Preview only show first 10 pages with watermark. For full document please download

Legacy Recovery-series And Ueb 9.0 Administrators

   EMBED


Share

Transcript

Legacy Recovery-Series and UEB Administrator's Guide Release 9.0.0 Document Version 7.05192016 CONFIDENTIAL | ©2016 Unitrends | www.unitrends.com 2 Legacy Recovery-Series and UEB Administrator's Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 3 Copyright Copyright © 2016 Unitrends Incorporated. All rights reserved. Content in this publication is copyright material and may not be copied or duplicated in any form without prior written permission from Unitrends, Inc (“Unitrends”). This information is subject to change without notice and does not represent a commitment on the part of Unitrends. The software described in this publication is furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in accordance with the terms of the license agreement. See the End User License Agreement before using the software. The software described contains certain open source components that are copyrighted. For open source licenses, see the UnitrendsOpen Source Compliance section of the product Administrator’s Guide. Because of the nature of this material, numerous hardware and software products are mentioned by name. In most, if not all, cases these product names are claimed as trademarks by the companies that manufacture the products. It is not our intent to claim these names or trademarks as our own. The following applies to U.S. Government End Users: The Software and Documentation are “Commercial Items,” as that term is defined at 48 C.F.R. §2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation,” as such terms are used in 48 C.F.R. §12.212 or 48 C.F.R. §227.7202, as applicable. Consistent with 48 C.F.R. §12.212 or 48 C.F.R. §§227.7202‐1 through 227.7202‐4, as applicable, the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions herein. Unpublished‐rights reserved under the copyright laws of the United States. Adobe agrees to comply with all applicable equal opportunity laws including, if appropriate, the provisions of Executive Order 11246, as amended, Section 402 of the Vietnam Era Veterans Readjustment Assistance Act of 1974 (38 USC 4212), and Section 503 of the Rehabilitation Act of 1973, as amended, and the regulations at 41 CFR Parts 60‐1 through 60‐60, 60‐250, and 60‐741. The affirmative action clause and regulations contained in the preceding sentence shall be incorporated by reference. The following applies to all contracts and subcontracts governed by the Rights in Technical Data and Computer Software Clause of the United States Department of Defense Federal Acquisition Regulations Supplement: RESTRICTED RIGHTS LEGEND: USE, DUPLICATION OR DISCLOSURE BY THE UNITED STATES GOVERNMENT IS SUBJECT TO RESTRICTIONS AS SET FORTH IN SUBDIVISION (C)(1)(II) OF THE RIGHTS AND TECHNICAL DATA AND COMPUTER SOFTWARE CLAUSE AT DFAR 252‐227‐7013. UNITRENDS CORPORATION IS THE CONTRACTOR AND IS LOCATED AT 200 WHEELER ROAD, NORTH TOWER, 2ND FLOOR, BURLINGTON, MASSACHUSETTS 01803. Unitrends, Inc 200 Wheeler Road North Tower, 2nd Floor Burlington, MA 01803, USA Phone: 1.866.359.5411 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 4 Legacy Recovery-Series and UEB Administrator's Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 5 Contents Chapter 1: About this Guide 39 Typographical conventions 39 Terminology 39 Contacting Unitrends Support 40 Unitrends Support Site 40 Contact by telephone 40 Chapter 2: Introducing Unitrends 43 The Unitrends Administrator Interface 43 Navigation grouping 45 Visibility of grouped items 45 Grouping clients for file-level backups 45 Grouping virtual machines 45 Unitrends user privileges 46 Navigation group procedures 47 Navigation pane options 50 Main menu icons 51 Chapter 3: Getting Started 55 Before you start 55 Overview of the Recovery-Series setup process 55 Prerequisites for Recovery-Series systems 56 Prerequisites for virtual systems 57 Initial configuration of Unitrends systems 57 System setup 59 Subsystem configuration settings 60 About the welcome screen 61 About date and time configuration 61 About hostname settings 62 About configuring notifications 62 Email setup 63 Email report recipients 63 About root password configuration 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 65 Legacy Recovery-Series and UEB Administrator's Guide 6 About user configuration 66 About the installation type 67 About installing agents 68 About adding clients 69 Adding a Windows client 70 Adding a Hyper-V client 72 Adding a VMware client 74 Adding a Cisco UCS Manager client 75 Adding a NAS NDMP client 76 Adding all other clients 78 About global retention and deduplication 80 Setup complete 81 Chapter 4: Advanced Configuration Options 83 About licensing the system 83 About network configuration 84 Ethernet settings 84 DNS settings 85 Hosts settings 86 About configuring root passwords 87 Operating system root password configuration 87 Administrator interface root password configuration 87 Auto-login feature 87 About working with clients 88 About renaming clients 89 Client trust credentials 91 About system updates 92 Shutting down the Unitrends system 93 About remote system management 95 Granting privilege for remote management 96 About credential management 97 About Active Directory authentication 99 About storage configuration Legacy Recovery-Series and UEB Administrator's Guide 103 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 7 Storage types 104 Adding storage to the system 105 Adding backup storage 105 Adding archive storage 109 Adding vault storage 110 Configuring storage 110 About CHAP authentication 116 Storage allocation and distribution 117 Balancing backup performance and retention 118 About device configuration 119 About retention control 121 Legal hold example 123 About system notifications 124 About SNMP trap notifications 125 SNMP trap conditions 125 SNMP agent 127 About encryption 128 Archiving with encryption 131 Encryption limitations 131 About security levels 131 Open ports and security levels 132 About the Windows NTFS change journal 135 Change journal operation for master backup 136 Change journal operation for incremental backup 136 Configuring the change journal 137 Change journal configurable file types 138 Change journal per volume 138 Change journals and remote mounts 138 Chapter 5: Backups Overview 141 Types of data protected 141 Backup types 142 Full backup 142 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 8 Incremental backup 143 Differential backup 143 Synthetic backup 144 Selective backup 145 Bare metal backup 145 Backup groups 145 Executing backups 146 Monitoring running backup jobs 147 Viewing backups 148 Backup Information page 152 Working with the Backup Browser 154 About the Backup Browser 154 Chapter 6: File-level Backups 159 File-level backup types 159 File-level backup strategies 160 Incremental forever backup strategy 161 Full with daily differentials backup strategy 161 Grouping clients for file-level protection 162 Using selection lists 162 When to use a selection list 162 Uses for selection lists 164 Using selection lists with full, differential, and incremental backups 165 Using selection lists with the selective backup type 166 About executing file-level backups 166 Default exclusions from file-level backups 166 Maximum file pathname lengths 166 Working with the computer backup subsystem About computer selection lists 167 171 Computer selection list procedures 172 Using wildcards in Computer selection lists 174 Working with the Enterprise backup subsystem 176 Enterprise backup elements Legacy Recovery-Series and UEB Administrator's Guide 177 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 9 About calendars 177 Calendar procedures 178 About Enterprise selection lists 181 Backup groups and selection lists 181 Exclude active databases from file-level backups 182 Selective backups and include lists 182 Enterprise selection list procedures 182 Using wildcards in Enterprise selection lists 186 About backup options 187 Backup option procedures 187 About Enterprise backup schedules 192 About scheduling bare metal backups 192 Enterprise backup procedures 193 Working with client aliases 198 Note about excluding the system state for client aliases Chapter 7: Archiving Overview 200 201 Overview of the archiving process 201 About archiving 202 Backups that can be archived 202 Types of archives 202 Managing space on archive media 202 Archive sets and retention 203 How archiving uses available space on media 204 Purge 204 Overwrite 206 Purge and overwrite comparison 208 Creating space on archive media 209 Additional archiving considerations 209 Archive media types 210 Archiving to disk devices 211 Archiving to tape devices 211 Archiving to network storage devices 211 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 10 Archiving to cloud storage 212 Archive restore 212 Disaster recovery with archived data 212 Bare metal recovery from archived data 212 Disaster recovery from archived data 213 Chapter 8: Archiving to Disk 215 About archiving to disk 215 Disk archiving unit 215 eSATA or USB device 218 Additional considerations for USB devices 218 Steps for setting up archiving to disk 218 Managing disk archive media 218 Chapter 9: Archiving to Network Storage 221 Limitations of archiving to network storage 221 Steps for archiving to network storage 221 Chapter 10: Archiving to the Cloud 223 About archiving to the cloud 223 Prerequisites and considerations for archiving to the cloud 224 Managing the amount of data you archive to the cloud 225 Steps for archiving to the cloud 226 Creating a cloud storage account 227 Creating an Amazon storage account 228 Creating a Google storage account 228 Creating a Rackspace storage account 228 Adding cloud archive storage to the Unitrends appliance 229 Archiving backups to the cloud 231 Managing cloud archive storage 231 Removing cloud archive sets 232 Reducing your storage footprint on the cloud 233 Restoring from cloud archives 233 Chapter 11: Archiving to Tape 235 About archiving to tape Legacy Recovery-Series and UEB Administrator's Guide 235 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 11 Steps for archiving to tape 237 Prerequisites and considerations for archiving to tape 238 Managing tape inventory 239 Requirements and considerations for managing your tape inventory 240 Use of space on archive tapes 240 Archive tape status 241 Writing archive sets across multiple tapes 241 Examples of how the Unitrends appliance uses the available space on archive tapes 242 Successful archive job written across multiple tapes 242 Failed attempt to write an archive set across multiple tapes 242 Archive set written to as few tapes as possible 243 Email report for tape archives 243 Scheduling strategies for tape archives 244 Archive to tape setup 245 Step 1: Connecting the tape archiving device 245 Step 2: Configuring the tape archive device in the Unitrends system 246 About preparing tapes 246 Archiving backups to tape 250 Restoring from tape 250 Chapter 12: Archiving Procedures 253 General steps for archiving backups 253 Preparing archive media 254 Archive settings 255 Executing archive jobs 256 Monitoring running archive jobs 259 Stopping and starting the archive process 261 Viewing archives 261 Archive search options and results 261 Procedures for viewing archives 264 Managing archive schedules 267 Managing archive media 268 Restoring from archives 272 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 12 Chapter 13: Replication About replication About secure tunnels for Unitrends systems 277 277 278 Replication features 278 Replication requirements 279 Replication limitations 280 Replication and legacy vaulting comparison 280 Installation types and replication 282 Replication setup 283 Standard replication setup Logical device considerations Cross-replication setup 283 285 290 Logical device considerations 292 Configuring replication after the initial setup 298 Configuring connection options and process control 298 Replicating backups manually 299 Seeding the initial data set 299 Configuring backups for replication 300 Tuning bandwidth and throttling options 301 Setting replication report options 301 Suspending replication 302 Moving a source to a different replication target 302 Removing replication 302 Upgrading from legacy vaulting to replication Migration limitations Navigating replicating systems 303 303 307 From the source system 307 From the target system 307 Viewing replicated backups 309 Working with the replication dashboard 309 Completed Replication Operations pane 310 Active Replication Operations pane 312 Legacy Recovery-Series and UEB Administrator's Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 13 Pending Replication Operations pane 316 Dashboard controls 318 Archiving replicated backups 319 Restoring replicated backups 319 Bare metal recovery from a replication target 320 Integrated BMR from a replication target 320 Restoring a bare metal backup from a replication target 320 Restore a Linux or non-x86 client from the replication target 322 Deleting replicated backups 323 Replication reports 323 Chapter 14: Legacy Vaulting 325 Vaulting overview 325 Vaulting setup 326 Configuring a secure tunnel with legacy vaults 327 About secure tunnels for Unitrends legacy vaulting systems 328 Prerequisites to configuring a secure tunnel for legacy vaults 328 Granting privilege for legacy vault remote management 329 Adding the backup system to the vault 330 Tuning vaulting attributes on the backup system 331 Configuring clients for vaulting 333 Seeding the initial data set for legacy vaulting 334 Data protection vault restore 334 Working with the vaulting dashboard 334 Completed Vaulting Operations pane 335 Viewing completed vault details 335 Active Vaulting Operations pane 335 Viewing active vault details 336 Terminating a vault in progress 336 Pending Vaulting Operations pane 336 Vaulting dashboard controls 337 Vaulting reports 337 Granular restore from vault 337 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 14 Export vaulted data to an archive device Chapter 15: Restore Overview 338 341 Types of backed up data that can be restored 341 Types of restores 342 Chapter 16: Restoring File-level Backups 345 Restore types 345 Restoring from a file-level backup 346 Restore options 348 Searching for a file to restore 349 File exclusion options 350 Advanced Execution Options for restore 351 Monitoring running restore jobs Chapter 17: Reports, Alerts, and Monitoring Reports Standard system reports (system-generated) 355 357 357 357 Configuring email for reporting 357 Standard system report descriptions 358 User-generated reports 360 Generating reports 361 Report buttons 361 Customizing reports 362 Saving custom report settings 365 Other report options 366 Downloading and printing reports 366 User-generated reports descriptions 367 Alerts Report 368 Audit History Report 368 Backups Report 369 Capacity Report 371 Client Information Report 373 Data Reduction Report 374 Devices Report 375 Legacy Recovery-Series and UEB Administrator's Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 15 Failures Report 376 Last Backups Report 378 Legal Hold Backups Report 381 Policies Report 383 Replication Report (user-generated) 384 Replication Capacity Report 384 Replication History Report 386 Restores Report 388 SQL Server Report 389 Schedule History Report 390 Securesync Report 391 Storage Report 391 Vault Capacity Report 392 Vaulting Report 393 Vaulting Deduplication Report 394 Windows Virtual Restores Report 395 Alerts 397 Monitoring 397 Failures and warnings 397 System load 398 Support toolbox 398 Chapter 18: Disaster Recovery 401 Archive or replicate 401 Preparation 402 Restoring the system 403 Scenario 1: Restoring a backup system 403 Selecting storage devices during DR 404 Configuring the newly imaged system 404 System restore from the replication target 405 System restore from archive 407 Scenario 2: Recovering from a corrupt backup device 409 Scenario 3: Recovering from a corrupt RAID 409 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 16 Scenario 4: Recovering a corrupt internal drive 410 Post-recovery considerations 410 Restoring backup data to the clients 411 Chapter 19: Legacy Disaster Recovery 413 Archive or vault 413 Preparation 414 Restoring the system 415 Scenario 1: Restoring a backup system 415 Scenario 2: Recovering from a corrupt backup device 416 Scenario 3: Recovering from a corrupt RAID 417 Scenario 4: Recovering a corrupt internal drive 417 Additional requirements for restoring to a virtual system 418 Storage setup 418 Disaster recovery from vault 419 Automatic disaster recovery from vault 420 Create an automatic disaster recovery profile 420 View an automatic disaster recovery profile 420 Remove an automatic disaster recovery profile 421 Change, stop, or suspend an automatic disaster recovery profile 421 Disaster recovery from archive 421 Post-recovery considerations 422 Restoring backup data to the clients 422 Chapter 20: Windows Protection 425 Windows agent versions 425 Windows agent requirements 426 Push installing the Windows agents 426 Agent push install requirements 426 Manually installing the Windows agents 428 Agent installer for Windows XP, 2003, and up 428 To install Unitrends_Agent86.msi, Unitrends_Agent64.msi, or Unitrends_ BareMetal.msi 428 To install Unitrends BareMetal.msi on Vista or Windows Server 2012/2008 running User Account Control 429 Legacy Recovery-Series and UEB Administrator's Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 17 Agent installer for Windows 2000 client 430 Complete Installation for Windows 2000 client 431 Custom installation for Windows 2000 client 431 Command-line installer for Windows clients 431 Command-line installer parameters 431 Windows agent installer command-line examples 432 Windows protection software deployment using Group Policy Removing or repairing Windows agents 433 434 Maintenance mode for Windows XP, 2003, and up 435 Maintenance mode for Windows 2000 client 435 Updating the Windows agents 435 Push installing agent updates 435 Push install update notifications 435 Requirements for pushing agent updates 435 Manually updating Windows agents 437 About Windows protection 438 Windows selection lists 438 Exclusion lists for Windows clients 438 Inclusion lists for Windows clients 440 Inclusion and exclusion list combinations for Windows clients 441 Using selection lists with WIR and integrated BMR 442 Volume Shadow Copy Service on Windows Server 442 Backing up a Windows server 443 Backing up Windows applications 443 Protecting deduplication-enabled Windows 2012 Servers 443 System state backup and restore on Windows Server 443 Protecting Windows DFS Servers 444 Active Directory backup and restore on Windows Server 444 Bare metal restore of Active Directory Server on Windows Server 445 Microsoft IIS meta-directory backup and restore 445 Certificate Services database backup and restore 445 Cluster database backup and restore on Windows Server 446 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 18 Protecting file clusters 446 Windows bare metal 446 Features of the Windows agent 447 Chapter 21: Windows Instant Recovery 451 Overview of Windows instant recovery 451 How Windows instant recovery works 452 About retrieving configuration data for a virtual failover client 455 Virtual restores for Windows instant recovery 455 Appliance and hypervisor resources used for Windows instant recovery 456 Steps for implementing Windows instant recovery 456 Appliance and hypervisor resources used for Windows instant recovery General requirements and considerations for Windows instant recovery Unitrends system requirements for WIR 457 457 458 Unitrends software requirements 458 Requirements and considerations for running a virtual failover client on an external hypervisor 459 Requirements and considerations for running a virtual client on an ESX server 459 Requirements and considerations for running a virtual failover client on a Hyper-V server 459 Windows client requirements for Windows instant recovery 461 Supported Windows operating systems and applications 461 Firmware interface type and disk and volume configuration 462 Considerations for the virtual failover client location 463 Accessing a virtual failover client 464 Running backups for clients protected with Windows instant recovery 464 Setting up a virtual failover client 464 Setting up a virtual failover client on a Recovery-Series appliance 464 Unitrends system resource considerations for Windows instant recovery 465 Allocating storage for Windows instant recovery 465 Setting up a virtual network for Windows instant recovery 466 Creating a virtual failover client 467 Setting up a virtual failover client on an external hypervisor Legacy Recovery-Series and UEB Administrator's Guide 470 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 19 Adding a virtual failover client to an external hypervisor and configuring network settings Auditing a virtual failover client 470 471 Automated audits for a virtual failover client 471 Manually auditing a virtual failover client 472 Monitoring and managing virtual failover clients 474 Reports and notifications for Windows instant recovery 474 State and mode for virtual failover 475 Viewing virtual failover client details 476 Invalid virtual failover clients 477 Viewing restores for virtual failover clients 477 Modifying a virtual failover client 478 Viewing the IP address for a virtual failover client on an external hypervisor 480 Deleting a virtual failover client 480 Taking a virtual failover client live 481 Booting a virtual failover client in live mode 481 Live mode recommendations for a virtual failover client running on a Recovery-Series appliance 484 Live mode recommendations for a virtual failover client running on an external hypervisor 484 Troubleshooting Windows instant recovery 485 Conflict with volume using D:\ and the CD device on the virtual failover client 485 Hypervisors do not display when setting up a virtual failover client 485 Restores for the virtual failover client on an external hypervisor are not running 486 Virtual restores are not enabled for the virtual failover client 486 The Unitrends appliance cannot communicate with the virtual failover client 486 Configuration changes have been made to the original client 487 The virtual failover client has been booted in live mode 487 Exchange database will not mount when running VFC in Live mode Chapter 22: Microsoft SQL Protection About Microsoft SQL protection Supported SQL features Databases on Windows SQL Server 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 487 489 489 489 490 Legacy Recovery-Series and UEB Administrator's Guide 20 SQL clusters 490 Databases with disk storage on SMB 3.0 shares 490 Requirements for protecting SQL 490 Agent prerequisites for Microsoft SQL 490 SQL system requirements 491 Additional system requirements for SQL clusters and SMB 3.0 491 SQL cluster requirements and considerations 492 Requirements for SQL databases located on SMB 3.0 shares 495 About SQL backups 496 Executing SQL backups 499 SQL Server backups status 503 Restoring SQL backups 504 Considerations for restoring SQL backups 504 Restoring the master database 504 Restoring the model and msdb databases 505 Restoring SQL full backups 506 Restoring SQL differential and transaction backups 507 Restoring multiple SQL databases 508 Restoring a backup when the SQL icon does not display 508 SQL restore from the replication target 509 Replicated SQL restore requirements 509 Chapter 23: Microsoft Exchange Protection 511 About Exchange protection 511 Requirements for using Exchange Server protection 512 Installing Exchange protection 512 Recommended configurations for Exchange 513 Data protection strategies for Exchange 513 Exchange incremental backup 514 Automatic exclusion of Exchange data during file-level backups 515 About the circular logging setting for Exchange 515 Snapshot and streaming backups for Exchange 515 Executing Exchange backups Legacy Recovery-Series and UEB Administrator's Guide 516 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 21 About Exchange 2016, 2013, and 2010 backup 520 About Exchange 2007/2003 backup 520 About protecting clustered Exchange environments 520 Requirements for protecting Exchange clusters 520 Exchange 2007 CCR or SCR configurations 521 Exchange 2016, 2013, and 2010 DAG configurations 522 Best practices for protecting Exchange clusters 523 Restore considerations for Exchange clusters 523 About Exchange 2000 backup 523 Exchange Archiving 524 Exchange Replication 524 Microsoft Exchange recovery 524 Restoring an Exchange database or storage group 524 Restoring to the original Exchange server 525 Restoring to a recovery area 526 Restoring to an alternate location 528 Restoring Exchange items 530 Restoring Exchange items directly from a backup 531 About the Exchange restore session 531 Restoring Exchange items from a previously restored backup 532 Restoring items with Kroll Ontrack PowerControls for Exchange 532 About restoring Exchange 2016, 2013, or 2010 from a backup 533 About restoring Exchange 2007 from a backup 533 About restoring Exchange 2003 from a backup 534 About restoring Exchange 2000 from a backup 534 Restoring Exchange from archives 534 Restoring Exchange from a legacy vault 534 Restoring a backup when the Exchange icon does not display 534 Chapter 24: Microsoft SharePoint Protection About SharePoint protection 535 535 SharePoint agent requirements 536 SharePoint configuration prerequisites 537 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 22 SharePoint backup considerations 540 Display of SharePoint agent in the backup system 540 Executing SharePoint backups 541 Viewing SharePoint backups 543 Restoring SharePoint backups 543 SharePoint restore considerations 544 SharePoint restore procedures 544 About the SharePoint restore session 547 Restoring items with Kroll 547 Restoring a backup when the SharePoint icon does not display 548 Chapter 25: Oracle Protection 549 About Oracle protection 549 Requirements for Oracle protection 549 Unitrends version requirements for Oracle protection 550 Oracle client and instance requirements 550 Oracle credential considerations 552 Oracle on Linux Automatic Storage Management requirements 555 Oracle backup requirements 555 Steps for implementing Oracle protection 556 Display of Oracle application in the backup system 557 Upgrading to newer Oracle versions 558 Executing Oracle backups 558 Viewing Oracle backups 562 Oracle restore from the backup system 562 Oracle restore requirements and considerations 562 Restoring Oracle backups 563 Oracle for Windows restore from the replication target 565 Replicated Oracle restore considerations and procedures 565 About the Oracle restore session 567 Chapter 26: Protecting NAS Devices 569 Determining how to protect a NAS 569 NAS protection using NDMP 570 Legacy Recovery-Series and UEB Administrator's Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 23 Prerequisites and considerations for NDMP 570 Working with NDMP clients 572 Advanced configuration settings for NDMP clients 572 Implementing NetApp cluster protection 573 About NDMP backups 574 Automatic promotions of NDMP Incremental backups 574 Backup groups for NAS NDMP clients 576 Selection lists for NDMP backups 576 Backing up NAS NDMP clients 576 Restoring NDMP backups 577 Point-in-time NDMP restores 578 NAS protection using CIFS/NFS 579 Prerequisites and considerations for CIFS/NFS clients 579 Working with CIFS/NFS clients 579 Adding CIFS/NFS clients 579 Modifying and Deleting CIFS/NFS clients 581 Backing up CIFS/NFS clients 582 Specifying data to include or exclude from CIFS/NFS backups Restoring backups of CIFS/NFS clients Chapter 27: Hyper-V Protection 582 583 585 About Hyper-V protection 585 Features of Unitrends Hyper-V protection 586 Prerequisites for Hyper-V protection 586 About Hyper-V backups 587 Hyper-V backup strategies 588 Online backups 589 Backups for VMs on servers running Hyper-V versions 2012 and 2012 R2 589 Automatic exclusion of Hyper-V data during file-level backups 589 Best practices for protecting Hyper-V virtual machines 589 Protecting virtualized Active Directory servers 590 Protecting virtual machines in Distributed File System environments 590 Protecting Hyper-V virtual machines at the guest OS level 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 590 Legacy Recovery-Series and UEB Administrator's Guide 24 Comparison between Hyper-V and guest-OS-level backups 591 Recommendations and considerations for protecting Hyper-V VMs at the guest OS level 592 Protecting Hyper-V virtual machines with storage located on SMB 3.0 shares Prerequisites and considerations 595 595 Granting the Windows agent read/write access to remote SMB 3.0 shares Working with Hyper-V servers 595 596 Special considerations for adding Hyper-V clusters 597 Displaying Hyper-V virtual machines in the Navigation pane 598 Grouping Hyper-V virtual machines 598 Executing Hyper-V backups 599 Selecting Hyper-V VMs to protect 599 Special considerations for backing up Hyper-V clusters 599 Working with Hyper-V clusters in the Navigation pane 600 Creating an alias for a Hyper-V cluster 601 Hyper-V backup procedures 602 Viewing the status of Hyper-V backups 606 Restoring the Hyper-V virtual infrastructure 606 Restoring Hyper-V virtual machines 606 Supported Hyper-V virtual machine restore procedures Restoring files from Hyper-V backups 607 611 Steps for performing Hyper-V file-level recovery 611 Prerequisites for performing Hyper-V file-level recovery 611 Performing Hyper-V file-level recovery 613 About the Hyper-V restore session 617 Instant recovery for Hyper-V 618 How Hyper-V instant recovery works 618 Audit mode 618 Instant recovery mode 619 Steps for implementing Hyper-V instant recovery 620 Prerequisites and considerations for Hyper-V instant recovery 621 Allocating storage for Hyper-V instant recovery 622 Legacy Recovery-Series and UEB Administrator's Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 25 Configuring port security for Hyper-V instant recovery 623 Performing the audit process for Hyper-V instant recovery 623 Performing Hyper-V instant recovery 625 Chapter 28: VMware Protection 629 Best practices for protecting VMware virtual machines 629 About the Virtualization Protector 632 Virtualization Protector requirements 633 Raw device mapped disk limitations 634 vSphere 6 requirements and limitations 635 Protecting virtualized Active Directory servers 635 Protecting virtual machines in Distributed File System environments 635 Working with vCenter and ESX servers 635 Displaying VMware virtual machines in the Navigation pane 636 Upgrading the ESX(i) host 637 Setting VM credentials for application-aware protection 637 Working with VM credentials 638 Deleting vCenter and ESX servers 641 Grouping VMware virtual machines 641 About VMware backups 641 Requirements and considerations for VMware backups Supported backup methods 642 642 VMware backup strategies 643 Dynamic VMware protection 644 Example of a basic filter 645 Example of an advanced filter 646 Transitioning to filtered VMware schedules 646 VMware HotAdd backups VMware HotAdd requirements 647 647 VMware SAN-direct backups 650 VMware disk exclusions 652 Executing VMware backups 652 Creating VMware backup schedules 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 653 Legacy Recovery-Series and UEB Administrator's Guide 26 Restoring the VMware virtual infrastructure 656 Restoring the entire VMware virtual machine 656 Special considerations for RHEL/CentOS6.x virtual machines 657 Restoring files from VMware backups 657 About the VMware restore session 662 Instant recovery for VMware 663 How instant recovery for VMware works 663 Audit mode 664 Instant recovery mode 664 Steps for implementing VMware instant recovery 665 Prerequisites for implementing VMware instant recovery 666 Allocating storage for VMware instant recovery 667 Configuring port security for VMware instant recovery 668 Performing the audit process for VMware instant recovery 668 Performing VMware instant recovery 670 Recovering peripheral devices 672 Protecting VMware templates 672 Executing backups of VMware templates 672 Creating a backup schedule for VMware templates 673 Restoring VMware templates 676 Troubleshooting 678 Chapter 29: Cisco UCS Protection 679 Working with UCS blade and rack-mount servers 679 Protecting UCS blade and rack-mount servers 679 Restoring UCS client backups 682 Disaster recovery of UCS clients 683 Working with Cisco UCS service profiles 685 About protecting Cisco UCS service profiles 685 Data protection strategy for Cisco UCS service profiles 686 Cisco UCS service profile protection requirements 686 Adding Cisco UCS Manager clients to the Unitrends appliance 687 Executing and scheduling UCS service profile backups 688 Legacy Recovery-Series and UEB Administrator's Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 27 Replicating UCS service profile backups 690 Viewing UCS service profile backups 690 Restoring UCS service profile backups 692 Chapter 30: AIX Protection 697 AIX agent versions 697 AIX agent restrictions 697 Installing protection software for AIX 697 Working with AIX clients 698 AIX client backup and restore 698 Uninstalling protection software on AIX client 698 Chapter 31: HP-UX Protection 699 Supported HP-UX operating systems 699 HP-UX agent versions 699 Installing the HP-UX agent 699 Working with HP-UX clients 700 Backup and restore for HP-UX clients 700 Uninstalling HP UNIX client protection software 700 Chapter 32: iSeries Protection 701 Getting started with iSeries protection 701 Space requirements and maximum file size for successful backup 702 iSeries master backup and restore considerations 703 iSeries backup operation 704 The iSeries backup menu 704 iSeries profile 705 iSeries backup now option 705 Schedule an iSeries backup 705 iSeries restore operation 706 iSeries disaster recovery 706 iSeries log files 706 Chapter 33: Linux Protection 707 Supported Linux distributions 707 Linux agent versions 707 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 28 Linux distributions and agent installers 708 Installing the Linux agent 708 About Linux agent dependencies 711 Dependencies by operating system 712 Needed dependencies for Oracle 712 Configuring a Linux firewall to allow communication with the Unitrends backup system 713 Working with Linux clients 713 File-level backup and restore for Linux clients 713 Linux selection lists 714 Exclusion lists for Linux clients 714 Inclusion lists for Linux clients 715 Inclusion and exclusion list combinations for Linux clients 716 Pre- and post-backup commands for Linux clients 717 Linux restore considerations 717 Bare metal backup and disaster recovery for Linux clients 717 Uninstalling Linux protection software 718 Chapter 34: Mac OS X Protection 719 Mac OS X agent versions 719 Installing the Mac OS X agent 719 Working with Mac OS X clients 720 Backup and restore for Mac OS X clients 720 Uninstalling Mac OS X protection software 720 Chapter 35: Novell NetWare Protection 721 Unitrends Novell NetWare agent information 721 Novell NetWare agent restrictions and limitations 721 Installing the Unitrends Novell NetWare agent 722 Uninstalling the agent from a Novell client 723 Protecting GroupWise on Novell Netware 723 Considerations for protecting GroupWise 723 Considerations for TSA based GroupWise backups 724 Restoring GroupWise on Novell 724 Considerations when restoring GroupWise databases Legacy Recovery-Series and UEB Administrator's Guide 724 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 29 Stopping and starting GroupWise databases Protecting eDirectory on your Novell client 724 725 eDirectory backup and restore using Novell agent 725 ConsoleOne recovery using NetWare agent 727 Switching between TSA and non-TSA backups Chapter 36: Novell OES Linux Protection OES Linux agent versions 728 729 729 Installing the OES agent 729 OES agent restrictions and limitations 730 Uninstalling the Unitrends agent for OES 730 Changing root password on OES agent 731 Protection software for OES with AppArmor 731 Protecting GroupWise on Novell OES Linux 731 Considerations for protecting GroupWise on OES Linux 731 Restoring GroupWise on Novell OES Linux 732 Considerations when restoring GroupWise databases 733 Starting and stopping GroupWise databases 733 Protecting eDirectory on your OES Linux client Chapter 37: SCO OpenServer Protection 733 737 SCO OpenServer agent versions 737 Installing protection software for SCO OpenServer 737 Working with SCO OpenServer clients 738 Uninstalling protection software on SCO OpenServer client 738 Chapter 38: Solaris Protection 739 Solaris agent versions 739 Installing Solaris protection software 739 Working with Solaris clients 739 Uninstalling Solaris protection software 740 Chapter 39: UnixWare Protection 741 UnixWare agent versions 741 Installing protection software for UnixWare 741 Working with UnixWare clients 742 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 30 Master backup of the UnixWare client 742 Uninstalling protection software on UnixWare client 742 Chapter 40: Xen on OES 2 Protection 743 Xen virtualization architecture 743 Protecting OES on Linux with Xen 743 Domain Management and Control (Xen DM&C) 744 Xen backup scenarios 744 Scenario 1: Protecting Xen host only (recommended method) 745 Scenario 2: Protecting Xen virtual machines only 746 Scenario 3: Protecting Xen host and virtual machines together 747 Chapter 41: Bare Metal Protection Overview 749 Bare metal procedures by client operating system 750 Considerations for bare metal test restores 751 Recovering aliased clients 752 Chapter 42: Windows Bare Metal Protection 753 Integrated BMR and image-based BMR comparison 754 Windows integrated bare metal recovery 755 Implementing Windows integrated bare metal protection 756 Prerequisites for Windows integrated bare metal recovery 756 Supported integrated bare metal recovery scenarios 758 About eligible backups for Windows integrated bare metal recovery 758 About integrated bare metal recovery ISO images 759 About adding drivers during the integrated bare metal recovery 759 Performing the integrated bare metal recovery 760 Accessing the integrated bare metal recovery ISO images 760 Preparing the destination machine for an integrated bare metal recovery 761 Running the Integrated Bare Metal Recovery Wizard 762 Post-restore driver injection 769 Completing the integrated bare metal recovery 770 Performing a test integrated bare metal recovery 770 Windows image-based bare metal recovery Windows image-based recovery overview Legacy Recovery-Series and UEB Administrator's Guide 771 771 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 31 Windows system requirements for image-based bare metal 771 Implementing image-based bare metal protection 772 Creating the boot media for image-based recovery 773 Testing bare metal media for image-based recovery 775 Image-based bare metal restore procedures 776 Physical to Virtual (P2V) image-based restores of Windows clients 776 Dissimilar image-based restore for Vista and later environments 780 Additional considerations for Windows imaged-based bare metal 781 Special consideration for Domain Controllers on Hyper-V 781 Windows imaged-based bare metal Interface 782 When a system does not boot following an image-based restore 783 Chapter 43: Bare Metal for Linux 787 Linux bare metal overview and requirements Linux hot bare metal recovery requirements and limitations Implementing Linux bare metal protection Creating Linux hot bare metal boot media 787 787 788 788 Linux bare metal restore procedure 789 Linux bare metal menu options 790 Initiate Linux client restore from backup system 791 Linux cold bare metal protection 791 Creating the iso for use with cold bare metal backups 791 Performing cold bare metal backups and restores 792 Chapter 44: Bare Metal for x86 Platforms 795 Intel platforms bare metal disaster recovery 795 Specifying bare metal settings for a client 797 Testing bare metal backups 798 Recovering from a crash with the bare metal boot CD 798 Using the bare metal crash recovery boot CD 798 Bare metal boot CD menu options 799 Manual bare metal backup 802 When to perform a cold bare metal backup 802 Recovering from a crash using cold bare metal 802 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 32 Bare metal restore to a new disk 803 Bare metal restore to a disk of same size and controller 803 Bare metal restore to a larger disk 803 Bare metal restore to a different disk controller 803 Configuration settings for CD only version of bare metal 804 Bare metal optimization 804 Novell agent bare metal optimizer utility 804 Chapter 45: Bare Metal for non-x86 Platforms 807 Bare metal for AIX 807 AIX client hot bare metal restore 807 Generating bare metal media for an AIX client 807 Starting the bare metal restore for an AIX client 808 Bare metal for AIX menu options 808 Initiate AIX client restore from backup system 809 Reasons for AIX bare metal restore 809 Bare metal for Mac OS X 810 Hot bare metal disaster recovery using Mac OS X 810 Technical limitations and requirements 810 Creating a hot bare metal Mac OS X boot DVD 810 Mac OS X hot bare metal restore 811 Bare metal for UnixWare 812 UnixWare bare metal disaster recovery 812 Bare metal rapid recovery CD for UnixWare 7.13/7.14 814 Bare metal for UnixWare features 814 UnixWare bare metal Jump Start booting 814 UnixWare bare metal AIR-BAG main menu system 815 UnixWare bare metal diagnostic/confidence test 815 UnixWare bare metal single filesystem restore 815 UnixWare bare metal fully automated restore 815 UnixWare bare metal restore to same hard disk 816 UnixWare bare metal restoring to a new partition or hard disk 816 UnixWare bare metal filesystem status report 816 Legacy Recovery-Series and UEB Administrator's Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 33 UnixWare bare metal adjusting filesystem sizes 816 UnixWare bare metal hard disk parameter information 816 UnixWare bare metal view controllers 817 UnixWare bare metal load BTLD modules 817 UnixWare bare metal view PCI, ISA, PCM/CIA cards 817 UnixWare bare metal modify resource manager database 817 UnixWare bare metal hard disk single user mode 817 UnixWare bare metal deleting filesystems from master list 817 UnixWare bare metal slice manager 817 UnixWare bare metal restore from the backup system 820 Bare metal for Solaris SPARC 821 Solaris SPARC bare metal restore 821 Generate and boot from the bare metal media 822 Creating and booting from the bare metal CD 822 Creating and booting from a bare metal USB drive 823 Bare metal recovery from a Jump Start boot server 824 Jump Start boot requirements 824 Booting into the bare metal interface 826 Performing a bare metal restore 826 Bare metal for Xen on OES 2 virtual machines Chapter 46: ConnectWise PSA Integration 826 829 Introduction 829 Configuring the PSA tool 830 Configuring settings in ConnectWise 830 Configuring the Unitrends PSA Integration feature 831 Configuring PSA settings in the Unitrends system 833 Modifying or deleting a PSA configuration 836 Viewing ticket history 836 Invoking the billing script 837 Chapter 47: Troubleshooting 839 Archive troubleshooting 839 Troubleshooting backups and schedules 839 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 34 Troubleshooting bare metal restore 840 Troubleshooting encryption 841 Troubleshooting file restore 841 Troubleshooting iSeries 842 Troubleshooting license management 842 Troubleshooting Novell NetWare agent 842 Troubleshooting backup system messages 843 Troubleshooting tape devices 843 Troubleshooting VMware backup 845 Troubleshooting Windows event IDs 845 Starting event 845 VSS events leading up to execution of a volume snapshot 845 Troubleshooting Windows legacy Exchange agent 848 Troubleshooting legacy SQL Server agent 849 Troubleshooting Xen on OES 2 bare metal backup and restore 850 Appendix A: Windows Legacy Operations 851 Working with the legacy Windows agent 851 Launching the legacy Windows agent 851 Legacy Windows agent preferences 851 Environment settings 851 Log level 852 Current profile settings 852 Advanced preferences 852 Legacy Windows agent profiles 853 Performing backups with the legacy Windows agent 853 Performing restores with the legacy Windows agent 854 Restoring an entire backup 854 Restoring a backup by backup number 855 Performing selective restores 855 Include files option 855 Backup listing dialog 856 Restore options tab 856 Legacy Recovery-Series and UEB Administrator's Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 35 Restore advanced options 856 Verifying or comparing a backup 856 Options and other functions 857 Skip file-in-use option 857 Snapshot properties option 857 Test protocol option 857 Register client option 857 Choose server/device option 857 Test a server connection option 858 Bare metal optimizer option 858 Settings file option 858 Legacy SQL Server agent 859 Launching the legacy SQL Server agent 860 Log in to legacy SQL Server agent 861 Features of the legacy SQL Server agent 861 Creating or modifying a legacy SQL backup schedule 861 Legacy SQL backup plan optimization 862 Legacy SQL backup types and schedules 862 Assigning or removing a legacy SQL backup schedule 863 Legacy SQL on-demand backups 863 Legacy SQL restore options 864 Restoring a legacy SQL Server database 864 Legacy SQL Server point in time restore 866 Viewing legacy SQL backup and restore history 866 Legacy SQL Server audit and error logs 866 Testing Legacy SQL Server database restore 866 Legacy Exchange agent 866 Legacy Exchange information store setup 867 Legacy Exchange agent setup 868 Legacy Exchange client registration 868 Legacy Exchange and Active Directory 868 Legacy Exchange and the Samba share 868 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide 36 Working with Legacy Exchange information stores 869 Legacy Exchange store level log in 869 Legacy Exchange Quantum Recovery setup 869 Legacy Exchange EQR system requirements 869 Installing Ontrack PowerControls on legacy Exchange 871 Licensing Ontrack PowerControls for legacy Exchange 871 About the Ontrack PowerControls license 872 Legacy Exchange store level functionality 873 Legacy Exchange information store level security 873 Legacy Exchange backup and purge options 873 Legacy Exchange define information store level items 874 Legacy Exchange launch information store level master 874 Legacy Exchange launch information store level differential 874 Legacy Exchange store level history 875 Legacy Exchange store level purge 875 EIR and EQR backup schedules 875 Legacy Exchange information store scheduling 876 Legacy Exchange master or differential schedule 877 Legacy Exchange recovery options 877 Legacy Exchange Quantum Recovery 878 Legacy Exchange directories for Ontrack PowerControls 878 Using the Ontrack PowerControls ExtractWizard 879 Setting up Ontrack PowerControls ™for legacy Exchange 880 Guidelines for selecting a legacy Exchange database 882 Restoring legacy Exchange data via Ontrack PowerControls™ 883 Restoring Exchange messages via Ontrack PowerControls™ 883 Legacy Exchange command line options 884 Testing the legacy Exchange agent setup 885 Testing legacy Exchange information store backups 885 Appendix B: Storage Footprint Reporting About storage footprint reporting Features of storage footprint reporting Legacy Recovery-Series and UEB Administrator's Guide 887 887 887 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 37 Footprint report description 888 Prerequisites and considerations for storage footprint reporting 888 Computing the footprint of a source 889 Scheduling and managing footprint reports 889 Supported commands for footprint reports 889 Accessing the command line of a replication target 890 Scheduling footprint reports 890 Managing footprint reports 893 Monitoring a running report 894 Terminating footprint report tasks 894 Viewing footprint reports 895 Appendix C: Unitrends Open Source Compliance 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 897 Legacy Recovery-Series and UEB Administrator's Guide 38 Legacy Recovery-Series and UEB Administrator's Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 39 Chapter 1: About this Guide The Legacy Recovery-Series and UEB Administrator's Guide provides detailed instructions for configuring and managing your Unitrends appliance using the legacy user interface. The target audience for Unitrends products are system administrators for small, medium, and large companies. All procedures are run from the Unitrends legacy Administrator Interface (AI), unless otherwise specified. See the following topics for details: • • "Typographical conventions" on page 39 • "Contacting Unitrends Support" on page 40 "Terminology" on page 39 Typographical conventions Type Convention Example Menu commands Bold Click Recover. Text entered in fields Courier bold Set Date field Sequential commands Separated by greater than (>) symbol. Click Recover > Instant Recovery. Links and cross references within this guide Display in blue. "Introducing Unitrends" Hyperlinks to external topics, sites, or documents Display in blue, are underlined, and open in a separate window. http://www.unitrends.com/support Terminology The following table describes the terms used in this document. Terms have changed, and you may run into instances where deprecated names are still used. Term Definition backup system Unitrends backup system, administered through the Unitrends Administrator Interface (AI). Equivalent to legacy terms DPU, appliance, Rapid Recovery Console (RRC), and BP. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 1: About this Guide 40 Term Definition managed system A Unitrends backup system that is managed by another Unitrends backup system. You can administer multiple managed systems from the AI through a single pane of glass. Equivalent to legacy term MDPU. (See "About remote system management" on page 95.) target system A Unitrends backup system located off-site to which backups are replicated from other Unitrends systems. This can be another system owned by your company, or the Unitrends Cloud service. vault Replication is not supported on systems running versions older than 7.0.0. Instead, legacy vaulting is used. A vault is the target system to which backup data is replicated. This can be another system owned by your company, or the Unitrends Cloud service. Equivalent to legacy term DPV. installation type For systems running version 7.0.0 or later, the installation type determines whether the system functions as a backup system, replication target, or both a backup system and replication target. For systems running older versions, legacy vaulting is used. Installation types include backup system, vault, or cross-vault if performing both roles. Equivalent to legacy terms system personality or system identity. Contacting Unitrends Support There are a variety of ways to contact Unitrends Support. Unitrends Support Site Un itre n d s Su p p o rtS ite Access the Unitrends Support Site at http://www.unitrends.com/support, where you can: • • • • • • Download or upgrade your product Download latest agent releases Search Knowledge Base articles Connect with Community Forums Log a support case Access the Partner Service Portal Contact by telephone Co n ta c tb y te le p h o n e Use the following to contact Unitrends Support by telephone: • • • Unitrends Support North America: 1.888.374.6124 Unitrends Support UK: +44 (0)80 8101 7687 Unitrends Support Germany: +49 (0)89 2154822 0 Legacy Recovery-Series and UEB Administrator's Guide Chapter 1: About this Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 41 You can call at any time during the hours specified in your Unitrends support service level contract. This is the recommended method for logging high priority support issues. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 1: About this Guide 42 Legacy Recovery-Series and UEB Administrator's Guide Chapter 1: About this Guide 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 43 Chapter 2: Introducing Unitrends Unitrends products come in a wide variety of physical and virtual configurations, supporting many hardware and software versions and features. Unitrends backup and replication systems are integrated, turn-key, disk-to-disk backup, restore, and disaster recovery solutions. The system supports a multitude of operating system platforms and provides client-side agents for common database applications. All of the data that is protected on the backup system can be synchronized across wide area network (WAN) connections to a replication system for total site protection. See the following topics for details: • • • "The Unitrends Administrator Interface" on page 43 "Navigation pane options" on page 50 "Navigation grouping" on page 45 The Unitrends Administrator Interface After you log in, you see the Administrator Interface (AI). (See the following figure.) All procedures are executed from the AI, unless otherwise indicated. WARNING! It is recommended to perform all administration tasks using the Administrator Interface. The Unitrends operating system implementation is proprietary to Unitrends and should not be modified from the Linux command line unless following a certified Unitrends procedure. Performing general Linux command line administration tasks can have undesirable results. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 2: Introducing Unitrends 44 The high-level structure of the AI consists of a three-pane window with the following components: AI Components Description Main menu A series of icons used to access the system’s primary functions. You can select to view a drop-down list of options when you click on these icons. You can also choose to see the drop-down list in horizontal or vertical order. See "Navigation pane options" on page 50 for more information. Note: The drop-down list does not necessarily show every option on the second level screen and may also include related options that are not on the second level screen. Navigation pane The left-most pane of the AI contains a tree of customers, locations, backup systems, replication systems, and clients (a client is typically a customer's server). Center Stage The area to the right of the Navigation pane is called the Center Stage. Information displayed here is determined by the elements you have selected from both the Main menu and Navigation pane. The Center Stage may be presented as a single area or a subdivided area based on your selections. See the following for details about the Navigation options and Main menu functions: • • • "Navigation pane options" on page 50 "Navigation grouping" on page 45 "Main menu icons" on page 51 Legacy Recovery-Series and UEB Administrator's Guide Chapter 2: Introducing Unitrends 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 45 Navigation grouping This feature enables you to quickly manage and navigate complex or well-populated systems by alleviating problems associated with having large client and virtual machine installations used by varying administrators. Navigation groups allow you to create custom folders to organize your clients and virtual machines. Navigation groups can be used to create backup, restore, or archive schedules, as well as to generate reports. For details on generating reports, see "User-generated reports" on page 360. When an item is removed from a group, or the group is deleted, all items are returned to their original place in the Navigation pane. Navigation grouping is supported on appliances running version 7.5 or higher. The following items can be grouped: • • Clients, such as Windows or Linux servers • • • • VMware virtual machines Hyper-V virtual machines Resource pools vApps VMware templates See the following topics for details: • • "Visibility of grouped items" on page 45 "Navigation group procedures" on page 47 Visibility of grouped items Navigation grouping is for organizational purposes only. The groups do not display in replication view. A group can contain any number of items in the same hierarchical level of the Navigation pane. You can group clients to perform file-level backups, or you can group virtual machines to run VMware or Hyper-V backups. See the following for details: • • • "Grouping clients for file-level backups" on page 45 "Grouping virtual machines" on page 45 "Unitrends user privileges" on page 46 Grouping clients for file-level backups Gro u p in g c lie n ts fo rfile -le v e lb a c k u p s Grouping clients is a way of easily selecting subsets of clients on a system that has a large number of clients. You can then create file-level backup schedules and generate reports based on the clients in the selected group. For a physical Hyper-V host, you can also create an inner group to protect its virtual machines. Grouping virtual machines Gro u p in g v irtu a lma c h in e s Grouping virtual machines is a way of easily selecting subsets of virtual machines on a host that has a large number of virtual machines. You can then create VMware or Hyper-V backup schedules and generate reports based on the selected group. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 2: Introducing Unitrends 46 See the following figures for an example of groups created for file-level and virtual machine protection: In the figure on the left, the client-level group is selected. If you create a schedule based on the client-level group, the clients are protected with file-level backups. However, the virtual machines in the Virtual Machine Level Protection group are not protected. In the figure on the right, the inner group Virtual Machine Level Protection is selected. If you create a schedule based on the inner group, the virtual machines are protected with VMware or Hyper-V backups. However, the clients from the figure on the left are not. Unitrends user privileges Un itre n d s u s e rp riv ile g e s You can assign different Unitrends users to each group. Multiple users can be assigned to the same group. See the following table for information on which items are visible for each user privilege. Items that are not grouped are seen by all Unitrends users with Superuser or Administrator privileges. For information about the abilities of each user privilege, see "Privilege level" on page 67. User Privilege Visible Items Manage or Monitor User sees only VMs and clients assigned to the user and any ungrouped items. Superuser or Administrator User sees all Navigation pane items regardless of group permissions. The following figure provides an example of what a Superuser or Administrator sees versus what the user "Alice" sees. Legacy Recovery-Series and UEB Administrator's Guide Chapter 2: Introducing Unitrends 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 47 Navigation group procedures When using the Navigation grouping feature, groups can be created, edited, and deleted with no harm to the integrity of the Navigation pane hierarchy. Click the folder icon to enable or disable the Navigation grouping feature. (Release 7.5 and higher). Backup schedules are easily created with Navigation groups. Select the group from the Navigation pane, and the schedule created applies only to the selected items in the group. For details on scheduling backups, see "File-level Backups" on page 159. See the following for details: • • "Navigation group strategies" on page 48 "To create a navigation group" on page 48 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 2: Introducing Unitrends 48 • • • "To modify a navigation group" on page 49 "To delete a navigation group" on page 49 "To assign users to a navigation group" on page 49 Navigation group strategies Use Case Strategy Recommendation Multiple users assigned to portions of a large virtual machine installation. Create multiple groups and assign each user to one or more groups. One administrator in charge of a large installation. Create multiple groups corresponding with levels of importance or customers. No need to assign users because there is only one administrator. To create a navigation group 1 Hover over the item under which you wish to create a group. • • To group clients, hover over the blue system icon. To group virtual machines, hover over the desired Hyper-V or ESX Server. Note: 2 To group virtual machines, you must be able to view VMs in the Navigation pane. If you do not see VMs, click the Gear icon at the bottom of the Navigation pane, check Show Virtual Machines in Navigation Tree, and click Confirm. Click the folder icon that displays to the item’s right. If the folder icon does not display (and the folder icon at the bottom of the Navigation pane has a red X), enable the Navigation grouping feature by selecting the folder icon. 3 Enter a Group Name. 4 (Optional) Select a color for the group. This allows for further distinction between each group. If a color is not specified, the default color is applied. 5 (Optional) Check the Set as default box to make the selected color the default. 6 Check the Configure Group box. The Add New Group window displays. 7 (Optional) Click the Users tab to add users to the group. For details, see "To assign users to a navigation group" on page 49. If no users are assigned, the group is visible to all Unitrends users with Superuser or Administrator privileges. Note: Unitrends users with Superuser or Administrator privileges are selected by default to see all groups. 8 (Optional) Click the Not in Group tab to see all items that are not in the group. Check boxes as desired to add items. 9 Review your selections on the Not in Group and In Group tabs to ensure the items display as desired. Legacy Recovery-Series and UEB Administrator's Guide Chapter 2: Introducing Unitrends 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 49 10 Click Save. To modify a navigation group 1 Hover over the group name. 2 Click the folder icon to the right. The Edit Group window displays. 3 Edit settings as desired. 4 • To create a sub-group, click New Inner Group and set up just as you would a regular group. • For details on settings, see "To create a navigation group" on page 48. Click Save. When an item is removed from a group, the item is returned to the original place in the Navigation pane To delete a navigation group 1 Hover over the group name. 2 Select the folder icon to the right. The Edit Group window displays. 3 Select Delete at the bottom left of the window. When a group is deleted, all items are returned to their original place in the Navigation pane. To assign users to a navigation group Use this procedure to assign a Unitrends user to a navigation group. The user must already be created before running this procedure. To create a Unitrends user, see "To add a user" on page 66. Note: To ensure that each user can only see ungrouped items and the groups assigned to them, be sure that the Unitrends user has been assigned the Manage privilege level. 1 Hover over the group name in the Navigation pane. 2 Click the folder icon to the right. The Edit Group window displays. 3 Check the Configure Group box. Available Unitrends users display on the Users tab. 4 Check the desired boxes to assign Unitrends users to the group. If you do not see the user, add it with Manage privileges. For details, see "To add a user" on page 66. 5 (Optional) Add Active Directory users by entering the username in the Active Directory Users field and clicking +. For details, see "About Active Directory authentication" on page 99. Note: The Active Directory username is just the name, not the domain. 6 Click on the Not in Group tab to add items to the group. 7 Click on the In Group tab to remove items from the group. 8 Click the Make selected users the default box to save these selections for future use in creating groups. 9 Click Save. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 2: Introducing Unitrends 50 Navigation pane options Use the icons at the bottom of the Navigation pane to change how information displays. • Click • Click to refresh/reload the system. to see the System Preferences window and check the options you prefer. You can also configure preferences by selecting Settings > System, Updates, and Licensing > System Preferences. • Click to enable or disable the Navigation grouping feature. (Release 7.5 and higher). System Preference Window Options Description Show system Client Check to display the Unitrends system as a client in the navigation pane. Show Customer/Locations Check to display customers and locations in the navigation tree. Show Menu Items in Check to display items on the Center Stage pane in a single column. Single Column Show Virtual Machines in Navigation Tree Check to display virtual machines under the Hyper-V client or ESX server in the Navigation tree. You can then select a given VM to display information shown on various pages (backup status, reports, etc.). To refresh the VM list, select the Hyper-V client or ESX server, click Backup, then click the reload arrows below the VM list on the Backup page. Save Open/Closed branch status in Navigation Tree? Check to preserve the branch status of the Navigation pane. If you have expanded or collapsed items, the status is preserved when you log out of the appliance. Show Drop Menu? Check to show the drop-down menu when you click the icons in the Main Menu. Horizontal Menu? Check to see the drop-down menu when clicking the icons in the Main Menu in a horizontal list. Uncheck to see the drop-down menu in a vertical list. Show Replication View For replicating systems, check to switch to Replication View, and see replicated backups stored on the target system. See "Viewing replicated backups" on page 309 for details. Legacy Recovery-Series and UEB Administrator's Guide Chapter 2: Introducing Unitrends 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 51 Main menu icons See the following for more information about each icon on the Main menu: • • • • • • • • • "Status icon" on page 51 "Backup icon" on page 51 "Restore icon" on page 51 "Archive icon" on page 51 "Replication icon" on page 51 "Reports icon" on page 51 "Settings icon" on page 51 "About icon" on page 52 "Log out icon" on page 53 Status icon The front status page allows you to quickly change views to see the past, present, and future status of backup jobs. Change the status view by clicking on the perpendicular labels, or blinds, on either side of the status pane. Jobs that are currently running are displayed on the Present screen. Scheduled jobs are displayed on the Future screen, and the weekly backup status is displayed on the Past screen. Backup icon Use this feature to schedule and run backups for clients registered to the backup system. For details, see the "Backups Overview" chapter. For additional information about the clients you wish to protect, see the chapter for the applicable OS. For example, "Windows Protection", "VMware Protection", and "Linux Protection" chapters. Restore icon Use this feature to restore backups to a given client or to recover the backup system itself. For details on restoring client data, see the "Restore Overview" chapter. For details on recovering the backup system itself, see the "Disaster Recovery" and "Legacy Disaster Recovery" chapters. Archive icon Use this feature to archive backups. Archiving to external media enables you to retain older backups as well as providing the safety of off-site storage. For details, see the "Archiving Overview" chapter. Replication icon Use this feature to replicate backup data from one Unitrends system to another. Store replicated data in another location for protection in the event of a total site disaster. For details, see the "Replication" chapter. Reports icon Use this feature to run reports on backups, archives, failures, replication or vaulting, storage, and more. For details, see the "Reports, Alerts, and Monitoring" chapter. Settings icon Use this feature to view and modify configuration of each subsystem, such as customers, clients, 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 2: Introducing Unitrends 52 and storage, as well as to monitor these subsystems using various tools. For details, see "Subsystem configuration settings" on page 60 and "Advanced Configuration Options" on page 83. For a quick look at the items contained in each subsystem, hover over the subsystem icon. Favorite pages Pages in the Settings subsystems can be bookmarked for quick navigation. The Bookmarks feature is located in the upper-right corner of the Settings page. • • • • To view a list bookmarked pages, click the down arrow. To go to a bookmarked page, select it in the list. To add a page to the list, navigate to the desired page, then click the star icon. To remove a bookmark, navigate to the bookmarked page, then click the star icon. About icon Use this feature to: • • • • • • • Open the Unitrends Administrator’s Guide. • Access online support. You can use the “Online Support” icon to reach a self-help page for your appliance. • Access context-sensitive help. (See "Context-sensitive help" on page 52 for more information.) View video tutorials. Access the KnowledgeBase articles. View release notes. See system information (such as the system version and asset tag information). Send feedback to Unitrends. Create or close a support tunnel with a Unitrends Customer Engineer. (See "Support tunnel" on page 52 for more information.) Support tunnel Select About > Support Tunnel to open a support tunnel. Support tunnels are one of the preferred methods for Support Engineers to assist with troubleshooting issues on the system. Support tunnels provide a secure method of accessing a system remotely. In addition to encrypting the transmission (which helps to protect data), a port is randomly assigned to discourage unwanted access attempts (known as port knocking). Only one tunnel can be open at a time. If an existing tunnel is open, click Support Tunnel to force the tunnel to close. The Support Tunnel connection automatically closes if it is inactive for several minutes, or if there is no attachment within a few minutes of it being opened. Note: You can also access the support tunnel in Settings > System, Updates, and Licensing > Support Toolbox (Advanced) > Support Tunnel. Context-sensitive help To access help for any subsystem within the AI, select About > Help, click the ‘?’ icon, or rightclick an area in the subsystem. The context-sensitive help provides a general description of the system’s functionality. The Unitrends Administrator’s Guide is also accessible via the context- Legacy Recovery-Series and UEB Administrator's Guide Chapter 2: Introducing Unitrends 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 53 sensitive help interface. Log out icon Use this icon to log out of the system. Note: You must change the root user password to disable the auto-login feature. If you have not yet changed this password, you are immediately logged back in upon logging out. To change the password, see "About configuring root passwords " on page 87. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 2: Introducing Unitrends 54 Legacy Recovery-Series and UEB Administrator's Guide Chapter 2: Introducing Unitrends 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 55 Chapter 3: Getting Started This chapter contains procedures to guide you through set up of a new Unitrends Recovery-Series appliance. If you are deploying another system type, see one of the following guides for setup procedures: • • • UEB Deployment Guide for Installable Software UEB Deployment Guide for VMware UEB Deployment Guide for Hyper-V Before you start IMPORTANT! Unitrends should be your primary and only solution for backing up your data. Using multiple backup solutions for the same set of data can result in performance issues, VSS-related system issues, and broken log chains for databases. All procedures are executed from the Administrator Interface, unless otherwise indicated. WARNING! It is recommended to perform all administration tasks using the Administrator Interface. The Unitrends operating system implementation is proprietary to Unitrends and should not be modified from the Linux command line unless following a certified Unitrends procedure. Performing general Linux command line administration tasks can have undesirable results. Proceed to the following sections to set up your Recovery-Series appliance: • • • • • • "Overview of the Recovery-Series setup process" on page 55 "Prerequisites for Recovery-Series systems" on page 56 "Prerequisites for virtual systems" on page 57 "Initial configuration of Unitrends systems" on page 57 "System setup" on page 59 "Subsystem configuration settings" on page 60 Overview of the Recovery-Series setup process A high level overview of the steps required to set up your Recovery-Series appliance is given here. Proceed to each section referenced in these steps for detailed procedures. Step 1: Complete the prerequisites for your Recovery-Series system. See "Prerequisites for Recovery-Series systems" on page 56 for details. Step 2: Configure the appliance onto the network. See "Initial configuration of Unitrends systems" on page 57 for details. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 56 Step 3: • • Configure each subsystem using the Setup Wizard. See the following: "System setup" on page 59 for an overview of the Setup Wizard steps. "Subsystem configuration settings" on page 60 for detailed procedures. Prerequisites for Recovery-Series systems Additional requirements must be met when installing physical systems. For physical systems, complete the procedures in this section before proceeding to Initial configuration of Unitrends systems. • • "Site preparation" on page 56 "Physical System Preparation" on page 56 Site preparation It is important to ensure that the physical environment meets the requirements of the system. Proper preparation of the site helps to ensure consistent and stable operation of the Unitrends solution. The site preparation requirements that must be considered prior to installation are: • • • • • Space and clearance requirements Load bearing (weight) requirements Power requirements Cooling and environmental requirements Configuration requirements The Unitrends Site Preparation Guide for Recovery-Series Appliances contains detailed requirements for all Unitrends Recovery-Series physical systems. Click to download: Site Preparation Guide for Recovery-Series Appliances. (If you are deploying UEB Installable Software to your own hardware, refer to your manufacturer's site preparation requirements.) Physical System Preparation The following items are required to perform the initial configuration of a Unitrends Recovery-Series system: • Unitrends system – set up in accordance with the Site Preparation Guide for Recovery-Series Appliances. • Peripherals – the system must be connected to a direct attached mouse, keyboard, and monitor or have access to the peripheral devices via a KVM (Keyboard, video, mouse) switch. • Ethernet Connection – 1GbE Ethernet cable connected to the switching network backbone. