet: If no VPCs are available, select this option.
    Use HTTPS Specifies whether to use HTTPS to transmit encrypted data that is stored in the backup vault. If you use HTTPS to transmit data, the performance of data transmission is compromised. If you modify the setting of this parameter, the modification takes effect on the next backup or restore job.
  6. In the Create Backup & Disaster Recovery Gateway panel, click Download Gateway and Download Certificate.
    Note The disaster recovery gateway is used to connect your VM to HBR, and the certificate is used to activate the disaster recovery gateway. On the Backup & Disaster Recovery Gateway tab, you can download and deploy a disaster recovery gateway at any time.

Step 2: Install the disaster recovery gateway

After you download the gateway and certificate, you need to install the gateway in your VMware environment. After the gateway is installed, you can run backup and restore jobs in the HBR console. To install the gateway, perform the following steps:

  1. Log on to the vSphere Web Client.
    • HBR supports only vCenter Server 5.5, 6.0, 6.5, 6.7, and 7.0.
    • You can use a browser to log on to the Flash-based or HTML5-based vSphere Web Client.
  2. In the left-side navigation pane, right-click the VM and select Deploy OVF Template from the shortcut menu.
    For more information, see Deploying OVF and OVA Templates.
    1. In the Deploy OVF Template dialog box, select Local file. Click Browse, select the client template that you downloaded, and then click Next.
      Note To reduce the download time, HBR provides a client package in the Open Virtual Appliance (OVA) format. You can use the client package to deploy Open Virtual Format (OVF) templates on the vSphere Web Client.
    2. Enter the name of the OVF template, select the location where you want to deploy the template, and then click Next.
    3. Select the location where you want to run the deployed template and click Next.
    4. Verify the template details and click Next.
    5. Select the format of the virtual disk, select a storage resource to which you want to store the files of the deployed template, and then click Next.
    6. Select a destination network for each source network and click Next.
    7. Configure the required deployment properties for the software solution and click Next.
      Note Enter a reachable IP address of the VPC that you want to access. If no domain name server (DNS) for mapping domain names to VPC endpoints is available on your host, enter the server IP address of Alibaba Cloud DNS PrivateZone, for example, 100.100.2.136 or 100.100.2.138.
    8. Verify the configurations and click Finish.
  3. View the progress of each deployment task in the Recent Tasks section.
  4. After the deployment tasks are completed, start the VM on which the OVF template is deployed.
  5. Open a browser, and enter http://hostname:8011 in the address bar.
    Replace the hostname with the IP address of the VM on which the OVF template is deployed.
  6. On the Register page, configure the parameters and click Register to log on to the gateway. The following table describes the parameters.
    Parameter Description
    AccessKey ID The AccessKey ID and AccessKey secret of the RAM user that is used to access HBR. You can obtain the AccessKey ID and AccessKey secret of a RAM user from your Alibaba Cloud account for which HBR is activated. For more information, see How can I create an AccessKey pair for a RAM user?.
    AccessKey Secret
    Password The password that is used to log on to the gateway. The password must be at least six characters in length.
    Certificate File The certificate that you downloaded from the HBR console. If a VM is shut down for more than five days after you use the certificate to activate the gateway on the VM, the certificate expires. You must download a new certificate and reactivate the gateway.

FAQ

  • Why am I unable to upload an OVA template?

    You may be unable to upload an OVA template because the vCenter Server version of the vSphere Web Client is not supported, the browser is not supported by the vCenter Server, or the language of the browser is not supported. Perform the following steps to troubleshoot the error:

    • Check whether the vCenter Server version of the vSphere Web Client is supported by HBR. Only the following vCenter Server versions are supported: 5.5, 6.0, 6.5, 6.7, or 7.0.
    • If you use vCenter Server 6.0, use an earlier version of Firefox, for example, Firefox 38.0, to deploy the OVA template.
    • If a message appears to remind you of a common error when you deploy an OVA template, we recommend that you change the language of your browser to English and then deploy the OVA template again.
  • Why am I unable to add a vCenter Server instance to the HBR gateway even if the IP address, username, and password are correct?

    A vCenter Server may fail to be added if the password contains the following special characters:

    ` ^ ~ = ; ! / ( [ ] { } @ $ \ & # % +
    Note We recommend that you create a vCenter Server account that is dedicated for backup. We recommend that you use periods (.) instead of other special characters in the password of the account.

What to do next

Back up VMware VM images