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 57 Unitrends systems are configured with the following default settings. Item Description Default operating system credentials Default user: root Default password: unitrends1 Default Administrator Interface (AI) credentials Default user: root Default password: unitrends1 Network configuration The first Ethernet port (eth0) is configured with an IP address of 10.10.10.1 and a subnet mask of 255.255.255.0 IPMI configuration On some systems, the first Ethernet port (eth0) is also configured for IPMI with DHCP. IPMI can be used for advanced troubleshooting. The default IPMI credentials are: user: ADMIN password: ADMIN. It is strongly recommended that you change this password for security reasons. See KB 2971 for details. Prerequisites for virtual systems Unitrends virtual appliances, known as Unitrends Enterprise Backup (UEB) systems, are available for Microsoft Hyper-V and VMware environments. For prerequisites and deployment instructions, see the following deployment guides: • • UEB Deployment Guide for VMware UEB Deployment Guide for Hyper-V Initial configuration of Unitrends systems The first time you power on the Unitrends system, you can configure the network settings. Note: For UEB systems, see these guides for configuration procedures: UEB Deployment Guide for VMware, UEB Deployment Guide for Hyper-V, or UEB Deployment Guide for Installable Software. To configure the system 1 When you access the system, the Unitrends Enterprise Backup Console Interface displays. This may take a few minutes. 2 Type 1 in the Please enter choice field to access the Initial System Setup menu. 3 To configure the system on your network, type 1 in the Please enter choice field. 4 Enter a number in the Select a network adapter field. For example, type 0 to select eth0. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 58 5 6 Type Y in the Edit network configuration field. Modify these settings: • • Type an IP address for the Unitrends system, and press Enter. • Type a gateway address and press Enter, or just press Enter to leave this setting blank. • Review the settings, then type Y to save or N to exit without saving. Type a netmask address and press Enter, or just press Enter to accept the default setting. To configure DNS settings, type 2 in the Please enter choice field, then Y to edit. DNS allows you to resolve IP addresses and qualified domain names. Note: • • • • To add clients by name, you must configure DNS. If not using DNS, you must supply a static IP for each registered client. DNS-only registration is supported only for Windows, Linux, and Mac clients. Type the primary domain name server IP address, and press Enter. If desired, enter a secondary DNS IP, or press Enter to leave this setting blank. If desired, enter a DNS Search domain. Review DNS settings and type Y to save or N to exit without saving. 7 To exit the Initial System Setup menu, type 5 in the Please enter choice field. 8 To change the direct console password, type 2 in the Please enter choice field. This is the root operating system password used to access the console. • • Type the password at the New UNIX Password prompt and press Enter. Type the password at the Retype New UNIX Password prompt and press Enter. You have finished the initial configuration. 9 Once the Unitrends system is configured on the network, it can be set up, managed, and monitored from any workstation or server on the network. To log into the system, direct a web browser to: https:/// For example: https://192.168.238.2/ Note: If a security certificate is presented, you must accept the certificate to continue. 10 The Setup Wizard launches to provide step-by-step guidance through the remaining configuration settings. Proceed to System Setup to complete the configuration. Note: If you are not logged in automatically, click the lock icon, enter the username root and password unitrends1, then click Login. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 59 System setup Use the Setup Wizard to configure the system in minutes. While the Setup Wizard can be used even after the initial configuration, it is designed to significantly decrease installation time. Additional configuration changes can be made by clicking on the individual activity icons under the Settings menu. See the "Advanced Configuration Options" chapter for details. The Setup Wizard procedures in this guide are for Recovery-Series physical appliances. Steps vary slightly for other Unitrends systems. See the following topics to set up your Recovery-Series appliance: • • "Setup Wizard overview" on page 59 "Complete the configuration" on page 60 Setup Wizard overview When you log in to the system for the first time, the Setup Wizard launches. The Setup Wizard enables easy configuration of the Unitrends system by providing step-by-step guidance to configure these subsystems: Step Description Date and time Set the system to the date and local time zone. The system is pre-configured for the time zone: Eastern Time (US & Canada) (UTC-05:00). You can also enable Internet time. Hostname Configure the hostname of the system. Notifications The system supports push and pull notifications. Configure push notifications (email via SMTP) in this step. You also have the option to receive a PDF version of many of the reports in the email. Root password Set the password for the administrative account of the Unitrends system. The system ships with default credentials. It is highly recommended that you change this password. Users Unitrends systems can be managed and monitored using different credential levels. This step provides the means to create users with different privilege levels to monitor and/or manage the system. Installation type Configure the system as a backup system, replication system, or a backup and replication system. Note: Install Agents Replication is supported on systems running release 7.0 and higher. Older releases use the legacy vaulting feature. In these systems the installation type is backup system, vault, or backup system and vault. For some client types, you must install a light-weight agent before registering the client to the Unitrends system. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 60 Step Description Clients Register all protected assets to the system. Unitrends uses a common D2D backup and recovery engine to provide protection for over 100 different versions of operating systems, applications, and hypervisors. All protected environments are registered to the Unitrends system as clients. Retention Configure the system to balance retention and backup performance. Complete the configuration Perform this procedure from any workstation or server on the network. To configure settings using the Setup Wizard 1 Connect to the Unitrends system by directing any browser to https:///recoveryconsole 2 You are automatically logged in to the Administrator Interface. Note: If you are not logged in automatically, click the lock icon, enter username root and password unitrends1, then click Login. 3 If necessary, launch the wizard by selecting Settings > System, Updates, and Licensing > Setup Wizard. 4 Use the Setup Wizard to guide you through configuration of each subsystem, step by step. Once you have entered settings as desired on a screen, click Next to save and continue. For details on configuring each subsystem, see "Subsystem configuration settings" on page 60. Subsystem configuration settings The following Setup Wizard steps or subsystems are described in this section: • • • • • • • • • • • Welcome screen, see "About the welcome screen" on page 61 Date and time, see "About date and time configuration" on page 61 Hostname, see "About hostname settings" on page 62 Notifications, see "About configuring notifications" on page 62 Root password, see "About root password configuration" on page 65 Users, see "About user configuration" on page 66 Installation type, see "About the installation type" on page 67 Installing agents, see "About installing agents" on page 68 Clients, see "About adding clients" on page 69 Retention, see "About global retention and deduplication" on page 80 Setup complete, see "Setup complete" on page 81 Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 61 About the welcome screen The welcome screen displays upon launching the Setup Wizard for the first time. The Setup Wizard launches the first time you log in to the system, or by selecting Settings > System, Updates, and Licensing > Setup Wizard. Accept the license agreement and click Next to continue. About date and time configuration The date and time interface allows the date and the time to be set on the system. To function properly, the system must be configured for the time zone in which it is deployed. You also have the option to enable Internet time. See the following procedures: • • "To set the date and time" on page 61 "To synchronize the system to an external date and time source" on page 61 Note: The time that displays in the system is based on the time configuration that you set. This is in a 12-hour and AM/PM format. To set the date and time 1 Access the Set the date and time of the system step in the Setup Wizard, or select Settings > System, Updates, and Licensing > Date/Time. 2 Set a date by clicking the calendar icon next to the Set Date field. 3 Set the time by modifying the hours: minutes AM/PM settings in the Set Time field. 4 Select the time zone in the Set Time Zone field and click Set Time Zone to save. The system is configured for America/New York time zone (UTC – 05:00) by default. 5 Click Next to save the settings and continue with the Setup Wizard, or click Close to exit without saving. To synchronize the system to an external date and time source 1 Access the date and time step in the Setup Wizard, or select Settings > System, Updates, and Licensing > Date/Time. 2 Check the Enable/Disable Internet Time box. Note: 3 Once you enable Internet time, you cannot explicitly set the date, time, and time zone. Set options as desired by clicking the Show Internet Time Options box. Internet time options include: Option Description NTP (Network Time Protocol) servers These are the servers, in order, that are periodically queried for the Internetbased time. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 62 4 Option Description Synchronize system clock before starting service Use this option to sync the system clock to the NTP time server before starting the NTP service. Do not use this option if the time server cannot be reached regularly. Waiting for synchronization to occur may block use of the system until a timeout has passed. Use local time source Use this option if there exists, for example, a radio controlled clock device that synchronizes the system clock with an authoritative time source. Click Next to save the settings and continue with the Setup Wizard, or click Confirm to save settings in the Date/Time subsystem. About hostname settings The hostname of the system can be changed to adhere to any naming conventions in your environment. Recovery-Series systems are shipped with the default hostname Recovery-. To change the hostname 1 Access the Select the hostname step in the Setup Wizard, or select Settings > Clients, Networking, and Notifications > Networks > Hostname. 2 Enter the new hostname in the System Hostname field. 3 Enter the new long name for the system in the Fully-Qualified System Hostname field. This enables name resolution lookups with the long name as well as the short name. 4 If the system is already configured and schedules have been setup to protect the clients in your environment, check the Keep existing hostname aliases box. By checking this box, both the current and previous hostnames are resolved on the network. 5 Click Next to save the settings and continue with the Setup Wizard, or click Close to exit without saving. About configuring notifications Unitrends systems use a push mechanism to send notifications. This enables you to receive notifications without having to log in to the system. Your appliance automatically notifies you of important system information by: • • Displaying alerts on the Status page of the Administrator Interface. • Sending email notifications. To receive email notification, you must configure the appliance to use your SMTP server and define email recipients. Sending SNMP traps to notifiactions.unitrends.com, which are monitored and addressed by Unitrends Support. Your system comes configured to send traps to Unitrends, but you can also configure traps to your own network management server. For details, see "About SNMP trap notifications" on page 125. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 63 To configure SMTP notifications, see "Email setup" on page 63 and "Email report recipients" on page 63. For more on SMTP notifications, see "Reports, Alerts, and Monitoring" on page 357. Email setup You must configure a fully qualified domain name for the system before configuring email. Select Settings > Clients, Networking, and Notifications > Networks > Hostname to configure the fully qualified domain name (for example, system.unitrends.com). To configure email notifications from the Unitrends system 1 Access the Set the email SMTP information step in the Setup Wizard OR Select Settings > Clients, Networking, and Notifications > SMTP Server. 2 Enter the fully qualified SMTP server name or IP address in the SMTP Server field. If a DNS record has not been configured for the system, use the IP address of the SMTP server. 3 If you have an externally-hosted SMTP server that requires authentication, configure authenticated mail relay by checking the SMTP Server Authentication Required box and entering username and password credentials. Note: When using a non-local mail server or an internal SMTP relay configurations, we recommend using an authenticated mail user to prevent filtering issues (for example, cases where alerts are not sent to specific recipients due to filtering rules applied to unauthenticated connections or defined in the mail domain policy). Use a mail user service account that is exempt from routine password change to prevent email from being blocked or delayed. 4 Enter a valid email address in the Test E-Mail Address field. 5 Click Next to save the settings and continue with the Setup Wizard. A test email is sent, confirming that the SMTP settings have been administered correctly. Firewall and spam filters can delay or prevent delivery. See your company network administrator regarding these issues. Email report recipients After ensuring that the mail server settings are working properly, set up email recipients to receive reports and notices generated by the system, along with the option to receive PDF versions of the reports as email attachments. Notes: • Notifications are sent through email when urgent attention is required. Notifications are sent to the email addresses configured in the System Report Mailing List. • If you use replication, a Replication report is also available but must be configured through Replication. See "Tune replication attributes on the source system" on page 288. Note that you can use vaulting or replication, but not both. The Vaulting report is included in the System Report Mailing List. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 64 To configure email recipients 1 Access the Configure the report email addresses step in the Setup Wizard, OR Select Settings > Clients, Networking, and Notifications > Email Recipients. 2 Enter the email addresses in each recipient field as desired. To enter multiple recipients, separate the email addresses using a space. Mailing List System Report Mailing List Description Enter email addresses to receive alerts and notifications from the system. Note: Notifications are sent to the email addresses configured in the System Report Mailing List. Examples include: Schedule Summary Report Mailing List • Daily system status. This includes the System Status report (for one system) and the Management Status report (for a roll-up status of multiple systems). Note that your selection in the Navigation pane, when you configure the email recipients, determines which report you receive. Both of these reports are available in PDF format. • Vaulting, if used. This includes the Securesync report. (Note that you can use vaulting or replication, but not both.) • Windows Instant Recovery, if used. This includes the Recovery Verification report (for source or replicated target), Virtual Client Haled report, and WIR Failure report. • Archive report. This is sent for every job upon completion (success or failure) if you check the E-Mail Report box under Archive Options when you perform or schedule an archive. This is sent as a notification. • • Change in Client Volumes. This is sent as a notification. Alerts, including capacity, licensing, and legal. Enter the email addresses to receive the Schedule report. This lists information about the last 24 hours of schedule events. The schedule must also be configured to send this report by checking the E-Mail Schedule Report box in the Advanced Execution Options area when creating a schedule. (See "Enterprise backup procedures" on page 193.) Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 65 Mailing List Failure Report Mailing List Description Enter the email addresses to receive the Schedule Failure report. This is sent when there is a failed schedule event during the previous hour. The schedule must be configured to send this report by checking the E-Mail Failure Report checkbox in the Advanced Execution Options area when creating a schedule. (See "Enterprise backup procedures" on page 193.) This report does not include non-scheduled events like on-demand backup, restore, etc. 3 Select an Email Report Format. Choose Simple or Enhanced layout and style HTML output. For legacy-style reports, select Simple. 4 Check the Include PDF Report box to receive certain reports in PDF format as an email attachment. (This includes the System Status report, the Management Status report, the Schedule report, and the Schedule Failure report.) Note: 5 The body of the email still contains the report, but there is also an PDF attachment. Some PDF versions of reports retain the Email Report Format you selected (simple or enhanced), but others are only available in enhanced format. Click Next to save the settings and continue with the Setup Wizard, or click Close to save settings in exit without saving. About root password configuration The system automatically creates a superuser named root. The root password interface provides the ability to maintain system security by changing the default password for the root user of the Unitrends system. The default password is “unitrends1”. It is highly recommended that you change this password from the default. Leaving the root account’s password at the default will cause the Unitrends interface to automatically log in when accessing the system. If you do not change the password, any user with a browser can access the Unitrends system. Note: This procedure changes the root password used to access Unitrends Administrator Interface. It does not change the root password of the operating system itself. To set or modify the root password 1 Access the Set or modify root password step in the Setup Wizard, or select Settings > Customers, Locations, and Users > Users > Root and check Change Password. 2 Enter the new root password into the New Root Password and Confirm New Root Password fields. Passwords may contain upper and lower case letters, numbers, or special characters with the exception of a space and the equal sign (“=”). 3 Click Next to save the settings and continue with the Setup Wizard, or click Close to exit without saving. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 66 About user configuration Unitrends systems are managed and monitored from the Administrator Interface (AI). Based on the credentials provided, user’s privileges can be controlled to allow monitor or management capabilities for one or more systems. By default, a superuser named root is created on the system. You should change the password of the root user (the system superuser) to tighten security. User accounts can only be used to access the system for which they were created. Users are not shared across Unitrends systems. To log in to another system, the user must be created directly on that system or set up for that system using Active Directory authentication. See "About Active Directory authentication" on page 99 for information. User actions are logged in the system and can be viewed in the Audit History report. For details, see "Audit History Report" on page 368. To add a user 1 In the Setup Wizard Add and Configure system users step, check the Do you want to add additional administrator users box, or select Settings > Customers, Locations, and Users > Users. 2 Click Add User. 3 Enter a username in the Username field. 4 Enter a password in the Password and Verify Password fields. Passwords may contain upper and lower case letters, numbers, and special characters with the exception of a space and an equal sign (“=”). 5 If desired, check Superuser. Note: 6 If you are using Navigation grouping, be sure the user has Manage level privileges. For details, see "Navigation grouping" on page 45. • A superuser has privileges to perform all operations provided by the Administrator Interface for any system, at any customer location defined in the Navigation pane. • Regular users are non-superusers that are added to the system to allow specific capabilities to manage one or more systems in the Navigation pane. • For superusers, no further configuration is needed. Click Next to save the settings and continue with the Setup Wizard, or click Confirm to save settings in the Users subsystem. For regular users, continue with this procedure to add privileges. One or more privileges must be added to create the overall scope and access level for the regular user. Log in is prohibited if no privileges are set for regular users. 7 Click Add Privilege and modify settings as desired. Define a privilege level for each customer, location, and system. See descriptions of each privilege in the tables below. 8 Click Confirm to save the settings and Next to continue with the Setup Wizard, or click Cancel then Close to exit without saving. Privilege levels are given here. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 67 Privilege level Description None The user cannot access the customer, location, or system. Monitor The user is only able to view the status of operations, such as backups or replication, and run reports. The user cannot start backups, restores or configure the system in any way. Manage The user can view statuses and reports, start backups, and perform other management tasks, such as adding or modifying clients and retention settings. They can also view running jobs or processes, but cannot create or modify users other than modifying their own user account password. Administer In addition to monitoring and managing systems, the user can add, edit, or delete customers or customer locations, and add, edit, or delete users. Because administrators can create customers and locations, they can also assign systems to different customers and locations in the navigational tree (using Settings > System, Updates, and Licensing > Grid Management). In addition, regular user’s privileges may be defined at various levels of breadth or scope. Privilege scope Description Customer The most general privilege scope. The privilege level applies to all systems that are associated with all of this customer’s locations. By default, systems are assigned to the Default Location for the Default Customer. Location The privilege applies to all systems that are associated with this location for a selected customer. By default, systems are associated with the Default Location for the Default Customer. System The most finely-grained privilege scope. The privilege level applies to a particular system at a defined location for a defined customer. About the installation type The installation type, also known as system personality or system identity, determines which functions the system can perform. Configure this setting in the Setup Wizard Select the installation type step. On systems that only support the backup system installation, this Setup Wizard step does not display. For a description of installation types supported by each system, see "Installation types and replication" on page 282. Select one of the following installations. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 68 Installation type Description Local backup system The system will be used as an on-premise system to protect physical and virtual environments, structured and unstructured data on the local area network. Replication target The system will be used as an off-premise system. One or more on-premise systems can replicate data to the off-premise system for disaster recovery. Note: Local backup system and replication target A system must have a minimum of 128 GB of storage to be used as a replication target. The system will be used as both a backup and disaster recovery system. It can be used to protect data on the local area network as well as receive replicated data from one or more off-premise systems for disaster recovery. About installing agents For most operating systems, an agent must be installed on the client whose data you want to protect. For most Windows and Hyper-V clients, core and bare metal agents are automatically installed when you add the client to the backup system. For VMware, iSeries, and NDMP, no agent is required. For other operating systems, you must install the core agent before adding the client to the backup system. For additional information about the client you are adding, see the chapter for the applicable OS. For example, "Windows Protection" on page 425, "VMware Protection" on page 629, and "Linux Protection" on page 707. Note: The automatic installation feature for Windows and Hyper-V clients is supported on Unitrends system release 7.0 and higher (8.2 and higher for Windows Server 2012 R2 and Windows 8.1). This feature is not supported for Windows NT or 2000. For detailed requirements, see "Agent push install requirements" on page 426. Install the Unitrends agent on these client operating systems prior to adding the client to the backup system: • • • Linux, see "Linux Protection" on page 707. • • • • OES, see "Novell OES Linux Protection" on page 729. Mac OS, see "Mac OS X Protection " on page 719. Unix, see "AIX Protection" on page 697, "HP-UX Protection" on page 699, or "UnixWare Protection" on page 741. NetWare, see "Novell NetWare Protection" on page 721. Solaris, see "Solaris Protection" on page 739. Windows 2000 and Windows NT, see "Manually installing the Windows agents" on page 428. The agents for these types of computers can be downloaded from: http://www.unitrends.com/support/latest-agent-releases. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 69 After installing any required, agents, perform these steps to continue with the Setup Wizard: 1 Access the Setup Wizard Physically install agents step, or select Settings> Clients, Networking, and Notifications> Clients. 2 In the Setup Wizard install agents step, select one of the following: (Skip this step if using the Clients subsystem.) • I do not have any of the types of computers in the list above, and click Next. (You can select this option to continue with the Setup Wizard without installing agents and adding the computer types listed above.) • I have physically installed the agent on each of the computers with operating systems in the list above, and click Next. • I have not physically installed the agent on each of the computers with operating systems in the list above. Install agents as required before proceeding, then click Next to continue. About adding clients Use this procedure to add clients to the Unitrends appliance. You must add the client to the Unitrends appliance before its data can be protected. Notes: • For replicating systems, run this procedure from the replication target to add clients that can be used as restore targets for replicated backups. • For NDMP clients, the Unitrends appliance must be licensed for NDMP before you can add NDMP clients. To add a client to the Unitrends appliance 1 Access the Setup Wizard Add all clients to protect step, or select Settings> Clients, Networking, and Notifications> Clients. Note: The add computers Setup Wizard step only applies to the backup system installation type. If your system is configured as both a backup system and replication target, add clients using the Clients subsystem. 2 Click Add Client. 3 Select a Computer Type. Configuration options displayed vary based on this selection. Complete the fields appropriately for the selected computer type: • • • • • • "Adding a Windows client" on page 70 "Adding a Hyper-V client" on page 72 "Adding a VMware client" on page 74 "Adding a Cisco UCS Manager client" on page 75 "Adding a NAS NDMP client" on page 76 "Adding all other clients" on page 78 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 70 4 Click Setup to add the client. • For Windows and Hyper-V clients, lightweight core and bare metal agents are installed on the client upon clicking Setup. • Once the client is added, it displays on the Settings> Clients, Networking, and Notifications> Clients page. • If you see a failure message, the client could not be added. Verify DNS settings, and that ports 1743 and 1745 are open. If you see the following error message, "If repeatedly experiencing errors, please download and install the latest agent release on your Windows server from the Unitrends website. After installation, uncheck 'Establish Trust' when setting up your client." the agent could not be installed due to authentication issues. Install the agent manually (see the "Windows Protection" chapter), then add the client without checking the Establish Trust box. 5 Repeat this procedure to add all clients. 6 Click Next to proceed to the next Setup Wizard step. For more on working with clients, see "About working with clients" on page 88. Adding a Windows client The table below describes the fields you must complete to add a Windows client: Field Description Computer Type Required. Select Windows. Computer Name Required. 15-character limit. The name must be resolvable using DNS or the host table of the Unitrends appliance. IP Address You can use DNS or IP to register the client. If not using DNS, an IP address is required. Authentication • If using DNS, leave this field blank. Make sure both the client and the system have DNS entries and that reverse lookup is configured. • If using DHCP for client IP address assignment, this field must be left blank. DNS must be configured. For details, see "DNS settings" on page 85. Do one of the following: • If you will be push-installing the agent, authentication is required. Use the Establish trust option described below to enter credentials. • If you have manually installed the agent, credentials are not supported. Uncheck the Establish trust box before adding the client. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 71 Field Establish trust Use default credentials Description Checking this box establishes trust between the client and the Unitrends appliance using new or existing credentials. Leave this box unchecked if you have installed the Windows agent manually. • Click Create New Credential or, if available, Use Existing Credential. If using new credentials or editing existing credentials, enter an Administrative Username and Password. The credentials must have local system administrator privileges. • You must enter a domain if the computer has been setup in a Windows domain. This box can only be checked if default credentials have been configured. To use default credentials check the Establish trust box and the Use default credentials box. The default credentials must have local system administrator privileges. Options Enable this computer to be protected... Checked by default. This box must be checked in order to protect the client. (If you uncheck this box, the client will not be available for backup or restore.) Automatically Optional. Checking this box creates a file-level backup schedule for the client create a backup and executes it immediately. If desired, uncheck this box and create your schedule for own backup schedules at any time. this computer... All backups performed on this computer are to be replicated... Optional. Check this box to replicate this client’s file-level backups to an offsite Unitrends appliance for disaster recovery purposes. Applicable only if you have a replication system or Unitrends Cloud service. All backups performed on this computer are to be encrypted. Optional. Check this box to encrypt all the data protected for this client using an AES-256 bit algorithm. Applicable only if the system is licensed and configured for encryption. See "About encryption" on page 128 for details. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Note: This option is not available for applications such as SQL, Exchange, and Oracle. Application databases must be configured for replication individually. For details, see "Configuring backups for replication" on page 300. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 72 Field Description Advanced options Optional. Check this box to configure the client’s priority: Select a priority of high, medium, or low for the client. Backups for high priority clients are run before those of medium and low priority. Note: The Use SSL... box is not used. If you see the following error message, "If repeatedly experiencing errors, please download and install the latest agent release on your Windows server from the Unitrends website. After installation, uncheck 'Establish Trust' when setting up your client." the agent could not be installed due to authentication issues. Install the agent manually (see the "Windows Protection" chapter), then add the client without checking the Establish Trust box. Adding a Hyper-V client The following fields must be completed as described below to add a Hyper-V client. It is recommended that you read "Working with Hyper-V servers" on page 596 before registering your Hyper-V servers. Review the "Special considerations for adding Hyper-V clusters" on page 597 before registering a cluster. Notes: • If protecting a VM at the guest OS level, add it with that computer type's requirements rather than those listed below for Hyper-V. • For replicating systems, you can add Hyper-V servers to the replication target to use as restore targets for replicated backups. (Add servers as described in "About adding clients" on page 69 ). Field Description Computer Type Required. Select Hyper-V. Computer Name Required. The name must be resolvable using the host table of the Unitrends appliance. Note: IP Address You must register all nodes in a cluster before registering the cluster. When adding a cluster node to a Unitrends appliance, you must enter the exact name of the node. Required. Enter a static IP address. Authentication Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 73 Field Description Establish trust Do one of the following: Use default credentials • If you are registering a server for which automatic installation of the agent is supported, check this box and enter an Administrative Username and Password for authentication. The credentials must have local system administrator privileges. • If you are registering a cluster or server for which automatic installation of the agent is not supported, uncheck this box. This box can only be checked if default credentials have been configured. To use default credentials check the Establish trust box and the Use default credentials box. The default credentials must have local system administrator privileges. Options Enable this computer to be protected... Checked by default. This box must be checked in order to protect the client. (If you uncheck this box, the client will not be available for backup or restore.) Automatically create a backup schedule for this computer... • For individual servers or cluster nodes: Optional. Checking this box creates a file-level backup schedule and executes it immediately. • For clusters: Uncheck this box when registering a cluster. Because the cluster is a virtual manager, it does not have a file system that can be protected with file-level backups. Note: All backups performed on this computer are to be replicated... 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com The schedule created when you check this box protects only the file system of the server hosting the Hyper-V application. It does not protect the virtual machines. You can schedule backups for the VMs after registering the server. Optional. Check this box to replicate this server’s file-level backups to an offsite Unitrends appliance for disaster recovery purposes. Applicable only if you have a replication system or Unitrends Cloud service. Note: To replicate Hyper-V backups of the VMs hosted on the server, you must configure the VMs for replication after registering the server. For instructions, see "Configuring backups for replication" on page 300. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 74 Field Description All backups performed on this computer are to be encrypted. Optional. Check this box to encrypt all the data protected for this client using an AES-256 bit algorithm. Applicable only if the system is licensed and configured for encryption. See "About encryption" on page 128 for details. Advanced options Optional. Check this box to configure the client’s priority: Select a priority of high, medium, or low for the client. Backups for high priority clients are run before those of medium and low priority. Note: The Use SSL... box is not used. Adding a VMware client The following fields must be completed as described below to add a VMware client. Note: If protecting a VM using agent-based backups, add the VM with that computer type’s requirements rather than those listed below for VMware. Field Description Computer Type Required. Select VMware. ESX or VCenter Server Required. The name must be resolvable using the host table of the Unitrends appliance. IP Address Required. Enter the server’s IP address. Authentication Required. Establish trust Use default credentials Checking this box establishes trust between the client and the Unitrends appliance using new or existing credentials. • Click Create New Credential or, if applicable, Use Existing Credential. If using new credentials or editing existing credentials, enter an Administrative Username and Password. The credentials provided must have local system administrator privileges. • If desired, enter a Domain. This is optional. This box can only be checked if default credentials have been configured. To use default credentials check the Establish trust box and the Use default credentials box. The default credentials must have local system administrator privileges. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 75 Adding a Cisco UCS Manager client The following fields must be completed as described below to add a Cisco UCS Manager client. The Cisco UCS Manager client must be added before its service profiles, templates, pools, and policies can be protected. To protect a server hosted on the UCS, add the server to the Unitrends appliance as you would any stand-alone server of that operating system or hypervisor. See "Protecting UCS blade and rack-mount servers" on page 679. Note: For replication targets. For replicating systems, run this procedure from the replication target to add a Cisco UCS manager that can be used as a restore target for replicated UCS profile backups. Field Description Computer Name Required. Select Cisco UCS Manager. The name must be resolvable using DNS or the host table of the Unitrends appliance. Note: IP Address You can use DNS or IP to register the client. If not using DNS, an IP address is required. If DNS is set up in your environment, you can leave this field empty. Note: Authentication If using a cluster configuration, make sure to add the client by cluster name. Do not use the name of either fabric interconnect. If using a cluster configuration, make sure to add the client by cluster IP. Do not use the IP of either fabric interconnect. Required. The credentials provided must support native backup and restore of UCS service profiles. To ensure sufficient privilege, the user must have Cisco UCS administrator privileges. Establish trust Use default credentials 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Checking this box establishes trust between the client and the Unitrends appliance using new or existing credentials. • Click Create New Credential or, if available, Use Existing Credential. If using new credentials or editing existing credentials, enter an Administrative Username and Password. • Do not specify a Domain. This box can only be checked if default credentials have been configured. To use default credentials check the Establish trust box and the Use default credentials box. The default credentials must have local system administrator privileges. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 76 Field Description Options Enable this computer to be protected... Checked by default. This box must be checked in order to protect the client. (If you uncheck this box, the client will not be available for backup or restore.) Automatically create a backup schedule for this computer... This option is not available because file-level backups are not supported for Cisco UCS Manager clients. All backups performed on this computer are to be replicated... This option is not available because file-level backups are not supported for Cisco UCS Manager clients. To replicate UCS service profile backups, see "To replicate application backups" on page 300. All backups performed on this computer are to be encrypted. Optional. Check this box to encrypt all the data protected for this client using an AES-256 bit algorithm. Applicable only if the system is licensed and configured for encryption. See "About encryption" on page 128 for details. Advanced options... Optional. Check this box to configure the client’s priority: Select a priority of high, medium, or low for the client. Backups for high priority clients are run before those of medium and low priority. Note: The Use SSL... box is not used. Adding a NAS NDMP client The following fields must be completed as described below to add an NDMP client. Note: The Unitrends appliance must be licensed for NDMP and running software version 8.0 or higher and before you can add NDMP clients. Field Description Computer Type Required. Select NAS NDMP Client. Computer Name Required. The name must be resolvable using the host table of the Unitrends appliance. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 77 Field Description IP Address Required. Enter the remote IP address for the NDMP device. Authentication Required. New, existing, or default credentials must be used to establish trust between the Unitrends appliance and the NDMP device. Establish trust Checked and grayed out by default. This establishes trust between the client and the Unitrends appliance using new or existing credentials. Click Create New Credential or, if available, Use Existing Credential. If using new credentials or editing existing credentials, enter an Administrative Username and Password. The credentials must have local system administrator privileges. Use default credentials This box can only be checked if default credentials have been configured. To use default credentials check the Use default credentials box. The default credentials must have local system administrator privileges. NDMP Client Options Protocol Required. Select ndmp. Vendor The vendor is automatically detected at the time the client is added. • • Port There are currently two supported vendors: NetApp and EMC. If any other NDMP devices are added as clients, this field populates with “Generic.” Behavior of generic NDMP clients is unpredictable. The NDMP client side control port defaults to 10000. Options Enable this computer to be protected... Checked by default. This box must be checked in order to protect the client. (If you uncheck this box, the client will not be available for backup or restore.) Automatically This option is not available because file-level backups are not supported for create a backup NAS NDMP clients. To schedule NDMP backups, see "About NDMP schedule for backups" on page 574. this computer... 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 78 Field Description All backups performed on this computer are to be replicated... This option is not available because file-level backups are not supported for NAS NDMP clients. To replicate NDMP backups, see "To replicate application backups" on page 300. All backups performed on this computer are to be encrypted. Optional. Check this box to encrypt all the data protected for this client using an AES-256 bit algorithm. Applicable only if the system is licensed and configured for encryption. See "About encryption" on page 128 for details. Advanced options... Optional. Check this box to configure the client’s priority: Select a priority of high, medium, or low for the client. Backups for high priority clients are run before those of medium and low priority. Note: The Use SSL... box is not used. Adding all other clients The following fields must be completed as described below to add clients with all operating systems not listed in the Computer Type field of the Backup> Add Client screen. See the appropriate chapters for more information about protecting these operating systems. Note: This does not apply to CIFS/NFS clients. CIFS/NFS clients must be added as NAS storage. See "Adding CIFS/NFS clients" on page 579 for details. Field Description Computer Type Required. Select All Other OS. Computer Name Required. The name must be resolvable using the host table of the Unitrends appliance. Linux clients have a 31-character limit. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 79 Field Description IP Address For Linux and Mac, you have the option of using DNS or IP to register clients. If not using DNS, an IP address is required. • If using DNS, leave this field blank. Make sure both the client and the system have DNS entries and that reverse lookup is configured. • If using DHCP for client IP address assignment, this field must be left blank. DNS must be configured. For details, see "DNS settings" on page 85. For all other clients, you must enter a static IP address. Authentication Establish trust Uncheck this box, and do not provide credentials. Use default credentials Do not check this box. Options Enable this computer to be protected... Checked by default. This box must be checked in order to protect the client. (If you uncheck this box, the client will not be available for backup or restore.) Automatically create a backup schedule for this computer... Optional. Checking this box creates a file-level backup schedule for the client and executes it immediately. If desired, uncheck this box and create your own backup schedules at any time. All backups performed on this computer are to be replicated... Optional. Check this box to replicate this client’s file-level backups to an off-site Unitrends appliance for disaster recovery purposes. Applicable only if you have a replication system or Unitrends Cloud service. Note: All backups performed on this computer are to be encrypted. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com This option is not available for applications such as Oracle. Application databases must be configured for replication individually. For details, see "Configuring backups for replication" on page 300. Optional. Check this box to encrypt all the data protected for this client using an AES-256 bit algorithm. Applicable only if the system is licensed and configured for encryption. See "About encryption" on page 128 for details. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 80 Field Advanced options... Description Optional. Check this box to configure the client’s priority: Select a priority of high, medium, or low for the client. Backups for high priority clients are run before those of medium and low priority. Note: The Use SSL... box is not used. About global retention and deduplication Unitrends systems are designed to use all available storage for protecting data (see "Storage allocation and distribution" on page 117). As scheduled or immediate backups are performed, or as backups are replicated to a target system, the oldest backups are deleted to ingest new backups. See "About retention control" on page 121 for details. To increase retention, Unitrends systems utilize adaptive deduplication to remove duplicate data blocks from backups. With deduplication, backup sizes decrease as duplicate blocks are removed, thereby increasing the number of backups that can be stored on the system, also referred to as onsystem retention. Native deduplication is enabled by default. An outside deduplication device can be used for Unitrends Enterprise Backup, but physical systems must use native deduplication. If you use an outside deduplication device, you can disable native deduplication for backups stored on this device when you add it to the system. For details, see "Configuring storage" on page 110. Use the following procedures to balance system performance versus retention to suit your environment. • • "To configure global retention settings" on page 80 "Balancing backup performance and retention" on page 80 To configure global retention settings 1 Access the Setup Wizard Setup system retention and backup window characteristics step, or select Settings > Storage and Retention > Retention. 2 Select the desired Balance Retention and Backup Performance option. See the next section for a description of each option. 3 Click Next to save the settings and continue with the Setup Wizard, or click Close to exit without saving. Balancing backup performance and retention You can tune system storage to fit the backup window and retention objectives of your environment by selecting from the following options. Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 81 Performance/retention options Description Balance retention and backup performance (recommended setting) This is the recommended setting for managing the ingest rate and retention on the system. With this setting, a predictive mechanism is used to dynamically alter the size of the landing zone based on the backup strategies selected. Minimize backup window Use this setting where backup window requirements are critical. With this setting, a landing zone (reserve area) is created which is large enough to hold the data set that is being protected. This guarantees the fastest ingest rate. However, to meet the landing zone requirements, older backups are more aggressively deleted. Maximize retention Use this setting where retention is critical. The data protection ingest rate is slower. The landing zone is kept to a minimum to ensure maximum retention. Setup complete Once you have worked your way through the Setup Wizard and reach the Done step, the system is configured and ready to protect your environment. Click Finish to exit the wizard. After exiting the Setup Wizard, perform the following steps: 1 Check for any available updates and install as necessary. See "About system updates" on page 92 for details. 2 Start protecting clients. See the "Backups Overview" chapter to get started. See the "Advanced Configuration Options" chapter for additional setup options. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 82 Legacy Recovery-Series and UEB Administrator's Guide Chapter 3: Getting Started 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 83 Chapter 4: Advanced Configuration Options This chapter describes advanced configuration procedures. See the following topics for details: • • • • • "About licensing the system" on page 83 • • • • • • • • • • • "Shutting down the Unitrends system" on page 93 "About network configuration" on page 84 "About configuring root passwords " on page 87 "About working with clients" on page 88 "About system updates" on page 92 "About remote system management" on page 95 "About credential management" on page 97 "About Active Directory authentication" on page 99 "About storage configuration" on page 103 "About device configuration" on page 119 "About retention control" on page 121 "About system notifications" on page 124 "About encryption" on page 128 "About security levels" on page 131 "About the Windows NTFS change journal" on page 135 About licensing the system The licensing component provides an interface for viewing and managing the system's license. Licensing procedures for physical systems differ from those for virtual (UEB) systems. Physical systems are shipped fully licensed. If you need to update a license, apply the license you receive from Unitrends as described in "To add or update a license" on page 83. Virtual systems are deployed without a license. After deploying the system to a virtual machine, you must register and license the system. Register the system as described in the applicable deployment guide (UEB Deployment Guide for Installable Software, UEB Deployment Guide for VMware, or UEB Deployment Guide for Hyper-V). Then apply the license you receive from Unitrends as described in "To add or update a license" on page 83. To add or update a license Note: 1 Applying a license stops all running jobs. Select Settings > System, Updates, and Licensing > License > Enter. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 84 2 Enter the License Key, Expiration Date, and Feature String exactly as they appear in the License Key email you received from Unitrends. 3 Click Confirm to apply the license. About network configuration Use the Networks subsystem to enable the Unitrends system to communicate with other computers on the network. Configure the following: • • • • "Ethernet settings" on page 84 "DNS settings" on page 85 Hostname setting, see "About hostname settings" on page 62 "Hosts settings" on page 86 Ethernet settings The Unitrends system ships with a default IP address of 10.10.10.1 and a subnet mask of 255.255.255.0. It is necessary to change these Ethernet settings to communicate with the Unitrends system. Note: After configuring the Unitrends system with a static IP, you may see DHCP requests coming from the system’s MAC address. This is because on some systems the motherboard has IPMI that shares eth0. If desired, you can reconfigure IPMI LAN to use a static IP. See KB 1245 for details. To configure Ethernet settings 1 Select Settings > Clients, Networking, and Notifications > Networks > Ethernet. 2 Enter settings and click Confirm. Review the following table for setting descriptions. New setting are effective immediately. Ethernet setting Description IP Provide a new IP address for the Ethernet adapter (i.e., eth0 or eth1). Netmask Provide a new netmask in accordance to the Class of network configured. The default Class C subnet is 255.255.255.0. Gateway Provide a gateway to enable the system to connect to computers on other subnets. Start Card on Boot This option must be checked for the new network settings to be used when the system is rebooted. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 85 Ethernet setting Description Restore Settings if Not Stopped Within __ Minutes Since the network settings are put into effect immediately upon hitting Confirm, the Restore Settings if Not Stopped Within __ Minutesshould be checked if you would like the network settings to revert to the previous configuration if the new settings could not be applied for any reason. This option is useful if the system is configured on the network and the network settings have to be changed remotely. It prevents being locked out of the Administrator Interface if the new network settings could not be configured. Stop Restore of Previous Settings Click to stop the restoration of settings. Additional Review to confirm that the network adapter is configured for optimal performance in Information the environment. For example, if the network infrastructure has a 1GbE backbone, then ensure that the information displays as, Link: true Speed: 1000 Duplex: full DNS settings DNS settings must be configured for the Unitrends system to connect to the Internet. In addition, DNS configuration allows the seamless resolution of fully qualified domain names (FQDN) for computers to short names, and vice versa. DNS registration for Windows, Linux, and Mac clients Beginning in release 7.2, you can choose to add a Windows client to the backup system by entering a static IP address, or by relying on DNS to facilitate the connection. To use DNS, both the backup system and Windows agent must be running release 7.2 or higher. Releases 7.3 and higher support DNS for Linux and Mac clients. Both the backup system and Linux or Mac agent must be running release 7.3 or higher to use DNS. DNS-only registration is supported only for Windows, Linux, and Mac clients. Consider the following when registering clients by DNS: • If you do not enter a static IP, make sure that both the client and the backup system have DNS entries and that reverse lookup is configured. • • For clients that utilize DHCP for IP address assignment, DNS-only registration should be used. If you supply a static IP, the system attempts to connect using that address but will attempt DNS hostname lookup if the static IP connection fails. To configure DNS settings 1 Select Settings > Clients, Networking, and Notifications > Networks > DNS. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 86 2 Enter the IP of the DNS server in the DNS Server Address field and click Add. Multiple DNS servers can be added in this manner. 3 If desired, change the precedence order of the DNS servers in the Current DNS Server Address Order area by dragging a DNS server IP address. The system connects to the DNS servers for name resolution in this order, starting with the address at the top. 4 Enter the domain for your environment in the DNS Domain field and click Add. Multiple domain names can be added in this manner. This allows short names on the network to be resolved with the provided domain name. If this information is not provided, all computer name resolution is performed using the fully qualified domain name (for example, computer.domain.com). 5 If desired, change the precedence order of the domain names in the Current DNS Domain Order area by dragging a domain name. This is the order in which the system will try to resolve the short and fully- qualified domain names. 6 Click Confirm to save your settings. Hosts settings The Unitrends system’s hosts file contains the name and IP of each client it protects. When you add a client to the system, an entry is automatically created in the hosts file. If necessary, you can view and modify these hosts file entries using these procedures: • • • • "To view the Unitrends system hosts file" on page 86 "To modify a hosts file entry" on page 86 "To add a hosts file entry" on page 87 "To delete an entry from the hosts file" on page 87 To view the Unitrends system hosts file 1 Select Settings > Clients, Networking, and Notifications > Networks > Hosts. 2 The hostname, IP address, and fully qualified name are given for each hosts file entry. Note that the fully qualified name is optional. 3 Click Close to exit the Hosts page. To modify a hosts file entry 1 Select Settings > Clients, Networking, and Notifications > Networks > Hosts. 2 Select the desired host entry row. 3 In the Modify Host area, change the Host Name, IP Address, Qualified Name, or Alias List as desired. Note that you cannot change the Host Name or Qualified Name of the Unitrends system itself. 4 Click Confirm to save your changes, or click Cancel to exit without saving. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 87 To add a hosts file entry 1 Select Settings > Clients, Networking, and Notifications > Networks > Hosts. 2 Click Add Another Host. 3 In the Add Host area, enter the machine’s Host Name and IP Address. If desired, enter a Qualified Name and Aliases (these are optional). 4 Click Confirm to save your changes, or click Cancel to exit without saving. To delete an entry from the hosts file 1 Select Settings > Clients, Networking, and Notifications > Networks > Hosts. 2 Select the desired host entry row and drag it to the Delete Host icon. 3 Click Yes to confirm you wish to delete the entry, or click No to cancel. About configuring root passwords The root user is granted superuser privileges and can perform all system administration tasks. The Unitrends system is configured with two distinct root user accounts: • Operating system root account, used to access the Unitrends console directly for initial network configuration, iSeries administration, and some bare metal tasks. • Unitrends Administrator Interface root account, used to access the system from any web browser. Operating system root password configuration Op e ra tin g s y s te mro o tp a s s wo rd c o n fig u ra tio n By default, the operating system root password is unitrends1. To change the root operating system password 1 Access the root password step in the Setup Wizard, or select Settings > System, Updates, and Licensing > OS Password. 2 Enter the current password in the Current OS Root Password field. 3 Enter the new root password into the New OS Root Password and Confirm New OS Root Password fields. 4 Click Next to save the settings and continue with the Setup Wizard, or click Confirm to save settings in the OS Password subsystem. Administrator interface root password configuration Ad min is tra to rin te rfa c e ro o tp a s s wo rd c o n fig u ra tio n By default, the Administrator Interface root password is unitrends1. It is highly recommended that you change this password from the default. Auto-login feature Au to -lo g in fe a tu re Your appliance has an auto-login feature. If you do not change the root Administrator Interface password, the system automatically logs in anyone with a browser and the system’s IP address. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 88 To update the root Administrator Interface password 1 Select Settings > Customers, Locations, and Users > Users > Root and check Change Password. 2 Enter the new password in the Password and Verify Password fields. The password can contain upper and lower case letters, numbers, and special characters with the exception of a space and an equal sign (“=”). 3 Click Confirm to save. About working with clients This section describes additional client procedures. For instructions on registering a client to the backup system, see "About adding clients" on page 69. Use these procedures to manage the clients whose data you are protecting: • • • "To modify a client" on page 88 "To delete a client" on page 90 "To push agent updates to one client" on page 90 To modify a client Use this procedure to modify a client on the Unitrends appliance. Note that CIFS/NFS NAS clients cannot be modified using this procedure. Instead, see "To modify a CIFS/NFS client" on page 581. 1 Access the Setup Wizard add computers step, or select Settings > Clients, Networking, and Notifications > Clients. 2 Select the client. 3 Modify fields as desired and click Save. Field definitions Field Action Computer Type Select an operating system or environment from the list. Authentication Check the Establish trust box to associate trust credentials for the client. For information on trust credentials and using default credentials, see "Client trust credentials" on page 91 for details. Computer Name Name of the client. This name must be resolvable using DNS or the host table of the system. Note: Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options It is best not to rename a client because this can have undesirable results for replicating, vaulting, and archiving systems. For details, see "About renaming clients" on page 89. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 89 Field Action IP Address Client’s IP address. If using DNS, you may leave this field empty. If not using DNS, this is a required field. Administrative Username Available only if the Create New Credential option is selected. Credentials provided must have local system administrator privileges or domain administrator privileges. Password Available only if the Create New Credential option is selected. Domain Available only if the Create New Credential option is selected. You must enter a domain if the computer has been setup in a Windows domain. NDMP Client Option check boxes Available only if NAS NDMP Client is selected as the Computer Type. Enable this computer... Check to enable the client for data protection; uncheck to disable. Automatically create a backup schedule... Check to create a file-level backup schedule for the client and execute it immediately. All backups performed on this computer are to be replicated... Check to replicate this client’s backups to an off-premise system for disaster recovery purposes. Applicable only if you have a replication system or Unitrends Cloud service. All backups performed on this computer are to be encrypted Check to encrypt all the data protected for this client using an AES-256 bit algorithm. Applicable only if the system is licensed for encryption and encryption has been configured (see "About encryption" on page 128 for details). Advanced options Check to set this client’s backups to high, medium, or low priority and to enable or disable SSL. About renaming clients Although you can rename a client in the Unitrends system, it is best practice not to change the name of a client because this can have undesirable results for replicating, vaulting, and archiving systems. Instead, it is recommended that you add the client to the system as a new client with a new name using the procedure described in "About adding clients" on page 69. Before adding the new client, change the IP address of the existing client in the Unitrends system to avoid conflicts. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 90 When you have built up retention for the new client, you can delete the original client (and its associated backups). For details, see "To delete a client" on page 90. If it is necessary to rename a client, use the procedure "To modify a client" on page 88. You must save any backup schedules associated with this client after renaming it, or backup jobs for the client will not queue. To delete a client Use this procedure to delete a client and its backups from the Unitrends appliance. Note that CIFS/NFS NAS clients cannot be deleted using this procedure. Instead, see "To delete a CIFS/NFS client" on page 582. WARNING! When a client is deleted, all associated backups of that client are also deleted. Please use caution before deleting a client. Note: About master.ini configuration settings. Unitrends client configuration settings are saved in the master.ini file. Note that deleting the client from the Unitrends system also removes this file from the client and any customized settings you have added are lost. Be sure to save the client’s master.ini file before deleting if you think you may want to add the client to this or another Unitrends system and want to use these settings. After adding the client back to a system, replace the standard master.ini file with the one you have saved. 1 Access the Setup Wizard add computers step, or select Settings > Clients, Networking, and Notifications > Clients. 2 Select the client. 3 Click Delete this Computer. Note: • If a message displays indicating that this client is scheduled for backup, you must first remove the client from all schedules before deleting. • If you are using Windows Instant Recovery and you remove a virtual client while a virtual restore of that client is in progress, the deletion may not be instantaneous. The clean up takes time because the restore is shut down and the client is removed. To push agent updates to one client If push updates are supported for the client, install updates as described here. For push update requirements, see "Requirements for pushing agent updates" on page 435. To push updates to multiple clients, see "To push install agent updates" on page 436. 1 Select Settings > Clients, Networking, and Notifications > Clients. 2 Select the desired client. 3 Click Upgrade Agent. Note that the Upgrade Agent option does not display if no upgrade is available for this client. 4 Upon clicking Upgrade Agent, updates are pushed to the client if these conditions are met: Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 91 • • • Trust credentials are valid. • Updates are available for the client (client is not running the latest agent release). No backup or restore job is currently in progress or scheduled to run soon for the client. Push update requirements have been met (see "Requirements for pushing agent updates" on page 435). Client trust credentials Trust credentials are required for VMware and Cisco UCS protection, as well as to enable push installation of agent software and agent updates. Procedures in this section are for applying credentials at the client level. For centralized credential procedures, see "About credential management" on page 97. To delete trust credentials, see "To delete a credential" on page 99. To determine whether push installation is supported for your client, see "Agent push install requirements" on page 426 and "Requirements for pushing agent updates" on page 435. Use the following procedures to manage a client’s trust credentials: • • • "To create a new trust credential for a client" on page 91 "To apply default credentials to a client" on page 91 "To apply an existing trust credential to a client" on page 92 To create a new trust credential for a client Use this procedure to create a new credential and apply it to a client. 1 Select Settings > Clients, Networking, and Notifications > Clients. 2 Select the desired client. 3 Check the Establish trust box. 4 Click Create New Credential, and enter the following fields: 5 Field Action Administrative Username User must have local system administrator privileges or domain administrator privileges. Password Password associated with the username you supplied. Domain If the Windows client has been added to a Windows domain, you must enter a domain. Otherwise, you may leave this field blank. Click Save to create and apply the trust credential. The credential also displays in the Settings > Clients, Networking, and Notifications > Credential Management page. To apply default credentials to a client Use this procedure to apply the existing default credential to a client. If no default credential exists, you can create one as described in "To create a new trust credential for a client" on page 91, then set the credential to default as described in "To set a default credential" on page 99. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 92 1 Select Settings > Clients, Networking, and Notifications > Clients. 2 Select the desired client. 3 Check the Establish trust box. 4 Check the Use default credentials box. 5 Click Save. To apply an existing trust credential to a client Use this procedure to apply an existing non-default credential to a client. 1 Select Settings > Clients, Networking, and Notifications > Clients. 2 Select the desired client. 3 Check the Establish trust box. 4 In the Use Existing Credential list, select the desired credential. Note that if only one credential exists, you see the credential name rather than Use Existing Credential. 5 Click Save to apply the trust credential. About system updates The updates interface provides a means for updating software on the system and for pushing agent updates to certain clients. This section describes system updates. For agent updates, see "Push installing agent updates" on page 435. It is recommended that you run the latest Unitrends version on your backup system. When updates are available, you see an alert on the front Status page. Before updating the system, note the following requirements: • When using an on-premise backup system that replicates to an off-premise target, the offpremise target system must first be upgraded. • If an on-premise backup system is being remotely managed by another Unitrends system, the managing system must first be upgraded. • • To install updates, the system must be running Linux CentOS Release 5 or CentOS Release 6. • • An active support contract is required to upgrade the system. • Do not upgrade a client’s agent software to a version newer than that of its backup system. Update the backup system prior to installing newer agents. The backup system version must be equal to, or newer than, that of its clients. • To update a physical appliance that cannot connect to the Internet, you can use an ISO image and follow the instructions in KB 2483. If a restore is needed for a specific backup while a database migration is active, select the backup for migration to begin on the specific backup. Updates to backup systems are compatible with older agent versions. Although it is recommended that you upgrade to the latest agent versions, the system will continue to function properly running older agents. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 93 • • If you are running a pre-6.0 version, contact Support for assistance in upgrading. For more information about upgrading to the current version, see the Legacy Recovery-Series and UEB Upgrade Guide. You can also view the video tutorials Upgrading the Unitrends Appliance and Troubleshooting the Unitrends Appliance Upgrade. To update the system 1 Select Settings > System, Updates, and Licensing > Updates. 2 Look at the message on the System Updates tab and do one of the following: 3 • If you see the message The system is up to date, there are no updates to install. Click Exit to close and do not continue with these steps. • If you see the message There are "x" available updates, continue with these steps. To see details on the software packages that are being updated, click Show Update Details. Packages can be selectively added or removed by dragging the packages to the right pane or the left pane respectively. Packages beginning with the word unitrends are required. It is highly recommended to install all available updates at all times. 4 Click Install to start updating software packages. If there are software updates (like the kernel package) that require a reboot, you receive a message to this effect once the updates have been installed. If you do not receive this message, a reboot is not necessary. During installation you see progress messages, such as installing 5 of 20. If updates seem to stall, or if you receive a message indicating that a package could not be installed, you may click Exit and then restart the update procedure. 5 After the installation, log out and refresh the browser before logging back in. Shutting down the Unitrends system Typically, it should not be necessary to shut down your Unitrends system unless you need to: • • Reboot after installing an update Power down a physical appliance to perform maintenance You can shut down from the Administrator Interface (UEB or Recovery-Series), from the hypervisor (UEB), or from the physical appliance itself. If it is necessary to shut down your system, Unitrends recommends shutting down from the Administrator Interface. Any jobs in progress when the system is shut down will fail. Scheduled jobs do not run while the system is shut down. Options for shutting down your Unitrends system: • • • "To shut down from the Administrator Interface" on page 93 "To shut down UEB from the hypervisor" on page 94 "To shut down from the physical appliance" on page 95 To shut down from the Administrator Interface This is the recommended method for shutting down your system. 1 If you have any attached archive media, shut it down before continuing with this procedure. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 94 2 Select the system in the Navigation pane. 3 Go to Settings > System, Updates, and Licensing Shutdown to see the Shutdown/Restart window. 4 If you see the message, Shutdown/Restart may be performed only..., you are trying to shut down a system from its managing system. You must log in to the individual system that you want to shut down. 5 Enter your OS Root password. 6 The Restart after shutdown checkbox defaults to checked. Leave this checked to restart the system automatically after it shuts down. Uncheck the box if you need the system to remain shut down, such as to perform maintenance. 7 Click Confirm. 8 Click OK when you see the message System is shutting down... 9 Click Logout to exit the system. 10 Log in after the system restarts. If you see the message Call was unsuccessful. . ., the restart is not complete. Try again in a few minutes. If you opted to shut down without restarting, you need to push the power button on the physical appliance or manually start the UEB VM from the hypervisor, before you can log back into the system. To shut down UEB from the hypervisor Use this method only if you are unable to shut down the system through the Administrator Interface. The following instructions are based on the VMware vSphere Client. The procedure could vary with different hypervisors. 1 If you have any attached archive media, shut it down before continuing with this procedure. 2 Log in to the vSphere Client. 3 Go to Home > Inventory > Inventory to view your VMs. 4 Right click on the VM to which the UEB is deployed to see an options menu. 5 Hover over Power. Click Power Off. To power on your UEB from the hypervisor Before logging back into the system through the Administrator Interface, you need to power on the VM to which it is deployed. 1 Log in to the vSphere Client. 2 Go to Home > Inventory > Inventory to view your VMs. 3 Right click on the VM to which the UEB is deployed to see an options menu. 4 Hover over Power. Click Power On. 5 After the UEB has been powered on, you can turn on any attached archive media that was shut down before you shut down the UEB. 6 Log in to the system through the Administrator Interface. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 95 To shut down from the physical appliance Use this method only if you are unable to shut down the system through the Administrator Interface. 1 Before you shut down the physical appliance, make sure that all attached archive media is shut down. 2 Press the power button on the physical appliance. Note: Before you can log back into the system, you must power on the appliance by pressing the power button. To power on from the physical appliance 1 Press the power button on the physical appliance. 2 After the appliance has been powered on, you can power on any archive media that was shut down prior to shutting down the appliance. 3 Log in to the system through the Administrator Interface. About remote system management Unitrends single-pane-of-glass interface gives you the ability to manage multiple backup systems and replication targets from one central location. In the following figure, the user is logged into the manager system called LucieUEB, and can administer another managed system called replication35. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 96 Proceed to "Granting privilege for remote management" to set up management of a remote system. Granting privilege for remote management For a replication target or a management system to remotely manage a local backup system, the backup system has to explicitly grant privilege to the manager. This is done to secure a two-way handshake between the manager and the managed system. After granting remote management privilege to a system, you can administer nearly all actions on the managed system through a single pane of glass. There are a few exceptions. Log on locally to a system to perform the following functions: • • Manage and create customers, locations, and users. Change the local system password. Certain other operations are restricted if the remote system is not the same version as the manager. It is a best practice to always have all Unitrends systems on the latest version. For details, see the following procedures: • "To grant the remote management privilege" on page 97 Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 97 • "To revoke the remote management privilege" on page 97 To grant the remote management privilege 1 On the local backup system (managed system), select the blue system icon in the Navigation pane. 2 Select Settings > System, Updates, and Licensing > Grid Management. 3 Select Allow Remote Management at the bottom left. 4 Enter the hostname of the replication target or manager system. Be sure to enter the hostname exactly as it appears in the hosts file on the target or manager system. To view a system’s hostname, select Settings > Clients, Networking, and Notifications > Networks > Hostname. 5 Click Confirm to grant the privilege. 6 On the replication target or manager system, refresh the view to display the managed system in the Navigation pane. To revoke the remote management privilege 1 On the local backup system (managed system), select the blue system icon in the Navigation pane. 2 Select Settings > System, Updates, and Licensing > Grid Management. 3 Select Revoke Remote Management at the bottom right. 4 Enter the IP address of the manager system. 5 Click Confirm to revoke the privilege. 6 On the replication target or manager system, refresh the view to remove the system that is no longer managed from the Navigation pane. About credential management Credentials are used to establish a trust relationship between the backup system and its clients. Once you apply a credential to a client, the backup system can only access the client using the associated administrative username and password. If the username and password are not valid, access is denied. Credentials can be set at either the client or instance level. Client-level credentials are used for agent push and backup operations. Instance-level credentials are used to perform a backup of a particular application instance, such as a virtual machine or an Oracle database. Credentials are required for VMware, Cisco UCS, NDMP, and Oracle protection; credentials are recommended for Windows clients, and optional for other client types. • • For details on creating client-level credentials, see "Client trust credentials" on page 91. For VMware, client-level credentials are required for the vCenter or ESX server, but instancelevel credentials are optional for individual VMs. See "Setting VM credentials for applicationaware protection" on page 637 for details on when to use instance-level credentials. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 98 • For Cisco UCS, the Cisco UCS manager client must be registered to the backup system with administrative trust credentials. See "Adding Cisco UCS Manager clients to the Unitrends appliance" on page 687 for details. • For Oracle databases, instance-level credentials are required to perform backup operations. See "Oracle client and instance requirements" on page 550 for details. • For Windows clients, client-level credentials are required to push install agents and agent updates. For more on push installation, see "Push installing the Windows agents" on page 426. Use the procedures in this section to manage both client-level and instance-level credentials from a centralized location. The Credential Management page displays each credential along with its associated clients, VMware instances, and/or Oracle instances. To collapse the view, click the arrow to the left of a credential. Perform the following tasks using the Credential Management page: • • "To create a new credential" on page 98 • • "To set a default credential" on page 99 "To view or modify a credential" on page 98 "To delete a credential" on page 99 To create a new credential 1 Select Settings > Clients, Networking, and Notifications > Credential Management. 2 Click New Credential and enter the following fields: Field Action Credential Name Name associated with the credential. This is optional. Administrative Username User must have local system administrator privileges or domain administrator privileges. Password Password associated with the username you supplied. Confirm Password Enter the password again to confirm. Domain Name of the Windows domain associated with this credential. This is optional. 3 Click Save New Credential. 4 The credential is created and automatically displays in the Credential Management screen. To view or modify a credential 1 Select Settings > Clients, Networking, and Notifications > Credential Management. 2 Select the desired credential in the grid. 3 Click Edit Selected Credential and modify settings as desired. For a description of each field, see "To create a new credential". 4 Click Save Credential. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 99 To set a default credential Once a default credential is created, you can assign it to clients by checking the Use default credentials box on the Client page. Once you have set the default credential, you cannot change your selection. Instead, you must edit the default credential, or delete it to choose another as the default. 1 Select Settings > Clients, Networking, and Notifications > Credential Management. 2 Select the desired credential in the grid and click Edit Selected Credential, or create a new credential as described in "To create a new credential" on page 98. 3 Check the Set as Default box and click Save Credential. To delete a credential 1 Select Settings > Clients, Networking, and Notifications > Credential Management. 2 Verify that there are no clients associated with the credential. A credential that is associated with a client cannot be deleted. If there is a client associated, remove the association on the Clients page by either unchecking the Establish Trust box or by associating a different credential. For details, see "Client trust credentials" on page 91. 3 Select the desired credential in the grid and click Delete Credential. About Active Directory authentication This section describes the procedures used to implement Administrator Interface (AI) authentication using Active Directory (AD) domain credentials. Users can be set up as members of specified AD domains to access the Unitrends system without being added as users in that system itself. Note: AD authentication is implemented at the AI and Apache component level. The Unitrends operating system is not joined to the AD domain. The AD group to which a user belongs determines which features that user can view and utilize. Users are granted one of the following privilege levels: monitor, manage, administrator, or superuser. User actions are logged in the system and can be viewed in the Audit History report. For details, see "Audit History Report" on page 368. Perform these procedures to manage Active Directory authentication: • • • "To authenticate using Active Directory" on page 99 "To log in using AD authentication" on page 102 "To enable or disable Active Directory authentication" on page 102 To authenticate using Active Directory Note: 1 If are using the Active Directory user with navigation grouping, give the user Manage level privileges. For details, see "Navigation grouping" on page 45. Create the following groups in your Active Directory domain: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 100 Group Description Unitrends- Members of this group are granted superuser privileges. Superuser Unitrends- Members of this group or domain administrators are granted administrator Admin privileges. In addition to monitoring and managing systems, these users can add, edit, or delete customers or customer locations, and add, edit, or delete users. Because administrators can create customers and locations, they can also assign systems to different customers and locations in the navigational tree (using Settings > System, Updates, and Licensing > Grid Management). Unitrends- Members of this group are granted manage privileges. These users can view Manage statuses and reports, start backups, and perform other management tasks, such as adding or modifying clients and retention settings. They can also view running jobs or processes, but cannot create users or modify users, with the exception of modifying their own user account password. Unitrends- Members of this group are granted monitor privileges. These users are only able Monitor to view the status of operations, such as backups or replication, on the front Status page, and run reports. They cannot start backups or restores, view running jobs, or configure the system in any way, other than to modify their own user account password. Note: 2 You may name these groups to suit your environment. If you use your own names, be sure to enter these names when you configure AD authentication in the Unitrends system. User group names in your AD domain must match the names you enter in step 7 on the facing page. Add users to the Unitrends domain groups as desired. Users who are not domain administrators must be assigned to a Unitrends group to log in to the AI using AD authentication. Note: Add users to the groups only. Do not add groups. Nested grouping is not a Microsoft best practice and may cause undesirable results. 3 In the Unitrends AI, select the desired system in the Navigation pane. 4 Do one of the following: Note: The backup system must be running release 7.2 or higher to use the DNS option. For older releases, you must add the AD server to the system’s host file. • Create a DNS entry for the AD server with reverse lookup configured, then skip to step 6 on the facing page. • Add the AD server to the Unitrends system’s host file as described in step 5 on the facing page. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 101 5 Add the Active Directory server to the Unitrends system’s host file as described below. If you’ve already added the server, verify that you have set the fields as described here. Modify settings as necessary. Select Settings > Clients, Networking, and Notifications > Networks > Hosts, click Add Another Host, enter Host Name, IP Address, and Qualified Name as described below, then click Confirm. • • The AD server is the machine where the Active Directory domain is located. • Example: for an AD server called SERVER_AD whose IP address is 192.168.111.75 and AD domain is company_domain.com, enter the following: SERVER_AD in the Host Name field. 192.168.111.75 in the IP Address field. company_domain.com in the Qualified Name field. For Qualified Name, enter the active directory domain only. Do not include the server name. IMPORTANT! This host entry must be added before continuing with this procedure. The host entry must be present before configuring the Unitrends system for AD authentication. 6 Select Settings > System, Updates, and Licensing > Active Directory. 7 Enter information as follows: Field Action Enable Active Check this box to start using AD authentication, or leave unchecked to start Directory using AD authentication at a later time. Authentication Use SSL The Use SSL option is not supported. Active Directory Server Enter the hostname of the machine where the Active Directory Domain is located. If left blank, the system populates this field using the hosts file entry. If you are using DNS and did not add the AD server to the hosts file, be sure to enter the hostname here. This field is limited to 15 characters. Active Directory Domain Enter the name of the AD domain. Do not include the AD server name. For example, ad_domain.company_domain.com. This name must be present in the system’s host file or resolvable through DNS. Active Directory IP Enter the IP address of the AD server. This is optional. Unitrends Superuser Group Enter Unitrends-Superuser 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 102 8 Field Action Unitrends Administrator Group Enter Unitrends-Admin. Unitrends Manage Group Enter Unitrends-Manage. Unitrends Monitor Group Enter Unitrends-Monitor. Click Confirm to save, or click Cancel to exit without saving. To log in using AD authentication This procedure assumes you have set up the Unitrends user account in Active Directory and have configured AD authentication as described in "To authenticate using Active Directory". 1 Connect to the Unitrends system by directing any browser to https:///recoveryconsole 2 Click the lock icon. 3 In the Enter your username field, enter the AD domain and user name in either of the following formats: ad_domain\ad_username or ad_username@ad_domain.company_domain For example, for user jsmith on AD domain accounting and company domain americanaccountants.com, enter: accounting\jsmith or [email protected] 4 In the Enter your password field, enter the password for this AD user. 5 Click Login. To enable or disable Active Directory authentication 1 Select Settings > System, Updates, and Licensing > Active Directory. 2 Check the Enable Active Directory Authentication box to enable AD authentication, or uncheck this box to disable AD authentication. 3 Click Confirm to save. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 103 About storage configuration The Unitrends system is configured as a backup system, a replication system, or as both a backup and replication system if performing both roles. Note: Rack-mounted systems sold before May 2011 and older desktop units do not support replication. Instead, legacy vaulting is used. In these systems, the installation type is backup system, vault system, or cross-vault if performing both roles. For a description of supported installation types by system, see "Installation types and replication" on page 282. The system’s storage needs vary based on the role it plays in the environment. Use the storage interface to do the following: • • Optimize distribution of storage depending on the role of the system. • Protect a NAS share by mounting it directly on the Unitrends system. This eliminates the network latency associated with data transfer for NAS shares backed up as mounted devices on protected clients of the system. • Add backup or vaulting storage to Unitrends virtual (UEB) systems. Vaulting storage is only used for systems running the legacy vaulting feature. For replication, data is written to the backup storage area. • Optimize storage utilization by selecting an ingest rate strategy for the data being protected compared to the amount of retention on the system. Add SAN or a NAS storage as rotational archiving targets using high speed interconnects, like Fibre Channel and 10Gb Ethernet. The storage interface displays all storage targets that have been configured. For each target, details about the storage are given, including its usage, associated device, type, mount point, size, free space, and status (online or offline). See these topics for details: • • • • • "Storage types" on page 104 "Adding storage to the system" on page 105 "Configuring storage" on page 110 "Storage allocation and distribution" on page 117 "Balancing backup performance and retention" on page 118 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 104 Storage types Type Description Backup storage This option applies to Unitrends virtual systems only. Backup storage can be increased by adding a virtual disk to the UEB virtual machine using the hypervisor. Note: Although it is possible to attach external storage directly to the UEB VM, this is not recommended. If you must connect to external storage from the UEB virtual machine directly through network protocols (NFS, CIFS, or iSCSI), be sure to use a supported vendor from the list in KB 3350. Once the storage is added in the hypervisor, go to the Unitrends system and either expand the existing backup device to include the new disk, or add a separate backup device. (See "Adding backup storage" on page 105 for details). Within the hypervisor, you can add internal disks to the UEB VM or, if you deployed your UEB to an attached SAN or NAS storage array, you can create datastores (VMware) or volumes (Hyper-V) from that array to add virtual disks (VMDK or VHDX) to the UEB VM. WARNING! It is strongly recommended that all UEB storage is either direct attached storage (DAS, internal to the hypervisor) or resides on one external storage array. If you configure storage across multiple storage arrays and one becomes unavailable, all backup data is corrupted, resulting in total data loss. You can leverage SAN or NAS storage to create datastores (VMware) or volumes (Hyper-V) by connecting the external array to the hypervisor host: Vault storage • A SAN LUN on the array can be connected to the hypervisor host and exposed to UEB. You can then add the entire LUN to UEB or create virtual disks (VMDK or VHDX) on the LUN and expose these disks to UEB for added storage. • A NAS share can be connected to the hypervisor host over CIFS or NFS protocol to create virtual disks (VMDK or VHDX) for added storage. This option applies to Unitrends virtual systems performing legacy vaulting only. Additional vault storage can be added to the virtual system in the following ways: • • A SAN iSCSI LUN can be used. • • An additional virtual disk can be added to the virtual system. The hypervisor can connect to a SAN using iSCSI or Fibre Channel and expose the LUN as a Raw Device Mapping device. A NFS NAS share can be leveraged. NAS shares configured with the CIFS protocol are not supported for legacy vaulting. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 105 Type Description Archive storage This option applies to all physical and virtual systems that have been licensed for advanced archiving. Additional archive storage can be added in the following ways: • • • • A SAN iSCSI LUN can be used. A NAS share configured with the CIFS or NFS protocols can be leveraged. For virtual systems, an additional virtual disk can be added. Cloud storage using the Unitrends CloudHook. NAS This option applies to all physical and virtual systems. A NAS share configured using protection the NFS or CIFS protocol can be mounted directly on the system and protected as a client. Protect VMs on a SAN This option applies to Unitrends physical systems and UEB on VMware. This options is not available for UEB on Hyper-V. For VMware environments where datastores are hosted on a SAN, configure SAN storage so that data is backed up directly from the SAN to the backup system. For details, see "VMware SAN-direct backups" on page 650. Adding storage to the system This section provides instructions for adding the following kinds of storage: • • • "Adding backup storage" on page 105 "Adding archive storage" on page 109 "Adding vault storage" on page 110 To protect VMs on a SAN, see "VMware SAN-direct backups" on page 650. Adding backup storage These procedures apply to Unitrends virtual systems only. After initial deployment and setup, you can add more storage as needed. Add the storage via the host (added disk) or allocate space on an external storage array (SAN or NAS). Then use the existing backup device to include the new disk (recommended) or add a separate backup storage area. It is a best practice to add storage in the same manner as the initial backup storage you created during deployment. We recommend expanding storage for best performance, but you can also add a separate area of roughly the same size if necessary. See the following topics for details on adding backup storage: • • • • • "Recommendations for adding backup storage" on page 106 "Examples of expanding storage" on page 106 "Examples of adding storage" on page 107 "To expand a backup device" on page 107 "To add backup storage and create a new device" on page 108 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 106 Recommendations for adding backup storage Use these recommendations when setting up all UEB storage that you will add to the UEB appliance: • It is strongly recommended that all UEB storage is either direct attached storage (DAS, internal to the hypervisor) or resides on one external storage array. WARNING! If you configure storage across multiple arrays and one becomes unavailable, all backup data is corrupted, resulting in total data loss. • It is recommended to use DAS, internal to the host, or leverage SAN or NAS storage by connecting the external array to the host. – – You can create VHD(X) or VMDK disks on storage internal to the host (DAS). – You can connect a NAS share to the host over the NFS protocol to create VHD(X) or VDMK disks. You can connect a SAN LUN on the array to the host and expose it to the UEB. You can then add the entire LUN to UEB or create VHD(X) or VMDK disks on the LUN and expose the disks to the UEB. • Although it is possible to attach external storage directly to the UEB appliance, this is not recommended. If you must connect external storage to the UEB directly through network protocols (CIFS, NFS, iSCSI), make sure to use a supported vendor from the list in KB 3350. • Storage should be dedicated to the UEB VM and not shared by other virtual machines, applications, etc. – If using an external SAN or NAS storage array, the shares or LUNs used by the UEB VM should be dedicated to that UEB VM. – If the UEB VM is deployed on a host in a cluster configuration, the UEB VM should use a dedicated NAS share or SAN LUN. • For best performance with SAN storage, use a thickly provisioned LUN. For Hyper-V, use a fixed size VHD(X). • As you add storage, add resources to the UEB virtual machine, such as CPU and memory. Examples of expanding storage If additional backup storage is needed, we recommend expanding your initial backup storage to include the newly allocated space. Note: UEB appliance backup storage can only be expanded across new disks. To expand the existing backup storage you must add a new virtual disk. Expanding an existing disk or growing a SAN volume is not supported. Once storage is expanded in the appliance's Administrator Interface (AI), the LVM treats the original disk and added disks as one larger data volume. Following are expanding storage examples. For instructions on expanding storage in the Unitrends AI, see "To expand a backup device" on page 107. • If expanding storage on DAS, add a new VHD(X) or VMDK using the same volume or datastore selected for the initial backup storage and then use the appliance's AI to expand existing storage to include the new disk. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 107 • If expanding storage on a NAS connected to the host, add a new VHD(X) or VMDK to a share on the NAS and then use the appliance's AI to expand existing storage to include the new disk. • If expanding storage on a SAN connected to the host, addd a new (VHD(X) or VMDK to a LUN on the SAN and then use the appliance's AI to expand existing storage to include a new disk. Examples of adding storage If expanding storage is not an option or you need to create a distinct storage area, you can add storage to your appliance. Storage added to the appliance (rather than expanded) is treated as a separate storage area. This approach allows you to set up backups to write to a user-specified device. We recommend adding storage in the same manner the initial backup storage was created. If an external NAS or SAN storage array was used, either directly or through the host, we recommend using the same storage array for all additional backup storage. If you must attach directly to the UEB VM rather than through the hypervisor, storage expansion through the Administrator Interface is not supported. Use the procedure "To add backup storage and create a new device" on page 108 instead. Note: If you wish to use replication and deduplication, your backup storage devices must be at least 128GB. Following are examples for adding a new storage device. For instructions on adding a storage device in the Unitrends AI, see "To add backup storage and create a new device" on page 108. • DAS or external storage attached to the host: Create a VHD(X) or VMDK on the DAS, NAS, or SAN storage array. In the Add Backup Storage dialog in the AI, click Create a separate storage area for an alternate backup device and select the type Added Disk. Select the disk you wish to add. • External storage attached to the UEB appliance: – Allocate additional space on the NAS. In the Add Backup Storage dialog in the AI, click Create a separate storage area for an alternate backup device and select the type NAS. Enter the IP address of the NAS and other required information. – Allocate additional storage space on the SAN. In the Add Backup Storage dialog in the AI, click Create a separate storage area for an alternate backup device and select the type iSCSI. Enter the IP address of the SAN and other required information. To expand a backup device Expansion is supported on Unitrends Enterprise Backup deployments. If you must attach directly to the UEB VM rather than through the hypervisor, storage expansion through the Administrator Interface is not supported. Use the procedure "To add backup storage and create a new device" on page 108 instead. WARNING! Once you add a disk to the datastore and expand storage, that disk is added to a logical volume. The newly added disk and any existing disks are then treated as one disk by the system. You cannot remove the disk once it has been added. Removing a disk after expanding storage results in data loss and corruption. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 108 1 Verify that no backups are running. If backups are running, either cancel them or wait until they complete. If you attempt to add storage while backups are running, the Administrator Interface displays the following message: A storage expansion cannot take place while backups are queued or running. 2 Add storage in one of the following ways: • For direct attached storage (DAS), add a new VHD(X) or VMDK using the same volume or datastore selected for the initial backup storage. • For NAS storage connected to the host, add a new VHD(X) or VDMK to a share on the NAS and expose it to the hypervisor. • For SAN storage connected to the host, add a new VHD(X) or VMDK to a LUN on the SAN and expose it to the hypervisor. • For instructions on creating and adding a VMDK disk, see one of the following VMware documents: – – – • vSphere 5.1: Create a Virtual Disk in vSphere Client 5.1 vSphere 5.5: Create a Virtual Disk in vSphere Client 5.5 vSphere 6: Create a Virtual Disk in vSphere Client 6 For instructions on creating and adding a VHD(x) disk, see the following Microsoft documents: – – To create a virtual hard disk To add a hard disk to a virtual machine 3 In the Unitrends system, select Settings > Storage and Retention > Storage. 4 Click Add Backup Storage. 5 Choose Expand your backup device across added disks, then click Confirm. • • 6 The Expand Storage page shows the current size of the default internal storage pool. If you have not yet added a datastore or volume, you may click Show Steps for Adding Additional Storage for detailed instructions. You must go to your hypervisor and add the datastore or volume before expanding storage. Click Expand Storage. The system expands storage on the default device to include the disk you created on the datastore or volume. The default device is D2DBackups, unless you’ve configured a different one. 7 When storage expansion is complete, the current size of the storage pool is updated to reflect the expansion. 95% of the disk you added is allocated for backup/replication storage. 5% of the expanded storage, up to 2GB, is allocated for swap space. 8 Click Confirm to exit. To add backup storage and create a new device Use this procedure to add storage and a new backup device. For best results, all backup devices Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 109 should be of similar size. (To add storage to an existing device, see "To expand a backup device" on page 107.) WARNING! It is strongly recommended that all UEB storage is either direct attached storage (DAS, internal to the hypervisor) or resides on one external storage array. If you configure storage across multiple storage arrays and one becomes unavailable, all backup data is corrupted, resulting in total data loss. 1 Select Settings > Storage and Retention > Storage. 2 Click Add Backup Storage. 3 Choose Create a separate storage area for an alternate backup device, then click Confirm. 4 Enter a name for the storage being configured in the Storage Name field. Note: 5 Storage connected using the NFS, CIFS, or iSCSI protocols must not contain spaces in the name. Select the storage Type and continue to "Configuring storage" on page 110 Note: If you have attached a NAS or SAN through the hypervisor, select the Added Disk type. UEB treats all storage attached through the hypervisor as internal storage. Adding archive storage This procedure applies to Unitrends virtual and physical systems, and to Cloud storage. You can archive to a SAN iSCSI LUN, a NAS share, virtual disk (for UEB systems only), and Cloud storage. Note the following archive storage limitations: • For archive to NAS, each backup system must archive to a separate NAS share. Having more than one backup system archiving to a given NAS share is likely to cause data corruption. • For archive to iSCSI LUN, each backup system must archive to a separate LUN. Having more than one backup system archiving to a given iSCSI LUN is likely to cause data corruption. To add archive storage 1 Select Settings > Storage and Retention > Storage. 2 Click Add Archive Storage. 3 Enter a name for the storage being configured in the Storage Name field. Note: 4 Storage connected using the NFS, CIFS, or iSCSI protocols must not contain spaces in the name. Select the storage Type and continue to one of the following procedures: • "Configuring storage" on page 110 to configure iSCSI, Fibre Channel, NAS, or Added Disk storage. Note: For archive to iSCSI LUN, it is recommended to not resize the LUN after it has been added to the backup appliance as the new size cannot be detected by the 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 110 backup appliance. • "Adding cloud archive storage to the Unitrends appliance" on page 229 to set up Cloud storage. Adding vault storage This procedure applies to Unitrends virtual systems running the legacy vaulting feature only. For virtual systems configured for replication, vault storage is not needed as replicated data is written to backup storage. You can vault to a SAN iSCSI LUN, an NFS-configured NAS share, or to a virtual disk. Note: NAS shares configured with the CIFS protocol cannot be used for legacy vault storage. To add vault storage 1 Select Settings > Storage and Retention > Storage. 2 Click Add Vault Storage. 3 Enter a name for the storage being configured in the Storage Name field. Note: 4 Storage connected using the NFS, CIFS, or iSCSI protocols must not contain spaces in the name. Select the storage Type and continue to "Configuring storage" on page 110 to configure iSCSI, NFS-configured NAS, or Added Disk (internal) storage. Configuring storage This section provides instructions for configuring the backup system’s connection to added storage. The following protocols are supported: • • • • iSCSI, see "To configure iSCSI storage" on page 110. Fibre Channel, see "To configure Fibre Channel storage" on page 112. NAS, see "To configure CIFS and NFS NAS storage" on page 113. Internal, see "To configure added internal storage" on page 115. To configure iSCSI storage For iSCSI storage, Unitrends requires an active iSCSI session at all times. Unitrends supports array failover scenarios that utilize iSCSI redirect technologies, but not MPIO or active/passive failover configurations. Use this procedure to configure iSCSI storage: 1 Add storage using one of these procedures: Note: • • Names for iSCSI storage must not contain spaces. "To add backup storage and create a new device" on page 108 "Adding archive storage" on page 109 Note: For archive to iSCSI LUN, it is recommended to not resize the LUN after it has Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 111 been added to the backup appliance as the new size cannot be detected by the backup appliance. • • "Adding vault storage" on page 110 "VMware SAN-direct backups" on page 650 2 If the iSCSI target is configured for CHAP authentication, you must set up CHAP in the Unitrends system. See "About CHAP authentication" on page 116. 3 Enter the IP address of the SAN storage array in the Host IP address field. 4 The default port used for iSCSI communication is 3260. If the LUN is configured to use a different port, enter it in the Port field. 5 Click Scan for List of Available Targets to retrieve a list of targets on the remote storage array, then choose one from the Select Target list. Note: • • • 6 Verify that you can see the Unitrends appliance in your SAN manager. Verify that you have a LUN assigned to the Unitrends system with the correct permissions. Check with your Storage Administrator for more information. Enter the appropriate Logical Unit Number using the LUN counter, or click Scan for List of Available LUNs and select one from the Select LUN list. Note: 7 8 If you do not see the LUN in the list, go to your SAN manager and check your LUN configuration by doing the following: If you receive an error indicating CHAP authentication has failed, CHAP has been configured on the target and either CHAP has not been enabled in the Unitrends system, or the Unitrends CHAP credentials do not match those of the target. Click Confirm. • • If you are adding backup storage, continue with this procedure to add the backup device. • To use this storage for legacy vaulting, select it as a target when adding the backup system to the vault. For details, see "Adding the backup system to the vault" on page 330. Note that replication uses regular backup storage. Vault storage is used for systems that use the legacy vaulting feature only. To use this storage for archiving, select it as a target when running or scheduling archive jobs. See the "Archiving Overview" chapter for details. On the Add Device page, enter a name for the new device in the Device Name field. This is the name that will be used whenever the device is selected. Device names must be unique and must not contain spaces. 9 Enter the amount of data that can be stored on the new device in the Capacity field. The Capacity field governs the amount of data that can be stored on the device. The system manages to the capacity limit set and will assure that the data on the device does not exceed the capacity limit. If the capacity chosen exceeds the system license OR if there is not enough space on the file system to accommodate the allocation, a message displays indicating the need to adjust the capacity limit. Options for Capacity settings are: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 112 • Standard Size - Use this to select from a list of values. Click the down arrow next to the device size and select the desired capacity. • Custom Size - If the desired size of the device is not populated in the standard size list, select this option to specify a capacity. 10 Enter a brief description for the device in the Description field. 11 In the Max Concurrent Backups field, enter the number of backups that can be run simultaneously on the system. The default value is three. The recommended range is three to ten, depending on network throughput, the number of devices defined, and the resources of the system. 12 Check these boxes as applicable: • • Online box to indicate that the device is online and ready for backups to be written. • Select Storage box to select external storage for virtual systems. Deduplication may be enabled on external devices using this feature. Default box to make this the default device. The default device is used if no other device is specified. Note: The Pathname displays the location on the system where the backups are stored. This field cannot be edited. 13 Click Confirm to add the device. To store backups on this device, select it when running or scheduling backups. See the "Backups Overview" chapter for details. To configure Fibre Channel storage For Fibre Channel storage, Unitrends requires a connection to an active LUN at all times. Unitrends supports array failover scenarios for active/active configurations only. Use this procedure to configure Fibre Channel storage: 1 Complete the steps in "To add archive storage" on page 109 or "VMware SAN-direct backups" on page 650. 2 Click Scan for List of Available Targets to retrieve the target LUNs exposed by the SAN. 3 Choose the desired target from the Select Target list. 4 Enter the Logical Unit Number using the LUN counter, or click Scan for List of Available LUNs and select one in the Select LUN list. Note: If you do not see the LUN in the list, check the following: • Go to your SAN manager, check your LUN configuration, and verify that you can see the Unitrends appliance. • • • Verify that you have a LUN assigned to the Unitrends system with the correct permissions. You may need to reboot the Unitrends system to enable it to discover the storage device. Check with your Storage Administrator for more information. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 113 5 Click Confirm to complete the setup. Note: To remove the LUN from Fibre Channel storage in the Unitrends system, you must go to the SAN manager and indicate that the SAN should not use the LUN anymore. To configure CIFS and NFS NAS storage 1 Add storage using one of these procedures: Note: • • • • 2 Names for NFS and CIFS storage must not contain spaces. "To add backup storage and create a new device" on page 108 "To add archive storage" on page 109 "To add vault storage" on page 110 To protect a CIFS/NFS NAS as a client, see "To add a CIFS/NFS client" on page 580 If the NAS share is configured for authentication, provide the credentials in the Username, Password, and Verify Password fields. • • If domain credentials are being used, enter the user name as [email protected]. If authentication is not used, skip this step. 3 Enter the IP address or hostname of the NAS share in the Host field. 4 Select the desired file system type from the Protocol list. The NAS share can be connected using the NFS or CIFS protocol. Note: For legacy vault storage, you must configure the NAS using the NFS protocol. The CIFS protocol is not supported for vault storage. The CIFS protocol can be used with the newer replication feature. 5 The Port field contains the default for the protocol selected. If the protocol uses a custom port, enter that port number. 6 Enter the full directory pathname of the NFS or CIFS share in the Share Name field. Do not use leading or ending slashes. 7 Click Confirm. 8 • • If you are adding backup storage, continue with this procedure to add the backup device. • To use this storage for archiving, select it as a target when running or scheduling archive jobs. See the "Archiving Overview" chapter for details. • To use this storage for legacy vaulting, select it as a target when adding the backup system to the vault. For details, see "Adding the backup system to the vault" on page 330. Note that replication uses regular backup storage. Vault storage is used for systems that use the legacy vaulting feature only. If you are protecting data stored on the CIFS/NFS NAS, schedule backups for the CIFS/NFS client as described in "NAS protection using CIFS/NFS" on page 579. On the Add Device page, enter a name for the new device in the Device Name field. This is the name that will be used whenever the device is selected. Device names must be 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 114 unique and must not contain spaces. 9 Enter the amount of data that can be stored on the new device in the Capacity field. The Capacity field governs the amount of data that can be stored on the device. The system manages to the capacity limit set and will assure that the data on the device does not exceed the capacity limit. If the capacity chosen exceeds the system license OR if there is not enough space on the file system to accommodate the allocation, an error message is delivered indicating the need to adjust the capacity limit. Options for Capacity settings are: • Standard Size - Use this to select from a list of values. Click the down arrow next to the device size and select the desired capacity. • Custom Size - If the desired size of the device is not populated in the standard size list, select this option to specify a capacity. 10 Enter a brief description for the device in the Description field. 11 In the Max Concurrent Backups field, enter the number of backups that can be run simultaneously on the system. The default value is three. The recommended range is three to ten, depending on network throughput, the number of devices defined, and the resources of the system. 12 Check these boxes as applicable: • • Online box to indicate that the device is online and ready for backups to be written. • Select Storage box to select external storage for virtual systems. Deduplication may be enabled on external devices using this feature. Default box to make this the default device. The default device is used if no other device is specified. Note: The Pathname displays the location on the system where the backups are stored. This field cannot be edited. 13 Click Confirm to add the device. To store backups on this device, select it when running or scheduling backups. See the "Backups Overview" chapter for details. To modify CIFS credentials The CIFS password on the backup system must match the password set on the CIFS targets accessed by the Unitrends system. If they do not match, your storage might fail to mount upon reboot. Use this procedure to update the CIFS passwords on the Unitrends system any time you change these passwords on the CIFS targets. 1 Update the password on all CIFS targets accessed by the Unitrends system. 2 In the Unitrends system, select Settings > Storage and Retention > Storage. 3 In the list of storage items, click to select the CIFS storage device row. The Modify Backup Storage dialog opens. 4 Enter the updated Password and then enter it again in the Verify Password field. 5 Click Confirm to save. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 115 To configure added internal storage This option is only available for virtual systems. UEB treats all storage attached through the hypervisor as internal storage, whether this is direct attached storage (DAS, internal to the hypervisor) or storage that resides on an external array. 1 Add a disk to the datastore or volume used by the Unitrends Enterprise Backup VM. For instructions on creating and adding a VMDK disk, see one of the following VMware documents: • • vSphere 5.1: Create a Virtual Disk in vSphere Client 5.1 vSphere 5.5: Create a Virtual Disk in vSphere Client 5.5 For instructions on creating and adding a VHD(X) disk, see the following Microsoft documents: • • 2 To create a virtual hard disk To add a hard disk to a virtual machine Add storage of type Added Disk using one of these procedures: • • • "To add backup storage and create a new device" on page 108 "To add archive storage" on page 109 "To add vault storage" on page 110 3 Select a disk from the Select Added Disk list. 4 Click Confirm. 5 Check the I understand... box to indicate you are aware that any data on the selected disk will be deleted upon adding storage to the backup system. 6 Click Confirm. 7 • • If you are adding backup storage, continue with this procedure to add the backup device. • To use this storage for legacy vaulting, select it as a target when adding the backup system to the vault. For details, see "Adding the backup system to the vault" on page 330. Note that replication uses regular backup storage. Vault storage is used for systems that use the legacy vaulting feature only. To use this storage for archiving, select it as a target when running or scheduling archive jobs. See the "Archiving Overview" chapter for details. On the Add Device page, enter a name for the new device in the Device Name field. This is the name that will be used whenever the device is selected. Device names must be unique and must not contain spaces. 8 Enter the amount of data that can be stored on the new device in the Capacity field. The Capacity field governs the amount of data that can be stored on the device. The system manages to the capacity limit set and will assure that the data on the device does not exceed the capacity limit. If the capacity chosen exceeds the system license OR if there is not enough space on the file system to accommodate the allocation, an error message is delivered indicating the need to adjust the capacity limit. Options for Capacity settings are: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 116 9 • Standard Size - Use this to select from a list of values. Click the down arrow next to the device size and select the desired capacity. • Custom Size - If the desired size of the device is not populated in the standard size list, select this option to specify a capacity. Enter a brief description for the device in the Description field. 10 In the Max Concurrent Backups field, enter the number of backups that can be run simultaneously on the system. The default value is three. The recommended range is three to ten, depending on network throughput, the number of devices defined, and the resources of the system. 11 Check these boxes as applicable: • • Online box to indicate that the device is online and ready for backups to be written. • Select Storage box to select external storage for virtual systems. Deduplication may be enabled on external devices using this feature. Default box to make this the default device. The default device is used if no other device is specified. Note: The Pathname displays the location on the system where the backups are stored. This field cannot be edited. 12 Click Confirm to add the device. To store backups on this device, select it when running or scheduling backups. See the "Backups Overview" chapter for details. About CHAP authentication Unitrends supports the use of Challenge Handshake Authentication Protocol (CHAP) for iSCSI connections to external storage. Configure the Unitrends system to connect using CHAP authentication as described in "To configure iSCSI storage" on page 110. Consider the following limitations and requirements when implementing CHAP with the Unitrends system: • You can configure the iSCSI connection with CHAP before configuring CHAP on the target. Once the target is configured, CHAP authentication is enforced. • If CHAP has not been configured on the target, Unitrends detects this and gains access without CHAP authentication, even if CHAP has been enabled in the Unitrends system. • If CHAP has been configured on the storage target, you must enable CHAP authentication in the Unitrends system. If not, any attempt to add the target to or access the target from the Unitrends system fails. • A single CHAP username and password is used by the Unitrends system. Therefore, all of its CHAP-enabled iSCSI targets must be configured with this username and password. • CHAP is supported from the initiator (Unitrends system) to the target only. Mutual (bidirectional) CHAP is not supported. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 117 • CHAP authentication occurs upon first log in to the target. Subsequent operations on the target succeed, without further authentication, for the duration of the iSCSI session or until the target sends a random challenge request. See the following topics for details: • • • "To enable CHAP authentication" on page 117 "To modify CHAP credentials" on page 117 "To disable CHAP authentication" on page 117 To enable CHAP authentication 1 Configure CHAP authentication on all iSCSI targets accessed by the Unitrends system. 2 In the Unitrends system, select Settings > Storage and Retention > iSCSI CHAP Credentials. 3 Enter credentials in the Username, Password, and Verify Password fields, then click Save CHAP credentials. One set of credentials is used to access all iSCSI targets. • By default, Username contains the backup system’s iSCSI qualified name (IQN). It is required that the username and password on the initiator (backup system) match those defined on the targets. Modify the Username entry if necessary. • The password must be 12-16 characters in length. To modify CHAP credentials 1 Update the password on all iSCSI targets accessed by the Unitrends system. 2 In the Unitrends system, select Settings > Storage and Retention > iSCSI CHAP Credentials. 3 Enter the updated Password and then enter it again in the Verify Password field. Note: The CHAPs password on the initiator (backup system) must match the password set on the iSCSI targets accessed by the Unitrends system. If they do not match, your storage might fail to mount upon reboot. To disable CHAP authentication Note: Be sure to disable CHAP on all iSCSI targets before disabling CHAP in the Unitrends system. 1 Disable CHAP authentication on all iSCSI targets. 2 In the Unitrends system, select Settings > Storage and Retention > iSCSI CHAP Credentials. 3 Click Clear CHAP Credentials. Storage allocation and distribution Storage allocation and distribution can be optimized and configured based on the role the system plays in the data protection plan. Storage allocation can only be modified on systems that support instant recovery (see "Windows Instant Recovery" on page 451 and "Instant recovery for VMware" 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 118 on page 663 for details), or are configured with the legacy local backup system and vault installation type. For other systems, storage allocation cannot be modified. To configure storage allocation 1 Select Settings > Storage and Retention > Storage Allocation. 2 In the Storage Allocation window, configure the distribution of the storage used for backups/replication, vaulting, and instant recovery as desired. To change the distribution of allocated storage, drag the edge of the pie to the desired size. Note: 3 For legacy systems configured as cross-vaults, the storage is equally distributed between Vaulting and Backup when the system is installed. If you reduce the Backup/Replication storage allocation to provide additional storage for Instant Recovery or Vaulting, older backups may be removed from the system to make room for the new storage allocation. The devices that are configured on the system are scaled down proportionally to accommodate the new allocation. Click Confirm to apply the changes. Balancing backup performance and retention Unitrends systems are designed to use all available storage for protecting data (see "Storage allocation and distribution" on page 117). As scheduled or immediate backups are performed, the oldest backups are deleted to ingest new backups. See "About retention control" on page 121 for details. You can tune system storage to fit the backup window and retention objectives of your environment by selecting from the following options. Option Description Balance This is the recommended setting for managing the ingest rate and retention on retention and the system. With this setting, a predictive mechanism is used to dynamically backup alter the size of the landing zone based on the backup strategies selected. performance (recommended setting) Minimize backup window Use this setting where backup window requirements are critical. With this setting, a landing zone (reserve area) is created which is large enough to hold the data set that is being protected. This guarantees the fastest ingest rate. However, to meet the landing zone requirements, older backups are more aggressively deleted. Maximize retention Use this setting where retention is critical. The data protection ingest rate is slower. The landing zone is kept to a minimum to ensure maximum retention. To balance backup performance and retention 1 Select Settings > Storage and Retention > Retention. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 119 2 Select the desired Balance Retention and Backup Performance option. See the table above for a description of each option. 3 Click Confirm to save. About device configuration Devices are the target locations for data received from the protected servers, workstations, and virtual environments. By default, systems are configured with a single D2D device labeled D2DBackups. D2DBackups is configured to the maximum backup storage of the system, based on the identity of the system and the distribution of backup storage to instant recovery and legacy vaulting (see "Storage allocation and distribution" on page 117 for details). For UEB systems, D2DBackups is deployed with 138GB of storage space. Add backup storage as described in "Adding backup storage" on page 105 prior to adding a device. While storage in D2DBackups is adequate in many cases, you can change the amount of space allocated to this device. As well, additional D2D devices may be added to help better organize backups. The original D2DBackups storage is logically divided into multiple devices. For physical systems, the total amount of space allocated to all devices combined must be within the system license limits. Some reasons for creating additional D2D devices include: • • • • • Separating bare metal backups from file-level backups. • Separating source systems on replication targets. There are additional requirements and considerations when associating a device to a replication source. For details, see "(Optional) Add a logical device to associate with a source system" on page 285. Keeping application backups organized together in a separate area. Organizing servers based on their sizes. Separating servers with different retention period requirements. Placing one client on a separate device so it will run at highest priority (not be queued behind other jobs on one device). Though adding devices can provide a level of organization, it also adds a level of complexity. If too many devices exist, balancing space allocation between the devices can lead to purging issues and other problems. See the following topics for details: • • • "To add a device" on page 119 "To modify a device" on page 120 "To delete a device" on page 121 To add a device 1 Select Settings > Storage and Retention > Backup Devices. 2 Click Add Device. 3 Enter a name for the new device in the Device Name field. This is the name that will be used whenever the device is selected. Device names must be 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 120 unique and must not contain spaces. 4 Enter the amount of data that can be stored on the new device in the Capacity field. Notes: • If the device will be used to store replicated backups for an associated source system, its capacity must be at least 128GB. • If you have a physical appliance, all available storage is allocated to the default D2DBackups device. To split this storage into multiple devices, you must first decrease the D2DBackups capacity (see "To modify a device" on page 120). If you already have backups on the system, proceed with extreme caution . Decreasing D2DBackups capacity may cause existing backups to be purged. The Capacity field governs the amount of data that can be stored on the device. The system assures that the data on the device does not exceed the capacity limit. If the capacity chosen exceeds the system license, OR if there is not enough space on the file system to accommodate the allocation, an error message is delivered indicating the need to adjust the capacity limit. Options for Capacity settings are: • Standard Size - Use this to select from a list of values. Click the down arrow next to the device size, and select the desired capacity. • Custom Size - If the desired size of the device is not populated in the standard size list, select this option to specify a capacity. 5 Enter a brief description for the device in the Description field. 6 In the Max Concurrent Backups field, enter the number of backups that can be run simultaneously on the system. The default value is three. The recommended range is three to ten, depending on network throughput, the number of devices defined, and the resources of the system. 7 Check these boxes as applicable: • • Online box to indicate that the device is online and ready for backups to be written. • Select Storage box to select external storage for virtual systems. Deduplication may be enabled on external devices using this feature. Default box to make this the default device. The default device is used if no other device is specified. Note: 8 The Pathname displays the location on the system where the backups are stored. This field cannot be edited. Click Confirm to add the device. To modify a device Be careful when decreasing the size of a device as this may cause data to be purged. Note the following before you modify the device: Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 121 Notes: • For replication devices, capacity must be at least 128GB. Decreasing the size to less than 128GB is not supported. • If you have a physical appliance, all available storage is allocated to the default D2DBackups device. To split this storage into multiple devices, you must first decrease the D2DBackups capacity. If you already have backups on the system, proceed with extreme caution . Decreasing D2DBackups capacity may cause existing backups to be purged. 1 Select Settings > Storage and Retention > Backup Devices. 2 Select the desired device. 3 Modify settings as desired. For details, see "To add a device". 4 Click Confirm to save the changes. To delete a device WARNING! Once a device is deleted, any backups stored on that device are no longer accessible. The space occupied on the system may not be immediately available after a backup is deleted. Before data is removed, any referenced deduplicated data is migrated to other devices before the delete operation can complete. 1 Select Settings > Storage and Retention > Backup Devices. 2 Select the desired device. 3 Click Delete Device. Note: For replicating systems, you cannot delete a device that is associated to a source system. You must remove the association before the device can be deleted. Go to Replication > System Management, select the source, uncheck the Select Device if Replicating Source box, and click Confirm. About retention control A data retention policy is determined by an organization's legal and business data retention requirements. You may need to keep data available for months or even years. How you achieve this may be a combination of on-system retention and archiving to removable media for longer term storage. Space on the system is self-managed based on the user settings for balancing ingest rate and retention (see "Balancing backup performance and retention" on page 118). When your system capacity is full, the oldest backups are purged to make room for newer ones. However, the Unitrends system will not purge the latest backups of any type for a given client, or any backups for a client that are put on legal hold. The greater the difference in the amount of total data protected and the system size, the greater the on-system retention. If the difference is small you will see less retention on the system. If you require many weeks of on-system retention, you must deploy a system of sufficient size. The retention control feature allows you to decide how long backups are retained on the system before being purged. Controlling the order in which backups are removed allows for more effective 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 122 management of available space, without affecting the manner in which general performance is balanced with retention. The Retention tool tracks backups as groups containing a master or full backup, along with any incrementals or differentials that followed. A master in a file-based backup group may be generated on-demand, by a scheduled backup, or synthesized by the system during an incremental forever process. No retention policy is set for newly added clients. With no retention policy set, backups for a client are kept as long as possible by a system until the system runs out of backup space, at which point the oldest backups are purged. Retention policies are set using the following controls. You must have Manage privileges or higher to change retention settings. See these topics for details on setting retention: • • "Retention control settings" on page 122 "To set or view retention goals and limits" on page 123 Retention control settings The following table describes the available retention control settings. Retention control Description Min Retention Goal (Days) A notification mechanism to inform when the desired retention goals are not being met. Setting the minimum retention goal does not guarantee the retention of protected data for the defined period. As newer backups are performed (scheduled or immediate), older backups are purged to reclaim space on the system if necessary. If guaranteed minimum retention is needed, use legal hold. If the minimum retention goal is not met, a message displays on the Alerts Last 7 Days tab of the Status screen. Max Retention Limit (Days) Number of days backups are retained if space allows. Backups are deleted once the full has exceeded this limit. When a full backup exceeds its retention, the full and all associated incrementals and differentials are purged as well. If you set the maximum retention limit below the minimum limit, backups are deleted and the process cannot be stopped. Note: The most current backup group for a client is never purged from the system regardless of the need for space. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 123 Retention control Description Legal Hold Unlike Min retention goal, Legal hold allows you to set a hard minimum limit on the (Days) number of days a backup will be held. The legal hold setting takes precedence over the Min and Max retention settings. Backups that are younger than the legal hold limit are not purged for any reason, including at the expense of new, incoming backups. For legal hold purposes, the age of a backup is only considered to be as old as the latest backup in a set, e.g., the last incremental before a new full. After passing the legal hold limit, the min retention goal and max retention limit settings take over for the purposes of retention. If legal hold is preventing new backups from occurring, a message displays on the Alerts Last 7 Days tab of the Status screen. Information about backups that have been placed on legal hold can be found in the Legal Hold report. See "Legal Hold Backups Report" on page 381 for details. Actual Retention (Days) Indicates the number of days that the oldest full backup for the client, application, or virtual machine has been retained on the appliance. To set or view retention goals and limits Notes: • Modifying a client’s or application’s retention settings on the Backup Retention page updates these settings on any computer-level backup schedules that have been created for the client or application(s). • Once you enter values on the Backup Retention page, you can no longer modify retention settings from the schedule itself. Instead, do this from the Backup Retention page. • To set retention for a replication target, switch to replication view before starting this procedure (see "Viewing replicated backups" on page 309). 1 Select Settings > Storage and Retention > Backup Retention. 2 Select the Unitrends system in the Navigation pane to see retention settings for all clients and databases. If desired, select an individual Navigation pane item to see only it and its sub-items retention settings. 3 On the Retention Settings pane, highlight individual machines or applications, and enter the desired number of days in the Min Retention Goal, the Max Retention Limit, and Legal Hold fields. 4 If a machine or application has a triangle beside it, expand to set goals and limits for any associated items. Entering the goal and limit for the main item on a tree and clicking Apply configures the same settings for all the sub-items. Otherwise, sub-items can be set individually. 5 Click Confirm to save the changes. Legal hold example In the following diagram, a backup (B1) generated on March 21st, 2013, is set to Legal Hold for four days. There are subsequent differentials on the 22nd, 23rd, and 24th of March 2013. B1 is four days 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 124 old on March 25th, 2013, and there is a new master, B5. However, B1 cannot yet be purged because its purging would result in the purging of the entire backup group, including differentials B2, B3, and B4, which are less than four days old. When the most recent backup in the group (B4) is four days old on March 28th, the entire group reverts to using minimum and maximum retention settings and is eligible for purging. A new backup is added to a group as soon as it is queued, so a group is only as old as its most recent backup. For more information on backup groups, see "Backup groups" on page 145. About system notifications The Unitrends system sends the following notifications: • • Alerts, which display on the Status page. • Traps, which are sent to notifications.unitrends.com. To send traps to your network management server, see "About SNMP trap notifications" Email notifications, which are sent to the System Report Mailing List defined under Settings > Clients, Networking, and Notifications > Email Recipients. For a description of each condition that generates a trap, see "SNMP trap conditions" on page 125. For each trap, an email or alert may also be sent, but be aware that many important messages are sent as alerts only. Be sure to monitor alerts from the Status page. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 125 About SNMP trap notifications The system can be configured to send system and application-specific alerts to a network management server using the SNMP protocol. This provides network administrators with the ability to quickly respond to hardware or software conditions that require action. Alerts are delivered as incoming trap messages to a network management application. The Administrator Interface remains the primary interface for managing a Unitrends system. Unitrends systems come configured with a default destination of notifications.unitrends.com. This enables Unitrends to service our customers with proactive resolution of problems, if and when they arise. For example, if a disk drive on the system is failing, a trap is received by the SNMP manager at notifications.unitrends.com, allowing Unitrends to pro-actively dispatch a warranty request on the failed component (if the support contract on the system is up-to-date). Through the use of the Unitrends SNMP agent and MIB, you can configure alerts to be sent to your own Remote Monitoring and Management (RMM) software. See the following topics for details: • • "To set up SNMP trap notifications" on page 125 "SNMP trap conditions" on page 125 To set up SNMP trap notifications 1 Select Settings > Clients, Networking, and Notifications > SNMP. 2 Select Add Entry to enter the destination address of the SNMP manager. 3 In the Destination field, enter the hostname or IP address for the trap destination. If the management server hostname is used, it must be resolvable either using the hosts file on the system or using DNS. 4 The default Community is public. Edit this entry if necessary. 5 Verify that Send traps to specified destination is checked. 6 Click Confirm to add the destination. 7 Click Test to trigger a test SNMP trap. The test trap is sent to all destinations that are enabled on the system. 8 If desired, click History to view all SNMP traps that have been triggered by the system. 9 Click Close to exit. SNMP trap conditions The following tables describe the conditions that trigger traps on the Unitrends system, including trap data and the associated Object ID (OID) for each. The complete OID for a trap consists of a prefix followed by a specific trap number in the following format: .0. The prefix begins with .1.3.6.1.4.1.21865, which expands to iso.org.dod.internet.private.enterprises.21865 in the MIB tree (21865 is the Unitrends enterprise 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 126 number), followed by 1 for the Unitrends product, then a designation to indicate the trap group (2.100) and finally, the trap number itself. Traps are generated for the conditions described in the table below. IPMI events are only available for physical Recovery-712 or greater systems. In addition, emails or alerts may be sent for these traps. Be aware that informational emails or alerts exist for which no trap is generated. These are not listed in the table. Note that for each trap condition, there are multiple messages that may be sent, depending on the exception encountered. If an alert or email is sent for all exceptions within the trap condition, yes displays in the table. If no alert or email is sent for any exception within the trap condition, no displays in the table. If an email or alert is sent for one or more exceptions but not all within the trap condition, some displays in the table. Trap condition Trap type # Description Alert Email Clients state has changed 1 enterprises.21865.1.2.100.0.1 yes some PCI state has changed 3 enterprises.21865.1.2.100.0.3 yes no Process state has changed 5 enterprises.21865.1.2.100.0.5 some some Disk state has changed 6 enterprises.21865.1.2.100.0.6 some some CEP state has changed 7 enterprises.21865.1.2.100.0.7 yes no System state has changed 8 enterprises.21865.1.2.100.0.8 yes some Backup state has changed 10 enterprises.21865.1.2.100.0.10 some some Archiving state has changed 11 enterprises.21865.1.2.100.0.11 yes no Version information 12 enterprises.21865.1.2.100.0.12 some no Network status has changed 14 enterprises.21865.1.2.100.0.14 no no Disk health state has changed 15 enterprises.21865.1.2.100.0.15 some no IPMI Events 16 enterprises.21865.1.2.100.0.16 no yes Database state has changed 17 enterprises.21865.1.2.100.0.17 no no Test trap 99 enterprises.21865.1.2.100.0.99 no no The member variables (extra information carried in the trap) have a prefix of enterprises.21865.1.1 followed by the ID of the variable. All variables are sent with each trap. This information is useful when configuring the Notifications Manager to filter the traps for a desired set. The following table describes these variables and their values: Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 127 Data type Object ID Trap type, a generic description as given in the above table. Text enterprises.21865.1.1.1 The object affected, for example the client that is down; the process that is not running; the disk that failed. Text enterprises.21865.1.1.2 Message describing the state change in more detail. Text enterprises.21865.1.1.3 Severity: 1=fatal, 2=warning, 3=notice Integer enterprises.21865.1.1.4 Status: 0=clear/close, 1=raise/open Integer enterprises.21865.1.1.5 Sender Asset Tag: the asset tag from the system that sent the trap Text enterprises.21865.1.1.6 Sender License Identity: The hostname and ID of the system that sent the trap Text enterprises.21865.1.1.7 Sender System Identity: The Unitrends version and installation date of the system that sent the trap Text enterprises.21865.1.1.8 Sender Forum Identity: The root user's forum identity Text enterprises.21865.1.1.9 Variable description SNMP agent In release 7.2 and higher, Unitrends offers an SNMP agent that can respond to SNMP get requests. When upgrading to 7.2 and higher, the agent is deployed in a disabled state. The SNMP agent can currently accept SNMP get requests to monitor CPU utilization, memory utilization, network utilization, disk I/O, disk usage, and various other server performance parameters. Unitrends specific data–including backup, schedule, replication, and configuration information–is also available, although the Unitrends interface remains the primary method of accessing this information. For a complete list of all SNMP get requests that the agent responds to, see KB 3054. The Unitrends SNMP agent supports SNMP gets with SNMP version 1, 2c, and 3. You can configure the SNMP V3 username and password from the command line as follows: /usr/bp/bin/cmc_snmpd script user create The script defaults to authorization type MD5 and privacy/encryption of DES. To enable the Unitrends SNMP agent 1 Download the Unitrends MIB by clicking the Download MIB button, and install it in your RMM environment. The file is also available at http:///snmp/. Note: You will also need the Net-SNMP MIBs. These come standard in most RMM software. If you need them, they are available in the same location above. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 128 2 From the Unitrends interface, navigate to Settings > Clients, Networking, and Notifications > SNMP. 3 Under the SNMP Agent Information section at the top of the screen, click Modify Entry. 4 Under Community, enter the community name to use for this SNMP node. 5 Check Enabled? if it is not already checked. 6 Click Confirm. Note: This opens UDP port 161 (SNMP) in the Unitrends system’s software firewall. About encryption Unitrends Encryption technology offers IT administrators a solution for regulatory and corporate requirements to protect their employer’s data from unauthorized access and theft. All data remains encrypted until a request is made to restore the data. If the correct passphrases are in place, recovery proceeds without administrator involvement. The Unitrends solution offers and supports: • • • • • Encryption per client Ability to change passphrases Passphrase management tool to help administrators avoid losing passphrases Replication of encrypted data Archiving of encrypted data Points to consider before turning on Encryption: • Encryption will degrade performance slightly for backups, replication, and restores. It should be done only if you really need to hide your data. • Make sure to keep the passphrase secure because if you forget the passphrase there is no way to recover it or restore any past backups. • In legacy vaulting systems, when you toggle encryption from on to off or vice versa, or when you change the passphrase, the next master backup for encrypted clients will have to replicate to the target system in whole - we cannot send only the changed blocks because toggling encryption and changing the key makes all the blocks look like they have changed. This is not the case in replicating systems since backups are decrypted before being scanned for changed blocks. • To enable software encryption, the system software license feature string must include ENC. Check the license feature string by navigating to Settings > System, Updates, and Licensing > License. • Once encryption has been enabled and configured for a client, that client’s subsequent backups are encrypted. Any backups stored on the system prior to configuring encryption remain unencrypted, as encryption is done during the backup process. See the following topics for details: • "To configure encryption" on page 129 Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 129 • • • • • "To configure backups for encryption" on page 129 "To modify encryption settings" on page 130 "To restore the master key from CD" on page 130 "Archiving with encryption" on page 131 "Encryption limitations" on page 131 To configure encryption 1 Select Settings > System Monitoring > Encryption. 2 Enter a passphrase in the Passphrase and Verify Passphrase fields, and click Confirm. The passphrase can be a word, numbers, a sentence, or a combination of all. Once you create a passphrase you are logged in. This authenticates the user. The passphrase is saved in a master key file. All the passphrases you set are stored in the master key file in encrypted format. Any time you restart the Encryption Manager, you are asked to provide this passphrase. 3 To start the encryption process, change the Encryption State to On. There are two options for enabling the Encryption Manager, On (will be off after reboot) or On (will be turned on again after reboot). Note: 4 5 Burn the master key file to a CD by doing one of the following: • For UEB and Recovery-943 systems, click Backup to save the passphrase to the system’s baremetals share. Map the system’s baremetals share to a workstation that has a CD burner and burn the crypt_image.iso key file to a CD. (For details, see "To map the system baremetals share" on page 131.) If you have trouble writing to the CD, save the key file to a local share on the workstation and try again. • For other Recovery-Series systems, click Backup, insert a CD into the Recovery-Series system, then click Okay to write the key file to the CD. Once the master key file has been copied over to CD, make sure to keep the CD in a safe place. The CD may be required in case of a system failure to restore the master key file. Note: 6 After a reboot (if not set to turn on automatically), or after a Disaster Recovery, all backups and restores of clients set for encryption will fail until you restart the Encryption Manager and log in again. The master key is included as part of the appliance state backup for systems running version 7.0 or higher, or as part of the system state on systems running older versions. This information is included with any replication or legacy vaulting operation, and is copied to an archive device with any archive operation. Proceed to "To configure backups for encryption" on page 129 to enable encryption for each client. (This step may not be necessary if configuring encryption on a replication target system.) To configure backups for encryption Once the Encryption daemon has been started, turn on encryption for each client whose backups should be encrypted. Note that encryption is done during the backup. Once encryption is configured for a client, its subsequent backups are encrypted. Any existing backups for the client remain 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 130 unencrypted. 1 Select Settings > Clients, Networking, and Notifications > Clients. 2 Select the client whose backups you want to encrypt and check the All backups performed on this computer are to be encrypted box. 3 Click Setup to save the client settings. Once turned on for a client, all subsequent backups to a D2D device are encrypted. (Any existing backups remain unencrypted.)This applies to all: • • • • • Master backups • • • • Microsoft Exchange Information Store backups Differential backups Incremental backups Selective backups Microsoft SQL database backups Bare metal backups VMware backups Local directories on the system If you enable encryption on a client before enabling encryption on the system, you receive an error message. If the Encryption Manager is not satisfied with a successful master passphrase, any subsequent backups or restores fails. To modify encryption settings 1 Select Settings > System Monitoring > Encryption. 2 If desired, modify the Encryption State by selecting an option. 3 To change the passphrase, click Change and Yes to confirm. WARNING! If the Encryption Manager is running (backups, restores, or replication jobs are in progress), wait for those tasks to complete before changing the passphrase. If replicating, changing the passphrase can use a tremendous amount of bandwidth. Plan your passphrase change carefully. 4 Enter the passphrase in the Current Passphrase field, and the new phrase in the New Passphrase and Verify Passphrase fields, then click Confirm. To determine whether a backup is encrypted 1 View backup details as described in "To view backup details" on page 149. 2 On the Backup Information page, check the Encryption category. Yes is encrypted, No is not encrypted. To restore the master key from CD To restore the master key file from the CD, you will need to insert the CD in the CD ROM drive and copy the master key file (cryptoDaemonMasterKeys) to /var/lib/misc. At this point only backups up to the time that the CD was created can be restored. Note, the current passphrase is NOT stored on Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 131 the off-premise system or the archive drives. You are required to enter the current passphrase in the administrators interface to unlock the keys. To map the system baremetals share 1 From a Windows workstation, launch Explorer. 2 Right-click Computer and select Map Network Drive. 3 In the Folder field, enter the system’s IP address and baremetals share, then click Finish. For example, to map IP 192.168.220.99, enter: \\192.168.220.99\baremetals. The system’s baremetals share is mapped to your workstation. Click the share to view the crypt_image.iso file. Archiving with encryption Arc h iv in g with e n c ry p tio n If you have configured your archive schedule or Archive Now job for encryption, data being archived from the system to the tape or disk will be in an encrypted format. The master key file is archived as a part of the state. During an archive restore, once the master key is restored the data can be successfully restored to the system in the encrypted state as long as the passphrase set at the time of archive is used. For more details, see the "Archiving Overview" chapter. Encryption limitations En c ry p tio n limita tio n s Encryption is not supported on Small Form Factors (SFF). If the passphrase is forgotten, there is no way to retrieve it. There will be no way to restore an encrypted backup in such a case. No encryption or decryption is performed on the client. No encryption or decryption is performed on a legacy vault system. (Replicated backups are encrypted on the target system using the target’s encryption key.) The following types of backups are not encrypted: • • • Legacy MS Exchange Information Store backups CEP brick level backups Any data stored on the system via Samba or NFS About security levels By default, the security level on the system is set to No Security. This allows all ports to remain open. The administrator can choose the level of security desired on a particular system. Security levels can be set by selecting Settings > Clients, Networking, and Notifications > Ports and are categorized as: • • • • No Security Low Security Medium Security High Security 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 132 To access the system using medium security When using medium security, access the Administrator Interface by entering https:///recoveryconsole/ as the browser address. Access context-sensitive help by directing the browser to https:///recoveryconsole/help/main_menu.html. Answer yes to any warning messages received. To access the system using high security When high security is enabled, the system can only be accessed using a KVM or directly attached monitor, keyboard, and mouse for physical systems, or from the VM console for virtual systems. You have access to the system console only. There is no way to access the Administrator Interface to view functions (such as backups, archives, replication) or make changes to any system settings. To disable high security 1 Connect to the system console. • For physical systems, connect using a KVM or directly attached monitor, keyboard, and mouse. • For Unitrends Enterprise Backup for Hyper-V, launch Hyper-V Manager, select the Unitrends VM, and click Connect. • For Unitrends Enterprise Backup for VMware, connect to the Unitrends VM using the VMware vSphere Client, VMware Player, or VMware Workstation. 2 In the Console Interface, enter 3 in the Please enter choice field. 3 On the Firewall Security Level screen, enter 1, 2, or 3 in the Please enter choice field to change security level to None, Low, or Medium. Open ports and security levels The ports open for each security level are listed in the table below. Additionally, in the General Configuration section of the Settings interface (Settings > System, Updates, and Licensing > General Configuration > Configuration Options), there is a field named dataport_count. This field represents the number of TCP ports allowed to be opened for data transfer. This value includes the control value and four additional ports to determine the actual port numbers from which to select. When any level of security is enabled, the control value is 1745. The default number of additional ports added to 1745 is four. When configuring a firewall (using a security setting and a dataport count of five), ports 1745 through 1749 should be opened between the system and the clients the system protects. Note: About replication and vaulting - Port 1 must be open during the initial configuration of replication or legacy vaulting. During replication or vaulting setup, if you configure a secure tunnel using OpenVPN (the recommended configuration), port 1194 is used for all communication between the source and target (or vault) systems. If you do not configure a secure tunnel using OpenVPN, ports 1743,1745 and 5432 are required for managing a system from the replication target or vault. Additionally, if you do not configure a secure tunnel using OpenVPN, port 80 is used for replication and port 22 for vaulting. The necessary ports must be open in the firewall for management of the system from the replication target or vault. For more details, see KB 3372. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 133 See these topics for open port details: • • • "Low security open ports" on page 133 "Medium security open ports" on page 134 "High security open ports" on page 135 Low security open ports The following table describes the ports that are open for the low security level: Low Security Level Open ports Usage 1 Replication or legacy vaulting setup 22 Secure shell 80 HTTP web access 139 Samba share 161 SNMP 443 Secure HTTP web access 445 CIFS 873 Rsync 888 3ware web access 1194 OpenVPN 1743 Extended Internet daemon 1744 Extended Internet daemon 1745 Extended Internet daemon 1746 Extended Internet daemon 1747 Extended Internet daemon 1748 Extended Internet daemon 1749 Extended Internet daemon 2049 Network file system 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 134 Low Security Level Open ports Usage 3260 iSCSI 4970 Postgres database access 5432 Postgres database access 5801 VNC (Java) access 5900 VNC access 5902 VNC access 6001 VNC HTTP web access 10000 NDMP Medium security open ports The following table describes the ports that are open for the medium security level: Medium Security Level Open ports Usage 1 Replication or legacy vaulting setup 22 Secure shell 139 Samba share 443 Secure HTTP web access 445 CIFS 1194 OpenVPN 1743 Extended Internet daemon 1745 Extended Internet daemon 1746 Extended Internet daemon 1747 Extended Internet daemon Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 135 Medium Security Level Open ports Usage 1748 Extended Internet daemon 1749 Extended Internet daemon 4970 Postgres database access 5432 Postgres database access 3260 iSCSI 10000 NDMP High security open ports The following table describes the ports that are open for the high security level: High Security Level Ports open Usage 1743 Extended Internet daemon 1745 Extended Internet daemon 1746 Extended Internet daemon 1747 Extended Internet daemon 1748 Extended Internet daemon 1749 Extended Internet daemon About the Windows NTFS change journal Today, customers with large numbers of files (typically in the millions) can experience very long incremental backup times. Two factors contributing to the delayed backup times include: • Factor 1 – The Windows agent scans all files/directories on the specified volumes to determine modification times. Files with modification times more recent than the last successful master are included in the incremental backup. • Factor 2 – The Windows agent also looks at the ‘archive’ property on each file whose modification time does not meet the first criteria. If the property is set, then the file is included in the backup. Factor 1 accounts for a large percentage of the time spent performing the backup, while Factor 2 contributes more processing overhead from the mechanics of examining the file properties. In addition, Factor 2 helps to inflate the size of the backup by including files that do not meet the 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 136 modification criteria. Additionally, files with the archive property set should not automatically be included in incremental backups. Use of the change journal can eliminate much of the overhead contributed by these factors. The change journal is a record of all changes to any file(s) on a given volume. When a change journal is created, Windows begins to log changes immediately to that journal without requiring a reboot of the server. Windows logs all file changes on a given volume along with the nature and time of the change. During an incremental backup, the Unitrends agent queries the change journal to discover the changes made to files on the volume. It queries the data logged for each change to determine if the time of the change qualifies the data for back up. This is done by comparing the modified data to the time of the last successful master backup. Since journal records are kept only for changes to files or directories, determining which files to back up on a volume requires just a fraction of the time needed for the traditional volume scan. As the number of files on a volume increases, the benefit of using the change journal also increases. The change journal feature is transparent. There are no visible configuration or setting options on the backup system or on Unitrends local agent interface. By default, the agent prefers to use the change journal during incremental backups. If the journal cannot be used, the agent uses the volumescanning method to produce the list of files to back up. See the following topics for details: • • • • • • "Change journal operation for master backup" on page 136 "Change journal operation for incremental backup" on page 136 "Configuring the change journal" on page 137 "Change journal configurable file types" on page 138 "Change journal per volume" on page 138 "Change journals and remote mounts" on page 138 Change journal operation for master backup Ch a n g e jo u rn a lo p e ra tio n fo rma s te rb a c k u p When a master backup is performed on the Unitrends agent, the system is scanned for an existing change journal on each volume. If a change journal does not exist on a volume, the agent creates one. If a journal does exist, the agent insures that the size of the journal meets the minimum size required by enlarging the journal if necessary. The minimum size required for a change journal is 500MB. After the journal creation/discovery is complete, the agent “registers” each journal by creating entries in the system’s registry. Subsequent incremental backups query these entries. The registry entries exist outside of the current Unitrends registry entries to insure that they are not removed following agent software updates or software removal. The agent records a registry entry for each volume containing a change journal. The registry entry contains the following: • • Unique ID given to the change journal Sequential number of the first entry in the journal Change journal operation for incremental backup Ch a n g e jo u rn a lo p e ra tio n fo rin c re me n ta lb a c k u p When an incremental backup is performed, the system is scanned for an existing change journal on each volume that it intends to back up. If a journal exists, the agent queries the registry for the Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 137 journal’s ID and starting sequence number. This information will have been entered there by a previous master backup. If the entries exist, then the agent performs the following checks: • A check to determine if the journal ID in the registry matches the ID of the volume’s current journal. If the IDs do not match, this indicates that the journal that existed during the master backup was deleted and that a new journal was created. • A check to determine if the starting sequence number in the registry matches that of the volume’s current journal. If these numbers do no match, this indicates that the journal was filled to capacity with entries and has ‘wrapped’ around to the beginning. In this case, there will be file modifications that were made to the volume that are not recorded in the journal. If both these checks succeed, then the agent uses the change journal to determine which files to include in the backup. If one of these checks fails, the agent does not use the journal and reverts to the volume scanning method. In this case, the agent includes some information in the backup output to warn the user that a new master backup must be completed in order to use the journal for subsequent incremental backups. Configuring the change journal Co n fig u rin g th e c h a n g e jo u rn a l If use of the change journal is not desired, it can be disabled by modifying the following entry in the agent’s master.ini file. The file is located on the Windows client in the \PCBP directory (typically C:\PCBP). UseChangeJournal=False The minimum change journal size maintained by the Unitrends’ agent is 500MB. This size is configurable by adding an entry into the agent’s master.ini file. The size should be indicated in MB. ChangeJournalSizeMB=500 The size of the change journal can be enlarged by creating the above entry and setting the value to a number larger than 500. WARNING! The Microsoft best practices for use of change journal recommends that, once created, the change journal size should not be reduced, nor should the change journal be deleted. Likewise, the Unitrends agent cannot guarantee successful backup and restore operations in an environment where the size of the change journal has been reduced. Please understand that reducing the size of the change journal may result in corrupt backup operations, possibly causing failure to restore. Each time that a master backup completes, the change journal for each volume is inspected and enlarged if the size indicated in the master.ini file is larger than the size of the actual journal. The change journal wrap condition causes a delay in the time it takes for incremental backups to complete. If incremental backups begin to take longer than expected, this may be a result of the change journal wrap condition. When backing up servers that are configured as domain controllers, the change journal wrap condition may occur more frequently. The change journal wrap condition is not an error and will not interfere with capturing a successful backup. However, because the system must do a full filesystem scan, this does increase the likelihood of a timeout occurring that fails the backup. In the event that the change journal wrap 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 138 condition occurs, expect to see the following message in the backup summary for the specific backup operation: Change journal for volume C: appears to have wrapped since the last master backup and will not be used for this backup. This is not an error condition and does not interfere with the backup. If this server is a domain controller, then this condition is expected to occur more frequently. To enable use of the change journal for the next incremental backup, perform a master backup to resynchronize with the journal. If the change journal wrap condition occurs too frequently, you must enlarge the current journal size, as described below. Change journal configurable file types Ch a n g e jo u rn a lc o n fig u ra b le file ty p e s The change journal contains records of changes to files on a particular volume. There are two types of data changes that do not modify file content but are tracked by the journal: • Auxiliary Data Change – An operation adds a private data stream to a file or directory. An example might be a virus detector adding checksum information. As the virus detector modifies the item, the system generates change journal records. This type of file change indicates that the modifications did not change the application data. • Basic Information Change – A user has changed one or more file or directory attributes (i.e. readonly, hidden, system, archive, or sparse), or one or more time stamps. When the agent encounters an ‘Auxiliary Data Change’ record, the default behavior is to ignore it and not include the file in the backup. When the agent encounters a ‘Basic Information Change’ record, the default behavior is to include the modified file in the backup. In both cases, if the default behavior is not the desired behavior, modify the master.ini file to override the existing settings: ChgJournalBackupAuxChg=1 Adding this entry forces the agent to include files in the backup when an ‘Auxiliary Data Change’ is found. ChgJournalBackupPropChg=0 Adding this entry forces the agent to ignore files whose only change was a property change. Change journal per volume Ch a n g e jo u rn a lp e rv o lu me Change journals are created and managed on a volume-by-volume basis. If a system contains multiple volumes and a subset of the volumes cannot support use of the change journal, the volumes are backed up using the volume scanning method. Volumes that support change journal are backed up using the change journal. Change journals and remote mounts Ch a n g e jo u rn a ls a n d re mo te mo u n ts Change journals can be created and accessed on local NTFS volumes only. If NTFS file systems are mounted from remote servers, the incremental backups that include the mounted volumes do not use the change journal for those volumes. Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 139 For example: File Server ‘ServerA ‘shares ‘DirectoryA’ for anyone to mount. Workstation ‘UserA’ maps ‘DirectoryA’ as a local drive and then adds/change files. If an incremental backup of ‘ServerA’ is performed: ‘UserA’ changes to ‘DirectoryA’ will be seen and backed up using the change journal. If an incremental backup of ‘UserA’ is performed using the change journal: ‘UserA’ changes to ‘DirectoryA’ will not be backed up using the change journal. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 140 Legacy Recovery-Series and UEB Administrator's Guide Chapter 4: Advanced Configuration Options 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 141 Chapter 5: Backups Overview This chapter provides an overview of Unitrends backups. It identifies the types of data that Unitrends protects, introduces the different backup types, and explains how they are structured into groups by the system. It also explains how to use the Unitrends Administrator Interface (AI) to monitor jobs, view backups, and perform other backup procedures. To restore backups, see the "Restore Overview" chapter. This chapter contains the following topics: • "Types of data protected" on page 141 • • • • • • "Backup types" on page 142 "Backup groups" on page 145 "Executing backups" on page 146 "Monitoring running backup jobs" on page 147 "Viewing backups" on page 148 "Working with the Backup Browser" on page 154 Types of data protected The following types of data can be protected with the Unitrends system: • • • • "Files" on page 141 "Applications" on page 141 "Operating systems" on page 142 "Virtual machine infrastructure" on page 142 Files The file system of a client or files stored on a CIFS/NFS NAS are protected by file-level backups. For an explanation of the different backup types used to protect files, see "Backup types" on page 142. For instructions on executing file-level backups, see the "File-level Backups" chapter. Applications Applications are protected by backups that capture an application’s structure and data to ensure database consistency. See the following chapters for details about application backups: • • • • • "Microsoft SQL Protection" on page 489 "Microsoft Exchange Protection" on page 511 "Microsoft SharePoint Protection" on page 535 "Oracle Protection" on page 549 "Cisco UCS Protection" on page 679 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 142 • "NAS protection using NDMP" on page 570 For an explanation of the different backup types used to protect applications, see "Backup types" on page 142. Operating systems Operating systems are protected by bare metal technology, and the protection procedures vary depending on the operating system. For details, see "Bare metal procedures by client operating system" on page 750. Virtual machine infrastructure Unitrends supports backup of Hyper-V and VMware environments. For details, see the chapters "Hyper-V Protection" and "VMware Protection". For an explanation of the different backup types used to protect virtual environments, see "Backup types" on page 142. Backup types Not all backup types are supported for all clients. For details on which types of backups can be run for particular clients, see the client-specific chapters listed under Applications and Virtual machine infrastructure. The following types of backups can be performed with the Unitrends system: • • • • • • "Full backup" on page 142 "Incremental backup" on page 143 "Differential backup" on page 143 "Synthetic backup" on page 144 "Selective backup" on page 145 "Bare metal backup" on page 145 Full backup F u lb a c k u p A full backup of a client, also known as a master backup, captures all data selected for protection. For file-level backups, you can use selection lists to exclude unwanted data, and for Windows clients, you can also specify which files to include. For applications and virtual machine infrastructure, all data is included in a full backup. Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 143 Incremental backup In c re me n ta lb a c k u p When an incremental backup is scheduled, the system checks the protected client in specified intervals of time and captures changes in the protected data since the last successful backup (of any type). The diagram below illustrates incremental backups for a client. In this example, the incremental runs once a day, but you can schedule incrementals more frequently if desired. Differential backup Dife re n tia lb a c k u p A differential backup captures changes in the protected data since the last successful full backup. The diagram below illustrates differential backups for a client. Each differential captures all changes in the protected data since the full backup on Day 1. For example, the differential on Day 4 captures all changes since the full backup on Day 1, including the changes that were already captured by the differentials on Day 2 and Day 3. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 144 Synthetic backup Sy n th e tic b a c k u p A synthetic backup is a full or differential backup that the Unitrends system synthesizes by superimposing the incremental backups on the last successful full backup. It then uses the synthesized backups to create recovery points. After the system creates a synthesized full backup, it uses this backup as a reference point when determining whether the client’s protected data has changed and a differential or incremental backup needs to be run. The Unitrends system uses the following factors to determine when to create a synthetic backup: • • • • Amount of data being protected on the backup system Number of days from the last full backup Number of incremental backups since the last full backup Load on the system Synthetic backups are created only for file-level backups and backups of VMware and Hyper-V clients. Synthetic backups are system-side only and do not impact the clients or networks. The diagram below illustrates a synthetic backup. For additional information about synthetic backups, see KB 3560. Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 145 Selective backup Se le c tiv e b a c k u p A selective backup is run independently of any full, differential, or incremental backup and captures only the client data that you have selected. Selective backups can be used only for file-level backups. For details, see "File-level Backups" on page 159. Bare metal backup Ba re me ta lb a c k u p For Windows clients, a bare metal backup may be used to capture the boot volume (usually the C: drive) allowing for rapid recovery in the event of a system or drive failure. Note that in Unitrends release 7.4 and higher, regular file-level backups contain this system information, eliminating the need for bare metal backups for many clients. For requirements and details, see "Windows Bare Metal Protection" on page 753. To protect the operating system for non-Windows clients, see "Bare metal procedures by client operating system" on page 750. Backup groups To protect your data, you will likely use a combination of backup types. (For a discussion of the different backup types, see "Backup types" on page 142.) When you execute different types of backups for a client, the Unitrends system organizes them into backup groups. The system creates a group when you run a new full backup. Each subsequent differential and incremental backup forms a link in the chain of backups that constitute the group. Each link in the chain is necessary for performing point in time restores. When you execute a new full backup (or when the system creates a synthetic full backup), the system creates a new group associated with the full backup. (For information about restoring files from backups, see "Restore Overview" on page 341). The following diagrams illustrate backups groups: • • "Groups with full, differential, and incremental backups" on page 145 "Selective backup in relation to a group" on page 146 Groups with full, differential, and incremental backups The diagram below shows two backup groups containing full, differential, and incremental backups. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 146 Selective backup in relation to a group Note: Selective backups are supported only for file-level backups. Selective backups exist independently of backup groups. The diagram below illustrates a backup group and selective backups for one client. Both a selective backup and an incremental backup ran on Day 3. On Day 5, a differential backup and a selective backup ran. However, only the incremental and the differential belong to the group associated with the full backup run on Day 1. Executing backups For instructions on executing backups, see the following chapters: • • • • • • "File-level Backups" on page 159 "Microsoft SQL Protection" on page 489 "Microsoft Exchange Protection" on page 511 "Microsoft SharePoint Protection" on page 535 "Oracle Protection" on page 549 "Hyper-V Protection" on page 585 Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 147 • • "VMware Protection" on page 629 "Cisco UCS Protection" on page 679 Monitoring running backup jobs To view and manage queued and running backup jobs 1 Select the backup system or client in the Navigation pane and click Status. Selecting the client displays only jobs run for that client. Selecting the backup system displays all queued and running jobs. 2 On the side of the Status page, click the Present blind. On the Present page, all queued and running backups for the selected system or client display. The following information is given for each job: Field Description ID Backup ID Client The client for which the job is executing. DB/VM Shows the virtual machine or application instance, if applicable. Job Type The type of job. Status The real-time status of a task is displayed in the Status column. Job Comment Backup performance and progress can be monitored in the Job Comment column. Successful This signifies that all the files have been backed up successfully. Note: This may signify an incomplete backup. Files open at the time of backup or ones that do not have the right permissions do not get backed up. All the other files back up successfully. If less than 0.01% of the total number of files fail to backup, the status is reported as success. Failed This signifies that the backup failed. Click Detail for more information. If more than 0.01% of the total number of files fail to backup, the job is classified as failed. Proc Aborted This signifies an unexpected abort of the backup process. Click Detail for more information. Canceled This status is seen when a user terminates a backup process. When a row is selected in the table, details concerning that job display near the bottom of the 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 148 page. Details include the name of the job, the job ID, the job type, the client, the device, the status of the job, and the comment. At the bottom of the page are a set of controls: Control Description Auto Refresh Check this box to refresh the page every n seconds, where n is the number entered. Refresh Interval The number of seconds between automatic refreshes if the Auto Refresh box is checked. Advanced Options > Stop Tasker/Start Tasker This button toggles starting and stopping the Tasker process, which manages jobs. If there are any modifications to the backup system’s configuration settings, Tasker must be stopped and re-started for changes to take effect. To access Tasker, click the Advanced Options checkbox. Refresh Now Click to manually refresh the page. Suspend/Resume Select a job in the list and click this button to suspend an active job(s) or to resume a suspended job(s). Terminate Click this button to terminate a selected job(s). Close Click to close this view and return to the previous screen. Multi-job selection Use Shift + Click to select contiguous rows. Use Ctrl + Click to select non-contiguous row. For best results, disable auto-refresh before acting on multiple jobs. Once the action is complete, click Refresh Now or check Auto-Refresh to see job statuses. Viewing backups To check the status of backups, you can view running jobs as described in "Monitoring running backup jobs" on page 147, or view completed jobs as described in these procedures: • • • • • • • To run a backup report, see "Backups Report" on page 369 "To view backups completed in the last 7 days" on page 149 "To view backups by month" on page 149 "To view backup details" on page 149 "To find files in backups" on page 150 "To browse the contents of a backup" on page 151 For replicated backups, see "Viewing replicated backups" on page 309. Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 149 Note: If your backup system is replicating to a target, be sure you are not working in Replication View. This view displays replicated backups on the target system rather than ones stored on the local backup system. To view backups completed in the last 7 days 1 Select the backup system in the Navigation pane and click Status. Note: The blue server icon displays to the left of each backup system in the Navigation pane. 2 Select the Past (Historical Status) blind. 3 The System Status page displays a snapshot of backups for each protected client over the last 7 days. Failures are red, warnings yellow, and successes green. Hover over any square in the Backup: 7 Day Snapshot calendar for a backup summary of a given client and day. 4 Select the Backup: Last 7 Days tab below for a list of completed backup jobs. • • • Click any column head to change the sort order. To filter by client, select the client in the left Navigation pane. Double-click a backup to view additional details on the Backup Information page. To view backups by month 1 Select a client in the Navigation pane and click Status. Note: For virtual machines on 7.1 and higher, you can filter further by selecting a VM. To display VMs under the Hyper-V client or ESX server, click the gear icon at the bottom of the Navigation pane, check Show Virtual Machines in Navigation Tree, and click Confirm. 2 Select the Past (Historical Status) blind. 3 The center stage displays a snapshot of backups completed for this client during the current month. Failures are red, warnings yellow, and successes green. • • 4 Hover over any square in the monthly calendar for a backup summary of a given day. Click the scroll arrows above to view another month. Select the Backup: Month tab below for a list of completed backup jobs. • • Click any column head to change the sort order. Double-click a backup to view additional details on the Backup Information page. See "Backup Information page" on page 152 for more information. To view backup details 1 Select a client in the Navigation pane and click Status. Note: For virtual machines on 7.1 and higher, you can filter further by selecting a VM. To display VMs under the Hyper-V client or ESX server, click the gear icon at the bottom of the Navigation pane, check Show Virtual Machines in Navigation Tree, and click 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 150 Confirm. 2 Select the Past (Historical Status) blind. 3 Under the Backup: Month or Backup: Last 7 Days tab, click the desired backup. 4 Details display on the Backup Information page. • • Click any column head to change the sort order. Double-click a backup to view additional details on the Backup Information page. See "Backup Information page" on page 152 for more information. To find files in backups Use this procedure to search for files in a client’s file-level backup history. These files can be deleted, viewed, or restored. Note: The Show Search Options feature is for file-level backups only. If you attempt to search for a file in an application or virtual machine backup, you receive a message that no files were found. 1 Click Status on the main menu. 2 Select a client in the Navigation pane and click Show Search Options above the calendar. 3 Enter search criteria. Search by name, date, size, or any combination. • Name – To search by name, check the Name box and enter text. For quickest search, include the entire path. Wildcards, such as “*” and “?”, can be used in the file name. An “*” represents any number of characters before or after the entered text. For example, *.doc returns all files ending with the .doc extension and auto* returns all files starting with auto. A “?” represents just one character. For example, if there are a number of files named file1, file2 through file12, file13,file? returns file1 through file9 and file?? returns all the files up to file13. Searches that fully spell out the path and file name can be executed quickly. The use of wildcards will increase the time required to return the results as the search must go through every file in the backup to locate the match. Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 151 IMPORTANT! If using wildcards, such as ‘\\’, ‘%’, ‘_’, ‘*’, ‘?’, and ‘\’, do NOT check the Regular Expression box. These characters are interpreted differently as regular expressions and do not yield the same search results. • Regular Expression – Check this box to search using regular expressions. (Do NOT check this box to search using regular wildcards.) Regular expressions are used to symbolically represent patterns that can occur in text. Like wildcards, certain characters have special meaning when specifying the text that can match the regular expression. The syntax of regular expressions is more complex and powerful than wildcards. This technique only needs to be used if wildcards are too limited to construct a sufficiently precise search pattern. Some good references about the use of regular expressions can be found in the online encyclopedia, Wikipedia. • • Ignore Case – Check this box to search for filenames regardless of case. • • Size (KB) – Check this box and enter a range in kilobytes to narrow the search by file size. • Exclude – Select to return all files other than ones that meet the search criteria you entered. Entered criteria is used to exclude files from search results. Date – Check this box to search for files modified within a certain time frame. Calendar icons are provided to assist with date selection. Include – Select to return files that meet the search criteria you entered. This is the default setting. 4 Click Search. Files matching the specified criteria display below on the Search: File Results tab. 5 Double-click a file to view more details. • • • 6 To delete this backup and any associated dependent backups, click Delete Backup. To exit the Backup Information page, click Cancel. To restore, proceed to the next step. To restore from this backup, click Restore Files and set restore options, then click Restore. • By default, the file you selected in step 5 above is the only item selected for restore. To add files, browse the File Selection List in the Restore from Backup of Client pane and select files, folders, and volumes to add. To expand a volume or folder, click the arrow to its left. Files and folders can be viewed in their default or short format by selecting the appropriate radio button next to File View. • • Click Show Advanced File Selection to select files by drag and drop. Change the File Exclusion options or the Advanced Execution options as desired. For details, see "Restore options" on page 348 and "Advanced Execution Options for restore" on page 351. To browse the contents of a backup 1 Select a client or application in the Navigation pane. 2 Select Reports > Backups. 3 Locate the desired backup on the Backups Report. If necessary, select a new date range from the drop-down at the bottom of the page to display more backups. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 152 4 Select the desired backup in the grid by clicking that row. 5 In the Report Entry window, click Details for a list of items contained in the backup. 6 Click Close to exit the Details window. Backup Information page Items on the Backup Information page are described here. Note that some items display for specific application backups only. Category Description Application Application version. For example, VMware, Hyper-V 2008 R2, SQL Server 2008, Exchange 2010, SharePoint 2010, or Oracle 11. Does not display for file-level backups. Backup ID Unique ID assigned to the backup. BytesPerMinute Average backup speed, in bytes per minute. Certified Indicates that this backup has been certified using ReliableDR, either successfully (Certification successful), with errors (Certification completed with errors), or with warnings (Certification completed with warnings). It does not display for non-certified backups. Cluster Applies to Hyper-V only. Indicates whether the VM is configured in a cluster. Complete Indicates whether the backup job completed. Database Displays for application backups only. The database or VM name that was backed up. Date Date and time the backup started. Device Device where the backup is stored. Default is D2DBackups. DiskMetadata Indicates whether metadata is contained in the backup. Metadata is required for Windows Instant Recovery and Windows Integrated Bare Metal Recovery. System Name of the backup system. Elapsed Time Duration of the backup job in hh:mm:ss format (hours, minutes, seconds). ElapsedTimeRaw Duration of the backup job, in seconds. Encrypted Indicates whether this backup is encrypted. Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 153 Category Description Files Number of files contained in the backup. FilesPerMinute Average number of files backed up per minute. GUID Applies to Hyper-V only. Virtual machine ID. Instance Displays for application backups, except for Exchange and Oracle. • • • • For VMware, name of the vCenter or ESX server hosting the guest VM. For Hyper-V, name of the guest VM. For SQL, name of the client running the SQL server. For SharePoint, instance is Farm. Instance ID Displays for application backups only. ID associated with the instance. Last Indicates whether this is the most recent backup of this type for this client. Name Name of the client whose data was backed up. Parent Name of the associated parent backup. Raw Command Command issued by the backup system to run this job. Replicated Indicates whether this is a replicated backup stored on the replication target. Result (Operation) Status of the backup job: success, warning, or failure. Result (Verify) Status of the verify: success, failure, or none (if no verify was performed). Size (MB) Backup size, in megabytes. SyncSize For replicated backups only, size of the sync object. Indicates how much data was replicated. Synthesized Indicates whether this backup was synthesized. Synthetic backups are initiated automatically by the system. For clients protected with the incremental forever strategy, synthetic system-side masters and/or differentials are created periodically. Synthetic masters and differentials may also be created for archiving and legacy vaulting, as incrementals are not archived or vaulted directly. For more information, see KB 3560. Template Indicates whether this is a backup or VMware template. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 154 Category Description Type Backup type. File-level backup types include full/master, differential, incremental, selective, and bare metal. Application backup types vary by application. Application name is included in the backup type name (for example, Exchange Full). Raw Output Messages logged during backup. Restore Files Click to restore files. Applies to file-level backups and the following application backups: VMware, Hyper-V, and Oracle. Restore Items Applies to Exchange only. Click to restore items using Kroll. Restore Applies to application backups only. Click for non-granular restore of the backup. To restore the entire application to a specific point in time, use the main Restore menu instead. See "Executing a point-in-time restore" on page 346. Delete Backup Click to delete the backup and any associated dependent backups. Cancel Click to exit the Backup Information page. Working with the Backup Browser Use the Backup Browser to view and manage backups already stored on a device. See the following topics for details about using the browser: • • • • • "About the Backup Browser" on page 154 "To view backups stored on a device" on page 155 "To customize the backup browser" on page 156 "To delete backups from a device" on page 156 "To set a legal hold on a backup" on page 156 About the Backup Browser Ab o u th e Ba c k u p Bro ws e r The Backup Browser is split into two panes. The top pane displays backup devices, and the bottom pane displays information about the backups stored on the selected device. Backup Devices pane You can view the following information about backup devices in the upper pane of the Backup Browser: Column Description Device Name The name of the storage device. Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 155 Column Description Storage Name The name of the backup storage on the device. Online Whether or not the storage device is online. Default Whether or not the device is default storage. Size (GB) The total capacity of the storage device. Backup Concurrency Maximum number of concurrent backups allowed for the device. Backup Details pane You can view the following information about backups already stored on the selected device in the lower pane of the Backup Browser. Note: For additional information about a particular backup, select its checkbox, then click Backup Information. Column Description Client The name of the client which the backup operation protects. ID The backup operation’s unique numeric identification. Status The status of the backup operation. Green indicates a successful backup, yellow indicates a backup completed with warnings, and red indicates a failed backup. Currently active backup operations are represented with an hourglass. Database Displays for application backups only. The database or VM name that was backed up. Date The date the job occurred. Time The time the job started. Type The type of backup operation. The type may include master, differential, incremental, bare metal, etc. Size (MB) The size of the backup operation in megabytes. To view backups stored on a device 1 Select Settings > Storage and Retention > Backup Browser. The system’s backup devices display in the top pane. The default storage target is named Internal, but if other targets have been added, they also display. See "About storage configuration" on page 103. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 156 Note: 2 By default, the Internal target includes the default device, D2DBackups. Devices may be modified in Settings > Storage and Retention > Backup Devices. Select a backup device in the upper pane. All backups stored on that device display in the lower pane. If desired, click Refresh to update the list, or click Select Columns to customize the information displayed. See "To customize the backup browser". 3 To view finer detail for a particular backup, select its checkbox, then click Backup Information. To customize the backup browser 4 Select Settings > Storage and Retention > Backup Browser. 5 Click Select Columns. 6 In the Column Chooser window, check or uncheck the columns as desired. Note: 7 By default, the lower pane of the Backup Browser displays all columns. Click Confirm. The columns displayed in the lower pane automatically update to reflect your selections. To delete backups from a device When you delete a backup, it is logically deleted and you can no longer access it. However, the amount of available storage will not immediately increase and might not increase at all. The backup’s physical blocks are removed when the system performs a periodic purge. For deduplicated systems, a given block might be referenced by several backups, and unless all of these backups are deleted, the block is not purged, and your available storage space does not increase. WARNING! This procedure permanently deletes backups from the system. Once you click Confirm, you cannot stop the process. Any selected backups and dependent backups are deleted from the system. For example, deleting a full backup deletes any associated incremental and differential backups in that group. If any backups that are set to legal hold are selected for deletion, a warning displays asking if you really want to delete those backups. An entry in the audit log is created any time a backup that was set to legal hold is deleted. 1 Select Settings > Storage and Retention > Backup Browser. 2 Select a backup device in the upper pane. All backups stored on that device display in the lower pane. If desired, click Refresh to update the list. 3 Choose one or more backups by checking the desired boxes. To select all, check the box in the title bar. Click again to deselect all. 4 Select Delete Backup, then click Yes. To set a legal hold on a backup 1 Select Settings > Storage and Retention > Backup Browser. Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 157 2 Select a backup device in the upper pane. All backups stored on that device display in the lower pane. If desired, click Refresh to update the list. 3 Choose a backup by checking the desired box. Only one backup may be selected at a time when modifying legal hold settings. 4 Select Legal Hold Settings. For a selected backup, all backups in its group are displayed. For example, if you selected an incremental, all incrementals and their parent full are selected. 5 Do one of the following: • To set a legal hold on only the backups listed below, adjust the Legal Hold Settings For Individual Backups on the left. • To set overall retention and legal hold settings for a client, virtual machine, or database, adjust the Retention Settings for your client on the right. These are the same settings you can set in Settings > Storage and Retention > Backup Retention. The settings that are in effect for the selected backups are highlighted. If legal hold is configured for the client and you set different legal hold settings for a backup of that client, the larger legal hold setting takes precedence. 6 Click Confirm. Note: Information about backups that have been placed on legal hold can be found in the Legal Hold report. See "Legal Hold Backups Report" on page 381 for details. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 158 Legacy Recovery-Series and UEB Administrator's Guide Chapter 5: Backups Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 159 Chapter 6: File-level Backups This chapter describes the procedures used to perform file-level backups of protected clients. Clients must be registered to the backup system before running these procedures. See "About adding clients" on page 69 for details. File-level backups protect a client’s file system, and in release 7.4 or higher, file-level backups can also protect the operating system of most Windows clients. (For details about protecting a Windows client’s operating system with file-level backups, see "Windows Bare Metal Protection" on page 753.) For descriptions of the procedures used to protect applications and virtual machine infrastructure, see the applicable chapters. Note: If you have VMware or Hyper-V virtual machines, you can protect them using Unitrends VMware backups, Hyper-V backups, or by installing an agent and running Unitrends filelevel backups. To determine the protection strategy that works best for you, review "VMware Protection" on page 629 and "Hyper-V Protection" on page 585. If you are a new user of the Unitrends backup system, it is recommended that you read the "Backups Overview" chapter before running the procedures described here. The overview chapter provides a detailed discussion of backup types, backup groups, and other key concepts referenced throughout this chapter. This chapter contains the following topics: • • • • • • • • "File-level backup types" on page 159 "File-level backup strategies" on page 160 "Grouping clients for file-level protection" on page 162 "Using selection lists" on page 162 "About executing file-level backups" on page 166 "Working with the computer backup subsystem" on page 167 "Working with the Enterprise backup subsystem" on page 176 "Working with client aliases" on page 198 File-level backup types The following types of file-level backups can be performed with the Unitrends system: Backup Type Full backup Description Captures all selected data on the client. For file-level backups, you can use selection lists to exclude unwanted files (all systems) or include specified files (Windows and Linux only). Also called a master backup. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 160 Backup Type Description Incremental Checks the protected system in specified intervals of time and backs up changes backup in the protected data since the last successful backup (of any type). Any selection lists must match those applied to the previous full backup. Differential backup Captures changes in the protected data since the date and time of the last successful full backup. You have the option to exclude unwanted files (all systems) or include specified files (Windows and Linux only). Any selection lists must match those applied to the previous full backup. Selective backup Used to back up selected volumes, directories and/or files on a client. You can include specified files, using wildcards if needed. Wildcards are not supported for Linux, Unix, and CIFS/NFS NAS clients. Selective backups do not belong to a backup group. Synthetic backup Full or differential backup that the system synthesizes by superimposing the incremental backups on the last full backup. Synthetic backups are system-side only and do not impact the client or networks. For a more detailed discussion of these backup types, see "Backup types" on page 142. File-level backup strategies Unitrends recommends using an incremental forever strategy for file-level backups. With this strategy, a full is run one time, followed by incrementals thereafter at the frequency that best suits your environment. The system then synthesizes fulls and differentials locally from the incrementals to ensure quick restores. These synthetic backups are also used for archiving and legacy vaulting, as incremental backups do not archive or vault directly. For more information on synthetic backups, see "Synthetic backup" on page 144 and KB 3560. Incremental forever is supported on Unitrends Enterprise Backup virtual systems as well as the Recovery-212 and later physical systems. The following clients can use the incremental forever backup strategy: Windows XP or later, VMware ESX(i) 5.0 or later (See "VMware Protection" on page 629), Hyper-V 2008 R2 or later (See "Hyper-V Protection" on page 585), and any supported Linux client. To use the incremental forever strategy, it is recommended that the backup system be on the latest release. Unitrends supports a variety of other strategy options, described here: Objective Strategy Your tolerance for data loss is measured in a day or more Use incremental forever or a weekly full backup with daily differential backups. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 161 Objective Strategy Your tolerance for data loss is measured in minutes or hours Use incremental forever or a weekly full backup with daily differential and hourly incremental backups. Your backups need to complete within a few hours during the week but can run continuously on the weekend Use incremental forever or a weekly full backup with daily differential backups. You need to control when full backups run If system resources are taxed and you would like to control when a full backup runs, use a weekly full backup with daily differential and/or incremental backups. Keep in mind that synthetic backups are system-side only and do not impact the client or networks. Incremental forever backup strategy The diagram below illustrates an incremental forever backup strategy for a client. The strategy begins with a full backup and then runs incrementals at specified intervals of time. When the system determines that a new full backup is necessary, it synthesizes one by superimposing the incremental backups on the last full. A new backup group begins with the synthesized full backup. Full with daily differentials backup strategy This diagram illustrates a strategy that uses weekly full backups with daily differentials. Because this strategy includes weekly full backups, the system creates a new backup group each week. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 162 Grouping clients for file-level protection Beginning in release 7.5, you can use the navigation grouping feature to run file-level backups for groups of clients. Grouping also increases ease of use by enabling you to manage clients as groups, rather than individually. See the following topics for details: • "Navigation grouping" on page 45 for a description of the feature, requirements, and setup procedures. • Procedures in "Working with the Enterprise backup subsystem" on page 176 to run backups of the groups you have created. • Procedures in "Archiving Overview" on page 201 and "Reports" on page 357, to archive or run reports at the group level. Using selection lists If you do not want all data from a client to be included in its backups, you can use selection lists to specify which data the backups include or exclude by directory path, file name, and file type. You can use selection lists for all of a client’s backups by applying exclusion lists (all clients) and inclusion lists (Windows version 7.2 or higher and Linux version 8.0 or higher only) to full, differential, and incremental backups. You can also use the selective backup type, which does not belong to a backup group, to apply an inclusion list to an individual backup. (For an explanation of backup groups, see "Backup groups" on page 145.) See the following topics for details about using selection lists: • • • "When to use a selection list" on page 162 "Using selection lists with full, differential, and incremental backups" on page 165 "Using selection lists with the selective backup type" on page 166 For instructions on creating selection lists see the following: • • For individual clients, see "Working with the computer backup subsystem" on page 167. For multiple clients, see "Working with the Enterprise backup subsystem" on page 176. When to use a selection list When running one-time or scheduled backups you can apply selection lists to explicitly exclude or include files. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 163 • You can specify an exclude list for full, differential, and incremental backup types for all systems, using wildcards if necessary. (Note that wildcards are not supported for Linux, Unix, and CIFS/NFS NAS clients.) • You can specify an include list for full, differential, and incremental backup types for Windows (version 7.2 or higher) and Linux (version 8.0 or higher) clients only. Wildcards are not supported. For more information, see "Windows selection lists" on page 438 and "Linux selection lists" on page 714. • Use an include list for selective backup types, using wildcards if necessary. (Note that wildcards are not supported for Linux, Unix, and CIFS/NFS NAS clients.) • Selection lists do not apply to bare metal backups. Additionally, some selection lists support selection patterns, also known as wildcards. The following table indicates when you can use an include or an exclude list, and indicates support for wildcards. Notes about Includes Includes Full Backup Sometimes For Windows (version 7.2 or higher) and Linux (version 8.0 or higher). Wildcards not supported. YES For all clients. Wildcards okay for most clients. Wildcards not supported for Linux, Unix, and CIFS/NFS NAS. Differential Backup Sometimes For Windows (version 7.2 or higher) and Linux (version 8.0 or higher). Wildcards not supported. YES For all clients. Wildcards okay for most clients. Wildcards not supported for Linux, Unix, and CIFS/NFS NAS. Incremental Backup Sometimes For Windows (version 7.2 or higher) and Linux (version 8.0 or higher). Wildcards not supported. YES For all clients. Wildcards okay for most clients. Wildcards not supported for Linux, Unix, and CIFS/NFS NAS. Selective Backup YES Required. Wildcards okay. Sometimes Not supported for Computer selection lists. Supported for Enterprise selection lists. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Excludes Notes about Excludes Backup Type Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 164 Backup Type Includes Notes about Includes Excludes Notes about Excludes Bare Metal Backup NO N/A NO N/A Uses for selection lists Selection lists can be used to omit and include files in backups by directory path, file name, and file type. Here are some example uses for selection lists: Selection list type Exclude list - any client Include list - any client Example uses Create a one-time or scheduled full, differential, or incremental backup. Example uses: • If legal or audit requirements specify a monthly backup for all files and folders except for process documents, set up a full backup to run monthly that excludes process documents. • If company processes require full backups for all files except for training documentation and videos, create a full backup that excludes the folders and files of those types from the training department. Create a one-time or scheduled selective backup. Backup contains only files that meet inclusion criteria. Does not impact backup group chain, since selective backups are stand-alone and not part of a group. Example uses: • Include only certain volumes or paths that have important data and do not need to run subsequent incremental or differential backups that contain only changes. • Backup only a few files or a certain type of file during a single instance. For example, your Finance department is changing spreadsheets for a quarterly audit and would like to back up those spreadsheets. Full backup with exclusion list Exclusion lists are supported for full, incremental, and differential file-level backups for all client types. Wildcards are supported for most client types. Note that all incrementals and differentials associated with the full backup must have the same selection lists, and a new full must be run anytime the inclusion list is updated. The following graphic is an example of an exclusion list applied to a full backup. The backup captures only files on the C: drive that are not of the .tmp type because the E: drive and all .tmp files are excluded. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 165 Selective backup inclusion lists Inclusion lists are required for selective backups. Wildcards are supported for most client types. Selective backups are not included in backup groups, so it is not necessary to run a new full when the inclusion list is created or updated. The following graphic is an example of a selective backup and inclusion list. As specified, the backup contains only files on the C: drive of the .mp3 and .txt types. Using selection lists with full, differential, and incremental backups Apply selection lists to full, differential, and incremental backups to specify which data a client’s backup groups will include (Windows and Linux only) or exclude (all clients). If no inclusion or exclusion is specified, a full backup includes all client files. It is important that your subsequent incremental or differential backups use the same selection lists so that data across all backups in the group is consistent throughout. When creating a schedule, the same lists are applied to all scheduled backups automatically. For recommendations about using selection lists, see "When to use a selection list" on page 162. Windows and Linux clients support inclusion lists for full, differential, and incremental backups. For more information see "Windows selection lists" on page 438 and "Linux selection lists" on page 714. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 166 Using selection lists with the selective backup type With the selective backup type, you can specify which data to include by directory path, file name, and file type. Wildcards are supported for most clients. Wildcards are not supported for Linux, Unix, and CIFS/NFS NAS clients. A selective backup does not belong to a backup group, so the inclusion list does not apply to any subsequent backups unless you schedule periodic selective backups using the same inclusion list. A backup strategy using only the selective backup types is not recommended because it would not capture only incremental changes in the protected data. The selective backup type is best used as a one time backup. For recommendations about when to use the selective backup type, see "When to use a selection list" on page 162. About executing file-level backups Backups can be run immediately or scheduled to run at specified intervals from either the Computer backup subsystem or the Enterprise backup subsystem. Use the Computer backup subsystem if you are new to Unitrends or wish to execute the backup very quickly with little setup configuration for one client at a time. Use the Enterprise backup subsystem to utilize more advanced features, such as option lists, multi-client selection lists, and calendars, and to quickly add one or more clients to a schedule. For procedures, see "Working with the computer backup subsystem" on page 167 and "Working with the Enterprise backup subsystem" on page 176. Protected clients must be online and network communications between the clients and the backup system must be operational for backups to run. Default exclusions from file-level backups By default, certain files and directories are excluded from file-level backups of Linux and Windows clients. For details, see the follow topics: • • "Default exclusions for file-level backups of Windows servers" on page 439 "Default exclusions from file-level backups of Linux clients" on page 714 Maximum file pathname lengths For some Unitrends agents, there is a maximum file pathname size limitation. File pathnames that exceed this limit are not included in the backup. Agents affected by this restriction and supported maximum file pathname lengths are noted in the following table. Unitrends agent Maximum file pathname length Windows 32 KB Linux 4 KB Solaris 1 KB Mac OS X 1 KB Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 167 Working with the computer backup subsystem Use the Computer backup subsystem to run one-time backups or create backup schedules for one client computer. If you want to specify files to include or exclude, see "About computer selection lists" on page 171 before running the backup or creating a backup schedule. Note: These procedures are for file-level backups only. To protect an application (such as SQL), a virtual machine, or a NDMP volume, see the applicable chapter in this Administrator’s Guide. Computer backup procedures: • • • • "To run a one-time backup" on page 167 "To create a backup schedule" on page 168 "To view or modify a schedule" on page 170 "To delete a schedule" on page 171 To run a one-time backup Note: Use this procedure to backup one client. To run an on-demand backup of multiple clients on a schedule, see "To execute an Enterprise backup schedule immediately" on page 196. 1 Select the desired client in the Navigation pane and click Backup. 2 On the 1-Time Backup tab, choose backup type Full, Differential, Incremental, Selective, or Bare Metal. See "Backup types" on page 142 for more information. Note: 3 In the Select Items area, select to backup one of the following: • • 4 The bare metal backup type is supported only for Windows clients. These are not filelevel backups, but they are included in this procedure because Windows bare metal backups are executed and scheduled using the same interfaces as file-level backups. In Unitrends version 7.4 and later, you can use the integrated bare metal feature with regular file-level backups, rather than running bare metals. See "Windows Bare Metal Protection" on page 753. All volumes (Protect all volumes) Selected volumes (Specify selected volumes and files) If you selected to specify volumes and files and would like additional detail, see one of the following: • • To exclude files, see "About computer selection lists" on page 171. • To specify includes or a combination of includes and excludes for full, differential, and incremental backups of a Windows client, see "Windows selection lists" on page 438. • To specify includes or a combination of includes and excludes for full, differential, and incremental backups of a Linux client, see "Linux selection lists" on page 714. To specify includes for the selective backup type, see "About computer selection lists" on page 171. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 168 5 If desired, check the Verify Backup box to perform an inline verification of the backup. If left unchecked, the backup is not verified. 6 If necessary, check Exclude System State to backup data only and not include OS protection. WARNING! It is highly recommended that you include system state in all file-level backups where client aliases are not being used. Restoring a backup that does not include the system state is likely to result in inconsistencies on the client and cause highly undesirable results. Notes: • About client aliases. If you are backing up an aliased client, see "Working with client aliases" on page 198 before deciding whether to include or exclude the system state. • About excluding system state without checking this box. If you exclude the system state using a selection list and do not check this box, the backup will run with a warning (yellow) indicating that the system state has not been included. If you check this box, no warning is issued. • About Windows clients. The system state is required for backups you wish to use for Windows Instant Recovery (WIR) or integrated bare metal recovery (BMR). For more information, see "System state backup and restore on Windows Server" on page 443. 7 If desired, select a backup device. Backups are written to the default device unless otherwise specified. 8 Click Backup to execute the job. To view the job, see "Monitoring running backup jobs" on page 147. To create a backup schedule 1 Select the desired client in the Navigation pane and click Backup. 2 Select the Schedule Backup tab. 3 Enter a Schedule Name. 4 Verify that the Schedule enabled box is checked. 5 Enter a Schedule Description. 6 Choose the data to back up by selecting one of the following: • • 7 Protect all volumes Specify selected volumes and files If you selected to specify volumes and files and would like additional detail, see one of the following: • • To exclude files, see "About computer selection lists" on page 171. To specify includes for the selective backup type, see "About computer selection lists" on page 171. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 169 8 9 • To specify includes or a combination of includes and excludes for full, differential, and incremental backups of a Windows client, see "Windows selection lists" on page 438. • To specify includes or a combination of includes and excludes for full, differential, and incremental backups of a Linux client, see "Linux selection lists" on page 714. In the Schedule area, select a backup strategy from the list. • Choose from Incremental Forever, Full with Incrementals, Full with Differentials, or Custom. • For physical Windows clients only, check Perform Bare Metal Backup if desired to include hot bare metal backups in the schedule. In Unitrends version 7.4 and later, you can use the integrated bare metal feature with regular file-level backups, rather than running bare metals. See "Windows Bare Metal Protection" on page 753. • Backups for the selected strategy display below. Do one of the following: For a non-custom strategy, define the frequency at which backups of each type will run using the fields below each backup. For a custom strategy, click the Calendar icon to define the frequency at which backups of each type will run. Do the following for each backup instance: • • Drag a backup icon onto the calendar. Drag onto today’s date or later. In the Add Backup window, define the backup type, start date, start time, recurrence, and description (optional), then click Confirm. 10 If desired, check Set Retention Settings and modify the minimum, maximum, and legal hold values. • If you have a client selected in the Navigation pane, settings apply to file-level backups run for this client. • If you have an application selected in the Navigation pane (such as SQL, Hyper-V, VMware, NDMP, or Exchange) these values apply to all selected VMs, databases, volumes, or instances included in this schedule. To set different values for each selected item, do not enter settings here. Instead, go to Settings > Storage and Retention > Backup Retention. See "About retention control" on page 121 for details. • Modifying retention settings here also updates values displayed on the Backup Retention page. Once you modify this setting in the schedule, you cannot change it again from the schedule itself. Instead, make changes from the Backup Retention page as described in "About retention control" on page 121. • See "About retention control" on page 121 for more information about these settings. 11 Click Advanced Settings and set additional options as desired. Field Description Verify Backup Check Verify Backup to perform an inline verify of the backup. If left unchecked, the backup is not verified. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 170 Field Description Available Device Select an Available Device to define the device where backups will be stored. Mail Options tab Backup Schedule and Failure reports are sent by default. To opt out of email reports, uncheck boxes on the Mail Options tab. Exclude System State Check Exclude System State to back up data only and not include OS protection. This option is used to back up data volumes. WARNING: It is highly recommended that you include system state in all file-level backups where client aliases are not being used. Restoring a backup that does not include the system state is likely to result in inconsistencies on the client and cause highly undesirable results. Notes: • About client aliases - If you are backing up an aliased client, see "Working with client aliases" on page 198 before deciding whether to include or exclude the system state. • About excluding system state without checking this box - If you exclude the system state using a selection list and do not check this box, the backup will run with a warning (yellow) indicating that the system state has not been included. If you check this box, no warning is issued. • About Windows clients - The system state is required for backups you wish to use for Windows Instant Recovery (WIR) or integrated bare metal recovery (BMR). For more information, see "System state backup and restore on Windows Server" on page 443. 12 Click Confirm to save the advanced settings you created. 13 Click Save to create the schedule. To view or modify a schedule Schedules that are running cannot be modified. 1 Select the client protected by the schedule in the Navigation pane and click Backup. 2 Select the Schedule Backup tab. 3 Verify the desired schedule displays in the Schedule Name field. If not, select it. 4 Modify settings as desired. See "To create a backup schedule" on page 168 for details. Note: If you created the schedule with a custom strategy, click on the Custom Strategy box, then double-click on the backup icon to update it. For example, if your custom strategy includes bare metal, double-click on the BareMetal icon to see a Modify Backup window where you can update the bare metal backup or delete it from the schedule. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 171 5 Click Save. To delete a schedule 1 Running schedules cannot be deleted. 2 Select the client protected by the schedule in the Navigation pane and click Backup. 3 Select the Schedule Backup tab. 4 Verify the desired schedule displays in the Schedule Name field. If not, select it. 5 Click Delete Schedule, then Yes to confirm. About computer selection lists Selection lists define items to include or exclude from the backup. Before running a one-time backup or setting up a schedule, you can choose to specify selected volumes and files using include and exclude selection lists. If you create a schedule with selection lists and there are already full backups on the system for its client, you must run new fulls before the schedule runs to ensure data consistency. To specify includes for full, differential, and incremental backups of Windows and Linux clients, see: • • "Windows selection lists" on page 438 "Linux selection lists" on page 714 Note: Selection lists are not used for bare metal backups. See the following table for a description of selection list types. For examples, see "Using selection lists" on page 162. Selection list type Description Include Defines items to include in a file-level backup. Note the following: Exclude • For the selective backup type - Supported for all clients. Include is required for selective backups. • For full, differential, and incremental backup types - Supported for Windows (agent 7.2 or higher) and Linux (agent 8.0 or higher). Defines items to omit from a full, differential, or incremental backup. Additionally, an exclude list can be applied to define a subset of included files to omit. See "Additional considerations for Linux excludes " on page 714 if applying exclusions to a Linux client. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 172 Computer selection list procedures The following selection list procedures are described in this section: Note: • • • • To specify includes for full, differential, and incremental backups of Windows and Linux clients, additional considerations apply. See these topics for details: "Windows selection lists" on page 438 and "Linux selection lists" on page 714. "To specify includes for the selective backup type" "To specify excludes" on page 172 "To add selection patterns to a Computer selection list" on page 173 "To remove selection patterns from a Computer selection list" on page 174 To specify includes for the selective backup type The include selection is required for selective backups. File-level includes and selection patterns are supported for selective backups. Wildcards are supported for most clients. Wildcards are not supported for Linux, Unix, and CIFS/NFS NAS clients. Note: 1 For more information, see "To add selection patterns to a Computer selection list" on page 173. Do one of the following: • • Complete step 1 on page 167 - step 3 on page 167 in "To run a one-time backup". Complete step 1 on page 168 - step 6 on page 168 in "To create a backup schedule". 2 Click Create/Modify Include List. 3 Click Open Client-Specific File System Selection. 4 Browse through the folders and select the appropriate volumes, folders, or files. 5 Click Add to add your selection to the list. Repeat this process until you complete your include list. (Click on an item in the Selection List and click Remove if you want to remove a selection, or click Remove All if you want to remove all of your selections from the selection list, prior to clicking Confirm.) 6 When finished, click Confirm to save. 7 Do one of the following: • • Continue with step 5 on page 168 in "To run a one-time backup". Continue with step 8 on page 169 in "To create a backup schedule". To specify excludes You can specify the folders and files to exclude from a one-time backup or scheduled backup. Wildcards are supported for most clients. Wildcards are not supported for Linux, Unix, and CIFS/NFS NAS clients. For more information, see "To add selection patterns to a Computer selection list" on page 173. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 173 • The exclude selection is available for full, differential, and incremental backups for all clients. File-level excludes and selection patterns are supported. Wildcards are supported for most clients. Wildcards are not supported for Linux, Unix, and CIFS/NFS NAS clients. • • The exclude selection is not supported for selective backups. Selection lists are not used for bare metal backups. Notes: 1 • About Windows clients - To perform integrated bare metal recovery or Windows instant recovery, boot and critical system volumes must be included in the backup. Do not use selection lists unless you are sure these volumes will be included. See "Using selection lists with WIR and integrated BMR" on page 442 for details. • About active databases - It is recommended that all active databases be excluded from file-level backups. Only the active database needs to be excluded. All other files on the client can be backed up during the file-level backup. Run application-level backups to protect active databases. (See the "Microsoft Exchange Protection", "Microsoft SQL Protection", "Microsoft SharePoint Protection", and "Oracle Protection" chapters for details). Do one of the following: • • Complete step 1 on page 167 - step 3 on page 167 in "To run a one-time backup". Complete step 1 on page 168-step 6 on page 168 in "To create a backup schedule". 2 Click Create/Modify Exclude List. 3 Enter a selection pattern or browse for files or folders. 4 To browse for files or folders, click Open Client-Specific File System Selection. 5 Browse through the folders and select the appropriate folders or files. 6 Click Add to add a Selection Pattern selected folders/files to the list. Wildcards are supported for most clients. Wildcards are not supported for Linux, Unix, and CIFS/NFS NAS clients. 7 Repeat this process until you complete your exclude list. (Click on an item in the Selection List and click Remove if you want to remove a selection, or click Remove All if you want to remove all of your selections from the selection list, prior to clicking Confirm.) 8 When finished, click Confirm to save. 9 Do one of the following: • • Continue with step 5 on page 168 in "To run a one-time backup". Continue with step 8 on page 169 in "To create a backup schedule". To add selection patterns to a Computer selection list 1 Click on the client to view the desired selection list. For details, see: • • "To specify includes for the selective backup type" on page 172 "To specify excludes" on page 172 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 174 2 Enter the desired Selection Pattern and click Save to move it to the Selection List box. • For include selection lists, only files matching the defined pattern are included in the backup. Patterns can be used for the selective backup type only. See "Using wildcards in Computer selection lists" on page 174 for details. Note: 3 Selection patterns are not supported for include lists applied to full, differential, and incremental backups of Windows and Linux clients. • For exclude selection lists, files matching the defined pattern are excluded from the backup. • For excludes, wildcard symbols may be used in the selection pattern for most clients. (Wildcards are not supported for Linux, Unix, and CIFS/NFS NAS clients.) The * can be used to designate a group of unknown characters and the ? can be used for a single character substitution. For example, to add all .pst files to the list, type *.pst in the Selection Pattern box and click Add. See "Using wildcards in Computer selection lists" on page 174 for details. Click Save. To remove selection patterns from a Computer selection list 1 View the desired selection list. For details, see: • • 2 "To specify includes for the selective backup type" on page 172 "To specify excludes" on page 172 Select the desired pattern in the Selection List box and click Remove. To remove all patterns, click Remove All. 3 Click Save. Using wildcards in Computer selection lists Wildcards can be used in selection patterns to include or exclude files from certain backup types. See "To specify includes for the selective backup type" on page 172 and "To specify excludes" on page 172 for details. Wildcards are not supported for Linux, Unix, and CIFS/NFS NAS clients. The following table provides a reference of supported wildcard combinations and identifies the limitations associated with using wildcards in file names, paths, and other referenced items. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 175 Wild card Inclusion list (for the selective backup type only) Exclusion list (for any file-level backup type) * An example of how to include all files within specified path that match zero or more characters in the inclusion pattern An example of how to exclude all files with zero or more characters that match exclusion pattern C:/PCBP/Lists.dir/*.spr C:/PCBP/Lists.dir/profile*.spr *.txt Include all directories within specified path that match zero or more characters within the inclusion pattern. An example of how to exclude directories with zero or more characters and their contents within a specified path that match the exclusion pattern. C:/ProgramFiles/MSsqlserver/mssq* C:/windows/sys* Limitations: Limitations: *.txt should not be used to back up all txt files on the system. The full path must be provided. *folder_abc should not be used to exclude all folders that match folder_abc on the system. The full path must be provided. C:\*\*\abc.txt * Multiple wildcard matches like the one shown above are not supported. Wildcards are not supported on Linux/Unix systems. Wildcards are not supported for CIFS/NFS NAS clients. If an entire directory is excluded, the directory name will still appear in the backup; however, its contents will be empty. Multiple wildcard matches like the one shown below are not supported. C:\*\*\abc.txt Wildcards are not supported for full, differential and incremental backup types for most client types. Wildcards are not supported on Linux/Unix systems. Wildcards are not supported for CIFS/NFS NAS clients. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 176 Wild card Inclusion list (for the selective backup type only) Exclusion list (for any file-level backup type) ? An example of how to include all files within specified path that match a single character within the inclusion pattern. An example of how to exclude all files within specified path that matches a single character within exclusion pattern. C:/Windows/Web/Wallpaper/a?.jpg C:/PCBP/Lists.dir/pro_client?.spr Limitations: An example of how to exclude all directories and their contents within specified path that matches a single character within exclusion pattern. When using the “?” wildcard for inclusions at the end of the file name, files that end with “.” will not be included. C:/Programfiles/Case?/ For example, the file a..jpg will not be backed up. Limitations: An example of how to include all directories and their contents within specified path that matches a single character within the inclusion pattern. If an entire directory is excluded, the directory name itself will still appear in the backup, however its contents will be empty. C:/Programfiles/Case?/ *,? An example of Inclusion lists that have multiple “?” wildcards and only one * wildcard C:/Log/??L*.logs An example of Exclusion lists that have multiple “?” wildcards and only one * wildcard C:/?Log?/*.logs Limitation: Directory and file level wildcard usage within an inclusion pattern are not supported. For example C:/Log*/*.log will not receive any data for backup. Limitation: If an entire directory is excluded, the directory name itself will still appear in the backup, however its contents will be empty. Working with the Enterprise backup subsystem Use the Enterprise backup subsystem to run one-time backups or create backup schedules for one or more client computers. The Enterprise backup subsystem supports additional backup options that are not available in the Computer backup subsystem. These procedures are for file-level backups only. To protect applications (such as SQL), virtual machines, or NDMP volumes, see the applicable chapter in this Administrator’s Guide. Notes: • Executing multiple backups concurrently results in greater aggregate transfer speeds than running the same backups one after another. For smaller backups, configure multiple client backups in the same schedule. The number of jobs that can run simultaneously is determined by the Max Concurrent Backups setting in Settings > Storage and Retention > Backup Devices. The default setting varies depending on Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 177 the appliance model. As you monitor system resource utilization, adjust this setting as needed. See "About the Windows NTFS change journal" on page 135. • If you create a schedule with new selection lists and there are already full backups on the system for its clients, you must run new fulls before the schedule runs to ensure data consistency. See "Backup groups and selection lists" on page 181. Enterprise backup elements Enterprise backups are run using the following elements: Backup Elements Description Calendars Calendars form the basis for backup schedules by defining backup strategies. Use this feature to create new calendars or to modify, delete, or copy existing ones. See "About calendars" on page 177. Selection lists Selection lists define the items to include or exclude from the backup. Default selection lists are provided. You can also create custom selection lists. See "About Enterprise selection lists" on page 181. Options With options, you can specify additional information, such as the type of verify to use and the target disk device, as well as run pre- and/or post-backup commands. Default options are provided. You can also create custom options. "About backup options" on page 187. To set up calendars, selection lists, and options as necessary before executing or scheduling backups, refer to the following topics. • • • "About calendars" on page 177 "About Enterprise selection lists" on page 181 "About backup options" on page 187 About calendars Use calendars to select backup types and the frequency with which they run. You then associate the calendar with a schedule, where you choose the clients to protect. In this way, multiple clients can be protected on the same calendar and schedule. For easier administration, it is recommended that you create as few calendars as possible. Note: After creating a calendar, a backup does not run until you associate the calendar with a schedule. When creating calendars, consider the client operating systems you would like to protect and the backup strategy required for each client in your environment. If you have both Windows and Linux clients, for example, you may want to create one Windows calendar and one Linux calendar. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 178 A number of default calendars are provided. These calendars cannot be edited but can be copied and used as the basis for creating customized calendars. The gray lock icon on the Calendars page indicates that a calendar is read-only. Calendar procedures The following calendar procedures are described in the remainder of this section: • • • • • • • "To create a calendar" on page 178 "To define the frequency of incremental backups" on page 179 "To create an hourly calendar" on page 179 "To view or modify a calendar" on page 180 "To delete a calendar" on page 180 "To copy a calendar" on page 180 "To see all schedules referencing a given calendar" on page 181 To create a calendar Note: 1 You should run new fulls after you create a schedule with new selection lists if there are already fulls on the system for clients on this schedule. See "Backup groups and selection lists" on page 181. Select the backup system from the Navigation pane and click Backup. Note: The blue system icon displays to the left of each backup system in the Navigation pane. 2 Select the Calendars tab. 3 Click New. 4 Enter a Calendar Name and Calendar Description. 5 Select an Operating System Family. For example, if the calendar will be used with Windows systems only, select Windows in the list. 6 7 Add backups by doing either of the following: • Click Show Strategy List, select the desired strategy, and click Apply. Instances of each backup type in the strategy display on the calendar. • Drag a backup icon onto the calendar. Drag onto today’s date or later. In the Add Backup or Modify Backup window, define the backup type, start date, start time, recurrence, and description (optional), then click Confirm. • If you applied a backup strategy, open the Modify Backup window by double-clicking an instance on the calendar. Repeat for each backup type. • If you dragged an instance onto the calendar, the Add Backup window launches automatically. Repeat the process for each desired backup type. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 179 • 8 For additional information on scheduling incrementals, see "To define the frequency of incremental backups" on page 179. Click Save to create the calendar. To define the frequency of incremental backups 1 This procedure provides additional information regarding incremental calendars. 2 Create a calendar and drag the Incremental icon to the desired day. See "To create a calendar" on page 178 for details. The Add Backup window launches. 3 Select the Start Time for the backup to begin. Note: 4 Select the type of Recurrence interval (e.g., Hourly, Daily, Weekly, etc.). • • For hourly recurrence, select each of the desired hourly intervals. To run more frequently than per hour, check the Intra-Hourly Frequency box and enter the number of minutes between each incremental backup. Note: 5 The up and down arrows will change only one part of the Start Time at a time (i.e., hour, minutes, AM/PM). Click on the appropriate part(s) of the time and enter the start time, or use the up and down arrows to set the start time. Intra-hourly scheduling is only enabled when you select hourly frequency. Up to four quarter-hour (15-minute) increments may be scheduled per hour, but only if the start time for the schedule begins at the top of the hour. In other words, if the start time for an intra-hourly schedule is set to begin at 10 minutes past the hour, only three 15minute increments will be backed up in any given hour. Click Confirm. Each instance of the incremental backup displays on the calendar. 6 Click Save to save changes to the calendar. To create an hourly calendar Use this procedure to create a calendar running multiple backups during a single day (for example, differential backups every two hours). 1 Select the backup system in the Navigation pane and click Backup. Note: The blue system icon displays to the left of each backup system in the Navigation pane. 2 Select the Calendars tab. 3 Click New. 4 Enter a Calendar Name and Calendar Description. 5 Select an Operating System Family. For example, if the calendar will be used with Windows systems only, select Windows in the list. 6 Select a day on the calendar to display an hourly view. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 180 7 Drag and drop backup types onto the hours when they should execute. Backup types may be the same or a variety of types. 8 Click Save to create the calendar. To view or modify a calendar Note: 1 Read-only calendars cannot be modified. Create a copy of the calendar before modifying. See "To copy a calendar" on page 180. Select the backup system in the Navigation pane and click Backup. Note: 2 The blue system icon displays to the left of each backup system in the Navigation pane. Select the Calendars tab. Note: If you see the screen that allows you to create a calendar instead of the calendar list, click Cancel and the calendar list displays. 3 Select a calendar in the list and click View/Modify. 4 Edit settings as desired and click Save. For details, see "To create a calendar" on page 178. To delete a calendar Note: 1 Read-only calendars cannot be deleted. Select the backup system in the Navigation pane and click Backup. Note: The blue system icon displays to the left of each backup system in the Navigation pane. 2 Select the Calendars tab. Note: 3 Select a calendar in the list and click Delete. Note: 4 If you see the screen that allows you to create a calendar instead of the calendar list, click Cancel and the calendar list displays. If a message displays indicating that this calendar is being used by one or more schedules, you must first remove the calendar from all schedules before deleting. For details, see "To see all schedules referencing a given calendar" on page 181. Click Yes to confirm that you want to delete the calendar. To copy a calendar To use an existing calendar as a template: 1 Select the backup system in the Navigation pane and click Backup. NOTE: The blue system icon displays to the left of each backup system in the Navigation pane. 2 Select the Calendars tab. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 181 Note: 3 If you see the screen that allows you to create a calendar instead of the calendar list, click Cancel and the calendar list displays. Select a calendar in the list and click Copy. A new calendar called Copy of displays in the list. 4 Select the copy in the list and click View/Modify. 5 Modify the calendar name and other settings as desired. For more information, see "To create a calendar" on page 178. 6 Click Save. 7 Select Rename to save the calendar with the new name. To see all schedules referencing a given calendar 1 Select the backup system in the Navigation pane and click Backup. The blue system icon displays to the left of each backup system in the Navigation pane. 2 Select the Calendars tab. Note: If you see the screen that allows you to create a calendar instead of the calendar list, click Cancel and the calendar list displays. 3 Select the calendar in the list and click View/Modify. 4 Click the clock icon to the right of the Calendar Name. A list of all schedules referencing this calendar displays. About Enterprise selection lists Selection lists define items to include or exclude from the backup. Before running a backup or setting up a schedule, create or edit selection lists for the protected clients. An Enterprise selection list can be created for an individual client or can be applied to a group of clients. For example, an exclude selection list can be created and applied to all Windows clients. The list of files to exclude from the backup (such as .pst or .tmp files) is identified in the exclusion list. IMPORTANT! For Windows Clients - To perform integrated bare metal recovery or Windows instant recovery, boot and critical system volumes must be included in the backup. Do not use selection lists unless you are sure these volumes will be included. See "Using selection lists with WIR and integrated BMR" on page 442 for details. Backup groups and selection lists If you create a schedule with new selection lists and there are already full backups on the system for its clients, you must run new fulls before the schedule runs to ensure data consistency. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 182 Exclude active databases from file-level backups It is recommended that all active databases be excluded from file-level backups. Run applicationlevel backups to protect active databases. (See the "Microsoft Exchange Protection", "Microsoft SQL Protection", "Microsoft SharePoint Protection", and "Oracle Protection" chapters for details). Only the active database needs to be excluded. All other files on the client can be backed up during the file-level backup. Selective backups and include lists Inclusion lists are not supported for full, differential, and incremental backups of most client types. However, selective backups must have an associated include selection list. See the following table for a description of selection list types. For examples, see "Using selection lists" on page 162. Selection list type Description Include Defines items to include in a file-level backup. Note the following: Exclude • For the selective backup type - Supported for all clients. Include is required for selective backups. • For full, differential, and incremental backup types - Supported for Windows clients (agent 7.2 or higher) and Linux clients (agent 8.0 or higher). Defines items to omit from a full, differential, or incremental backup. For selective backups, an include list must be defined. Additionally, an exclude list can be applied to define a subset of included files to omit. See "Exclusion lists for Linux clients" on page 714 if applying exclusions to a Linux client. Any Only available on the Enterprise > Backup > Schedule Backup tab. Used to include specified files when applied to the Inclusions column, or to exclude specified files when applied to the Exclusions column. Enterprise selection list procedures The following selection list procedures are described in the remainder of this section: • • • • • • "To create a selection list" on page 183 "To view or modify a selection list" on page 184 "To delete a selection list" on page 184 "To see all schedules referencing a selection list" on page 185 "To add selection patterns to an Enterprise selection list" on page 185 "To remove selection patterns from an Enterprise selection list" See these related procedures to apply selection lists: • "To apply a selection list or option to one client" on page 194 Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 183 • • "To apply a selection list or option to multiple clients" on page 195 "To apply a split selection list or option" on page 195 For more information about selection lists, specifying includes, and using combinations of includes and excludes for Windows clients, see "Windows selection lists" on page 438. For more information about selection lists, specifying includes, and using combinations of includes and excludes for Linux clients, see "Linux selection lists" on page 714. To create a selection list 1 Select the backup system in the Navigation pane and click Backup. 2 Click the Selection Lists tab. 3 Click New. 4 Provide the following required information: 5 • Selection List Name – Enter a unique name for the list. This is a required field. • Selection List Description – Provide a description for the selection list. This is a required field. • Select an Operating System Family to denote the client OS family to which this selection list can be associated. Options include Any, Windows, Linux, UNIX, NetWare, OES, iSeries, DOS, OS/2, or Other. • Assign a Selection List Type – Choose Include to include specified files, Exclude to omit specified files, or Any to be used as either an inclusion or an exclusion list. Check optional boxes as desired: Field Description Temporary Files To exclude all temporary files. Read Mounts To exclude all read-only mounted file systems on UNIX clients, including mounted CD-ROM drives. This option is highly recommended. If not checked, backup speed may be slower as a result of reading the contents of a mounted CD-ROM. Net Mounts To exclude all NFS mounted file systems on UNIX clients. It also excludes NFS file systems that are mounted while the backup is in progress. All Mounts To exclude all file systems other than root (/) on UNIX clients. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 184 Field Description Exclude System State To back up data only and not include OS protection. This option is used to back up data volumes. WARNING! It is highly recommended that you include system state in all file-level backups where client aliases are not being used. Restoring a backup that does not include the system state is likely to result in inconsistencies on the client and cause highly undesirable results. Notes: • If you exclude the system state using a selection list and do not check this box, the backup will run with a warning (yellow) indicating that the system state has not been included. If you check this box, no warning is issued. • If you are backing up an aliased client, see "Working with client aliases" on page 198 before deciding whether to include or exclude the system state. • For Windows clients - The system state is required for backups you wish to use for Windows Instant Recovery (WIR) or integrated bare metal recovery (BMR). For more information, see "System state backup and restore on Windows Server" on page 443. 6 Add Selection Patterns as desired to specify the files to include or exclude. See "To add selection patterns to an Enterprise selection list" on page 185 for details. 7 Click Save. To view or modify a selection list 1 Select the backup system in the Navigation pane and click Backup. 2 Click the Selection Lists tab to view the selection list. Note: If you see the screen that allows you to create a selection instead of the selection list, click Cancel and the selection list displays. 3 Select the desired list and click View/Modify. 4 Modify information as desired and click Save. See "To create a selection list" on page 183 for details. To delete a selection list 1 Select the backup system in the Navigation pane and click Backup. 2 Click the Selection Lists tab. Note: If you see the screen that allows you to create a selection instead of the selection list, click Cancel and the selection list displays. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 185 3 Select the desired list and click Delete. Note: 4 If a message displays indicating that this list is being used by one or more schedules, you must first remove the list from all schedules before deleting. Click the clock icon to see the schedules referencing this list. Click Yes to confirm the deletion. To see all schedules referencing a selection list 1 Select the backup system in the Navigation pane and click Backup. 2 Click the Selection Lists tab. Note: If you see the screen that allows you to create a selection instead of the selection list, click Cancel and the selection list displays. 3 Select the desired list and click View/Modify. 4 Click the clock icon to the right of the Selection List Name. A list of all schedules referencing this selection list displays. To add selection patterns to an Enterprise selection list Note: Selection patterns are not supported for includes that are applied to Windows or Linux full, differential, and incremental backups. 1 View the desired selection list. For details, see "To view or modify a selection list" on page 184. 2 Enter the desired Selection Pattern and click Add to move it to the Selection List box. 3 • For include selection lists, files matching the defined pattern are the only ones included in the backup. Patterns can be used for the selective backup type only. See "Using wildcards in Enterprise selection lists" on page 186 for details. • For exclude selection lists, files matching the defined pattern are excluded from the backup. • For excludes, wildcard symbols may be used in the selection pattern for most clients. (Wildcards are not supported for Linux, Unix, and CIFS/NFS NAS clients.) The * can be used to designate a group of unknown characters and the ? can be used for a single character substitution. For example, to add all .pst files to the list, type *.pst in the Selection Pattern box and click Add. See "Using wildcards in Enterprise selection lists" on page 186 for details. Click Save. To remove selection patterns from an Enterprise selection list 1 View the desired selection list. For details, see "To view or modify a selection list" on page 184. 2 Select the desired pattern in the Selection List box click Remove. To remove all patterns, click Remove All. 3 Click Save. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 186 Using wildcards in Enterprise selection lists Wildcards can be used in selection patterns to include or exclude files from certain backup types. See "To create a selection list" on page 183 for details. Wildcards are not supported for Linux, Unix, and CIFS/NFS NAS clients. The following table provides a reference of supported wildcard combinations and identifies the limitations associated with using wildcards in file names, paths, and other referenced items. Wild card Inclusion list (for the selective backup type only) Exclusion list (for any file-level backup type) * An example of how to include all files within specified path that match zero or more characters in the inclusion pattern An example of how to exclude all files with zero or more characters that match exclusion pattern C:/PCBP/Lists.dir/*.spr C:/PCBP/Lists.dir/profile*.spr *.txt Include all directories within specified path that match zero or more characters within the inclusion pattern. An example of how to exclude directories with zero or more characters and their contents within a specified path that match the exclusion pattern. C:/ProgramFiles/MSsqlserver/mssq* C:/windows/sys* * Limitations: Limitations: *.txt should not be used to back up all txt files on the system. The full path must be provided. *folder_abc should not be used to exclude all folders that match folder_abc on the system. The full path must be provided. C:\*\*\abc.txt If an entire directory is excluded, the directory name will still appear in the backup; however, its contents will be empty. Multiple wildcard matches like the one shown above are not supported. Wildcards are not supported on Linux/Unix systems. Wildcards are not supported for CIFS/NFS NAS clients. Wildcards are not supported for other file-level backup types (full, incremental, differential). Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups Multiple wildcard matches like the one shown below are not supported. C:\*\*\abc.txt Wildcards are not supported on Linux, Unix, or CIFS/NFS NAS clients. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 187 Wild card Inclusion list (for the selective backup type only) Exclusion list (for any file-level backup type) ? An example of how to include all files within specified path that match a single character within the inclusion pattern. An example of how to exclude all files within specified path that matches a single character within exclusion pattern. C:/Windows/Web/Wallpaper/a?.jpg C:/PCBP/Lists.dir/pro_client?.spr Limitations: An example of how to exclude all directories and their contents within specified path that matches a single character within exclusion pattern. When using the “?” wildcard for inclusions at the end of the file name, files that end with “.” will not be included. C:/Programfiles/Case?/ For example, the file a..jpg will not be backed up. Limitations: An example of how to include all directories and their contents within specified path that matches a single character within the inclusion pattern. If an entire directory is excluded, the directory name itself will still appear in the backup; however its contents will be empty. C:/Programfiles/Case?/ *,? An example of Inclusion lists that have multiple “?” wildcards and only one * wildcard C:/Log/??L*.logs An example of Exclusion lists that have multiple “?” wildcards and only one * wildcard C:/?Log?/*.logs Limitation: Directory and file level wildcard usage within an inclusion pattern are not supported. For example C:/Log*/*.log will not receive any data for backup. Limitation: If an entire directory is excluded, the directory name itself will still appear in the backup; however its contents will be empty. About backup options Options are not required, but can be used to configure additional backup settings. For example, you can use options to select the disk device and verify level used for a backup, or to run pre- or postbackup commands. Before running a backup or creating a schedule, set up the options needed for the clients you wish to protect. If no options are applied, backups are written to the default D2DBackups device, and an associated file-level verify is run for each backup job. Backup option procedures The following backup option procedures are described in the remainder of this section: • • • "To create a backup option" on page 188 "To view or modify a backup option" on page 188 "To delete a backup option" on page 188 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 188 • • • "To copy a backup option" on page 189 "To see all schedules referencing an option" on page 189 "Backup options New and View/Modify buttons" on page 189 To create a backup option 1 Select the backup system in the Navigation pane and click Backup. The blue system icon displays to the left of each backup system in the Navigation pane. 2 Click the Options tab. A list of existing options displays. 3 Click New at the bottom of the page. 4 Enter an Options Name and an Options Description. 5 Select an Operating System Family from the list. For example, if the options will be used with Windows systems only, select Windows in the list. Most options lists can be applied to any OS family. If you are using different disk devices or verify levels for specific operating systems, select the appropriate OS family. 6 From the Available Devices, choose a disk device to define the target device where backups will be written. 7 The remaining fields are optional. See "Backup options New and View/Modify buttons" on page 189 for details. 8 Click Save to create the backup option. To view or modify a backup option 1 Select the backup system in the Navigation pane and click Backup. The blue system icon displays to the left of each backup system in the Navigation pane. 2 Click the Options tab. Note: If you see the screen that allows you to create an option instead of the option list, click Cancel and the option list displays. 3 Select the option in the list and click View/Modify at the bottom of the page. See "Backup options New and View/Modify buttons" on page 189 for details. 4 Modify settings as desired and click Save. For a description of the settings, see "To create a backup option" on page 188. To delete a backup option The blue system icon displays to the left of each backup system in the Navigation pane. Note: Read-only options cannot be deleted. 1 Select the backup system in the Navigation pane and click Backup. 2 Select the Options tab. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 189 Note: 3 Select an option in the list and click Delete. Note: 4 If you see the screen that allows you to create an option instead of the option list, click Cancel and the option list displays. If you see a message indicating that this option is being used by one or more schedules, you must first remove the option from all schedules before deleting. Click the clock icon to see which schedules reference this option. Click Yes to confirm that you want to delete the option. To copy a backup option Copy a backup option to use an existing option as a template. 1 Select the backup system in the Navigation pane and click Backup. The blue system icon displays to the left of each backup system in the Navigation pane. 2 Select the Options tab. See "Backup options New and View/Modify buttons" on page 189 for details. Note: 3 If you see the screen that allows you to create an option instead of the option list, click Cancel and the option list displays. Select an option in the list and click Copy. A new option called Copy of displays in the list. 4 Select the copy in the list and click View/Modify. 5 Modify the option name and other settings as desired. For more information, see "To create a backup option" on page 188. 6 Click Save. 7 Select Rename to save the option with the new name. To see all schedules referencing an option 1 Select the backup system in the Navigation pane and click Backup. The blue system icon displays to the left of each backup system in the Navigation pane. 2 Select the Options tab. See "Backup options New and View/Modify buttons" on page 189 for details. Note: If you see the screen that allows you to create an option instead of the option list, click Cancel and the option list displays. 3 Select an option in the list and click View/Modify. 4 Click the clock icon to the right of the Options Name. A list of all schedules referencing this option displays. Backup options New and View/Modify buttons The following fields display when the New or View/Modify buttons are clicked on the Backup 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 190 Options tab. Item Description Options Name Enter a unique name for the option. Clock icon [Show all scheduled references] Click the clock icon to see the schedule references on the Schedules References window. Options Description Enter a description of the option. Operating System Family Operating system to which this option can be applied. If you will be using the option for multiple OS families, select Any. The system only allows the option to be applied to clients belonging to the OS family you select here. For example, if the options will be used with Windows systems only, select Windows in the list. Most options lists can be applied to any OS family. If you are using different disk devices or verify levels for specific operating systems, select the appropriate OS family. Various Options Directory Depth A value greater than zero will not back up files below n directories deep. (Zero, full depth, is the default.) Read Locking Level Select this toggle button to specify how read locking is performed on files prior to backing them up. Before a file is backed up, the backup attempts to get a read lock on the file, which allows the file to be read without any other process accessing the file. There are three read-locking states: • • None - No read locking. • Wait Forever - Wait Forever (enforced) read locking stops the backup until the lock can be set. This could potentially take forever. Do Not Wait - Do Not Wait (not forced) read locking attempts to lock the file, but if the lock cannot be gained, continues to back up the file without the lock. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 191 Item Description Verify Level Select one of the following: • • None – Do not verify the files in the backup. • Bit Level – Files exist and contents match. Compare, bit by bit, the contents of the files received by the backup system with the source files on the client. The verify runs once the backup completes, as a dependent task. A bit-level verify often fails when backing up C:\windows due to some Microsoft processes failing to update modification dates on logs and other files in this folder. • Inline – Run a file-level verify during the backup by creating and comparing rolling check sums on the client and backup system. File Level – Files exist. Verify that the list of files sent by the client matches the list received by the backup system. The verify runs once the backup completes, as a dependent task. Create Catalog Entry? [checkbox] Check to create a catalog of files backed up and places it on the client. If space is limited on the client, this option can be unchecked. Speed Option? [checkbox] Check to enable the backup double-buffering scheme to increase the speed of the backup. This uses more backup system resources and might affect performance of other running processes. Available Devices Click the disk device to define the target device where backups are written. Backup Description Enter a description of the backups to which this option will be assigned. PreBackup Commands Use this field to specify commands or scripts to run before the backup (any system command or user script). For example, enter the command to shut down the database before a backup. The output from the command is directed to the backup summary. Note: For Linux clients, running long pre-backup commands can cause backups to fail. To prevent this, adjust the timeouts in the client’s full .ini file as described in KB 3107. To specify a pre-backup command, enter the full path to the command in the PreBackup Commands field. For example, C:\Data\script.bat or /usr/jsmith/script.sh. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 192 Item Description Execute PreBackup Command on System [checkbox] To run the pre-backup command from the Unitrends system, enter its full path and check the Execute Pre-Backup Command on System box. To run a command from the client, leave this box unchecked. PostBackup Commands Use this field to specify commands or scripts to run after the backup (any system command or user script). For example, enter the command to restart a database after a backup completes. The output from the command is directed to the backup summary. Note: For Linux clients, running long post-backup commands can cause backups to fail. To prevent this, adjust the timeouts in the client’s full.ini file as described in KB 3107. To specify a post- backup command, enter the full path to the command in the Post-Backup Commands field. For example, C:\Data\script.bat or /usr/jsmith/script.sh. Execute PostBackup Commands on System [checkbox] To run the command from the Unitrends system, enter its full path and check the Execute Post-Backup Command on System box. To run a command from the client, leave this box unchecked. Save Click to save your entries. Cancel Click to exit the Options tab without saving changes. About Enterprise backup schedules Backup schedules can be thought of as groups of clients that are backed up in a pre-determined manner at a scheduled time. An Enterprise backup schedule ties a calendar to the clients you wish to protect. You then apply selection lists and options to clients in the schedule for more granular control. Before creating a schedule, set up any required selection lists and options. Scheduled backups form the foundation for continuous data protection. Once created, you can run the schedule on-demand (using the Run Now option within the Schedules tab), but this is not the recommended approach for ensuring thorough and consistent protection. Run backups on-demand when needed, but use schedules for regular backup operations. About scheduling bare metal backups Note: On Unitrends 7.4 and later systems, critical data used for Unitrends DR is included in regular file-level backups. You can perform integrated bare metal recovery without running bare metal backups. See "Windows Bare Metal Protection" on page 753 for details. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 193 Hot bare metal backups can be scheduled for Windows systems in the same manner as file-level backups. Selection lists are not supported. Backup options can be applied to designate the disk device, specify whether a catalog list is created, and to run pre- and post-backup commands. Other options do not apply. Hot bare metal backups should not be performed until the boot media has been created and tested successfully on each server where bare metal backups will be performed. See the "Windows Bare Metal Protection" chapter for details. Enterprise backup procedures The following Enterprise backup procedures are described in the remainder of this section: • • • • "To create an Enterprise backup schedule" on page 193 • • • • • • "To execute an Enterprise backup schedule immediately" on page 196 "To apply a selection list or option to one client" on page 194 "To apply a selection list or option to multiple clients" on page 195 "To apply a split selection list or option" on page 195 "To view or modify an Enterprise backup schedule" on page 196 "To view all schedules by month or day" on page 197 "To copy an Enterprise backup schedule" on page 197 "To enable or disable an Enterprise backup schedule" on page 197 "To delete an Enterprise backup schedule" on page 197 To create an Enterprise backup schedule 1 Select the backup system or navigation group in the Navigation pane and click Backup. The list of available clients is determined by what you select in this step: • • Select a navigation group to display only its clients. Select the backup system to display all clients that can be protected with file-level backups. The blue system icon displays to the left of each backup system in the Navigation pane. 2 Click the Schedule Backup tab. 3 Enter a unique Schedule Name and a Schedule Description. 4 Select a Calendar from the list. To view only the calendars for a given OS, click Filter by OS Family in the upper-right and select an operating system from the list. 5 Check boxes to select the clients you wish to protect. • • • 6 You must select at least one client. To select all clients, check the gray box above the first client check-box. The backup system is listed as a client. Do not select it for backup. Click Show Per-Client Selection and Option Lists in the bottom left of the screen. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 194 7 • The Selection Lists area shows available include and exclude lists. To see only the lists for a given OS, click Filter by OS Family above and choose an OS. • The Option Lists area shows available backup options. To see only the options for a given OS, click Filter by OS Family above and choose an OS. • Hover over a list icon to see associated details, such as OS and list type. Apply selection lists and option lists to clients as desired. For details, see the "To apply a selection list or option to one client" on page 194, "To apply a selection list or option to multiple clients" on page 195, and "To apply a split selection list or option" on page 195. Notes: 8 9 • For selective backups, an include list is required. For hot bare metal, selection lists are not supported. For full, differential, and incremental backups, inclusion lists are supported for Windows (version 7.2 or higher) and Linux (version 8.0 or higher) clients, and exclusion lists may be used, but are optional. For details, see "About Enterprise selection lists" on page 181 and "About backup options" on page 187. • For Windows clients - To perform Windows instant recovery or integrated bare metal recovery, the boot disk and any critical system disks must be included in the backup. See "Using selection lists with WIR and integrated BMR" on page 442 for details. Click Show Advanced Execution Options below the client grid and check the desired boxes. • Include All New Clients In This Schedule By Default to automatically add new clients to this schedule. • E-Mail Schedule Report to receive a summary showing backup results and performance for each client in the schedule. The report is mailed to the address or addresses specified in the Schedule Summary field on the Email Recipients Configuration page. You also have the option to receive a PDF attachment of the report to the email. See "About configuring notifications" on page 62 for details. • E-Mail Failure Report to receive a summary of all backup failures that occurred in the last hour. The report is mailed to the address or addresses specified in the Failure Reports field on the Email Recipients Configuration page. You also have the option to receive a PDF attachment of the report to the email. See "About configuring notifications" on page 62 for details. Click Schedule to create the schedule and launch backups in accordance with the associated calendar. To apply a selection list or option to one client IMPORTANT! For Windows clients, to perform integrated bare metal recovery or Windows instant recovery, boot and critical system volumes must be included in the backup. Do not use selection lists unless you are sure these volumes will be included. See "Using selection lists with WIR and integrated BMR" on page 442 for details. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 195 1 View the desired schedule. See "To view or modify an Enterprise backup schedule" on page 196 for details. 2 Click Show Per-Client Selection and Option Lists in the bottom left corner. 3 Click a selection list or option icon, drag it to the Inclusions, Exclusions, or Options field of the desired client, and release. The Default setting is replaced by the list. If nothing happens when you release the icon, verify the following: 4 • You are hovering over the correct list type column. For example, an include cannot be applied to the Exclude column. • The list or option is defined for the OS of the client. For example, a Windows selection list cannot be applied to a Linux client. • The list or option supports a backup type on the calendar. For example, an exclude cannot be applied to a schedule whose calendar contains only selective backups. Click Save. To apply a selection list or option to multiple clients IMPORTANT! For Windows clients, to perform integrated bare metal recovery or Windows instant recovery, boot and critical system volumes must be included in the backup. Do not use selection lists unless you are sure these volumes will be included. See "Using selection lists with WIR and integrated BMR" on page 442 for details. 1 View the desired schedule. See "To view or modify an Enterprise backup schedule" on page 196 for details. 2 Click Show Per-Client Selection and Option Lists below the client grid. 3 Click a selection list or option icon, drag it to the Inclusions, Exclusions, or Options label at the top of the column, and release. The list is applied to all selected clients whose OS matches that of the list. If nothing happens when you release the icon, verify the following: • You are hovering over the correct list type column. For example, an include cannot be applied to the Exclude column. • The list or option is defined for the OS of the client. For example, a Windows selection list cannot be applied to a Linux client. • The list or option supports a backup type on the calendar. For example, an exclude cannot be applied to a schedule whose calendar contains only selective backups. 4 Click Save. 5 To apply a list to all selected clients, drag the list icon to the Inclusions, Exclusions, or Options label at the top of the column and release. The list is applied to all selected clients whose OS matches that of the list. To apply a split selection list or option IMPORTANT! For Windows clients, to perform integrated bare metal recovery or Windows 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 196 instant recovery, boot and critical system volumes must be included in the backup. Do not use selection lists unless you are sure these volumes will be included. See "Using selection lists with WIR and integrated BMR" on page 442 for details. Use this procedure to apply different selection lists or options to each backup type defined in the schedule's calendar. For example, when creating a schedule that includes multiple backup types, such as a full and an incremental, use the split to apply one exclude list to the full and another to the incremental. 1 View the desired schedule. See "To view or modify an Enterprise backup schedule" on page 196 for details. 2 Click Show Per-Client Selection and Option Lists below the client grid. 3 Click the Split selection list or option icon, drag it to the desired Inclusions, Exclusions, or Options field or column, and release. The Create Split window launches. 4 Drag a selection or option lists icon to a backup type and release to apply. The list displays on the backup. Repeat to modify each backup type as desired. 5 Click Save. 6 Split displays in the client grid indicating the clients to which the split has been applied. 7 Click Save. To execute an Enterprise backup schedule immediately 1 Select the backup system in the Navigation pane and click Backup. The blue system icon displays to the left of each backup system in the Navigation pane. 2 Click the Schedules tab. 3 Select the desired schedule in the list and click Run Now. • The schedule must be enabled to execute. A yellow light bulb to the left of the schedule name indicates the schedule is enabled. • All backups scheduled to run today are queued and execute as soon as possible. Select Status > Present to view queued and running jobs. To view or modify an Enterprise backup schedule Active (running) schedules cannot be modified. 1 Select the backup system in the Navigation pane and click Backup. The blue system icon displays to the left of each backup system in the Navigation pane. 2 Click the Schedules tab. 3 Select the desired schedule in the list and click View/Modify. 4 Modify settings as desired and click Save. For details, see "To create an Enterprise backup schedule" on page 193. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 197 To view all schedules by month or day Use this procedure to look at all schedules in a consolidated view on a read-only calendar. 1 Select the backup system in the Navigation pane and click Status. 2 On the side of the Status page, click the Future blind. 3 The Schedules Calendar displays a monthly view of scheduled backups. • • • Click the arrows at the top of the page to scroll to another month. Hover over a colored backup instance to see details about the schedule. For a daily view, click a day to zoom in. Click the arrows at the top of the page to scroll to another day. To exit the day, click Return to Month View. To copy an Enterprise backup schedule 1 Select the backup system in the Navigation pane and click Backup. The blue system icon displays to the left of each backup system in the Navigation pane. 2 Click the Schedules tab. 3 Select the desired schedule in the list and click Copy. A new schedule called Copy of displays in the list. 4 Select the copy in the list and click View/Modify. 5 Modify the schedule name and other settings as desired. For more information, see "To create an Enterprise backup schedule" on page 193. 6 Click Save. 7 Select Rename to save the schedule with the new name. To enable or disable an Enterprise backup schedule A schedule must be enabled for its backups to execute. 1 Select the backup system in the Navigation pane and click Backup. The blue system icon displays to the left of each backup system in the Navigation pane. 2 Click the Schedules tab. 3 Select the desired schedule in the list and click Enable/Disable. • If the schedule was disabled, it is now enabled and you see a yellow light bulb to the left of the schedule name. • If the schedule was enabled, it is now disabled and you see a gray light bulb to the left of the schedule name. To delete an Enterprise backup schedule 1 Select the backup system in the Navigation pane and click Backup. The blue system icon displays to the left of each backup system in the Navigation pane. 2 Click the Schedules tab. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 198 3 Select the desired schedule in the list and click Delete. Working with client aliases You can create aliases for a single client in order to have multiple backup strategies. By adding multiple alias clients, you can configure separate and radically different schedules for the same client. Note: Make sure you are using the 7.2 agent or higher when working with client aliases. Using aliases, you can break apart large data stores, decreasing the time required to perform the backup, and reducing the network traffic caused by large backup transfers. This ability also allows you to see, at a glance, what the system is backing up because the data stores are broken apart, and you can view them separately. You can also have two or more fulls that you can run at different times. Normally, a full cannot get purged until a new full is created. Separating a large full into smaller fulls and letting them run at different times, increases the available space by allowing separate purging. There are special considerations when determining whether to include or exclude the system state when running a backup, creating a backup schedule, or creating a selection list. See "Note about excluding the system state for client aliases" on page 200 for more information. Use the following procedures to work with client aliases: • • • • "To create aliases for a single client" on page 198 "To create alias names from the host" on page 198 "To add the alias name as a client" on page 199 "To create selection lists" on page 199 To create aliases for a single client Before you start: • • Make sure that the client is running the 7.2 agent or higher. Ensure that the client has been added as a protected client to the Unitrends appliance. Follow these steps to create aliases for a client: Step 1: Create the alias name. See "To create alias names from the host" on page 198. Step 2: Add the alias name as a client. See "To add the alias name as a client" on page 199. Step 3: Create selection lists. See "To create selection lists" on page 199. To create alias names from the host 1 Go to > Settings > Clients, Networking, and Notifications > Networks > Hosts. 2 Click on the client name in the table. 3 Type a name in the Alias Name field. Note: Do not enter spaces in the name. You are limited to 15 characters. It is recommended that you write down the alias name so you can enter the exact name when you add it Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 199 as a new client. 4 Click Add. You see the alias name in the Alias List area. Note: To remove an alias name from the Alias List area, click on the alias name and click Remove . To remove all alias names from the Alias List area, click Remove All. 5 Repeat to add more alias names, if necessary. 6 Click Confirm. You see a message that the host entry was successful or failed. To add the alias name as a client 1 Go to Settings > Clients, Networking, and Notifications > Clients. 2 Click Add Client. You see the Add Client screen. 3 Select the Computer Type from the drop-down list. 4 Uncheck Establish trust in the Authentication area. 5 Uncheck Automatically create a backup schedule for this computer and apply it immediately in the Options area. 6 Enter one of your new alias names in the Computer Name field. Note: There is no need to add an IP address, since this defaults to information from the host page. 7 Click Setup. You see a processing message, then a Reload Navigation window instructing you to refresh the system. 8 Click Yes, reload the System or No, reload the System later. After you reload the system, the new alias name displays in the Navigation pane in the list of clients protected by the system. To create selection lists Now that you have set up a client alias, you can differentiate the backups with selection lists. For example, you have a host that has large directories in a C: drive and a D: drive. You create a client alias of the host. You can now create a selection list to exclude drive C: from the client alias and another selection list to exclude drive D: from the host. This way, you have split the large directories between two different clients. At this point, you can create different full schedules for the host and the client alias and run backups separately. See "Note about excluding the system state for client aliases" on page 200 for information about excluding or excluding the system state when creating a selection list, running a backup, or creating a backup schedule. See these topics for more information: • • To exclude files, see "About computer selection lists" on page 171. To specify includes for the selective backup type, see "About computer selection lists" on page 171. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 • To specify includes or a combination of includes and excludes for full, differential, and incremental backups of a Windows client, see "Windows selection lists" on page 438. • To specify includes or a combination of includes and excludes for full, differential, and incremental backups of a Linux client, see "Linux selection lists" on page 714. Note about excluding the system state for client aliases When you run a backup, create a backup schedule, or create a selection list, you have the option to check an Exclude System State checkbox to back up data and not include OS protection. If you are backing up an aliased client, you must decide whether to include or exclude the system state. Keep the following in mind: • DO NOT EXCLUDE the system state on the client that contains the operating system volumes (this is typically the C: volume). • • For all other client aliases that do not include the OS volume, do NOT include the system state. • The restore fails if the system state is not included in the OS volume and if the system state is included in the client aliases that do not include the OS volume. Only one client alias can include the system state. IMPORTANT! For Windows clients, the backup must contain the boot disk and any other system critical volumes to use the integrated bare metal recovery and Windows instant recovery features. Be sure one of the aliased clients contains all of these disks to use these features. Legacy Recovery-Series and UEB Administrator's Guide Chapter 6: File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 201 Chapter 7: Archiving Overview The Unitrends archiving feature enables you to archive local and replicated backups to various archive media for long-term retention and off-site storage of your critical data. Archiving your data is not the same as backing it up. To protect a client, you begin with a full backup and then capture changes from the full in subsequent incremental and/or differential backups. Backups are stored on the Unitrends appliance. By contrast, archiving involves writing these backups to media that can be stored off-site for longer-term retention. When an archive job is run, set information describing the backup and metadata for the appliance is also written to the media. After running archives, in addition to restoring files, application data, and virtual machines from archives, you can also use archived data to perform bare metal recovery of a failed client and to perform disaster recovery of a backup system. This chapter explains how archiving works, introduces the various supported archive media, and explains key archiving concepts. This chapter contains the following topics: • • • • • • • • "Overview of the archiving process" on page 201 "Backups that can be archived" on page 202 "Types of archives" on page 202 "Managing space on archive media" on page 202 "Additional archiving considerations" on page 209 "Archive media types" on page 210 "Archive restore" on page 212 "Disaster recovery with archived data" on page 212 If you do not a need an overview and are ready to begin archiving, see one of these chapters on the media type you are using: • • • • "Archiving to Disk" on page 215 "Archiving to Network Storage" on page 221 "Archiving to the Cloud" on page 223 "Archiving to Tape" on page 235 Overview of the archiving process The archiving process begins with successful backups. When you perform an archive job, you select a date range or enter a custom date for the backups you would like to archive. You then select the clients and backup types to archive. If you select differential or incremental backup types, full backups are automatically selected because the full backup with which differentials and incrementals are associated must be present on the archive media in order for you to restore your 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 202 data. For details about backup types and backup groups, see the chapter "Backups Overview" on page 141. As your appliance runs archive jobs and uses space on your media, you must determine a media management strategy that works best for you. It will likely include a combination of storing the media offsite, acquiring new media, and rotating and reusing existing media by deleting older archive sets. You can delete these sets automatically by archiving with the purge and overwrite options. For details, see "Managing space on archive media" on page 202. If you need to restore the archived data, you must first restore from the archive media to the Unitrends appliance. You can then restore the data from the appliance to a registered client. For details, see "Archive restore" on page 212. About archiving This section provides details about the types of data that can be archived, the different archiving procedures you can use, archiving considerations, and strategies for archiving. See the following topics for details: • • • • "Backups that can be archived" on page 202 "Types of archives" on page 202 "Managing space on archive media" on page 202 "Additional archiving considerations" on page 209 Backups that can be archived The following backups can be archived: • • • Local and replicated backups File-level, application, and virtual machine backups Bare metal backups Types of archives You can archive your data by running on-demand archive jobs or creating archive schedules. The on-demand option enables you to run one-time archive jobs whenever you want to archive backups. Creating schedules automates the archiving process and frees you from having to run a one-time job each time you want to archive a backup. For instructions on running archives, see "Executing archive jobs" on page 256. Managing space on archive media As your appliance runs archive jobs and uses space on your media, you must determine a media management strategy that works best for you. It will likely include a combination of storing the media offsite, acquiring new media, and rotating and reusing existing media by deleting sets that have exceeded their retention periods using the purge and overwrite options. This section explains how the archiving feature uses available space on archive media, discusses retention, explains the purge and overwrite options, and discusses options for creating space on Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 203 archive media. For management considerations specific to your selected archive media, see the applicable chapters. See the following topics for details: • • • • • • "Archive sets and retention" on page 203 "How archiving uses available space on media" on page 204 "Purge" on page 204 "Overwrite" on page 206 "Purge and overwrite comparison" on page 208 "Creating space on archive media" on page 209 Archive sets and retention When you run a one-time archive job or create a schedule, you can set a retention period for the archive set. Archive sets cannot be deleted with the purge and overwrite options until they have exceeded their retention periods. (For details, see "Purge" on page 204 and "Overwrite" on page 206.) However, if you prepare media that contains existing archive sets, they are deleted regardless of retention settings. For details about preparing media, see "Preparing archive media" on page 254. Retention settings for archive sets are impacted by backup groups (see "Backup groups" on page 145). Backup groups can be archived across multiple sets, and because backups must be restored as a group, the archived backup with the latest retention date determines the retention date for all sets containing backups belonging to the group. For example, if a set containing a full backup has a later retention date than the sets containing the differentials in the group, the retention setting for the set containing the full backup is applied to the sets containing the differentials. For more details, see "Purge" on page 204. You can view retention settings using the procedure described in . The figure below illustrates how retention settings display in the Administrator Interface of the Unitrends appliance. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 204 How archiving uses available space on media An archive job for which purge or overwrite has not been selected uses the available space on archive media and then fails when no more space is available. The resulting archive set contains a subset of the desired backups, and it is possible that these backups can be restored. Because the archiving feature appends backups to the media, a larger set of backups can be maintained on the media. However, you should develop a plan for rotating the media on a regular basis to reduce the risk of data loss. An archive job for which purge or overwrite has been selected fails if purging or overwrite cannot create adequate space for the job. No backups are written to the media and any existing sets are not impacted by the job. For details about the purge and overwrite options, see "Purge" and "Overwrite" on page 206. Purge If there is no space available on the media, the purge option deletes archive sets that have exceeded their retention settings to create space for new sets. The recommended setting for retention is the interval between full backups. Sets that are still within their retention period are not purged, and nothing is purged if enough space is available for the new archive set. Jobs for which purge is selected fail if there is inadequate space and nothing can be purged or if purging cannot create enough space on the media. Once archives have been purged from the media, they can no longer be retrieved. Note: Purge is not supported for tape archiving. For more details about how purge works with retention settings, see the following topics: • "Purging an archive set that has exceeded its retention period" on page 205 Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 205 • • "Failed attempt to purge archive sets with current retention" on page 205 "Impact of a backup group on archive retention settings" on page 206 Purging an archive set that has exceeded its retention period The figure below illustrates how the purge option works. The archive media has a capacity of 110 GB, all of which is occupied by Archive Sets 1 and 2. The purge option has been selected for the current archive job. This job will write Set 3 to the media. Because no space is available on the media and Set 1 has exceeded its retention period, Set 1 is purged to make room for Set 3. Failed attempt to purge archive sets with current retention The figure below illustrates a failed attempt to purge archive sets with current retention. The archive media has a capacity of 110 GB, all of which is occupied by Archive Sets 1 and 2. The purge option has been selected for the current archive job, which will attempt to write Set 3 to the media. No space is available, but neither of the sets can be purged because both have current retention. The archive job fails with no impact to existing sets on the media. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 206 Impact of a backup group on archive retention settings The archived backup with the latest retention date determines the retention date for all sets containing backups belonging to the group. For example, if a set containing a full backup has a later retention date than the sets containing the differentials in the group, the retention setting for the set containing the full backup is applied to the sets containing the differentials. Archive sets containing the differentials cannot be purged until the retention period for the set containing the full backup has expired. For information on backup groups, see "Backup groups" on page 145. The figure below illustrates the impact of a backup group on retention settings. Sets 2 and 3 have exceeded their retention. However, these sets cannot be purged. They contain backups belonging to the group associated with the full backup in Set 1. This set has not exceeded its retention. The archive job fails with no impact on the sets currently stored on the archive media. Overwrite If all sets on the media have exceeded their retention, the overwrite option deletes them and replaces them with the new archive sets. Unlike purge, overwrite deletes the existing sets even if Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 207 there is enough space on the media for the new sets. Jobs with overwrite selected fail if either of the following is true: • • Any of the existing sets are still within the retention period. Overwriting the existing sets would not create enough space for the job. See the following topics for more details about how the overwrite option works: • • "Successful archive job using the overwrite option" on page 207 "Failed archive job using the overwrite option" on page 207 Successful archive job using the overwrite option The figure below illustrates a successful archive job using the overwrite option. The archive media has a capacity of 200 GB, and only 110 GB are occupied by Sets 1 and 2. The current job is writing Set 3 to the media. Set 3 is 40 GB, so there is enough space on the media for the current job without deleting Sets 1 and 2. However, because overwrite has been selected for the job, all existing sets on the media are deleted when Set 3 is written. Unlike the purge option, the overwrite option deletes archive sets even when enough space is available for the current job. Failed archive job using the overwrite option The figure below illustrates a failed attempt to run an archive job with the overwrite option. The archive media has a capacity of 200 GB, and only 110 GB are occupied by Sets 1 and 2. The current job is writing Set 3 to the media. Set 3 is 40 GB, so there is enough space on the media for the current job without deleting Sets 1 and 2. However, the job fails because overwrite has been selected and Set 2 has not exceeded its retention period. There is no impact on the archive media. A job with overwrite selected succeeds only if all sets in the media have exceeded their retention periods. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 208 Purge and overwrite comparison See the following table for a side-by-side comparison of the purge and overwrite options. For more details, see "Purge" on page 204 and "Overwrite" on page 206. Purge Overwrite • If no space is available on the media, purge deletes archive sets that have exceeded their retention settings to create space for new sets. • If all sets on the media have exceeded their retention, overwrite deletes them and replaces them with the new sets. • Individual sets are purged only if their retention period has expired. • All sets on the media are overwritten only if all have exceeded their retention settings. • Sets are purged only if there is not enough space on the media for the archive job. • All sets are overwritten regardless of available space. • Sets are purged until there is enough space to complete the job. • Job fails and nothing is written to the media if purge cannot create adequate space for the entire job. • Job fails and nothing is written to the media if overwrite cannot create adequate space for the entire job. • Not supported for tape. • Supported for all media. Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 209 Creating space on archive media If you need to create space on your archive media, use one or more of the options described in the table below to decrease your storage footprint. For recommendations for limiting the amount of space you are using on cloud archive storage, see "Reducing your storage footprint on the cloud" on page 233. For more about managing space on your archive media, see "Managing space on archive media" on page 202. Option Description Purge sets Purging deletes sets with expired retention to create enough space for the current job. This option creates only enough space to complete the current job. For details, see "Purge" on page 204. Overwrite sets Overwrite deletes all sets on the media and replaces them with the sets in the current job. Overwrite occurs only if all sets on the media have exceeded their retention settings. For details, see "Overwrite" on page 206. Delete all sets using the Prepare option Preparing media deletes all sets regardless of retention settings. For instructions, see "Preparing archive media" on page 254. Additional archiving considerations Note the following additional considerations when archiving data: Archiving consideration Details Backup must be successful or completed with warnings Successful (green) backups and backups that ran with warnings (yellow) are eligible for archiving. Failed (red) backups are not archived. Archive set selection must be correct You must select at least one client and backup type or one local directory to create an archive set. Storage space To archive backups successfully, the media must have adequate storage space. Note: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Navigation groups do not display in the Clients to Archive list. If you wish to archive based on a navigation group, select the group in the Navigation pane to display only the clients in the selected group. Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 210 Archiving consideration Details Space considerations and the Purge and Overwrite options An archive job for which purge or overwrite has been selected fails if purging or overwriting cannot create adequate space for the job. When archiving without the overwrite or purge option and adequate space is not available, archives are appended to any existing archive sets until the media is full. For details, see "How archiving uses available space on media" on page 204. System metadata included in the archive Unitrends system metadata is archived in each set. In the event of a system failure, you can use this archived metadata to restore the Unitrends system configuration, schedules, and other settings. (You see System Metadata File listed under sets for backups and archives.) Note: On tape archiving - Disaster recovery from tape archive is not supported. File-level incrementals are not directly archived For each client in an archive schedule, incrementals are synthesized into a differential. This synthesis only occurs for clients that are in an archive schedule. Synthesis does not run for on-demand archives, although on-demand jobs do contain synthetic differentials if the incremental/differential backup type is selected. Only one copy of a backup can exist on the archive media. If you attempt to archive a backup that has already been written to the media, it is not written to the media but other backups in the job are archived. The original backup remains intact with the original archive date. Reserved directories To ensure a successful archive, make sure that the following directory is available: /mnt. Archive media types Unitrends supports archiving to disk, tape, external storage, and cloud storage. For considerations specific to each media type, see the applicable archiving chapters. Not all media types are supported for all Unitrends appliances. To determine which media your appliance supports, see the applicable document in the following list: • • UEB appliances: Unitrends Enterprise Backup Datasheet Recovery-Series appliances: Recovery-Series Appliance Family Data Sheet See the following topics for an introduction to the different archive media types: • • • • "Archiving to disk devices" on page 211 "Archiving to tape devices" on page 211 "Archiving to network storage devices" on page 211 "Archiving to cloud storage" on page 212 Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 211 Note: You cannot archive to optical media (CD or DVD), but you can archive to a hard disk and then convert it to optical media. Archiving to disk devices See the following topics for details about supported disk archiving devices: • • "Disk archiving unit" on page 211 "eSATA or USB device" on page 211 For more details about the supported disk devices and instructions for setting up archiving to disk, see "Archiving to Disk" on page 215. Disk archiving unit The disk archiving unit, formerly known as the RXDA or recovery archive unit, is based on four eSATA-connected drives in a single enclosure. The disk archiving unit can be used with UEB on VMware and Unitrends Recovery-Series appliances. For a list of all supported appliances, see the documents listed under "Archive media types" on page 210. Features of the disk archiving unit include: • • Support for 3.5” SATA hard disk drives, up to 4TB Support for eSATA transfer speed up to 3Gbps eSATA or USB device External docking units may be used to provide archiving capability for select Unitrends systems. A single disk is inserted into the docking unit and the docking unit is connected to the system using an eSATA or USB cable. Features of external docking units include: • • • • • Support for 3.5” SATA hard disk drives, up to 4TB Hot-swap capability for rapid multi HDDs access and exchange Support for eSATA transfer speeds up to 3Gbps Compact docking station design maximizes heat dissipation and exhaust The docking unit uses a 12V DC power adapter Archiving to tape devices The archiving feature supports tape drives and autoloader systems (D2D2T). Because various tape drives and autoloaders behave in different ways, the Unitrends appliance is designed with configuration options that maintain compatibility across a range of products. Unitrends supports D2D2T archiving to tape from select Unitrends Recovery-Series appliances. For supported Recovery-Series appliances, see the Recovery-Series Appliance Family Data Sheet. For instructions on setting up tape archiving, see the chapter "Archiving to Tape" on page 235. Archiving to network storage devices You can archive to the following storage devices with select Unitrends appliances: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 212 • • Storage Area Network (SAN) Network Applied Storage (NAS) For a list of appliances that support archiving to external storage devices, see the documents listed under "Archive media types" on page 210. For instructions on archiving to these devices, see the chapter "Archiving to Network Storage" on page 221. Archiving to cloud storage Archiving to cloud storage with Unitrends CloudHook™ is supported for 64-bit appliances running release 7.5 or higher. Archiving to the cloud offers the following: • Archiving of Unitrends backups to the large amounts of storage space available through Amazon S3, Google Cloud Storage, and Rackspace Cloud File. • • Availability of your data through redundant cloud storage. • In-flight deduplication. Freedom from managing physical archive media. For details and instructions on setting up cloud archiving, see "Archiving to the Cloud" on page 223. Archive restore When you perform an archive restore, the archived data is restored to the backup system as a regular backup. After you restore an archive to the backup system, you can restore it to the client in the same manner used to restore other backups. For instructions, see "Restoring from archives" on page 272. The figure below illustrates the archive restore process. For the first step, you must restore the backup or individual files from the archive media to a Unitrends appliance to which the archive device is connected. You can then restore the backup or files to a client that is registered to the appliance. Disaster recovery with archived data You can use archived data to perform bare metal recovery of clients and to perform disaster recovery of a Unitrends appliance. Bare metal recovery from archived data To perform bare metal recovery using archived data, you must first restore the necessary bare metal or file-level backups to a Unitrends appliance. You can then use these backups to perform the Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 213 recovery. For details about bare metal recovery, see "Bare Metal Protection Overview" on page 749. Disaster recovery from archived data System metadata for the Unitrends appliance is written to archive media during each archive job, and this data can be used for disaster recovery of the appliance. For instructions, see "System restore from archive" on page 407. Note: Disaster recovery from tape archive is not supported. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 214 Legacy Recovery-Series and UEB Administrator's Guide Chapter 7: Archiving Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 215 Chapter 8: Archiving to Disk This chapter discusses considerations specific to archiving to disk and provides instructions for setting up disk archiving. Before performing the procedures described in this chapter, it is recommended that you read "Archiving Overview" on page 201, which explains how archiving works and discusses concepts referenced throughout this chapter. The procedures in this chapter are specific to disk archiving. For procedures common to all archive media, such as viewing archives and managing archive schedules, see "Archiving Procedures" on page 253. The following topics are covered in this chapter: • • • "About archiving to disk" on page 215 "Steps for setting up archiving to disk" on page 218 "Managing disk archive media" on page 218 About archiving to disk When archiving to a single disk you can use the disk archiving unit (by placing only one disc in the unit, and leaving the other slots empty) or by using a USB or eSATA device. You can archive to multiple disks using the disk archiving unit. For details, see "Disk archiving unit" on page 215. See the following topics for additional disk archiving information: • • "Disk archiving unit" on page 215 "eSATA or USB device" on page 218 Disk archiving unit The disk archiving unit, formerly known as the RXDA or recovery archive unit, is based on four eSATA-connected drives in a single enclosure. The disk archiving unit can be used with UEB on VMware and the Unitrends physical appliance. See the following for more information about the disk archiving unit: • • • • "Benefits of using the disk archiving unit" on page 215 "Restrictions and limitations of the disk archiving unit" on page 216 "Connecting UEB on VMware to the disk archiving unit" on page 216 "Connecting a Unitrends physical appliance to the disk archiving unit" on page 217 Benefits of using the disk archiving unit Benefits of the disk archiving unit for a physical appliance include: • • Support for 3.5” SATA hard disk drives, up to 4TB Support for eSATA transfer speed up to 3Gbps 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 8: Archiving to Disk 216 Restrictions and limitations of the disk archiving unit While the disk archiving solution for a physical appliance offers many benefits, the following restrictions and limitations apply: • All drives within the disk archiving unit that are attached to a single system must have equal capacity. Drives may be of varying capacity if they are attached to different systems. • All drives within the disk archiving unit that are attached to a single system are treated as one logical volume. Data is written across all drives in the logical volume. Once you archive to a logical volume, these drives must be treated as a single entity. WARNING! Removing a drive from the logical volume corrupts archived data. • Data that has been archived on 3Ware cannot be restored via the disk archiving unit. WARNING! Be sure to unmount the disk archiving unit before detaching it from the backup system or before powering it off while attached to the system. Failure to unmount the unit properly may result in data corruption. Connecting UEB on VMware to the disk archiving unit UEB on VMware archiving uses the SAS Controller 9211-4i, along with an external SAS bracket. You must purchase these parts to connect the disk archiving unit. For details on procuring these parts, see KB 3332. This section provides instructions for creating the ESXi passthrough for the disk archiving unit. Note: 1 Log onto the ESXi server through vSphere: • • 2 You can only connect one virtual machine to a passthrough at a time. Go to VMware, open the vSphere client, and connect to your host. On the Login window, enter the IP address / Name, User name, and Password, then click Login. Configure the device for the passthrough: • • Click on the appropriate device from the list at the bottom of the window. • Click Configure Passthrough… in the top right corner. You see the Mark devices for passthrough window. • Check the box associated with the device (the LSI 2004 box) and click OK. You see a message to restart your computer. Select Advanced Settings in the Hardware column. The Passthrough Configuration window lists all available passthrough devices. If there is another controller that uses the same LSI chip set, you may see more than one in the list and you must determine the appropriate one to select. For more information, go to the VMware Knowledgebase. WARNING! Be sure to select the appropriate device or you could lose access to the ESXi server. 3 Restart your computer: • Shut down all virtual machines before you restart. Legacy Recovery-Series and UEB Administrator's Guide Chapter 8: Archiving to Disk 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 217 4 • Right-click the Host IP in the upper left part of the window and select Enter Maintenance Mode. You see a message to confirm the maintenance mode. • • Click Yes to confirm maintenance mode. Verify the passthrough: • • • 5 Use your normal process to reboot. Log back into vSphere. Click the Configuration tab. Click Advanced Settings under the Hardware column. Your device is listed in the main portion of the window. Add the passthrough device to the virtual machine: • • Power down the virtual machine. • • • Click Add. You see the Add Hardware window. • Click Finish to complete the passthrough. You see a list of all devices on the Virtual Machine Properties window, including the device you added for the passthrough, such as “New PCI Device (adding).” • Click OK. Right click on the virtual machine and click Edit Settings. You see the Virtual Machine Properties window. Click on PCI Device in the selection window and click Next. Select the device from the drop-down list to specify the physical PCI/PCIe device for connection. A new window displays the device. 6 Reboot the virtual machine. Once complete, you are ready to archive. 7 View the device in Unitrends: • • Log in to Unitrends. Go to Archive > Media. The device you added is listed under Archive Media. See "To view connected media" on page 268 for more information. Connecting a Unitrends physical appliance to the disk archiving unit The disk archiving unit has four eSATA ports that correspond to the four archive drive slots. To connect to the Unitrends physical appliance, the unit may be attached to a single backup system or to multiple systems simultaneously. This configuration allows archiving to occur from one or more systems. The disk archiving unit is attached to a backup system using an eSATA cable. If your backup appliance has a multi-port NIC(s), you can attach more than one archive drive to that appliance using multiple eSATA cables. Note that if you attach multiple drives to one Unitrends appliance, the backup system treats all attached archive drives as one logical volume, writing data across the entire set. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 8: Archiving to Disk 218 eSATA or USB device External docking units may be used to provide archiving capability for select Unitrends systems. A single disk device is inserted into the docking unit and the docking unit is connected to the system using an eSATA or USB cable. Features include: • • • • • Supports 3.5” SATA hard disk drives, up to 4TB Hot-swap capability for rapid multi HDDs access and exchange Supports eSATA transfer speed up to 3Gbps Compact docking station design maximizes heat dissipation and exhaust The docking unit uses a 12V DC power adapter Note: You can use USB drives on VMware UEB systems (see KB 3257 for details). You can use eSATA on all other systems and VMware UEB systems. Additional considerations for USB devices Unitrends supports a variety of 2.0-compliant USB docking units. Note the following when archiving to a USB device: • • • The usable size of a given drive varies by disk size and dock type. For disks up to 2 TB, usable size is equal to actual disk size regardless of the dock type. For disks larger than 2 TB, usable size may not match the actual disk size. For details by dock type, see KB 3257. Steps for setting up archiving to disk Follow the steps described here to set up disk archiving: Step 1: Review the considerations for archiving with the "Disk archiving unit" on page 215 or a "eSATA or USB device" on page 218. Step 2: Develop a strategy for managing the space on your disks. For details, see "Managing space on archive media" on page 202. Step 3: Connect the disk archiving device to the Unitrends appliance from which you would like to archive. For details, see the instructions you received with the device. For additional information about connecting the disk archiving unit, see "Disk archiving unit" on page 215. Step 4: Prepare archive drives. For details, see "Preparing archive media" on page 254. Step 5: Run archives using the procedures described in "Executing archive jobs" on page 256. Managing disk archive media These procedures assume that the archive device has been properly installed and is attached to the backup system so that the media is accessible for archiving. Once this is done, you can use the archive media subsystem to perform the following: • "To add a drive to a multi-drive system" on page 219 Legacy Recovery-Series and UEB Administrator's Guide Chapter 8: Archiving to Disk 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 219 • "Removing archive drives for off-site storage" on page 219 To add a drive to a multi-drive system For multi-drive systems, archives are written across all available drives. It is important to keep this in mind when defining your archive strategy. If your archive set grows and you need to use additional drives, do one of the following: • Add one or more new drives to the existing set and prepare them as described in "Preparing archive media" on page 254. Preparing the drives creates a new logical volume but purges all data from the original drives. For example, you had been archiving to two drives. You add a third drive and prepare it. Subsequent archives are written across all three drives, but older archives that had been stored on the original two drives were deleted during the prepare operation. • Remove existing drives to retain archived data, then insert a new set of drives and prepare. For details, see "Removing archive drives for off-site storage" on page 219 and "Preparing archive media" on page 254. Removing archive drives for off-site storage Use the procedures described in this section to remove drives for off-site storage. Before removing a drive, you must unmount it. See the following topics for instructions: • • "To unmount an archive drive" on page 219 "To remove archive drives for off-site storage" on page 219 To unmount an archive drive An archive must be unmounted before it is removed from an appliance for offsite storage. 1 Select Archive > Media. Connected media display in the Archive Media area. 2 Select the desired drive. 3 Click Unmount at the bottom of the screen. The color of the disk icon changes to red to indicate that the drive is no longer mounted. To remove archive drives for off-site storage For multi-drive systems, archives are striped across all drives in the set, so be sure to store them together as all drives are needed to restore any archived data. 1 Verify that media is not mounted. See "To unmount an archive drive" on page 219 for details. WARNING! Pulling mounted drives can result in data loss and corruption. 2 Pull the drive and be sure it is labeled for easy identification. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 8: Archiving to Disk 220 Legacy Recovery-Series and UEB Administrator's Guide Chapter 8: Archiving to Disk 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 221 Chapter 9: Archiving to Network Storage This chapter describes how network storage can be used for archiving. Before setting up archiving to network storage, it is recommended that you read "Archiving Overview" on page 201. For details about archiving procedures, such as executing archive jobs and restoring archive sets, see "Archiving Procedures" on page 253. Archiving to network storage is supported for Unitrends Recovery-Series and UEB appliances that have been licensed for advanced archiving. The following devices are supported: • A CIFS or NFS-configured Network Attached Storage (NAS) share • • • A Storage Area Network (SAN) iSCSI LUN An added virtual disk (UEB systems only) Cloud storage using Unitrends CloudHook™ Note: Setting up archiving to the cloud is different from setting up archiving to other network archive storage media. For instructions and special considerations, see the chapter "Archiving to the Cloud" on page 223. Limitations of archiving to network storage Note the following limitations when archiving to network storage: • For archive to CIFS/NFS NAS, the backup system must be licensed with the advanced archiving (ADX) feature. Check for ADX in the license string under Settings > System, Updates, and Licensing > License. • For archive to CIFS/NFS NAS, each backup system must archive to a separate NAS share. Having more than one backup system archiving to a given NAS share is likely to cause data corruption. • For archive to iSCSI LUN, each backup system must archive to a separate LUN. Having more than one backup system archiving to a given iSCSI LUN is likely to cause data corruption. • For archive to iSCSI LUN, it is recommended to not resize the LUN after it has been added to the backup system as the new size cannot be detected by the backup appliance. • • • Archiving encrypted backups to ‘dumb’ storage is not supported. Archiving to added virtual disk is supported for UEB systems only. For details about archiving to cloud storage, see the chapter "Archiving to the Cloud" on page 223. Steps for archiving to network storage This section provides an overview of the steps you must complete to configure a Unitrends appliance for archiving to network storage. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 9: Archiving to Network Storage 222 Note: Setting up archiving to the cloud is different from setting up archiving to other network archive storage media. The steps listed here do not include all the steps necessary for archiving to the cloud. For instructions and special considerations, see the chapter "Archiving to the Cloud" on page 223. Step 1: Review the "Limitations of archiving to network storage" on page 221. Step 2: Develop a strategy for managing the space on your network storage. For details, see "Managing space on archive media" on page 202. Step 3: Add the archive storage device to the Unitrends appliance as described in "Adding archive storage" on page 109. Step 4: Run archives using the procedures described in "Executing archive jobs" on page 256. Legacy Recovery-Series and UEB Administrator's Guide Chapter 9: Archiving to Network Storage 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 223 Chapter 10: Archiving to the Cloud With the Unitrends CloudHook™ feature, you can archive your backups to cloud storage managed by a service provider. CloudHook provides all the benefits of Unitrends archiving while also freeing you from the burden of managing the physical archive media. This chapter discusses prerequisites and considerations for archiving to the cloud and provides instructions on using the CloudHook feature. Before setting up archiving to the cloud, it is recommended that you read "Archiving Overview" on page 201. Note: This chapter describes procedures specific to cloud archiving. For procedures common to all archive media, such as viewing archives and managing archive schedules, see "Archiving Procedures" on page 253. See the following topics for details about archiving to the cloud: • • • • • • • • • "About archiving to the cloud" on page 223 "Steps for archiving to the cloud" on page 226 "Creating a cloud storage account" on page 227 "Adding cloud archive storage to the Unitrends appliance" on page 229 "Archiving backups to the cloud" on page 231 "Managing cloud archive storage" on page 231 "Removing cloud archive sets" on page 232 "Reducing your storage footprint on the cloud" on page 233 "Restoring from cloud archives" on page 233 About archiving to the cloud With the Unitrends CloudHook™ feature, you can archive your backups to cloud storage managed by a service provider. When a cloud storage bucket or container is added to a Unitrends appliance, the appliance creates an S3QL file system on it and recognizes the storage bucket as external NAS storage to which it can archive local or replicated backups. Once backups are archived to the cloud, you can restore them to any Unitrends appliance that supports CloudHook. This feature simplifies the archiving process by eliminating the need for you to manage archive media in an offsite location and then retrieve it if you need to restore the archived data. Unitrends CloudHook offers the following: • Archiving of Unitrends backups to the large amounts of storage space available through Amazon S3, Google Cloud Storage, and Rackspace Cloud Files. • • • Availability of your data through redundant cloud storage. Freedom from managing physical archive media. Increased retention options helping you to satisfy internal policies and industry regulations. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 10: Archiving to the Cloud 224 • • In-flight deduplication. Configurable encryption and compression options. For more information, see: • • "Prerequisites and considerations for archiving to the cloud" on page 224 "Managing the amount of data you archive to the cloud" on page 225 Prerequisites and considerations for archiving to the cloud Review the following before setting up cloud archiving: • The backup system must be licensed with the advanced archiving (ADX) feature. Check for ADX in the license string under Settings > System, Updates, and Licensing > License. • CloudHook is supported on 64-bit Recovery-Series and UEB appliances running software version 7.5 or higher. It is not supported on 32-bit appliances. • • Local and replicated backups can be archived to the cloud. • For bucket and container names only the following characters are supported: upper and lowercase letters, numbers, dots, and dashes. Buckets and containers with names containing other characters cannot be added to a Unitrends appliance. • For Amazon S3 and Google Storage, you can use existing buckets and containers that follow the supported naming conventions identified above. However, we recommend that you create unique folders for your Unitrends data. • For Rack Space Cloud files, we recommend that you create new containers to use with the CloudHook feature. • Accounting and billing management for your cloud storage occur between you and the storage provider. You cannot manage your cloud storage account from the Administrator Interface of your Unitrends appliance, and Unitrends cannot answer questions about this account. You must contact your provider with any questions you have about your cloud storage account. • It is extremely important that you understand the amount of data you are archiving and the related charges from your cloud storage provider. To manage the amount of space you are using in cloud storage, you should develop a retention and purge strategy. See "Managing the amount of data you archive to the cloud" on page 225 for more information. For options for decreasing the amount of cloud storage you are using, see "Reducing your storage footprint on the cloud" on page 233. • A cloud storage bucket or container can receive backups from only one Unitrends appliance. Be sure to create a storage bucket or container for each appliance whose backups you want to archive to the cloud. It is recommended that you give each bucket or container a name that associates it with a particular appliance for easier management of your cloud storage. • For the restore, the cloud archive storage can be attached to any appliance that supports CloudHook. You do not have to restore to the original appliance. However, you must remove To use the CloudHook feature, you must have an account with one of the following cloud storage providers: Amazon S3, Google Cloud Storage, or Rackspace Cloud Files. For details about creating an account and purchasing storage, see "Creating a cloud storage account" on page 227. Legacy Recovery-Series and UEB Administrator's Guide Chapter 10: Archiving to the Cloud 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 225 the archive storage from the original appliance before mounting it to a different appliance for the restore. For instructions, see "Managing cloud archive storage" on page 231. • Archiving to the cloud does not require any special network configurations. Before archiving to the cloud, you only need to add cloud archive storage. For details, see "Adding cloud archive storage to the Unitrends appliance" on page 229. • Archiving to the cloud is slower than archiving across local LANs. Actual speed depends on a number of factors, including memory and network bandwidth. We recommend that you test a small archive to determine the speed prior to sending larger archives to the cloud. • • • Amazon S3’s Reduced Redundancy Storage (RRS) option is not supported. Seeding to cloud storage is not supported. Using cloud archives for disaster recovery is not recommended because of bandwidth limitations. Managing the amount of data you archive to the cloud Because cloud storage providers charge based on the amount of storage you use, it is extremely important that you monitor the amount of data that your Unitrends appliance archives to the cloud. When adding cloud archive storage to the appliance, you can specify a purging threshold to set the maximum amount of space for the archiving feature to use in the cloud storage bucket. (For instructions, see "Adding cloud archive storage to the Unitrends appliance" on page 229.) The figure below shows the box that displays when you add archive storage. The box next to Specify Purging Threshold is checked, and the purging threshold has been specified as 800GB. In the example above, an archive job that would cause the cloud storage space used to exceed 800GB fails to run unless Overwrite or Purge is selected for the job. You can use the overwrite and purge settings to delete archive sets to free space for new jobs. Overwrite deletes all data currently residing on the archive storage and replaces it with the new archive set. Purge deletes only enough sets to create sufficient space for the new job to be archived without exceeding the specified purging threshold. Sets cannot be deleted unless they have exceeded their retention periods. For details about the overwrite and purge settings, see "Managing space on archive media" on page 202. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 10: Archiving to the Cloud 226 There are instances, however, when your archiving jobs can use slightly more storage space than the limit you have specified as the purging threshold. When you initiate an archive job, the appliance estimates the amount of space needed for the job, and certain factors can cause it to underestimate. To avoid unexpected charges from your cloud storage provider, it is highly recommended that you develop a policy for managing the amount of data that you archive to the cloud. You can monitor the amount of data in your cloud storage by selecting Settings > Storage and Retention > Storage in the Unitrends Administrator Interface. See the figure below for an example of how cloud storage displays in the Administrator Interface. You can manage the amount of data on your cloud storage using retention settings and the archive purge and overwrite features. For details, see "Managing space on archive media" on page 202. Steps for archiving to the cloud This section contains an overview of the steps used to set up cloud archiving. See the procedures referenced in each step for details. If you already have an account with a cloud service provider, you can skip the second step. Step 1: Review the "Prerequisites and considerations for archiving to the cloud" on page 224. Step 2: Create a cloud storage account. For details, see "Creating a cloud storage account" on page 227. Step 3: Develop a policy for managing the amount of data you archive to the cloud. For details, see "Managing the amount of data you archive to the cloud" on page 225. Legacy Recovery-Series and UEB Administrator's Guide Chapter 10: Archiving to the Cloud 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 227 Step 4: Add cloud archive storage. For instructions, see "Adding cloud archive storage to the Unitrends appliance" on page 229. Step 5: Archive backups to the cloud. For details, see "Archiving backups to the cloud" on page 231. Creating a cloud storage account Before you can begin archiving to the cloud, you must create an account with one of the following cloud storage providers: • • • Amazon S3 Google Cloud Storage Rackspace Cloud Files Considerations for creating a storage account and buckets or containers • For bucket and container names only the following characters are supported: upper and lowercase letters, numbers, dots, and dashes. Buckets and containers with names containing other characters cannot be added to a Unitrends appliance. Additional storage provider character restrictions may apply. • For Amazon S3 and Google Storage, you can use existing buckets and containers that follow the supported naming conventions identified above. However, we recommend that you create unique folders for your Unitrends data. • For Rack Space Cloud files, we recommend that you create new containers to use with the CloudHook feature. • A bucket or container can receive backups from only one Unitrends appliance. Be sure to create a storage bucket for each appliance whose backups you want to archive to the cloud. It is recommended that you give each bucket or container a name that associates it with a particular appliance for easy management of your cloud storage. • Some storage providers allow you to create folders within buckets, and when you add storage from these providers to a Unitrends appliance, you can add the bucket or specify a path to a folder. • The credentials for accessing the buckets or containers are not the same as the username and password used to access your storage provider account. For more details about these credentials, see the section on your storage provider below. • After creating an account and storage containers, you can add cloud archive storage to a Unitrends appliance. (For instructions, see "Adding cloud archive storage to the Unitrends appliance" on page 229). You can manage your cloud storage account only through the provider. You cannot manage this account through the Unitrends appliance. • Any questions about your cloud storage account should be directed to your cloud storage provider. Unitrends cannot answer questions about billing, credentials, or any other aspects of your cloud storage account. See the following topics for information about creating accounts with the different storage providers: • "Creating an Amazon storage account" on page 228 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 10: Archiving to the Cloud 228 • • "Creating a Google storage account" on page 228 "Creating a Rackspace storage account" on page 228 Creating an Amazon storage account Cre a tin g a n Ama z o n s to ra g e a c c o u n t Amazon S3 is the online storage service offered by Amazon Web Services (AWS). To use Amazon S3, you must sign up for an AWS account. For details about Amazon S3 and instructions for creating an AWS account, see Amazon’s documentation at http://aws.amazon.com/s3/. Note: Amazon’s Reduced Redundancy Storage (RRS) option is not supported. After creating an account and storage buckets, you must enter the following storage bucket credentials when adding the cloud storage to your Unitrends appliance: • Access Key ID • Secret Access Key These credentials are different from the username and password used to access your Amazon storage account. You can view the credentials here: https://awsportal.amazon.com/gp/aws/developer/account/index.html?ie=UTF8&action=access-key. If you cannot locate your credentials, contact your storage provider. Unitrends does not have access to this information. For instruction on adding cloud storage, see "Adding cloud archive storage to the Unitrends appliance" on page 229. Creating a Google storage account Cre a tin g a Go o g le s to ra g e a c c o u n t Google Cloud Storage is an online storage service offered by Google. For details about Google Cloud Storage and instructions for creating an account, see Google’s documentation at https://developers.google.com/storage/docs/overview. After creating an account and storage buckets, you must enter the following storage bucket credentials when adding the cloud storage to your Unitrends appliance: • • Access Key Secret These credentials are different from the username and password used to access your Google storage account. You can locate your credentials using the Google Storage key management tool, which you can access from the legacy API menu titled “Interoperable Storage Access Keys.” See https://code.google.com/apis/console/#:storage:legacy. If you cannot locate your credentials, contact your storage provider. Unitrends does not have access to this information. For instruction on adding cloud storage, see "Adding cloud archive storage to the Unitrends appliance" on page 229. Creating a Rackspace storage account Cre a tin g a Ra c k s p a c e s to ra g e a c c o u n t Rackspace is a cloud storage provider that uses the OpenStack platform. CloudHook supports Rackspace Cloud Files storage. For details about Rackspace Cloud Files and instructions on creating an account, see Rackspace’s documentation at www.rackspace.com/cloud/files/. Legacy Recovery-Series and UEB Administrator's Guide Chapter 10: Archiving to the Cloud 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 229 After creating an account and storage containers, you must enter the following storage container credentials when adding the cloud storage to your Unitrends appliance: • • Username API Key You can locate your API key using the account navigation menu. If you cannot locate your credentials, contact your storage provider. Unitrends does not have access to this information. For instruction on adding cloud storage, see "Adding cloud archive storage to the Unitrends appliance" on page 229. Adding cloud archive storage to the Unitrends appliance You can add cloud archive storage to the Unitrends appliance after creating an account with a cloud storage provider (for instructions, see "Creating a cloud storage account" on page 227) and creating storage buckets or containers. However, before adding cloud archive storage, it is recommended that you create a policy for managing the amount of data you archive to the cloud. For details, see "Managing the amount of data you archive to the cloud" on page 225. You must enter the following account information when adding cloud storage to the appliance: • Credentials for the storage bucket or container that you are adding to the appliance Note: • • These are the credentials you use to access the particular bucket or container that you are adding to the appliance. These credentials are not the same as the username and password that you use to log in to your storage provider account. If you do not know these credentials, you must contact the storage provider. Unitrends does not have access to this information. Name of the storage provider Name of the bucket or container that you are adding to the appliance To add cloud storage to the Unitrends appliance Note: A cloud storage bucket can receive backups from only one Unitrends appliance. 1 In the Unitrends appliance, select Settings > Storage and Retention > Storage. 2 Click Add Archive Storage in the lower part of the screen. The Add Archiving Storage window displays. 3 Enter a Storage Name. This does not have to match the name you have assigned to the bucket or container in your storage provider account. 4 Select Cloud in the drop-down menu under Type. 5 Select the name of your provider from the Storage Provider drop-down menu. 6 Enter the following credentials depending on your storage provider: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 10: Archiving to the Cloud 230 Provider Credentials Amazon Access Key ID Secret Access Key Google Access Key Secret Rackspace Username API Key Note: 7 Enter a storage path for your bucket or container. For Amazon and Google, you have the option to enter a folder name (Rackspace does not support folders). The table below provides details. Note: 8 Be sure to enter the credentials you use to access the particular bucket or container that you are adding to the appliance. These credentials are not the same as the username and password that you use to access your storage provider account. When using folders for Amazon and Google, they appear in the cloud provider menu as a filename prefix only, unless you specify the folder with a trailing '/' (e.g. mybucket/myfolder/). Then the data block files will appear in the cloud provider web menu underneath the folder. Provider Storage Path Amazon /() Google /() Rackspace auth.api.rackspacecloud.com/ Check the box next to Specify Purging Threshold and enter a number in GB to specify a maximum size limit for your cloud archive storage. If you do not specify a purging threshold, there is no limit on the amount of data that the appliance can archive to the cloud and your service provider will bill you accordingly. IMPORTANT! To avoid unexpected charges from your cloud storage provider, it is highly recommended that you develop a policy for managing the amount of data that you archive to the cloud and specify a purging threshold. For details, see "Managing the amount of data you archive to the cloud" on page 225. 9 Click Confirm to complete the setup and connect cloud storage as an archive media option. To view the cloud storage you added, select Archive > Media. The appliance may take a minute to scan for new media and you may need to click the scan icon. 10 You are ready to begin archiving backups to the cloud. Proceed to "Archiving backups to the cloud" on page 231. Legacy Recovery-Series and UEB Administrator's Guide Chapter 10: Archiving to the Cloud 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 231 Archiving backups to the cloud After you complete the "Steps for archiving to the cloud" on page 226, you can archive your backups to the cloud following the same procedures used to archive to other media. For instructions, see "Executing archive jobs" on page 256. Managing cloud archive storage This section provides instructions for managing cloud archive storage that you have added to a Unitrends appliance (see "Adding cloud archive storage to the Unitrends appliance" on page 229). For more about managing archive media, see "Managing archive media" on page 268. For details, see the following topics: • • "To view cloud archive storage" on page 231 • "To remove cloud archive storage" on page 232 "Modifying cloud archive storage" on page 231 To view cloud archive storage To view cloud archive storage that you have added to a Unitrends appliance, use the instructions described in "Managing archive media" on page 268. Modifying cloud archive storage You can modify cloud archive storage using the procedure described below in "To modify cloud archive storage" on page 231. If necessary, you can change the bucket or container credentials, change the purging threshold, or disable the purging threshold option. Before changing the purging threshold, it is recommended that you read "About changing the purging threshold" on page 231. About changing the purging threshold You can increase or decrease the purging threshold, and the changes are applied to all subsequent jobs that write archives to the bucket or container. For instructions, see "To modify cloud archive storage" below. If you increase the threshold, your storage provider will bill you for the additional storage space you are using. If you decrease the threshold and the new setting is less than the amount of space you are currently using on the cloud storage, archive sets are not immediately deleted. Sets that have exceeded their retention period can be purged during the next archive job, and if all sets have exceeded their retention, they can be overwritten during the next job. However, if sets cannot be purged or overwritten, they will continue to reside on the cloud storage even if they occupy an amount of space that is greater than your specified purging threshold. If you want to delete these sets, regardless of their retention settings, you can delete them manually by enabling the File Remove settings and using the Remove Archive sets option. For details, see "Removing cloud archive sets" on page 232. For descriptions of options for decreasing the amount of space used on your cloud storage, see "Reducing your storage footprint on the cloud" on page 233. To modify cloud archive storage 1 Log in to the Unitrends appliance to which you have added the cloud archive storage you would like to modify. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 10: Archiving to the Cloud 232 2 Select Settings >Storage and Retention > Storage. 3 Uncheck the box under the column labeled Online? to take the storage offline. You cannot modify the storage if this box is checked. 4 Click on the row of the storage item you want to modify. You see the Modify Archiving Storage window. 5 Enter the desired changes, and click Confirm. 6 Check the box in the column labeled Online? to bring the storage back online. Note: If you do not check this box after modifying the storage, you will not be able to archive to it. To remove cloud archive storage 1 Log in to the Unitrends appliance from which you would like to remove the cloud archive storage. 2 Select Settings >Storage and Retention > Storage. 3 Click on the storage item you want to delete. You see the Modify Archiving Storage window. 4 Click Delete. Removing cloud archive sets Removing an archive set removes the set information from the Unitrends appliance, and it can be imported again at any time. Removing a set does not delete it from the archive media. For details, see "Managing archive media" on page 268. However, for sets archived to the cloud, you can enable the Remove Files setting to delete sets from the cloud storage when you remove them from the appliance. If you enable this setting, the sets are deleted from the archive media when you remove them from the appliance and these sets cannot be retrieved. When the Remove Files setting is enabled, removing sets from the appliance deletes them from the cloud storage regardless of their retention settings. For instructions on enabling or disabling the Remove Files setting, use the procedure described below. To enable or disable the Remove Files setting for cloud archives WARNING! If you enable this setting, sets are deleted from the cloud storage when you remove them from the Unitrends appliance. Sets are deleted even if they have not exceeded their retention settings. 1 In the Unitrends appliance from which you are archiving to cloud storage, select Settings > System, Updates, and Licensing > General Configuration (Advanced). 2 Select CloudHook in the Section column, and click the arrow to list the folder’s contents. 3 In the Name column, select RemoveFiles. The Modify Master Configuration Entry box displays. 4 In the Value field, enter 1 to enable the setting or 0 to disable it. 5 Click Confirm to save the setting. Legacy Recovery-Series and UEB Administrator's Guide Chapter 10: Archiving to the Cloud 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 233 Reducing your storage footprint on the cloud Because storage providers charge based on the amount of space used on cloud storage, Unitrends provides you with several options for decreasing the amount of data residing on your cloud storage. The table below describes these options. For more about managing space on your cloud archives, see "Managing the amount of data you archive to the cloud" on page 225. Option Description Decrease the purging threshold This option decreases the amount of data the Unitrends appliance can archive to the storage bucket/container. However, it does not immediately delete archive sets. To reduce your storage footprint, use this option in conjunction with the other options discussed in this table. For instructions on decreasing the purging threshold, see "Managing cloud archive storage" on page 231. Purge sets Purge deletes sets that have expired retention to create enough space for the current job without exceeding the purging threshold. This option creates only enough space to complete the current job. For details, see "Purge" on page 204. Overwrite Overwrite deletes all sets on the cloud storage and replaces them with the sets in the sets current job. Overwrite occurs only if all sets on the media have exceeded their retention settings. For details, see "Overwrite" on page 206.You can reduce your cloud storage footprint by decreasing the purging threshold, overwriting the existing data, and developing an archiving strategy based on the lower purging threshold. Delete sets manually using the Remove Sets option For cloud storage, you can enable the Remove Files setting and then use the Remove Sets option to manually delete sets. This option deletes sets regardless of their retention settings. For details, see "Removing cloud archive sets" on page 232. You can reduce your cloud storage footprint by decreasing the purging threshold, manually deleting sets, and developing an archiving strategy based on the lower purging threshold. Delete all sets using the Prepare option Preparing media deletes all sets regardless of retention settings, but the S3QL file system remains on the media. For instructions, see "Preparing archive media" on page 254. You can reduce your cloud storage footprint by decreasing the purging threshold, preparing the cloud storage media, and developing an archiving strategy based on the lower purging threshold. Restoring from cloud archives Once you have archived backups to the cloud, they are available for restore. You can view archive sets using the procedures described in "Viewing archives" on page 261. When you restore a backup from a cloud archive, it is restored to the appliance to which you have attached the cloud archive storage. You can then restore the backup or individual files to a client that is registered to the appliance. You can restore from cloud archives following the same procedure used to restore from other archive media. For instructions, see "Archive restore" on page 212 for complete details. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 10: Archiving to the Cloud 234 For the restore, the cloud archive storage can be attached to any appliance that supports CloudHook. You do not have to restore to the original appliance. However, you must remove the archive storage from the original appliance before mounting it to a different appliance for the restore. For instructions, see "To remove cloud archive storage" on page 232. Legacy Recovery-Series and UEB Administrator's Guide Chapter 10: Archiving to the Cloud 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 235 Chapter 11: Archiving to Tape The Unitrends archiving feature enables you to archive local or replicated backups to tape. This chapter discusses special considerations for archiving to tape. Before archiving to tape, it is recommended that you read the "Archiving Overview" on page 201. This chapter describes procedures specific to tape archiving. For procedures common to all archive media, such as viewing archives and managing archive schedules, see "Archiving Procedures" on page 253. See the following topics for details and instructions: • • • • • • • • "About archiving to tape" on page 235 "Steps for archiving to tape" on page 237 "Prerequisites and considerations for archiving to tape" on page 238 "Managing tape inventory" on page 239 "Scheduling strategies for tape archives" on page 244 "Archive to tape setup" on page 245 "Archiving backups to tape" on page 250 "Restoring from tape" on page 250 About archiving to tape You can archive your Unitrends backups to tape using a disk-to-disk-to-tape (D2D2T) system of your choice. Because various tape drives and autoloaders behave in different ways, the Unitrends system is designed with configuration options that maintain compatibility across a range of products. Before archiving with a D2D2T system, you must configure it for use with your Unitrends appliance. For instructions, see "Archive to tape setup" on page 245. An individual archive set can be written across multiple tapes, and when you restore from an archive, the Unitrends appliance must be able to access all tapes for a given set. To facilitate the restore process and the management of your tapes, the appliance uses as few tapes as possible when running multi-tape archive jobs. For more details about archiving to tape, see the following topics: • • • "Tape archive terminology" on page 235 "System-generated serial numbers" on page 236 "Tape barcodes" on page 237 Tape archive terminology The table below lists commonly used tape archiving terms. See the figures after the table for diagrams illustrating these terms. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 236 Term Description Autoloader A device that has an internal tape changing mechanism as well as one or more drives, which can read from and write to magnetic tape media on more than one tape. This term is also used in Unitrends documentation in reference to autoloaders and tape libraries, which are used in the same way in the Unitrends D2D2T system. Slot A numbered storage bay for a tape inside a tape autoloader/library. Tape device Either a tape drive or tape autoloader. Tape drive A device that reads from and writes to magnetic tape media. Only one tape is loaded into a drive at a time, and it takes several minutes to load each tape. Volumes Archive sets that might be contained within one tape or might span several tapes. Figures illustrating tape archive terminology In this example, the tape in slot 8 is loaded into tape drive 1. In this example, the volume (archive sets) resides on three tapes. System-generated serial numbers The system generates serial numbers to identify tapes and writes the serial number onto the tape media. However, these serial numbers are not visible to users. If your tape device does not support Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 237 barcode technology, you must manually locate tapes. Unitrends strongly recommends that you develop a labeling system for easy management of your tapes. When you label a tape, make sure to include the slot number the tape occupied when it was used for an archive job and other identifying information that will enable you to locate the tape. Tape barcodes The tape barcode features allows you to view tape information, tape locations, and select target slots when archiving. On tape devices that support barcodes, the system recognizes the barcode as soon as you insert the tape into the library. This decreases your time to locate tapes (even tapes stored offsite) and improves archiving performance. Here are more details about the barcode feature: • This feature works only with tape devices (including autoloaders) that have barcode readers and tapes that have valid barcode labels. If your tape device does not have a barcode or a standard barcode format, you can still use your tape device, but you must develop a strategy for manually locating your tapes. (See "Managing tape inventory" on page 239.) • You can view barcode and/or tape location information in several places within the Archive section of the Unitrends appliance (if the tapes have readable barcodes). See "To view the tape library and tape locations" on page 239. • • You can designate the target slot location when performing an archive. • • Unitrends supports a mixed usage of tapes for barcodes, such as LT05 and LT06. • When performing a restore, if you have moved tapes with barcodes to different slots, the system reads the barcodes and determines the correct location of the tapes. • When you insert tapes into the tape library for import, the appliance scans the barcodes and identifies the slots that the tapes are occupying. It can also put together the unordered set of tapes in the slots. (For example, tapes were in slots 1, 2, 3, and 4 during the backup, removed, then inserted into slots 8, 9, 10, and 11. The system recognizes the barcodes regardless of the slot location.) Barcode labels for tape media use Code 39 (sometimes called Code 3-of-9), which is a widely used industrial standard. There are three wide elements and six narrow elements for every nine elements. If a barcode is available, the appliance automatically utilizes it during the restore process. No special procedures are required for the appliance to use a barcode during the restore process. Steps for archiving to tape This section provides an overview of the steps you must complete to configure a Unitrends appliance for archiving to tape. Step 1: Review "Prerequisites and considerations for archiving to tape" on page 238. Step 2: Develop a strategy for managing the space on your tapes. See "Managing space on archive media" on page 202 and "Use of space on archive tapes" on page 240. Step 3: Connect your tape archiving device to the Unitrends appliance and configure it to receive data from the appliance. For instructions, see "Archive to tape setup" on page 245. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 238 Step 4: Plan your tape archiving strategy. For recommendations, see "Scheduling strategies for tape archives" on page 244. Step 5: Run archives using the procedures in "Archiving backups to tape" on page 250. Prerequisites and considerations for archiving to tape This section discusses prerequisites and considerations for archiving to tape. For details, see the following topics: • • "Tape archive prerequisites" on page 238 "Special considerations for archiving to tape" on page 238 Tape archive prerequisites Unitrends supports D2D2T archiving to tape from select Unitrends Recovery-Series appliances and UEB installable software deployments. Tape archive is not supported with UEB on Hyper-V and UEB on VMware appliances. For supported Recovery-Series systems, see the Recovery-Series Appliance Family Data Sheet. The following requirements must be met before setting up tape archiving on Recovery-Series systems: System Requirement Recovery-Series or UEB installable software appliance The appliance must be licensed with the advanced archiving (ADX) feature. Check for ADX in the license string under Settings > System, Updates, and Licensing > License. Tape device • • The tape device must be either SCSI, SAS, or Fibre Channel. • The tape or set of tapes must have adequate space to store the data being archived. If the archive does not fit, the job fails. • If using tape barcodes, your tape device must have a barcode reader and tapes must have valid barcode labels. The tape device must be configured as described in "Configuring the tape archive device in the Unitrends system" on page 246. Special considerations for archiving to tape Before running on-demand or scheduled archives, note these additional tape considerations: Tape Consideration Description Purge option The archive purge option is not supported. Compression option If the tape device is configured for hardware compression, it is recommended that you run archives without compression. Since the appliance doesn’t have to compress the data, archives run more quickly. Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 239 Tape Consideration Description Encryption option If the tape device is configured for encryption, archives are encrypted regardless of this setting. For multi-tape archives All tapes configured for the archive job are labeled as part of the archive and must be rotated as a set. All tapes must be available to restore data. See "Managing tape inventory" on page 239 for details. Tape devices with barcodes On tape devices that support barcodes, the system recognizes the barcode as soon as you insert the tape into the library. The system supports a mixed usage of tapes for barcodes. Managing tape inventory When archiving to tape, it is very important that you managing your tape inventory carefully to ensure that your tapes have enough space for your archive sets and that the Unitrends appliance will be able to access all the tapes for a given archive set if you need to restore data from it. This section provides instructions for viewing your tape library, identifies considerations for managing your tape inventory, and explains how the Unitrends appliance uses the available space on your archive tapes. For details, see the following topics: • • • • "To view the tape library and tape locations" on page 239 "Requirements and considerations for managing your tape inventory" on page 240 "Use of space on archive tapes" on page 240 "Email report for tape archives" on page 243 To view the tape library and tape locations This procedure allows you to view the current status of tapes and, if applicable, the barcodes associated with the tapes. When archiving, this view allows you to find the slot locations for the tapes and also ensures that you have space. See "Tapes with barcodes" on page 245 for more information. Note: If your tape device does not have a barcode, you must locate tapes manually. It is strongly recommended that you develop a labeling system for managing tapes that do not have barcodes. 1 Select Archive > Media. You see the connected media in the Archive Media center stage area. 2 If necessary, click re-scan for media. 3 Click the tape media line in the Archive Media center stage area. Notice that the Tape Library button at the bottom of the screen is enabled. Note: 4 If there are no tape libraries available, this button is disabled. Click the Tape Library button. You see the Tape Library Information screen. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 240 Field Description Status Indicates if there is a tape in the drive (empty or full). Slot The slot number associated with the tape. Scroll down to see additional slots, if applicable. Tape A check-mark or X indicates if the slot is full (contains a tape) or not. Hover over Available? the symbol for the description. Barcode 5 The barcode number associated with the tape slot. If there is no number, the corresponding tape does not have a barcode or the system could not read the barcode. Barcodes can be up to 99 digits. For lengthy numbers, you can hover over the barcode number area to see the full number. Click Close when you are done. Requirements and considerations for managing your tape inventory This section lists considerations for managing tape inventory. For more details, see "Use of space on archive tapes" on page 240. • The system uses only one tape drive at a time for archiving. You can connect more than one tape drive; however, the other tape drive or drives must be disabled. You can switch between them, as long as only one of them is active. • An individual archive set can be written across multiple tapes. For multi-tape archives, all tapes configured for the archive job must be present to restore data. • • All tapes configured for a given archive job must be rotated as a set. • It is strongly recommended that you develop a labeling system to help you manage tapes that do not have barcodes. Prior to pulling a tape without a barcode, note its slot number. When you pull a set of tapes, be sure to physically label each tape with the slot number and other identifying information for speedy recovery. • Prior to pulling a tape with a barcode, go to Archive > Media and click Tape Library at the bottom of the screen. You can view slot numbers, barcode numbers, and other information. When you pull a set of tapes with barcodes, the system automatically recognizes the barcodes when you insert the tapes back into the library. (See "To view the tape library and tape locations" on page 239.) • If your tapes have barcodes, there are no special procedures when performing a restore. The system automatically uses the barcode during the restore process. If you have moved tapes with barcodes to different slots, the system reads the barcodes and determines the correct location of the tapes. To restore from tapes without barcodes, archive media must be loaded into the same slot position as when the archive was written. Use of space on archive tapes When managing your tape inventory, it is important to understand how the Unitrends appliance uses the available space on your tapes. This section explains how the available space is used. Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 241 See the following topics for details: • • • "Archive tape status" on page 241 "Writing archive sets across multiple tapes" on page 241 "Examples of how the Unitrends appliance uses the available space on archive tapes" on page 242 Archive tape status Arc h iv e ta p e s ta tu s The appliance stores status information for prepared tapes, and it uses this information to determine whether a tape is available for an archive job. The table below provides details. Tape status Description Empty The tape does not contain any data, and its entire capacity is available for an archive job. Occupied The tape contains archived data, but some space is free and the tape can be used for a new archive job. Note: Full Limitations of the tape media prevent the appliance from displaying the amount of available space. The tape is full and not available for archive jobs unless the existing data is overwritten. Writing archive sets across multiple tapes Writn g a rc h iv e s e ts a c ro s s mu ltip le ta p e s Consider the following for archive sets written to multiple tapes: • The status of an archive tape determines whether it can be used for an archive job. For details, see . • Multiple-tape jobs are written to as few tapes as possible to facilitate restores. For details, see "Examples of how the Unitrends appliance uses the available space on archive tapes" on page 242. • For the first tape used in a multi-tape archive job, the status can be either empty or occupied. For each subsequent tape, the appliance uses only tapes with status empty. For more details, see "Successful archive job written across multiple tapes" on page 242 and "Archive set written to as few tapes as possible" on page 243. • If there is not enough space on a tape for an entire archive set, the job uses the available space on the first tape in the specified range and then searches for subsequent tapes with status empty to complete the job. If there are not enough tapes available with this status, the job fails. However, although the job itself fails, some backups might be archived successfully and could be available for restore. For more details, see "Failed attempt to write an archive set across multiple tapes" on page 242. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 242 Examples of how the Unitrends appliance uses the available space on archive tapes Ex a mp le s o fh o wth e Un itre n d s a p p lia n c e u s e s th e a v a ila b le s p a c e o n a rc h iv e ta p e s This section contains figures to help you understand how available tape space is used during archive jobs. The figures specify how much space is available on tapes with status occupied; however, these numbers are included for explanatory purposes only. Due to limitations of tape media, the Unitrends appliance cannot display the amount of space available on an archive tape. See the following topics for details: • • • "Successful archive job written across multiple tapes" on page 242 "Failed attempt to write an archive set across multiple tapes" on page 242 "Archive set written to as few tapes as possible" on page 243 Successful archive job written across multiple tapes Su c c e s s fu la rc h iv e jo b write n a c ro s s mu ltip le ta p e s This figure illustrates how an archive set with 100 GB of data is written across multiple tapes. The tape range for the job has been specified as 1 - 4. The job begins on Tape 1, which has a status of occupied and 40 GB of free space. The job uses this space, but it needs an additional 60 GB. This data would fit on Tape 2 or 3, both of which have status occupied. However, because all subsequent tapes used in a multi-tape job must have status empty, the appliance does not use Tape 2 or 3. Instead, it completes the job by writing the remaining 60 GB to Tape 4, which has the status empty. Failed attempt to write an archive set across multiple tapes F a ile d a te mp to write a n a rc h iv e s e ta c ro s s mu ltip le ta p e s This figure illustrates how an attempt to write a 75 GB set across multiple tapes could fail. The tape range for the job has been specified as 1 - 5. The job does not use Tape 1 because it has a status of full. Tape 2, with status occupied, has 50 GB available, so the job uses this space. To complete the job, the appliance must locate an additional 25 GB of usable space. Tapes 3 and 5 each have enough space to write the rest of the set, but the appliance cannot use them to complete the job because their status is occupied. The appliance searches for a tape with status empty, and because it cannot find one in the specified range, the job fails. However, because part of the job was written to Tape 2, the resulting archive set contains a subset of the desired backups, and it is possible that these backups can be restored. Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 243 Archive set written to as few tapes as possible Arc h iv e s e twrite n to a s fe wta p e s a s p o s s ib le This figure illustrates how the Unitrends appliance uses as few tapes as possible to write a 75 GB archive set across multiple tapes. The tape range for the job has been specified as 1 - 10. The job does not use Tape 1 or 2 because both have a status of full. Tape 3, with status occupied, has 15 GB available, so the job uses this space. The remaining 60 GB is written to Tape 10, with status empty. The combined amount of free space on Tapes 4 - 9 is 60 GB, but if the appliance used this space for the job, it would need a total of seven tapes for the archive set. Because it uses Tape 10 instead, the job requires only two tapes for the entire archive set. To restore this archive set, only tapes 3 and 10 are required. Email report for tape archives To facilitate management of your tape inventory, e-mail reports for tape archive jobs include details about the archive sets written to each tape. These reports contain the following information: • • • • • • • • • • • • • • Archive job number Start time for the job Comment indicating the number of archive sets that were successfully written to tape Indication of whether system metadata was written successfully Number of backups and total amount of data written in the job Number of local directories written in the job Name of the tape device used for the job Tape slot range selected for the job Slot number for each tape actually used for the job Barcode number for each tape used (if applicable) Status of the tape (for details about tape status, see "Archive tape status" on page 241) Numbers for the archive sets written to each tape Date when each set was written to the tape Retention status for each set 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 244 Scheduling strategies for tape archives There are special scheduling considerations when archiving with tape. See the following topics for details: • • • • • • "Overwrite option" on page 244 "Test option" on page 244 "Single tape archives" on page 244 "Autoloader" on page 244 "Multiple tape drives" on page 245 "Tapes with barcodes" on page 245 Overwrite option In general, schedules with overwrite on and off can be used in staggered form to create new data sets and append to these sets. For more details, see the "Archiving Overview" on page 201. For example, the following schedule would result in a new data set each week: • Weekly, Monday, Last Backups, Overwrite true: copies weekend master backups to start of tape(s). • Weekly, other days, Last Backups, Overwrite false: appends weekday differentials to tape(s). In this scenario, the tape(s) should be switched between completion of the Sunday job and the start of the Monday job. The retention period should be set to protect data throughout the rotation period. If four rotating sets of tapes are used, a 21-day retention setting would protect the media from the end of the Sunday job through the Monday job three weeks later, when that media is reused. Test option When creating the schedule, use the archive Test option to estimate the amount of data that will fit on a tape or set of tapes. Keep in mind that this number is an estimate because compression on the drive and/or archive options, so determining exactly how much fits can be a matter of trial and error. Single tape archives For single tape archives, using an overwrite scheme on the same tape each week is not recommended. At the start of the archive job that has overwrite set to true, no current archive data will exist as a result of the overwrite. Therefore, the schedules should be set up using either a date range with tapes switched out daily, or last backups with tapes switched out periodically as they fill up. Autoloader An autoloader allows both larger backups and archived data sets through the use of tape spanning— writing an archive across multiple tapes—and may help automate rotation as well. As long as the autoloader holds enough tapes to maintain two sets of data, they can be used in a scheduled, rotating manner. In this scenario, four or more schedules (two+ pairs) are used: • Bi-Weekly (1), Monday, Last Backups, Overwrite true: copies weekend master backups to start of tape(s) • Bi-Weekly (1), other days, Last Backups, Overwrite false: appends weekday differentials to tape(s) Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 245 • Bi-Weekly (2), Monday, Last Backups, Overwrite true: copies weekend master backups to start of tape(s) • Bi-Weekly (2), other days, Last Backups, Overwrite false: appends weekday differentials to tape(s) This set of schedules starts on a certain week and points to a certain set of slots, with the other set starting on another week and pointing to a different set of slots. (This can be extended to as many sets that fit in the autoloader.) If scheduled in this manner, you never have to touch the tapes unless they are to be taken off-site or stored securely. See "To configure an autoloader" on page 248 for more information. Multiple tape drives You can connect more than one tape drive; however, the system only uses one tape drive at a time for archiving. The other tape drive or drives must be disabled. You can switch between them, as long as only one of them is active. Tapes with barcodes The barcode feature works with tape devices that have barcode readers and tapes that have valid barcodes. The tape barcode feature allows you to view tape locations and barcode information, and to select target slots when archiving. See "Archive settings" on page 255 for more information about target slots. Archive to tape setup This section describes the steps for setting up a tape-based archiving system. Once configured, these settings do not need to be modified unless the tape device is changed. For requirements, see "Requirements and considerations for managing your tape inventory" on page 240 before beginning these setup procedures: Step 1: Step 1: "Connecting the tape archiving device" on page 245 Step 2: "Configuring the tape archive device in the Unitrends system" on page 246 Connecting the tape archiving device Co n n e c tin g th e ta p e a rc h iv in g d e v ic e Connect the tape drive or autoloader device to your Recovery-Series appliance. Note: Even though you can connect multiple tape drives, the system only uses one tape drive at a time for archiving. To connect a tape archiving device to a Unitrends Recovery-Series appliance 1 Connect the tape drive or autoloader to the Unitrends system using a SAS or LVD SCSI cable. If using a LVD SCSI cable, ensure that a SCSI bus terminator is installed on the tape device according to the vendor’s documentation. 2 Once connected, power on the tape device. 3 Once the tape device initializes, reboot the Unitrends system. This enables the appliance to discover the tape device. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 246 Step 2: Configuring the tape archive device in the Unitrends system Co n fig u rin g th e ta p e a rc h iv e d e v ic e in th e Un itre n d s s y s te m This section discusses how to configure your tape archive devices a after they have been connected to the Recovery-Series appliance. Tape drives and autoloaders must be configured before you can begin archiving. If you are using an autoloader make sure you configure the tape device before the autoloader. After the tape archive devices are configured, you must prepare the archive media. The media can be prepared manually or automatically by the Unitrends appliance. See the following topics for information: • • • • "About preparing tapes" on page 246 "To configure a tape drive" on page 246 "To configure an autoloader" on page 248 "To prepare archive tapes" on page 249 About preparing tapes Ab o u tp re p a rin g ta p e s Preparing tapes is a requirement for archiving to tape. Preparing the tape overwrites all existing data and reformats the tape for archiving with Unitrends. Tapes can be prepared automatically or manually. To automatically prepare tapes, set use_unlabeled_tapes to True (step 7 on the facing page in "To configure a tape drive"). All tapes within the selected range, are prepared before the first archive job. If this field is set to False, archiving does not write or prepare data to a tape that have not been prepared. Setting the field to False allows for greater protection of archive media containing non-Unitrends backups at the cost of having to manually prepare tapes before they can be used for archiving. The use_unlabled_tapes setting has no impact on tapes containing Unitrends backups. Use retention settings to prevent archive jobs from overwriting data on these tapes. For instructions on preparing tapes manually, see "To prepare archive tapes" on page 249. Preparing tapes with autoloaders that do not have barcode readers If your autoloader does not read tape barcodes, and you have a combination of tapes with Unitrends and non-Unitrends data, it is recommended that you set use_unlabeled_tapes to False to thoroughly protect your non-Unitrends data. When an autoloader has a tape in the drive, it recognizes the slot from which that tape was loaded. Some autoloaders forget the tapes slot assignment if the autoloader is turned off with a tape still in the drive, or if there is an unexpected loss of power. An unload operation may then fail to return the tape to its proper slot, which may cause an incorrect assignment of the tape during archiving. For example, if you have 10 slots, and you set your Unitrends archiving range to 1-8; the sudden loss of power could cause slot 9 to placed in slot 4, and could result in the tape from slot 9 (now slot 4) being prepared and written over. If set to False, you must prepare tapes before archiving as described in "To prepare archive tapes" on page 249. To configure a tape drive 1 In the Unitrends appliance, select Archive > Settings > Archive Media. 2 Under Configurable Archive Media, click to scan for media. Connected tape drives and autoloaders display. If the device does not display in the list, make certain the connections are secure, power cycle Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 247 the device, and then reboot the appliance (Settings > System, Updates, and Licensing > Shutdown). 3 Select the tape device in the list of configurable devices. 4 Select is_available and set it to True. This allows the tape device to be used for archiving. Click Confirm. 5 If you have an autoloader, select parent_changer and select the desired autoloader from the drop down list. Click Confirm. This creates an association between the tape drive and the autoloader. 6 Select parent_changer_driveno and enter the drive number. Click Confirm. The drive number is usually 0, except in the case of an autoloader with multiple tape drives. Occasionally there may be a different number in a single drive system. 7 To automatically prepare tapes, select use_unlabeled_tapesand set it to True. If this field is set to False, the appliance does not automatically prepare any tapes and cannot use unprepared tapes for archiving. For more information, see "About preparing tapes" on page 246. 8 If desired, configure additional settings. The default settings are recommended, but if you wish to alter the settings, see the setting descriptions below. Se tin g d e s c rip tio n s When restoring data, the blocksize and compression settings must match the setting at the time the tape was written. The settings with an * should only be changed before archiving to a new tape. Setting Setting Description hardware_read_blocksize* Sets the blocksize of tape driver to use during tape read operations. software_read_blocksize* Sets the maximum size of data blocks to read from tape driver. The optimal value depends on the particular tape drive. hardware_write_blocksize* Sets the blocksize of tape driver to use during tape write operations. software_write_blocksize* Sets the size of the data blocks to write to the tape driver. eject_before_unload Determines whether or not this changer requires its tape drive (s) to be sent an unload command before it can put a tape back in its slot. eject_wait_time Required by some tape devices, this sets the number of seconds to wait between issuing an eject command and issuing an unload command to an autoloader. max_ready_time Sets the maximum number of seconds to wait for a tape drive to become ready after a tape is loaded. This is beneficial if your tape device takes a long time before it is ready. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 248 9 Setting Setting Description hw_compression_ supported* States whether (true) or not (false) the device supports hardware compression. hw_compression* States whether (true) or not (false) you want to use hardware compression on tape device. max_command_time Sets the maximum number of seconds to wait for tape commands to complete. init_cmd Required by some devices, enter a command(s) necessary to initialize the device. rewind_cmd Enter a command to rewind the tape. space_to_next_cmd Enter a command to space to next file on tape. space_to_end_cmd Enter a command to space to end of tape. load_cmd Enter a command to load tapes. (Most drives will not need this set.) unload_cmd Enter a command to unload/eject tapes. set_blcoksize_cmd Enter a command to set tape hardware blocksize. Click Close once all settings are configured. Repeat these steps for all desired tape drives. 10 Continue with the following applicable procedures: • • If you have an autoloader, see "To configure an autoloader" on page 248. • If you are ready to archive and do not need to prepare archive tapes, see "Archiving backups to tape" on page 250 If you selected False in step 7 on the previous page above, see "To prepare archive tapes" on page 249 To configure an autoloader Before configuring an autoloader, you must configure your tape drive. For instructions, see "To configure a tape drive" on page 246. 1 In the Unitrends appliance, select Archive > Settings > Archive Media. 2 Under Configurable Archive Media, click to scan for media. Connected tape drives and autoloaders display. If the device does not display in the list, make certain the connections are secure, power cycle the device, and then reboot the appliance (Settings > System, Updates, and Licensing > Shutdown). 3 Select the autoloader in the list of configurable devices. Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 249 4 Select is_available and set it to True. This allows the autoloader to be used for archiving. Click Confirm. 5 Select available_slots and assign a slot range within the autoloader for the Unitrends system to access. This defines the tapes to which the archives are written. Click Confirm. 6 If desired, configure additional settings. The default settings are recommended but if you wish to alter the settings, see the table below: Setting Setting Description unload_quiesce_time Determines the number of seconds to wait after an unload command completes, to allow a changer to quiesce and finish the unload operation in case it returns ready before it is actually finished. switch_tapes_on_io_error Decides whether or not to switch tapes upon an input/output error from the drive while attempting to write archive data. If True, archiving attempts to use the next tape; if False, the job fails. max_command_time Sets the maximum number of seconds to wait for tape commands to complete. init_cmd Enter a command(s) necessary to initialize the device. 7 Click Close once all settings are configured. Once a tape drive is associated to the changer, the tape drive and the autoloader display as a single device on the Archive Now or Archive Schedule page. Repeat these steps for all desired autoloaders. 8 Continue with the following applicable procedures: • If you selected, False in step 7 on page 247 of "To configure a tape drive", see "To prepare archive tapes" on page 249. • If you are ready to archive and do not need to prepare archive tapes, see "Archiving backups to tape" on page 250 To prepare archive tapes If use_unlabelled_tapes is set to False in Archive > Settings > Archive Media, tapes must be manually prepared using the following procedure before to archiving. For more information, see "About preparing tapes" on page 246. 1 In the Unitrends appliance, select Archive > Settings > Archive Media. The system checks for connected archive media. If necessary, click re-scan for media. Connected media display in the Archive Media area. 2 Select the tape device. If the device is an autoloader, enter the slots in which the tapes are inserted. 3 Enter a media label to describe the tapes. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 250 4 Click Prepare. The system overwrites all existing data and formats the tapes with the Unitrends file system. Tapes are now ready for use. 5 Continue to "Archiving backups to tape" on page 250. Archiving backups to tape After you have configured the tape device, you can write archives to your tapes using the same procedures for archiving with other media. For standalone tape drives, ensure there is a tape in the drive. For autoloaders, load tapes in the desired slots according to the manufacturer’s documentation. For instructions, see "Executing archive jobs" on page 256. Restoring from tape Restoring from tape archive is similar to restoring from disk archive. The archive catalogs are stored in the appliance database. To successfully restore an archive from tape, be sure the tape drive’s read_blocksize and compression settings are the same as the write_blocksize and compression settings used when the tape was originally archived. If these settings are different, archiving may not be able to read any data from the tape. If the tapes are from another system or this system has been recently recovered from disaster, the catalogs can be imported from tape. To do this, insert the tape into the drive (or tapes into the autoloader) and import. Autoloader tapes can be imported without regard to order; the archiving system determines the correct order automatically. (If some tapes from the archive set to be imported/restored are missing or bad, data from other tapes is still available.) See "To import archive sets" on page 271. When performing a restore for tapes with barcodes, the system reads the barcodes and determines the correct location of the tapes. There are no special restore procedures for tapes that have barcodes. To restore from tape Note: When restoring from tape, you must restore the entire backup. You cannot restore a specific file from a tape archive. 1 Select Archive > Status. 2 Select a client or backup and restore as you would for disk. 3 For tapes with barcodes, click on Tape Details to see information about volume, tape device serial number, and barcode number. (The Tape Details button does not display for media that is not tape.) 4 The system automatically identifies the tape, loads it (if the tape is present in the autoloader), and informs you if the correct tape cannot be found for the specified archive. 5 Once the tape is identified, the restore starts. Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 251 6 For restore of an archive that originally spanned tapes, ensure that all spanned tapes are in the autoloader. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 252 Legacy Recovery-Series and UEB Administrator's Guide Chapter 11: Archiving to Tape 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 253 Chapter 12: Archiving Procedures This chapter explains the settings and procedures used to archive data. Before performing the procedures described in this chapter, it is recommended that you read "Archiving Overview" on page 201, which explains how archiving works, provides recommendations for managing and creating space on archive media, and discusses concepts referenced throughout this chapter. It is also recommended that you read the chapter on your selected archive media. See the following topics for details: • "General steps for archiving backups" on page 253 • • • • • • • • • "Preparing archive media" on page 254 "Archive settings" on page 255 "Executing archive jobs" on page 256 "Monitoring running archive jobs" on page 259 "Stopping and starting the archive process" on page 261 "Viewing archives" on page 261 "Managing archive schedules" on page 267 "Managing archive media" on page 268 "Restoring from archives" on page 272 General steps for archiving backups Follow the steps described here to use the archiving feature. Steps may vary depending on your chosen archive media. Step 1: Review the "Additional archiving considerations" on page 209. Step 2: Select an archive media type. For details, see "Archive media types" on page 210. Step 3: Develop a strategy for managing the space on your archive media. See "Managing space on archive media" on page 202 and the applicable section in the chapter on your selected media type. Step 4: (Optional) Prepare archive media. For details, see "Preparing archive media" on page 254. Step 5: Set up archiving using the procedures described in one of the following chapters: • • • • "Archiving to Disk" on page 215 "Archiving to Network Storage" on page 221 "Archiving to the Cloud" on page 223 "Archiving to Tape" on page 235 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 254 Step 6: Review "Archive settings" on page 255. Step 7: Run archives using the procedures described in "Executing archive jobs" on page 256. Preparing archive media If you would like to clear existing data from your archive media before you begin archiving Unitrends backups, you can reformat the media and delete all existing data using the procedure described in this section. For the disk archiving unit, eSATA, and USB archive devices, it is recommended that you prepare new drives before they are used for the first time. Once you have archived with the drives, you can prepare them again, if desired, to permanently delete all existing data. (For more details about archiving to disk devices, see "Archiving to Disk" on page 215.) The prepare operation is possible only if the media is unmounted. Before preparing media that contains data, be sure that you have another copy of the data or that you no longer need it. Once you prepare the media, its data cannot be retrieved. WARNING! This procedure permanently deletes any existing data and formats the drive. To prepare archive media 1 Log in to the Unitrends system and select Archive > Media. Connected media display in the Archive Media area. For details, see "To view connected media" on page 268. To refresh, click re-scan for media. 2 Select the media in the Archive Media area. A Media Label field displays at the bottom of the screen. 3 Enter a media label for this drive or group of drives. Labels may be a maximum of 12 alphanumeric characters and may include an underscore. Use a descriptive labeling system so you can easily locate the drive(s) in the event that this data is required for a restore. For multi-drive disk-archiving systems, you may load one or more drives. Archives are written across all available drives. Once you archive to multiple drives, you must have all drives to restore data as the system treats them as a single logical volume. See "To add a drive to a multi-drive system" on page 219. 4 Click Prepare below. WARNING! This option should be used with extreme caution. Any existing data is permanently deleted from the media. 5 Click Yes to confirm that you wish to prepare the media. 6 The system permanently deletes any existing data and formats the media with the Unitrends file system. The light bulb icon changes from gray to yellow, indicating that the drive(s) is now ready for use. Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 255 Archive settings This section explains the various settings and options for your on-demand archives and archive schedules. The settings you choose determine which backups are archived, the attributes of the archives created in the current job, and how any existing archives on the media are handled. The following table provides details for the settings and options in the Archive Now and Schedule Archive tabs. Setting Description Date Range Dates of the backups to be archived in this set. By default, the last successful backups of the chosen types and clients are archived. Clients to Archive Clients whose backups will be archived in this job. Backup Types to Archive Backup types included in this archive job. Target of Archive Archive media to which this set will be written. Click media. Choose a target from the list. Note: Archive options to scan for connected If using a disk archiving unit with a single drive, it will show as eSATA when scanning for a target device. Select the desired options. Overwrite Check this box to permanently delete all existing archives from the media before creating the new archive set. Nothing is overwritten unless all sets on the media have exceeded their retention settings. For details, see "Overwrite" on page 206. Purge Check this box to purge archive sets to create space for the current job. Only sets that have exceeded their retention period are purged. Nothing is purged if there is already sufficient space for all the backups in the job. For details, see "Purge" on page 204. Purge is not supported for tape media. Email Report Check this box to select an email report of the archive operations. If this is a schedule, the archive is included in the daily schedule report. Compress Check this box to compress backups when written to the archive. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 256 Setting Description Encrypt Check this box to encrypt the backups when written to the archive (if already encrypted, they are not encrypted again). This option is available only for systems that support encryption. Seed Check this box to run an archive to use for seeding a replication target or legacy vault. Seed archives are not equivalent to regular archives. Use only for seeding purposes. For details about seeding, see: RapidSeed for Replicating Systems or RapidSeed for Legacy Vaulting Systems. Retention Period The time period to retain this set (i.e., another archive job cannot write over or purge these archives). Archive Local Directory Information Check to archive files and/or folders on the local Unitrends system. Enter the desired directory by typing the full pathname or browsing, then click Add to move the directory to the Local Directory List. (You can also Remove or Remove All to move the directory or directories back.) The entire contents of selected directories are copied to the archive media. Executing archive jobs You can archive your data by running on-demand archive jobs or creating archive schedules. The on-demand option enables you to run one-time archive jobs whenever you want to archive backups. Creating schedules automates the archiving process and frees you from having to run a one-time job each time you want to archive a backup. Before running archives, see the "Archiving Overview" on page 201 for a high-level explanation of archiving and review the "General steps for archiving backups" on page 253. For instructions, see the following topics: • • • • "Navigation pane selections for archiving" on page 256 "On-demand archive" on page 257 "Scheduling archives" on page 258 "Archiving replicated backups" on page 259 Navigation pane selections for archiving Depending on your selection in the Navigation pane, it is possible to archive by client or by individual VM or volume. If you select a Hyper-V server or an ESX server in the Navigation pane, you can select individual VMs to archive. Similarly, if you select an NDMP device in the Navigation pane, you can select individual volumes to archive. If you choose to archive by individual VM or volume, you can only archive backups for one client at a time. If you select any other type of client or the Unitrends appliance in the Navigation pane, you will be able to select what to archive at the client level only. Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 257 Note: If you select an NDMP client when archiving by client, backups that fall in the specified date range and backup types will be archived for all volumes on the device. On-demand archive This section provides instructions for performing a one-time archive. To run a one-time archive Notes: • For Tape device configuration - Be sure the tape device has been configured as described in "Archive to tape setup" on page 245 before running an archive. This is a one-time process, unless the tape device is changed. • For Replicated backups - If you are archiving replicated backups from the target, switch to replication view before performing this procedure. After connecting your archive media to the replication target, click the Gear icon at the bottom of the Navigation pane, check Show Replication View in the Navigation tree, and click Confirm. Then select the source in the Navigation pane. (See "Viewing replicated backups" on page 309 for more information.) Follow this procedure to run a one-time archive: 1 Click Archive > Media to check media devices prior to archiving, if necessary. 2 Select the system or navigation group that you want to archive in the Navigation pane. 3 Click Archive > Archive Now. 4 Select the date range in the drop-down list in the Time Range to Archive field. 5 Check the boxes for the clients for which backups will be archived in the Clients to Archive list. Notes: • Individual VMs and NDMP volumes cannot be archived with additional clients. To archive individual VMs, select the ESX server or Hyper-V server in the Navigation pane. To archive individual NDMP volumes, select the NDMP device in the Navigation pane. • Groups do not display in the Clients to Archive list. If you wish to archive based on a navigation group, select the group in the Navigation pane. This displays only items in the navigation group in the Clients to Archive list. 6 Check the boxes for the backup types in the Backup Types to Archive list. 7 Select the archive media to which this set will be written in the Target of Archive area. If needed, click Scan Media to refresh the list of connected devices. 8 (Optional) Check the boxes in the Archive Options pane. (See "Archive settings" on page 255.) 9 For tapes, enter the number or numbers for the target slots in the Target Slots field. 10 Enter the time period to retain this set in the Retention Period area. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 258 11 (Optional) Check the Archive Local Directory Information box to archive files and folders on the local Unitrends system. (See "Archive settings" on page 255 for more information.) 12 Click Test in the bottom right of the screen to see if the archive will fit on the selected media. 13 Click Archive to execute the job. 14 To view the job, see "Monitoring running archive jobs" on page 259. Scheduling archives Scheduled archives allow you to archive data to removable media on a predetermined schedule. You can monitor and manage schedules and make modifications as your environment changes. To create an archive schedule If you are using new archive drives, it is recommended that you prepare them before running an archive schedule. See "Preparing archive media" on page 254 for details. If you are archiving replicated backups from the target, switch to replication view before performing this procedure. After connecting your archive media to the replication target, click the Gear icon at the bottom of the Navigation pane, check Show Replication View in the Navigation tree, and click Confirm. Then select the source int he Navigation pane. (See "Viewing replicated backups" on page 309 for more information.) 1 Select Archive > Schedule Archive. 2 Click New at the bottom of the screen. 3 Enter a Schedule Name and, if desired, a Schedule Description. See "Archive settings" on page 255 for details about the entries on this screen. 4 Choose a date range to archive by selecting a Date Range from the drop-down list. 5 Check boxes to select clients in the Clients to Archive list. Notes: • Individual VMs and NDMP volumes cannot be archived with additional clients. To archive individual VMs, select the ESX server or Hyper-V server in the Navigation pane. To archive individual NDMP volumes, select the NDMP device in the Navigation pane. • Navigation groups do not display in the Clients to Archive list. If you wish to archive based on a navigation group, select the group in the Navigation pane. This displays only items in the navigation group in the Clients to Archive list. 6 Check the boxes for the backup types in the Backup Types to Archive list. 7 Select the archive media to which this set will be written in the Target of Archive area. If needed, click Scan Media to refresh the list of media devices. Note: If using a disk archiving unit with a single drive, it displays as eSATA when scanning for a target device. 8 (Optional) Check the boxes in the Archive Options pane. 9 For tapes, enter the number or numbers for the target slots in the Target Slots field. Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 259 10 Enter the time period to retain this set in the Retention Period area. 11 (Optional) Check the Archive Local Directory Information box to archive files and folders on the local Unitrends system. 12 Select Show Archive calendar (in the bottom left of the screen) to define the dates and times the schedule will run. • Drag and drop the Archive operation icon on the left onto the calendar or double-click on a day in the calendar. Select today’s date or later. The Add Archive window displays. • In the Add Archive window, modify Start Date, Start Time, and Recurrence settings as desired. 13 Click Save to save the schedule. Archiving replicated backups You can archive replicated backups using the procedures described in "Executing archive jobs" on page 256 after enabling replication view. To enable replication view, click the Gear icon at the bottom of the Navigation pane, check Show Replication View in the Navigation tree, and click Confirm. Then select the source in the Navigation pane. When in Replication View, follow standard archive procedures. Monitoring running archive jobs To view and manage queued and running archive jobs 1 Select the backup system, client, or navigation group in the Navigation pane and click Status. Selecting the client or navigation group displays only jobs run for that client or group. Selecting the backup system displays all queued and running jobs. 2 On the side of the Status page, click the Present blind. On the Present page, all queued and running jobs for the selected system, client, or group display. The following information is given for each archive job. Other running jobs display here as well. For details, see "Monitoring running backup jobs" on page 147 and "Monitoring running restore jobs" on page 355. Field Description ID Archive ID Client The client for which the job is executing. DB/VM Shows the virtual machine or application instance, if applicable. Job Type The type of job. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 260 Field Description Status The real-time status of a task is displayed in the Status column, such as Active. Job Comment Archive performance and progress can be monitored in the Job Comment column. When the status is Active (an archive is running), you see the following messages in the Job Comment field: • • • • Processing archive job Checking archive media Compiling backup list Wrote #/# archives, #MB written For example: Wrote 2/19 archives, 4MB written. Since multiple backups can be processed simultaneously, the numbers you see may not be consecutive. For example, you may see Wrote 2/19 archives followed by Wrote 5/19 archives. Successful This signifies that all the files have been archived successfully. IMPORTANT! This may signify an incomplete archive. (If less than 0.01% of the total number of files fail to archive, the status is reported as successful.) Failed This signifies that the archive failed for some reason. Click Detail for more information. If more than 0.01% of the total number of files fail to backup, the job fails. Proc Aborted This signifies an unexpected abort of the backup process. Click Detail for more information. Cancelled This status displays when you terminate a backup process. When a row is selected in the table, details concerning that job display near the bottom of the page. Details include the name of the job, the job ID, the job type, the client, the device, the status of the job, and the comment. At the bottom of the page are a set of controls: Control Description Auto Refresh Check this box to refresh the page every n seconds, where n is the number entered. Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 261 Control Description Refresh Interval The number of seconds between automatic refreshes if the Auto Refresh box is checked. Advanced Options > Stop Tasker/Start Tasker This button toggles starting and stopping the Tasker process, which manages jobs. If there are any modifications to the backup system’s configuration settings, Tasker must be stopped and re-started for changes to take effect. To access Tasker, click the Advanced Options checkbox. Refresh Now Click to manually refresh the page. Suspend/ Resume Select a job in the list and click this button to suspend an active job(s) or to resume a suspended job(s). Terminate Click this button to terminate a selected job(s). Close Click to close this view and return to the Past page. Multi-job selection Use Shift + Click to select contiguous rows. Use Ctrl + Click to select noncontiguous row. For best results, disable auto-refresh before acting on multiple jobs. Once the action is complete, click Refresh Now or check Auto-Refresh to see job statuses. Stopping and starting the archive process Select Archive > Settings to view and change the status of the Archive process. This process should be running at all times to ensure the proper operation of archiving. If you stop the Archive process, your archive operations will not work. However, if for any reason you see problems in performing archive operations and the error message indicates that the Archive process may not be running, this feature allows you to easily restart it. Viewing archives This section described considerations and procedures for viewing archives. You can use these procedures to determine which backups or files have been archived and to locate archived data before performing a restore. For details, see the following topics: • • "Archive search options and results" on page 261 "Procedures for viewing archives" on page 264 Archive search options and results Arc h iv e s e a rc h o p tio n s a n d re s u lts When you are viewing or restoring archives, you can search the archive sets by date range or by using search options. These options are described in the following sections: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 262 • • • "Date range options" on page 262 "Optional search selections" on page 262 "Archive restore status and search results" on page 263 Date range options When viewing archives, use the date range options in the top pane to filter the archive sets that display in the center stage area. Column Description Date Range Use the drop-down menu to select a date range to display sets containing archives or backups that were created during the specified time range such as today or last week. Based on Select Date Archived or Backup Date to choose whether the date range is applied by backup date or archive date. Optional search selections Click Show Search Options in the top pane and enter search criteria using any of the following options or a combination of them. Note: The Show Search Options feature is for archived file-level backups only. If you attempt to search for a file in an application or virtual machine archive backup, you receive a message that no files were found. Search Criteria Description Client to Search Select the client from the Client to Search drop-down. Maximum Files to Display Enter a number to limit the maximum search results. A maximum of 5,000 files can be displayed. (Default is 10.) Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 263 Search Criteria Description Name Check the Name box and enter a full path and file name for searching. You can use wildcards such as “*” and “?” in the file name. (Using wildcards increases search time.) • “*” represents any number of characters before or after the entered names. For example, *.doc provides a list of all files ending with the .doc extension or auto* provides a list of all filenames starting with auto. • “?” represents just one character. For example, if there are a number of files named file1, file2 through file12, file13 then a file? will display file1 through file9 and a file?? will display all the files up to file13. Note: If using wildcards, such as ‘\\’, ‘%’, ‘_’, ‘*’, ‘?’, and ‘\’, do NOT check the Regular Expression box. These characters are interpreted differently as regular expressions and do not yield the same search results. Regular Check this box to use regular expressions to symbolically represent patterns that Expression can occur in text. (Do NOT check this box to search using regular wildcards.) The syntax of regular expressions is more complex and powerful than wildcards. This technique only needs to be used if wildcards are too limited to construct a sufficiently precise search pattern. Some good references about the use of regular expressions can be found in the online encyclopedia, Wikipedia. Ignore Case Check this box to search for file names regardless of case. Date Check this box and specify a date range to search for files within a certain time frame. Calendar icons are provided to assist with date selection. Size (KB) Check this box and enter a size range in kilobytes to narrow the search by file size. Include or Exclude Click Include to search for files meeting the specified search criteria. Search When you finish entering the search options, click Search. Click Exclude to search for files that do NOT meet the specified search criteria. Archive restore status and search results After you search for archive information, the center stage area contains the following information about the archived backup: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 264 Column Description Status icon An icon representing the status of the archive operation. (If the operation is successful, the icon is a white check mark in a green circle. If the operation fails, the icon is a white X in a red circle.) Compressed An icon representing whether the archive is compressed (a green check mark) or icon not compressed (a red X). Encryption icon An icon representing whether or not the archive was encrypted. Type The type of backup operation – types might include master, differential, bare metal, or other types of backups. Date/Time Date and time at which the backup operation executed. Elapsed The elapsed time associated with the execution of the archive operation. Size (MB) The size, in megabytes, of the archived backup. Files The number of files associated with the archived backup. DB/VM Shows the virtual machine or application instance, if applicable. Procedures for viewing archives Pro c e d u re s fo rv ie win g a rc h iv e s Use the procedures described here to view archives. See the following topics for instructions: • • • • "To view all archive sets" on page 264 "To view archive information" on page 264 "To view specific archived files using search options" on page 265 "To view failed archive sets" on page 266 To view all archive sets You can view all archive sets in the Unitrends system. Archives run in the last 24 hours display. You can change the date range as desired. 1 Select the backup system in the Navigation pane. 2 Click Archive > Status. The archive sets with their associated clients and archived backups display in the center stage area in the Status tab. To view archive information You can use filters to search for specific archive sets and information. 1 Select the backup system in the Navigation pane. 2 Click Archive > Status. Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 265 3 Use the date range options in the top pane to filter the archive sets that display in the center stage area. 4 Once you filter the results, the Status tab displays all archived sets meeting the criteria you entered. (Click on the Status tab, if necessary.) The information is arranged in the following way: Archive Level Description Archive set The archive set displays first in the hierarchy, with the most recently created archived sets higher in the list. Within each archive set, the second-level nodes are the clients contained in the archive. Backups for each client Beneath that, the archived backups for each client display. If any system local directories are in the set, the second-level node is the backup system name followed by the local directories included in the archive set. Archived Each row under the client or backup system in the archive status table represents backup an archived backup. Each archive set contains the system metadata file which can be used to restore the Unitrends system in the event of a disaster. The center stage area contains information about the archived backup. See "Archive restore status and search results" on page 263. 5 To view more details about each archive level, click on the appropriate row. You see the following: Archive Level Description Archive set You see the Archive Set Information window with general information about the archive set, including clients whose backups are archived in the set, types of backups archived, the device to which the backups are archived, and options selected for the archive job. (See "To run a one-time archive" on page 257 for fieldlevel information.) Client There are no further details at the client level. (You see restore options only when you click this row.) Archived You see the Archive Browse/Recovery window with details such as parent name, backup set number, size, and number of files. (To see the individual files in this archived backup, click Restore to system. Click on the arrows to open the tree and view the individual files. Click Cancel when you are finished.) To view specific archived files using search options You can view individual files within the archive. Use search options to select the files you want to view. (This procedure is similar to viewing archived backups in "To view archive information" on page 264, except that this procedure allows you to view individual files based on search criteria for 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 266 specific file types rather than files under a client.) 1 Click Archive > Status. 2 Click Show Search Options in the top pane and enter search criteria using any of the options or a combination. See for more information. The Show Search Options feature is for archived file-level backups only. If you attempt to search for a file in an application or virtual machine archive backup, you receive a message that no files were found. 3 Click Search. Details of the search results display in the center stage area (the summary portion of the screen) in the Search Results tab. (Click on the Status tab at any time to view the archive set information.) The search results return all files that meet the search criteria if you selected Include, or return all files that do NOT meet the search criteria if you selected Exclude. (If you selected to view files on a tape that has a barcode, your search results include a column with barcode information.) The center stage area contains the following information about the files. You can sort or resize the columns. Column Description Filename The name of the file, including the directory path of the file. Modified Date The date and time that the file was last modified. 4 Archive Date The date and time of the archive. Size (KB) The size of the file. Media Serial The serial number of the archive media associated with the file. Barcode The barcode, if the archive media is a tape using the barcode feature. To view file details, click on the file from the list in the bottom pane. The Archive Browse/Recovery screen displays information about the file, including a barcode if this is a tape archive using the barcode feature. To view failed archive sets When viewing archive information, you see the archive sets in the Status tab on the Archive > Status screen. If there are failed sets, you see a Failed Sets tab. Click the Failed Sets tab to see information about the failed archives. The results in this tab are filtered depending on the search options you entered. You see the same column information that displays on the Status tab, except for the Status, Compressed, and Encryption fields. For details, see "To view all archive sets" on page 264. Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 267 Managing archive schedules Use the procedures described here to manage archive schedules. For instructions on creating an archive schedule, see "To create an archive schedule" on page 258. See the following topics for instructions: • • • "To view and manage existing schedules" on page 267 "To enable/disable an archive schedule" on page 267 "To delete an archive schedule" on page 268 To view and manage existing schedules If you are archiving replicated backups from the target, switch to replication view before performing this procedure. After connecting your archive media to the replication target, click the Gear icon at the bottom of the Navigation pane, check Show Replication View in the Navigation tree, and click Confirm. Then select the source in the Navigation pane. (See "Viewing replicated backups" on page 309 for more information.) Select Archive > Schedule Archive. On the Schedule Archive screen, existing schedules display with the following columns: Column Description Light bulb icon [enabled/disabled] This icon displays in the first column. If the light bulb is yellow, the schedule is enabled. If the light bulb is gray, the schedule is disabled. Schedule The name of the archive schedule. Description A text description of the schedule. Buttons The following buttons are at the bottom of the screen. New Used to create a new schedule. View/Modify Used to view and/or modify a previously selected schedule (from the pane above these buttons). Delete Used to delete a previously selected schedule. Enable/Disable Causes the schedule to be enabled or disabled. To enable/disable an archive schedule You can enable or disable an archive schedule. This is convenient if you want to stop an archive schedule without deleting it so you can enable it for use in the future. 1 Select Archive > Schedule Archive. On the Schedule Archive screen, existing schedules display. 2 Click the schedule you want to enable or disable. 3 Click Enable/Disable at the bottom of the screen. OR 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 268 Drag the schedule and drop it onto the Enable/Disable button. The light bulb icon next to the schedule is yellow (enabled) or gray (disabled). You can enable or disable the schedule at any time. To delete an archive schedule If an archive schedule is no longer required, you can delete the schedule. 1 Select Archive > Schedule Archive. On the Schedule Archive screen, existing schedules display. 2 Click the schedule you want to delete. 3 Click Delete at the bottom of the screen. OR Drag the schedule and drop it onto the Delete button. The schedule is deleted. Managing archive media This section describes procedures used to manage media. See also the chapter on your selected media type for procedures specific to that media. For details about managing the space on your archive media, see "How archiving uses available space on media" on page 204. • • • "To view connected media" on page 268 "To mount or unmount media" on page 269 "Removing and importing archive sets" on page 269 To view connected media Before you perform an archive, confirm the type of media that is connected. This is also useful if you want to disconnect or reconnect archive media. Note: 1 You cannot archive to optical media (CD or DVD), but you can archive to a hard disk and then covert it to optical media. Log in to the Unitrends system and select Archive > Media. The system checks for connected media. If necessary, click re-scan for media. 2 Connected media display in the Archive Media area. These details are given for each media instance: Column Description Light bulb icon [media not prepared or already initialized] Gray indicates the media has not yet been prepared (see "Preparing archive media" on page 254). Yellow indicates it is initialized and ready for use. Disk icon [mounted or not mounted] Hover on the icon to see if this media is mounted or not mounted. For details, see "To mount or unmount media" on page 269. Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 269 3 Column Description Media Idle indicator An indicator as to whether the media is idle (green check mark) or actively archiving or restoring (red X). Name The name of the archive media. Label The archive media label. Activity An indicator as to whether the media is idle or active. Size (GB) The total size of the media in GB. Free (GB) The available space on the media in GB. Used (GB) The used space on the media in GB. This is especially important to view when archiving to the cloud. Serials Media serial number(s). For multi-drive units, e.g., the disk archiving unit, this may be a series of up to four serial numbers. If desired, click re-scan for media below to refresh the list. To mount or unmount media The archive process automatically mounts, writes to, then unmounts the target media, so it is not necessary to mount or unmount manually to run an on-demand or scheduled archive job. If you need to mount or unmount manually, such as to view archive sets contained on a given media, use this procedure. Media must be unmounted before removing drives (see for details). Note: 1 If you are mounting media that contains archive sets that you removed from the database of the Unitrends appliance, you must import the sets before you can view them. Log in to the Unitrends system and select Archive > Media. The system checks for connected media. If necessary, click re-scan for media. 2 Connected media display in the Archive Media area. See "To view connected media" on page 268 for details. At the bottom of the pane there are several buttons. These buttons become active or inactive depending upon the state of the media. 3 Select the desired media. 4 Click Mount or Unmount below. The disk icon changes indicating that the media is now mounted (green) or is no longer mounted (red). Removing and importing archive sets When backups are archived, archive set information is saved to the Unitrends appliance and the archive media. Archived backups are written to the archive media only. Set information enables the 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 270 Unitrends appliance to locate and identify archives that have been written to the media. This is especially helpful when performing an archive restore. Removing an archive set removes the set information from the Unitrends appliance. Removing this information does not delete the set from the archive media. It only removes the information from the Unitrends appliance. When a set is removed, you cannot view any information about it in the Administrator Interface. However, you can import the set information again at any time as long as the appliance can access the media. After the information is imported, you can view the archives and perform restores. Note: For cloud archive storage only, you can configure a setting to delete sets from the archive media when removing them from the appliance. For details, see "Removing cloud archive sets" on page 232. By contrast, purging, overwriting, and preparing media delete archive sets from the media, and once the sets are deleted, they cannot be retrieved. Purging, overwriting, and preparing the media are used to create space on the media for new archive sets, the removing option is used to remove set information from the Unitrends appliance. Details display in the Archive status screen for all archive sets, even after the media has been unmounted and disconnected from the archive device. However, it is not necessary to remove sets to prevent them from displaying in the Archive status screen. You can also filter your view by using the options on the Archive status screen. The following options assist with organization and viewing of archive sets: • • • Date range Client Maximum number of files to display For more details about archive search options, see "Viewing archives" on page 261. Note: If you remove a set, the appliance has no information about the set and you need to import the set to see its archives in the Archive status screen. You can import an archive set to a different appliance if the set is not encrypted. If the archive set is encrypted, you can import it to a different appliance only as part of a disaster recovery because each system has a unique set of encryption keys. (For instructions, see "System restore from archive" on page 407.) See the following procedures to remove and import archive sets: • • "To remove an archive set" on page 270 "To import archive sets" on page 271 To remove an archive set 1 Go to Archive > Status. 2 Click the archive set that you want to remove. You see the Archive Set Information window. 3 Click the Remove set button. You see a message confirming the removal. This action removes the archive set status information but does not remove any data from the archive media. 4 Click Yes to remove the archive set. Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 271 To import archive sets 1 Make sure the media is mounted prior to performing the import process, if necessary. 2 Go to Archive > Media. 3 Click on the media. 4 Click the Sets button to see the Archive Media Sets window. You see the following fields: Field Description Description Describes the type of archive. For tape media, you see the message “Tape devices will be scanned upon import.” Date The date and time of the archive. Imported A check-mark indicates that the archive sets are in the database. An X indicates that the archive sets have been removed and can be imported. Force? Tape only field. If a tape was prepared on this system, the system recognizes it through a system assigned asset tag. This is called a “known” tape. If you check this box, the system imports from all tapes (forces the import regardless of asset tag recognition). If you do NOT check this box, the system imports from known tapes only (tapes that the system recognizes). For example, if you enter 1–5, for slots 1, 2, 3, 4, and 5, but 3 is a new tape from another system, the system will not import tape 3 if it isn’t known. Target Slots Tape only field. Enter the slot numbers to indicate the slots associated with the tapes you want to import. You can enter a single slot number (1), a range (1-5), or multiple slot numbers (3, 4, 6.) If you do not enter a target slot, the system attempts to import from all slots. The system uses the barcode if there is a valid one. 5 Click Import to import the archive sets. Note: The system imports all of the removed sets that are marked with an X in the Media Sets window. (If it’s detected that an archive set with a check-mark is not in the system, it is also imported from the archive media.) You see a window with details about each archive set (date, time, and how it was archived), and if it was already in the system (had a check-mark) or was imported. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 272 6 Click Okay. 7 Go to Archive > Status to see the archive set on the Status screen. The archive set displays by original archive date and time. Perform a search by date range or search options to locate the archive set, if needed. 8 Click on the archive set to see the Archive Set Information window. In the Status field, you see either “Import Success,” “Import in Progress,” or “Import Failed.” 9 On the Status screen, click on the archived data to see the Archive Browse Recovery window. The Imported field is true if the import was successful. There is a message at the bottom of the window stating Restore from an imported archive. Restoring from archives This section describes procedures used for restoring data from archives. To restore from tape archives, follow the instructions provided in "Restoring from tape" on page 250. When you perform an archive restore, the archived data is restored to the backup system as a regular backup. After you restore an archive to the backup system, you can restore it to the client in the same manner used to restore other backups. For more details about the restore process, see "Archive restore" on page 212. For details on restoring a backup to a client, see "Restore Overview" on page 341. Archive sets are organized into a hierarchy consisting of archive set, backups for each client, and the archived backup level. When restoring, you can select the set, an individual client, or a particular backup. Each archive set contains the system metadata file which can be used to restore the Unitrends system in the event of a disaster. See the following for archive restore procedures: • • • • • "To restore an archive set" on page 272 "To restore a client archive" on page 273 "To restore an archived backup" on page 274 "To restore specific archived files based on search options" on page 275 "Restoring an archive set to a different Unitrends appliance" on page 275 To restore an archive set You can use filters to search for specific archive sets and information. For details, see "Viewing archives" on page 261. 1 Make sure the proper archive media is connected. (See "To view connected media" on page 268 for more information.) 2 Select the backup system in the Navigation pane. 3 Click Archive > Status. 4 Use the date range options in the top pane to filter the archive sets that display in the center stage area. 5 In the center stage area, click on the archive set that you want to restore. Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 273 6 Click Restore to system to see the Restore Archive window. You have the option to select: • • Available devices. Check and mount media. 7 Click Restore to system to restore all archives in this set. Once you select to restore the archive set, you see a message indicating the status of the restore. 8 Click Okay. 9 Go to Settings (on the main menu, not within the Archive tab) > System Monitoring > Jobs to view the status of the restore. 10 Once the archive is successfully restored to the backup system, go to Status and click the Backup: Last 7 Days tab. Click the row with your archive restore to see details about the restore in the Backup Information window. Notice this backup is listed as an Archive restore. Note: You can select to restore the backup or delete the backup, as necessary. (The archive information remains on the archive media and is not removed after the restore.) 11 Go to Reports > Backups to see the list of backups, including your successful archive restores with the restore date and time listed. Click on the row to view more details, including an entry that this is an archive restore. To restore a client archive You can use filters to search for a specific client archive. For details, see "Viewing archives" on page 261. 1 Make sure the proper archive media is connected. (See "To view connected media" on page 268 for more information.) 2 Select the backup system in the Navigation pane. 3 Click Archive > Status. 4 Use the date range options in the top pane to filter the archive sets that display in the center stage area. 5 In the center stage area, click on the client you want to restore. You see the Restore Archive window. 6 You can select: • • • The client you want to restore in the Restore Client drop-down box. Available devices. Check and mount media. 7 Click Restore to system to see the Restore Archive window. Once you select to restore the client, you see a message indicating the status of the restore. 8 Click Okay. 9 Go to Settings (on the main menu, not within the Archive tab) > System Monitoring > Jobs to view the status of the restore. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 274 10 Once the archive is successfully restored to the backup system, go to Status and click the Backup: Last 7 Days tab. Click the row with your archive restore to see details about the restore in the Backup Information window. Notice this backup is listed as an Archive restore. Note: You can select to restore the backup or delete the backup, as necessary. (The archive information remains on the archive media and is not removed after the restore.) 11 Go to Reports > Backups to see the list of backups, including your successful archive restores with the restore date and time listed. Click on the row to view more details, including an entry that this is an archive restore. To restore an archived backup You can use filters to search for specific archive sets and information. For details, see "Viewing archives" on page 261. 1 Make sure the proper archive media is connected. (See "To view connected media" on page 268 for more information.) 2 Select the backup system in the Navigation pane. 3 Click Archive > Status. 4 Use the date range options in the top pane to filter the archive sets that display in the center stage area. Note: Each archive set contains the system metadata file which can be used to restore the Unitrends system in the event of a disaster. 5 In the center stage area, click on archived backup you want to restore. You see the Restore Archive window with details such as set number, size, and number of files. 6 Click Restore to System to see the root of the backup in the center stage area. You can select the entire archived backup or specific files: • • Click on the box next to the root to restore the entire archived backup. Click on the arrows to open the tree and view the individual folders and files to specify individual files for restore. 7 Click Restore to system and you see a Restore Progress message indicating the restore is in progress, then a message indicating the status of the restore. 8 Go to Settings (on the main tab, not within the Archive tab) > System Monitoring > Jobs to view the status of the restore. 9 Once the archive is successfully restored to the backup system, go to Status and click the Backup: Last 7 Days tab. Click the row with your archive restore to see details about the restore in the Backup Information window. Notice this backup is listed as an Archive restore. Note: You can select to restore the backup or delete the backup, as necessary. (The archive information remains on the archive media and is not removed after the restore.) 10 Go to Reports > Backups to see the list of backups, including your successful archive restores with the restore date and time listed. Click on the row to view more details. Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 275 To restore specific archived files based on search options You can restore individual files within the archive. Use search options to select the files you want to restore. For details, see "Viewing archives" on page 261. (This procedure is similar to restoring archived backups in "To restore an archive set" on page 272, except that this procedure allows you restore individual files instead of all files under a given client.) 1 Make sure the proper archive media is connected. (See "To view connected media" on page 268 for more information.) 2 Click Archive > Status. 3 Make sure Show Search Options is selected in the top pane and enter search criteria. See "Viewing archives" on page 261 for more information. Note: The Show Search Options feature is for archived file-level backups only. If you attempt to search for a file in an application or virtual machine archive backup, you receive a message that no files were found. 4 Click Search. Results display on the Search Results tab. 5 To view file details, select the file from the list in the bottom pane. The Archive Browse/Recovery window displays information about the file in the Category and Entry columns, including the backup date and the archive date. You also see a barcode if this is a tape archive using the barcode feature. 6 To perform an archive restore, click Restore to System and you see a new window with the tree for the archive backup populated. • • • Click on the box next to the root to select the entire archived backup. Click on the arrows to open the tree and view the individual folders and files. Click on the boxes next to the files you want to restore. 7 Click Restore to system and you see a Restore Progress message window indicating that the restore is in progress. 8 Go to Settings (on the main tab, not within the Archive tab) > System Monitoring > Jobs to view the status of the restore. 9 Once the archive is successfully restored to the backup, go to Status and click the Backup tab. Click the row with your archive restore (with the date and time of the restore) to see details about the restore in the Backup Information window. (Click the refresh button if needed.) Notice this backup is listed as an Archive restore. You can select to restore the backup or delete the backup, as necessary. (The archive information remains on the archive media and is not removed after the restore.) Restoring an archive set to a different Unitrends appliance You can restore an archive set to a different appliance if the set is not encrypted. You must first import the set information using the procedures described in "To import archive sets" on page 271. You can then perform a restore using the procedures described in "Restoring from archives" on page 272. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 276 If the archive set is encrypted, you can restore it to a different appliance only as part of a disaster recovery because each system has a unique set of encryption keys. For instructions, see "System restore from archive" on page 407. Legacy Recovery-Series and UEB Administrator's Guide Chapter 12: Archiving Procedures 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 277 Chapter 13: Replication Procedures in this chapter are used to configure and manage Unitrends’ replication feature. See the following topics for details: • • • • • "About replication" on page 277 • • • • • • • • • • "Installation types and replication" on page 282 "Replication features" on page 278 "Replication requirements" on page 279 "Replication limitations" on page 280 "Replication and legacy vaulting comparison" on page 280 "Replication setup" on page 283 "Configuring replication after the initial setup" on page 298 "Upgrading from legacy vaulting to replication" on page 303 "Navigating replicating systems" on page 307 "Working with the replication dashboard" on page 309 "Archiving replicated backups" on page 319 "Restoring replicated backups" on page 319 "Deleting replicated backups" on page 323 "Replication reports" on page 323 About replication Replication is the logical synchronization of backup data from one Unitrends system to another, in which the systems are connected by LAN or WAN. The originating system is referred to as the source, while the off-site system onto which the data is replicated is the target. Replication enables off-site storage of mission-critical data to protect against data loss in the event of a disaster. The source system is used to protect against loss of files, folders, and individual machines. The target system protects against loss of client data, as well as providing protection against the loss of the entire source system. Replicated backups look like their counterparts on the source system and are restored in the same way. The target system is configured for retention while in replication view, using the same procedure as any source system (see "About retention control" on page 121). For a given client, you may have more than one backup group on the target, unlike legacy vaulting in which only the most recent backup is stored. As with source systems, the amount of retention on the target is dependent on space available and retention settings. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 278 The target system can be deployed as a private cloud or as a multi-tenant cloud. The replication architecture ensures that the local source systems that replicate to a single target only have access to their data. This secure architecture is the basis of a multi-tenant architecture. The replication process is fully managed from the target or source system. Using the replication dashboard, you can immediately gauge the status of replication by viewing active, previously completed, and pending replication jobs. Unitrends’ replication leverages a secure tunnel based on the UDP protocol that creates a secure VPN tunnel and also provides resiliency to intermittent network failures via UDP knitting. If there is a network drop during replication, the process utilizes advanced checkpoint controls to proceed with replication at the time of failure. For details, see "About secure tunnels for Unitrends systems" on page 278. The initial transfer of data from the source system to the target can occur over the WAN. However, for large data sets it is recommended to use a disk seeding mechanism to transfer the initial data set. Even with deduplication minimizing the amount of data being transferred, transfer speed is primarily governed by the size of the network pipe between the source and target systems. Seeding is also recommended in cases where available bandwidth is used for servicing end users at specific times during the day and cannot be used for replication. Windows Instant Recovery is supported on the replication target system. See "Windows Instant Recovery" on page 451 for more information. About secure tunnels for Unitrends systems The secure tunnel is used by Unitrends to create an optimized, secure, encrypted tunnel for multiple Unitrends systems. The secure tunnel offers a scalable solution for enabling multiple clients to connect to a single server process through a single UDP port. There are two typical cases for using the secure tunnel with Unitrends systems. The first is a replication scenario where there is a target system and one or more source backup systems. In this case, the secure tunnel is configured between the target and the source systems in order to facilitate both the replication of data and the management of the systems. The second is the case where two or more systems are managed by a designated management system. With this setup, you can then perform operations for all systems from one Unitrends system interface. The primary advantages of the secure tunnel are that it enables radically simpler firewall management (since only one port is needed between off-premise Unitrends systems) and that it enables much higher session availability because it can handle lower quality WAN lines that would typically result in session termination (through UDP-level ride-through of short-lived transient line failures). Replication features Replication features include: • • • • Total data recovery from a site disaster. Replicated data stored as regular backups on the target system. Hot/hot restore of backups directly from the target system. Retention of older backups on the target system. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 279 • • • • • • • Multiple source systems can replicate to one target system. • Detailed replication dashboard that displays active replication tasks, previously replicated tasks, and tasks in the queue for replication. • Source user account to access the target system and perform administration tasks specific to the given source system only. Target system view is filtered by source user to control access, especially important in environments where multiple systems are replicating to one target. • Windows Instant Recovery is supported on the replication target system. See "Windows Instant Recovery" on page 451 for more information. Replication system can be used as a target for both replication and legacy vaulting operations. Block-level deduplication of data – only changed blocks are transferred over the Internet. Encrypted and secure connection between the source and target systems. Private cloud or multi-tenant cloud deployment. Data is encrypted using the target’s encryption key. Configurable policies for replication, such as the ability to select specific clients, applications, and databases to replicate, and configurable bandwidth throttling between source and target systems, and the ability to prioritize data queued for replication to ensure that more critical systems are replicated first. Replication requirements This section describes system requirements that must be in place to utilize the replication feature. Supported systems Replication is supported on select systems running Unitrends version 7.0 and higher. Replication is supported on all Recovery-Series appliances listed in the Recovery-Series Appliance Family Datasheet. For UEB systems, the appliance can be used as either a replication source or replication target. Cross-replication is not supported on UEB systems. Note: Although replication is supported on 7.0 and 7.1.x systems, it is highly recommended that these systems be updated to the latest release to take advantage of significant performance enhancements. If you cannot upgrade, see KB 3174 for details about running replication on these older versions. System requirements The following are required for replication: • The target system and any replicating source systems must be running Unitrends version 7.0 or higher. Upgrade these systems if necessary. Note that upgrading to the latest version is highly recommended to take advantage of significant performance enhancements. If your source and target are running version 7.0 or 7.1.x and you cannot upgrade, replication is supported. For 7.0/7.1.x setup procedures, see KB 3174. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 280 • The target system must be configured with the replication target or local backup system and replication target installation type. For details, see "Installation types and replication" on page 282. • The target system must have at least 128GB of available backup storage space. UEB systems are deployed with 138 GB of backup storage space. • If configuring multiple backup devices, all must be roughly the same size. Having devices of varying size may result in replication failures. • For UEB systems, you must purchase a license and register the system before it can be used as a replication source or replication target. • Cross-replication can be performed only on physical systems. It is not supported on UEB systems. • If connecting the source and target directly using 10GbE fiber cable, both the source and target systems must be using the same NIC card model. Unitrends has switched from the HP NC522SFP Dual Port 10GbE Server Adapter to the Intel Ethernet Server Adapter X520-DA2 Dual Port 10GbE. Verify both systems are using the same model before setting up replication. • If you create a secure tunnel between the source and target systems using OpenVPN (the recommended configuration), port 1194 is used for all communication between the two systems. For details about ports, see "About security levels" on page 131 and KB 3372. Replication limitations Note the following restrictions prior to configuring replication: • "Automatic disaster recovery from vault" on page 420 and "Granular restore from vault" on page 337 are not supported on the replication target system as replicated backups can be restored directly to clients or archive media. • Replication is not supported for legacy Exchange backups. Legacy Exchange backups are run by the Unitrends Windows 2000 agent to protect Exchange 2000 environments. For details, see "Legacy Exchange agent" on page 866. Replication of file-level backups for legacy Exchange clients is supported. • Restore of replicated Legacy SQL backups is supported during disaster recovery of the source system only. Restore of these backups is not supported outside of whole system disaster recovery. • Source systems can be configured for replication or legacy vaulting. A single source system cannot support both configurations. However, the replication target can receive both replicated and vaulted data from separate sources. Replication and legacy vaulting comparison An overview of the primary differences between replication and legacy vaulting is given in the following table. Further details are provided in the sections that follow. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 281 Feature Replication Vaulting Retention on target system Yes No Deduplication Yes Yes Encryption Yes Yes Disaster Recovery supported Yes Yes Granular Recovery supported Yes, with hot/hot restore Limited, backup must be present on both the source and the target Hot/hot restore (backups directly restorable without Disaster Recovery) Yes No Source user can log in on the target and browse backups Yes No Reporting Yes Yes See the following topics for details: • • • • "Retention" on page 281 "Deduplication" on page 281 "Encryption handling" on page 282 "Restore" on page 282 Retention With legacy vaulting, the most recent backups of a client are synchronized to the vault. When a new master or full backup is created, this backup is then vaulted, and the prior vaulted backup removed. With replication, previously replicated backups are retained on the target, as long as there is room on the system and the backups are within the retention and legal hold limits set on the target. See "About retention control" on page 121 for details. A system’s installation type governs how retention can be configured on a given system. For a description of each installation type, see "Installation types and replication" on page 282. Retention settings can be configured for the following installation types: • • • Local backup system to manage retention of backups run on the system. Replication target to manage retention of backups replicated to the system. Local backup system and replication target to manage retention of both backups run on and replicated to the system. Retention settings cannot be configured for legacy vaults as vaulted data is not retained. Deduplication Once the initial data set has been replicated to the target, only changed data blocks are transferred. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 282 Deduplication works differently in replicating and vaulting systems. • In replication, the process connects to the target system and compares data in the backup to data on the target. This comparison runs on the source system. Once changed blocks are identified, they are replicated to the target. This keeps bandwidth utilization to a minimum as only changed blocks are sent through the encrypted connection. • In legacy vaulting, a process on the source compares backup data on the source and target to identify changes. Changes are written to a delta file that is sent to the vault, so that only changed blocks are received. Encryption handling In replicating systems, backups that are encrypted on the source are encrypted on the target using the target system’s key. In-flight, the backup data is first decrypted via the transmission protocol, then before being saved on the target, is re-encrypted using the target’s key. If encryption is not configured on the target, replication of encrypted backups fails. For this reason, it is recommended that encryption be configured on the target system. Once encryption is configured, the target can receive both encrypted and non-encrypted backups from source systems for replication. In vaulting systems, encrypted backups remain encrypted as they were on the source system. To restore encrypted data from the vault, the source system’s encryption key must be used. Restore Replicated data is stored on the target as a backup, equivalent to its source-side counterpart. Vaulted data is not backup data. Because of this fundamental difference, the manner in which data is restored differs significantly in replication and vault systems. To restore from a vault, you use a disaster recovery (DR) tool, through which you first restore the system state to a newly imaged system, then restore vaulted client backups, and finally restore these backups from the new system to the client. See "Disaster recovery from vault " on page 419 for details. To restore only a volume, directory, or file, you use the procedure "Granular restore from vault" on page 337. Replication is more flexible, enabling hot/hot restore of replicated data. With replication, you can perform whole system DR, or restore replicated backups directly to a client without first restoring the entire system. For details, see "Restoring replicated backups" on page 319. Installation types and replication When a Unitrends system is deployed, as discussed in the "Getting Started" on page 55 chapter, it is configured with one of the following installation types: • • • Local backup system – Used to protect the physical and virtual infrastructure on-premise. Replication target – Used as a replication target for one or more backup systems. Local backup system and replication target – Used as a backup system for the local physical and virtual environment, and also serves as a replication target for another backup system(s). Supported installation types by system are given in the following table. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 283 Installation type Backup system Replication target Backup system & replication target Unitrends Enterprise Backup Yes Yes No Recovery-212 Yes Yes No All Recovery-Series models other than Recovery-212 Yes Yes Yes System Once the system’s installation type is set to replication target or local backup system and replication target, it can be configured to receive replicated data. The amount of data that can be replicated from backup systems to the target depends on various factors, namely: • • The rate at which data changes on the clients protected by the local backup systems. The bandwidth available between the source and target systems. Replication setup Unitrends releases 7.2 and higher feature a Replication Wizard for quick and easy setup. The procedures described in this section are run using the wizard. Manual setup is still supported if you are running an earlier system or if you are familiar with the setup process and prefer to perform it from the WAN Settings or Secure Tunnel Settings page. For details on using these pages, see KB 3174. Replication between Unitrends systems can be set up in two ways, both of which can be performed through the wizard: • Standard replication where one system is the source that replicates to a second target system. In this case, the target system must be configured with the replication target or local backup system and replication target installation type to receive replicated data. • Cross-replication where the two systems replicate to each other. In this case, both systems must be configured with the replication target or local backup system and replication target installation type to receive replicated data. Setup procedures differ for these configurations. Proceed to one of the following to setup the desired configuration: • • "Standard replication setup" on page 283 "Cross-replication setup" on page 290 Standard replication setup This section provides a high-level overview of the steps required to set up standard replication between a backup system and replication system. These procedures refer to the backup system as the source and replication system as the target. Replication setup requires you to access the Replication Wizard in both the source and target systems. The Administrator’s Guide divides the 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 284 replication setup into several parts that minimize the need for switching between the source and the target systems. Before beginning the setup process, perform the following: 1 See "Replication requirements" on page 279 to verify that all requirements have been met for the source and target systems. 2 Make sure you know the hostname and IP address for both the source and target systems. To view a system’s hostname in the Administrator Interface, select Settings > Clients, Networking, and Notifications > Networks > Hostname. 3 Make sure the IP addresses and ports in use on your network will not conflict with the default settings for the secure tunnel that you will create for optimized, secure communication between the source and target systems. The secure tunnel uses the following settings: • • Secure Tunnel IP: 172.17.3.0 • Port: 1194 Netmask: 255.255.255.0 If the network settings conflict with your environment, you can change them when creating the secure tunnel as part of the setup process. IMPORTANT! Do not use this procedure for systems running version 7.0 or 7.1.x. Upgrade to the latest release or, if this is not possible, configure replication as described in KB 3174. Do not use this procedure for source systems that are configured for legacy vaulting. If your system is vaulting data, see "Upgrading from legacy vaulting to replication" on page 303. To set up standard replication between a source and target A high-level overview of the standard replication setup process is given here. Proceed to the sections that follow for detailed procedures associated with each high-level step. Note: Use the Replication Wizard for easy setup. If you are familiar with setting up replication from the WAN Settings or Secure Tunnel settings page, this is still supported. For details on using these pages, see KB 3174 Step 1: "Configure encryption on the replication target" on page 284 Step 2: "(Optional) Add a logical device to associate with a source system" on page 285 Step 3: "Configure the source system role and grant privilege to the target for remote management" on page 285 Step 4: "Configure the target system role and create a secure tunnel" on page 286 Step 5: "Configure the secure tunnel and add the source system to the target" on page 288 Step 6: "Tune replication attributes on the source system" on page 288 Step 7: " Configure clients and applications for replication" on page 289 Step 1: Configure encryption on the replication target Co n fig u re e n c ry p tio n o n th e re p lic a tio n ta rg e t In replicating systems, backups that are encrypted on the source are encrypted on the target Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 285 using the target system's key. If encryption is not configured on the target, replication of encrypted backups fails. Once encryption is configured, the target can receive both encrypted and non-encrypted backups from source systems for replication. Step 2: (Optional) Add a logical device to associate with a source system Ad d a lo g ic a ld e v ic e to a s s o c ia te with a s o u rc e s y s te m When setting up replication, adding a logical device is optional. If you do not add a logical device, replicated backups are stored on the default backup device. This works just fine, especially for targets with one replicating source system. For targets with multiple replicating sources, you can opt to associate sources with specific logical devices. You can associate each source with its own device, or associate multiple sources to a given device, grouping them as desired. If you do not define associations, replicated backups for all sources are stored together on the default device. Logical device considerations Before adding a logical device that will be associated to a source system, note the following requirements and considerations: • The device must support deduplication. Unitrends’ devices support deduplication by default. Note that if you have disabled deduplication, logical device association to a source is not supported. • The device must be at least 128 GB in size to be used for replicated backup storage. When associating a device to the source system, only devices that meet this size requirement display in the list. • Once a device is associated to a source, you can remove or modify the association at any time. • Upon removing the association, subsequent jobs are written to the default backup device. Jobs in progress are not impacted, they are written to the original device. • Upon modifying the association, subsequent jobs are written to the newly specified device. Jobs in progress are not impacted, they are written to the original device. • Upon changing the default device (designating another device as the new default), the new default is used for all sources for which an association is NOT defined. No change is made to sources that have been explicitly associated with a device. • Replicated backups remain on the device to which they were originally written. Modifying or removing an association does not migrate existing replicated backups. To create a logical device for a replication source Add a logical device to the replication target as described in "To add a device" on page 119. You will associate the source to this device later in the replication setup procedure. test Step 3: Configure the source system role and grant privilege to the target for remote management Co n fig u re th e s o u rc e s y s te mro le a n d g ra n tp riv ile g e to th e ta rg e tfo re mo te ma n a g e me n t In standard replication, one system acts as a source, and a second system acts as a target. For a target or a management system to remotely manage a local backup system, the backup system has to explicitly grant privilege to the manager. This is done to secure a two-way 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 286 handshake between the manager and the managed system. As part of the setup process, you will create a secure tunnel for optimized, secure communication between the source and target systems. For more details about remote management, see "Granting privilege for remote management" on page 96. For more details about secure tunnels, see "About replication" on page 277. Begin replication setup by configuring the role of the source system and granting privilege to the target for remote management. Note: To use the Replication Wizard, it is best to connect to both the source and target systems in separate tabs in the same browser. The setup steps require that you switch from one system to the other at various points. To configure the system role for the source 1 Verify that all requirements have been met for the source and target systems. See "Replication requirements" on page 279. 2 Open a browser and connect to the source system. Select Replication > Replication Wizard. On the welcome screen, click Next to begin replication setup. 3 The wizard asks how you would like to configure the system. Click Replication Source so it is highlighted. Click Next. To grant the remote management privilege 4 The wizard asks you to select a target for the source system’s replicated backups. Perform one of the following: • If the target has not been added to the source system’s hosts file, select Add a New Target in the drop-down menu. Enter the hostname and IP address of the replication target in the specified fields. Be sure to enter the hostname exactly as it displays in the hosts file on the replication target system. Click Next. • If the replication target has already been added, select it in the drop-down menu. Click Next. 5 Check the box that reads I agree that target can manage my system. This allows the target system to manage the source system. Click Next to proceed with generating a secure tunnel certificate request. 6 Click Generate Request. This generates a certificate signing request file. Click Okay, and save the file .csr in a convenient location. To continue with replication setup, you must configure the system role for the target and accept management privileges, as explained in "Configure the target system role and create a secure tunnel" on page 286. Step 4: Configure the target system role and create a secure tunnel Co n fig u re th e ta rg e ts y s te mro le a n d c re a te a s e c u re tu n n e l After configuring the system role for the source and granting management privilege to the target, you must configure the system role for the target and create a secure tunnel between the source and target systems. For more information about secure tunnels, see "About replication" on page 277. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 287 To configure the system role for the target 1 Verify that all requirements have been met for the source and target systems. See "Replication requirements" on page 279. 2 Open a browser and connect to the target system. 3 Select Replication > Replication Wizard. On the welcome page, click Next to begin replication setup. 4 The wizard asks how you would like to configure the system. Click Replication Target so it is highlighted. Click Next. 5 If you have not configured the system as a replication target, the wizard prompts you to change the installation type. Select Install as a vault (a replication target for some other local backup system.). (If you have already configured the system as a replication target, the wizard skips to the next step.) ClickNext. To create a secure tunnel 6 The wizard asks you to select a source to replicate to the target. Perform one of the following: • If the replication source has not been added to the target system’s hosts file, select Add a New Source from the drop-down menu. Enter the hostname and IP address of the replication source in the specified fields. Be sure to enter the hostname exactly as it displays in the hosts file on the replication target system. Click Next to view the Create a Secure Tunnel Target step. • If the source has already been added, select it in the drop-down menu. Click Next to view the Create a Secure Tunnel Target step. 7 At the top of the Create a Secure Tunnel target page, the network settings for the connection display. These settings are used to create the secure tunnel interface. Use the default IP, subnet, and port unless these settings cause a conflict in your environment. If necessary, enter your own values. Click Create a Secure Tunnel Target. 8 A message displays asking if you are sure you want to proceed. Once you create a secure tunnel, this procedure cannot be undone. If you are ready to create a secure tunnel, click Yes to proceed with signing the secure tunnel certificate request. Note: 9 If the replication setup process is interrupted after Step 7, the wizard skips this step when you start over with the setup process. This is not an error, as a secure tunnel can only be created once. When the wizard skips this step, proceed to Step 8. Click Sign Request. You are prompted to browse and open the file called .csr you saved earlier. By opening the file, you sign the certificate. Click Okay and save the signed certificate file, called ..crt, in a convenient location. 10 You are prompted to save the Certificate Authority file. Click Okay and save the file called -ca.crt in a convenient location. 11 You are prompted to send the certificate files and other information to the source system for final configuration. Click Okay. To continue with replication setup, you must return to the replication wizard on the source 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 288 system and proceed to "Configure the secure tunnel and add the source system to the target" on page 288. Step 5: Configure the secure tunnel and add the source system to the target Co n fig u re th e s e c u re tu n n e la n d a d d th e s o u rc e s y s te mto th e ta rg e t Perform these steps to configure the secure tunnel and add the source system to the target. To configure the secure tunnel 1 Switch to the source system in your browser to view the Configure the Secure Tunnel on the Source System step. Click Complete Configuration. 2 You see a message asking you to complete the Secure Tunnel configuration and sign the Source System Certificate. Click Okay. 3 You are prompted to browse and open the -ca.crt file. When you open the file, a message displays stating that you have successfully loaded the CA certificate. 4 Click Okay to load the signed Secure Tunnel certificate. You are prompted to browse and open the ..crt file. Open this file to complete Secure Tunnel configuration on the source system. Click Okay to acknowledge that the configuration is complete. Note: 5 If you have previously created a secure tunnel between the source and target, a message displays stating that the source has already been configured as an OpenVPN client of the target. Click Okay, and proceed to the next step. Click Next to continue. The replication wizard instructs you to return to the target system to continue with the setup. To add the source system to the target 6 Switch to the target system in your browser. Click Next to view the Add Source System to Target step. In the drop-down menus, select a customer and location for the source system or use the default values provided. If you have multiple backup devices on the target system, select the device where you would like backups to replicate. Click Next. 7 The wizard now asks if you would like to configure attributes on the source system. You can tune the source system to perform optimally given the bandwidth available for replication. You can also configure clients and applications for replication. The wizard allows you to perform these configurations from either system, but to simplify the setup process, these instructions ask you to configure attributes through the source. On the target, select The replication attributes of source are already setup, and I am done. (You will still be able to configure attributes on the source system.) Click Next. 8 The wizard informs you that replication is complete. Click Finish to complete the Replication Wizard setup for the target system. You must now return to the source system to complete the replication setup. Proceed to "Tune replication attributes on the source system" on page 288. Step 6: Tune replication attributes on the source system T u n e re p lic a tio n a trib u te s o n th e s o u rc e s y s te m From the source system, configure replication attributes using the steps below. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 289 To set replication attributes on the source system 1 Switch to the source system in your browser. You see the Add Source System to target step. Click Next to begin configuring attributes. 2 Select I would like to configure the replication attributes of the source system, click Next. 3 In the Replication Report Options section, enter the following to receive email reports: • • The time to receive the report in the Time to Send Report field. The email address in the Report Email Address field. Note: 4 If you want to receive an email Replication report, you must enter values in each of these fields. In the Bandwidth and Throttling Options section, configure the following: • Connection Type – The connection’s theoretical physical bandwidth. If your specific connection is not in the list, pick the closest upstream bandwidth match. • Connection Effective Bandwidth – What you expect the actual bandwidth of the physical connection to be. • Throttling Settings – Use the grid to configure settings. Throttling is simply the act of responsibly sharing the bandwidth of the WAN by which the Unitrends’ target provides replication and disaster recovery services. Set the weekly replication schedule using the graphical tool consisting of 7x24 small boxes that represent each hour of the week. Multiple throttling scenarios can be configured. Select the throttle percentage, then click and drag the mouse pointer to highlight the days and times to use the selected percentage. Perform this step as many times as needed to fully configure throttling scenarios. The percentage you select uses X percent of the Connection Effective Bandwidth you set above for replication. Note: 5 Throttling is enforced in one-second intervals. There could be spikes in bandwidth consumed within a fraction of a second causing utilization to exceed the level you set here. Click Next to accept the settings. The Configure Replication of the Source’s Clients step displays. Proceed to " Configure clients and applications for replication" on page 289. Step 7: Configure clients and applications for replication Co n fig u re c lie n ts a n d a p p lic a tio n s fo re p lic a tio n A backup for a client is replicated if the following conditions are satisfied: • Replication is enabled for the client or its application backups. See "To configure clients and applications for replication" on page 290 for details. • • The client backups are located on a backup disk device. The client backups are successful. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 290 To configure clients and applications for replication 1 Use the check boxes to select all clients whose backups are to be replicated to the target system. Once you select a client, all subsequent file-level and bare metal backups will replicate. Click Next. The system applies the replication settings to all clients you have selected. This process can take a few seconds to several minutes depending on the number of clients you selected. Note: 2 Select applications whose backups are to be replicated to the target system. Use the Navigation pane on the left to select an application, then use the check boxes to select the databases, virtual machines, and NDMP volumes to replicate. After making all desired selections, click Next. Note: 3 Clients hosting NDMP volumes, virtual machines, or application such as Exchange, Oracle, or SQL must be configured for replication in the next step. Backups of NDMP volumes, virtual machines, and application databases will not replicate if you configure only the client and not the application. If you add databases, virtual machines, or NDMP volumes to your backup system after setting up replication, their backups will not automatically replicate. You must configure them for replication using the procedure described in "To replicate application backups" on page 300. The replication wizard informs you that replication setup is complete. Click Finish to complete the Replication Wizard setup. You are finished with replication setup. For clients and applications that you have selected for replication, all successful backups completed after replication setup will be replicated to the target system. The replication queue scheme is set to Recency, so the most recent backups are replicated first. This is the recommended approach, but you can change the setting to Maximum Retention, where backups are added to the end of the replication queue as they complete, or Manual, which enables you to add backups to the replication queue manually. For details, see "Configuring connection options and process control" on page 298. It is also recommended that for large data sets you seed the initial data set to the target using removable media. This greatly reduces the time required to replicate the first backups. For details, see "Seeding the initial data set" on page 299. Cross-replication setup This section provides a high-level overview of the steps required to set up cross-replication between two systems. In cross-replication, each system acts as both a backup source and a replication target. As part of the setup process, you will create a secure tunnel for optimized, secure communication between the two systems. When creating this secure tunnel, you will designate one system as the secure tunnel source (ST source) and the other as the secure tunnel target (ST target). The larger of the two systems is the better choice for a secure tunnel target, but if they are the same model, either will work fine. Before beginning the setup process, decide which system you will designate as the ST source and which you will designate as the ST target. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 291 The procedure described here is performed using the Replication Wizard. Replication setup requires you to access the wizard from both the ST source and ST target systems. This procedure divides cross-replication setup into several parts that minimize the need for switching between the two systems. Before beginning the setup process, perform the following: 1 See "Replication requirements" on page 279 to verify that all requirements have been met for the source and target systems. 2 Make sure you know the hostname and IP address for both the source and target systems. To view a system’s hostname in the Administrator Interface, select Settings > Clients, Networking, and Notifications < Networks > Hostname. 3 Make sure the IP addresses and ports in use on your network will not conflict with the default settings for the secure tunnel that you will create for optimized, secure communication between the source and target systems. The secure tunnel uses the following settings: • • • Secure Tunnel IP: 172.17.3.0 Netmask: 255.255.255.0 Port: 1194 If the network settings conflict with your environment, you can change them when creating the secure tunnel as part of the setup process. IMPORTANT! Do not use this procedure for systems running version 7.0.0 or 7.1.x. Upgrade to the latest release or, if this is not possible, configure replication as described in KB 3174. Do not use this procedure for source systems that are configured for legacy vaulting. If your system is vaulting data, see "Upgrading from legacy vaulting to replication" on page 303. To set up cross-replication between two systems A high-level overview of the standard replication setup process is given here. Proceed to the sections that follow for detailed procedures associated with each high-level step. Note: Use the Replication Wizard for easy setup. If you are familiar with setting up replication from the WAN Settings or Secure Tunnel Settings page, this is still supported. For details on using these pages, see KB 3174. Step 1: "Configure encryption on the replication target" on page 292 Step 2: "(Optional) Add a logical device to associate with a source system" on page 292 Step 3: "Configure the ST source system for cross-replication and grant management privilege to the ST target" on page 292 Step 4: "Configure the ST target system and create a secure tunnel" on page 293 Step 5: "Configure the secure tunnel for cross-replication" on page 295 Step 6: "Add each system to the other system grid" on page 295 Step 7: "Tune cross-replication attributes" on page 296 Step 8: "Configure clients and applications for cross-replication" on page 297 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 292 Step 1: Configure encryption on the replication target In replicating systems, backups that are encrypted on the source are encrypted on the target using the target system’s key. If encryption is not configured on the target, replication of encrypted backups fails. Once encryption is configured, the target can receive both encrypted and non-encrypted backups from source systems for replication. Co n fig u re e n c ry p tio n o n th e re p lic a tio n ta rg e t Step 2: (Optional) Add a logical device to associate with a source system (Op tio n a l)A d d a lo g ic a ld e v ic e to a s s o c ia te with a s o u rc e s y s te m When setting up replication, adding a logical device is optional. If you do not add a logical device, replicated backups are stored on the default backup device. This works just fine, especially for targets with one replicating source system. For targets with multiple replicating sources, you can opt to associate sources with specific logical devices. You can associate each source with its own device, or associate multiple sources to a given device, grouping them as desired. If you do not define associations, replicated backups for all sources are stored together on the default device. Logical device considerations Before adding a logical device that will be associated to a source system, note the following requirements and considerations: • The device must support deduplication. Unitrends’ devices support deduplication by default. Note that if you have disabled deduplication, logical device association to a source is not supported. • The device must be at least 128 GB in size to be used for replicated backup storage. When associating a device to the source system, only devices that meet this size requirement display in the list. • Once a device is associated to a source, you can remove or modify the association at any time. • Upon removing the association, subsequent jobs are written to the default backup device. Jobs in progress are not impacted, they are written to the original device. • Upon modifying the association, subsequent jobs are written to the newly specified device. Jobs in progress are not impacted, they are written to the original device. • Upon changing the default device (designating another device as the new default), the new default is used for all sources for which an association is NOT defined. No change is made to sources that have been explicitly associated with a device. • Replicated backups remain on the device to which they were originally written. Modifying or removing an association does not migrate existing replicated backups. To create a logical device for a replication source Add a logical device to the replication target as described in "To add a device" on page 119. You will associate the source to this device later in the replication setup procedure. Step 3: Configure the ST source system for cross-replication and grant management privilege to the ST target Co n fig u re th e ST s o u rc e s y s te mfo rc ro s s -re p lic a tio n a n d g ra n tma n a g e me n tp riv ile g e to th e ST ta rg e t In cross-replication, each system acts as both a source and a target. Each system must grant management permission to the other to allow various replication operations. Begin crossreplication setup by configuring the ST source system and granting remote management Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 293 privilege to the ST target system. To configure the ST source system for cross-replication 1 Verify that all requirements have been met. See "Replication requirements" on page 279. 2 Open a browser and connect to the ST source system. 3 Select Replication > Replication Wizard. On the welcome page, click Next to begin cross-replication setup. 4 The wizard asks how you would like to configure the system. Click Cross-Replication so it is highlighted. Click Next. 5 If you have not configured the system for cross-replication, the wizard prompts you to change the installation type. Select Install as a local backup system and a vault (CrossReplication). (If you have already configured the system for cross-replication, the wizard skips to the next step.) ClickNext. 6 The wizard asks you to select a source to replicate to the ST source. Perform one of the following: • If the ST target system has not been added to the ST source system’s hosts file, select Add a new Source in the drop-down menu. Enter the hostname and IP address of the ST target in the specified fields. Be sure to enter the hostname exactly as it displays in the hosts file on the ST target. Click Next. • If the ST target system has already been added to the ST source system’s hosts file, select it in the drop-down menu. Click Next. To grant management privilege 7 Check the box that reads I agree that ST target can manage my system. This allows the ST target system to manage the ST source. Click Next to begin creating a secure tunnel. 8 The wizard asks if you would like the ST source to be the secure tunnel target. Select No, I would prefer ST target to be the Secure Tunnel Target and ST source to be the Secure Tunnel Source. Click Next. 9 The wizard prompts you to generate a secure tunnel certificate request. Click Generate Request. This generates a signing request file. Click Okay, and save the file, .csr in a convenient location. The wizard proceeds to the Configure the Secure Tunnel on the Source System step. To continue with cross-replication setup, proceed to "Configure the ST target system and create a secure tunnel" on page 293. Step 4: Configure the ST target system and create a secure tunnel Co n fig u re th e ST ta rg e ts y s te ma n d c re a te a s e c u re tu n n e l After configuring the system role for the ST source and granting management privilege to the ST target, you must configure the ST target and create the secure tunnel. For more information about secure tunnels, see "About replication" on page 277. To configure the ST target system 1 Verify that all requirements have been met. See "Replication requirements" on page 279. 2 Open a new tab in your browser, and connect to the ST target system. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 294 3 Select Replication > Replication Wizard. On the welcome page, click Next to begin cross-replication setup. 4 The wizard asks how you would like to configure the system. Click Cross-Replication so it is highlighted. Click Next. 5 If you have not configured the system for cross-replication, the wizard prompts you to change the installation type. Select Install as a local backup system and a vault (CrossReplication). (If you have already configured the system for cross-replication, the wizard skips to the next step.) Click Next. 6 The wizard asks you to select a source to replicate to the ST source. Perform one of the following: • If the ST target system has not been added to the ST source system’s hosts file, select Add a new Source in the drop-down menu. Enter the hostname and IP address of the ST source system in the specified fields. Be sure to enter the hostname exactly as it displays in the hosts file on the ST source. Click Next. • If the ST target system has already been added to the ST source system’s hosts file, select it in the drop-down menu. Click Next. To create a secure tunnel 7 Check the box that reads I agree that STsource can manage my system. This allows the ST source system to manage the ST target. ClickNext to begin creating a secure tunnel. 8 The wizard asks if you would like the ST target system to be the secure tunnel target. Select Yes, I would like STtargetto be the Secure Tunnel Target and STsource to be the Secure Tunnel Source. Click Next. 9 At the top of the Create Secure Tunnel Target page, the network settings for the connection display. These settings are used to create the secure tunnel interface. Use the default IP, subnet, and port unless these settings cause a conflict in your environment. If necessary, enter your own values. Click Create a Secure Tunnel Target. 10 A message displays asking if you are sure you want to proceed. Once you create a secure tunnel, this procedure cannot be undone. If you are ready to create a secure tunnel, click Yes to proceed with signing the secure tunnel certificate request. Note: If the cross-replication setup process is interrupted after step 10 above, the wizard will automatically skip this step when you start over with the setup process. This is not an error, as a secure tunnel can only be created once. When the wizard skips this step, proceed to step 11 below. 11 Click Sign Request. You are prompted to browse and open the file .csr you saved earlier. By opening the file, you sign the certificate. ClickOkay and save the signed certificate file called .-.crt in a convenient location. 12 You are prompted to save the Certificate Authority file. Click Okay and save the file called -ca.crt in a convenient location. 13 You are prompted to send the certificate files and other information to the secure tunnel source system for final configuration. Click Okay. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 295 To continue replication setup, you must return to the ST source system and configure the secure tunnel. Proceed to "Configure the secure tunnel for cross-replication" on page 295. Step 5: Configure the secure tunnel for cross-replication Co n fig u re th e s e c u re tu n n e lfo rc ro s s -re p lic a tio n Perform these steps to configure the secure tunnel. To configure the secure tunnel 1 Switch to the ST source system in your browser to view the Configure the Secure Tunnel on the Source System step. Click Complete Configuration. 2 You see a message asking you to complete the Secure Tunnel configuration and sign the Source System Certificate. Click Okay. 3 You are prompted to browse and open the .ca.crt file. When you open the file, a message displays stating that you have successfully loaded the CA certificate. 4 Click Okay to load the signed Secure Tunnel certificate file. You are prompted to browse and open the ..crt file. Open this file to complete Secure Tunnel configuration on the ST source system. 5 Click Okay to acknowledge that the configuration is complete. 6 Click Next to continue. Cross-replication setup is almost complete. You are now ready to add the two systems to each other’s grids. Start by switching back to the ST Target in your browser and adding the ST Source to its grid, as explained in "Add each system to the other system grid" on page 295. Step 6: Add each system to the other system grid Ad d e a c h s y s te mto th e o th e rs y s te mg rid Once the secure tunnel has been created and configured, you can add the two systems to each other’s grids. This procedure requires you to switch between the ST source and ST target systems. To add each system to the other system grid 1 Switch to the ST target in your browser to view the Configuring a Secure Tunnel step. Click Next. 2 Using the drop-down menus in the Add Source to Target step, select a customer and location for the ST source or use the default values provided. If you have multiple backup devices on the ST target system, select the device where you would like backups to replicate. Click Next. 3 Return to the ST source and view the Add Source to Target step. In the drop-down menus, select a customer and location for the ST target or use the default values provided. If you have multiple backup devices on the ST source system, select the device where you would like backups to replicate. Click Next. 4 The wizard displays the Select a System to configure step. You are now ready to tune attributes and configure clients for each system. To continue, choose one of the following options: • If you would like to define replication attributes, such as reporting and bandwidth throttling, proceed to "Tune cross-replication attributes" on page 296. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 296 • Step 7: If replication attributes are already configured for both systems, select Neither, I’m done with configuring replication. The wizard informs you that replication setup is complete for the ST source. Click Finish to exit the wizard. Return to the ST target to complete the replication setup. You see the step asking which system you would like to configure attributes on. Select Neither, I’m done with configuring replication. Then click Finish to exit the Replication Wizard. Tune cross-replication attributes T u n e c ro s s -re p lic a tio n a trib u te s Once the systems are added to each other’s grids, replication configuration is almost complete. You can now tune each system to perform optimally given the bandwidth available for replication. The Replication Wizard allows you to perform these configurations from either system, but to simplify the setup process, these instructions ask you to configure attributes for the ST source from the ST source system and for the ST target from the ST target system. To set cross-replication attributes 1 Stay in the browser on the ST source system and view the Select a System to configure step. Select the ST source system, and click Next. 2 In the Replication Report Options section, enter the following to receive email reports: • • The time to receive the report in the Time to Send Report field. The email address in the Report Email Address field. Note: 3 If you want to receive an email Replication report, you must enter values in each of these fields. In the Bandwidth and Throttling Options section, configure the following: • Connection Type – The connection’s theoretical physical bandwidth. If your specific connection is not in the list, pick the closest upstream bandwidth match. • Connection Effective Bandwidth – What you expect the actual bandwidth of the physical connection to be. • Throttling Settings – Use the grid to configure settings. Throttling is simply the act of responsibly sharing the bandwidth of the WAN by which the Unitrends’ target provides replication and disaster recovery services. Set the weekly replication schedule using the graphical tool consisting of 7x24 small boxes that represent each hour of the week. Multiple throttling scenarios can be configured. Select the throttle percentage, then click and drag the mouse pointer to highlight the days and times to use the selected percentage. Perform this step as many times as needed to fully configure throttling scenarios. The percentage you select uses X percent of the Connection Effective Bandwidth you set above for replication. Note: Throttling is enforced in one-second intervals. There could be spikes in bandwidth consumed within a fraction of a second causing utilization to exceed the level you set here. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 297 4 Click Next to accept the settings. The Configure Replication of the Source’s Clients step displays. Proceed to "Configure clients and applications for cross-replication" on page 297. Step 8: Configure clients and applications for cross-replication Co n fig u re c lie n ts a n d a p p lic a tio n s fo rc ro s s -re p lic a tio n A backup for a client is replicated if the following conditions are satisfied: • Replication is enabled for the client or its application backups. See "To configure clients and applications for cross-replication" on page 297 for instructions. • • The client backups are located on a disk device. The client backups are successful. To configure clients and applications for cross-replication 1 Use the check boxes to select all clients whose backups are to be replicated to the other system. Once you select a client, any subsequent file-level and bare metal backups will replicate. Click Next. After clicking Next, the system makes changes to all clients whose replication setting you checked or unchecked. This process can take a few seconds to several minutes depending on the number of clients. Note: 2 Clients hosting NDMP volumes, virtual machines, or application such as Exchange, Oracle, or SQL must be configured for replication in the next step. Backups of NDMP volumes, virtual machines, and application databases will not replicate if you configure only the client and not the application. Select applications whose backups are to be replicated to the other system. Use the Navigation pane on the left to select an application, then use the check boxes to select which databases and virtual machines to replicate. After making all desired selections, click Next. Note: If you add databases, virtual machines, or NDMP volumes to your backup system after setting up replication, their backups will not automatically replicate. You must configure them for replication using the procedure described in "To replicate application backups" on page 300. 3 The replication wizard asks if you would like to configure attributes on another system. Select Neither, I’m done with configuring replication. Click Next. The wizard informs you that replication setup is complete. Click Finish to exit the wizard and complete replication setup for the ST source system. 4 Switch the ST Target system in your browser. Continue from step 2 on the previous page of "To set cross-replication attributes ". 5 When replication attributes have been configured for both systems, select Neither, I’m done with configuring replication and click Next. Click Finish to complete the Replication Wizard setup. You are finished with replication setup. For clients and applications that you have selected for replication, all successful backups completed after replication setup will be replicated to the target system. The replication queue scheme is set to Recency, so the most recent backups are replicated first. This is the recommended approach, but you can change the 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 298 setting to Maximum Retention, where backups are added to the end of the replication queue as they complete, or Manual, which enables you to add backups to the replication queue manually. For details, see "Configuring connection options and process control" on page 298. It is also recommended that for large data sets you seed the initial data set to the target using removable media. This greatly reduces the time required to replicate the first backups. For details, see "Seeding the initial data set" on page 299. Configuring replication after the initial setup Once your backups are replicating, depending upon your environment and data protection needs, you might need to perform one or more of the following: • • "Configuring connection options and process control" on page 298 • • • • • • "Configuring backups for replication" on page 300 "Seeding the initial data set" on page 299 "Tuning bandwidth and throttling options" on page 301 "Setting replication report options" on page 301 "Suspending replication" on page 302 "Moving a source to a different replication target" on page 302 "Removing replication" on page 302 Configuring connection options and process control Connection options and process control allow you to fine-tune how replication behaves, including the replication job queue scheme and how many backups can be replicated at once. Note: About Poll Frequency - In previous releases, there was a Poll Frequency field to set how often the source checks for new backups to replicate. Beginning in release 7.3, this setting has been removed, and the source now sets poll frequency automatically to optimize system performance. To adjust connection options and process control 1 Select the source system you wish to adjust settings for in the Navigation pane and Select Replication > Replication Attributes. 2 Select Connection Options and Process Control and configure the following: • Queue Scheme – Specifies the manner in which replication jobs are queued. The default setting is Recency, where backups are added to the top of the replication queue, so the most recent backups are replicated first.Note that upon replicating the most recent backup of a given client and type, older backups are removed from the queue and are not replicated. Select Maximize Retention to add backups to the end of the replication queue as they complete. Select Manual to add replicated backups to the queue manually (see "Replicating backups manually" on page 299). With the Manual scheme, the system does not add backups to the queue. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 299 • Max Concurrent – Enter the maximum number of replication tasks that can run simultaneously. • Resume/Suspend Replication – Select to resume or suspend replication operations. For initial configuration, click Resume Replication to enable the replication process. If suspending replication, an option is presented to suspend immediately by selecting Yes, or suspend after any replication operations in progress have completed by selecting No. If you suspend immediately, replication operations in progress are stopped. Selecting Cancel takes you back to the previous screen and replication continues without interruption. Note: • Suspending replication pauses replication operations temporarily, until you click Resume Replication . It does not remove the replication configuration. Reset Replication – Select to stop all in-progress replication operations immediately and then restart replication. Replicating backups manually If you have chosen the Manual queue scheme (see "Configuring connection options and process control" on page 298), you must select each full backup you wish to replicate. Note: Full or master backups are the only type that can be replicated manually. This includes application-level (such as SQL full and Exchange full) and file-level full backups. This feature is not available with the Maximize Retention and Recency queue schemes. To replicate a backup manually 1 Select a client in the Navigation pane and click Status. 2 Select the Past (Historical Status) blind. 3 Under the Backup: Month or Backup: Last 7 Days tab, click the desired full backup. Details display on the Backup Information page. 4 Click Replicate Backup to add this backup to the end of the replication queue. 5 Use the Replication Dashboard (Replication > Dashboard) to view the backup in the queue. See "Working with the replication dashboard" on page 309 for details. Seeding the initial data set For large data sets, it is recommended that you seed the initial data set to the target using removable media (disk or NAS). This is optional, but greatly reduces the time required to transfer the first backups to the system. Rather than letting the replication process do this initial transfer, use a seeding mechanism. To seed the initial data set Perform these steps on the source system. Note: If cross-replicating, perform this procedure on each replicating system. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 300 1 Suspend replication by selecting Replication > Replication Attributes > Connection Options and process Control > Suspend Replication. 2 Disable archive schedules for the duration of the seed operation. • • 3 Select Archive > Schedule Archive. Select a schedule and click Enable/Disable below. Repeat to disable each schedule. Proceed to the RapidSeed for Replicating Systems document for seed instructions. Configuring backups for replication Once your system is replicating, if you need to configure file-level or application backups for replication, use the following procedures: • • "To replicate file-level backups" on page 300 "To replicate application backups" on page 300 To replicate file-level backups 1 Log in to the source system and select Settings > Clients, Networking, and Notifications > Clients. 2 Select a client to be configured for replication. 3 Check the All backups performed on this computer are to replicated . . . box. All subsequent file-level and bare metal backups for this client will be replicated to the target system. If this field is not checked, backups are not replicated for this client. Note: This option is not available for Hyper-V, VMware, and NDMP because only application-level backups are supported for these clients. Backups of NDMP volumes, virtual machines, and application databases will not replicate if you do configure only the client and not the application. To replicate the application backups of these clients, see "To replicate application backups" below. 4 Click Save. 5 Repeat this process to configure all desired clients for replication. To replicate application backups Use this procedure to set up application database, virtual machine, and NDMP volume backups for replication. Note: If you add application databases, virtual machines, or NDMP volumes to your Unitrends appliance after setting up replication, their backups will not automatically replicate. You must configure them for replication. 1 In the Navigation pane, select the application whose data, virtual machines, or NDMP volumes you would like to replicate. 2 Select Replication > Replication Attributes. A list of the application’s databases, storage groups, NDMP volumes, or virtual machines displays. If you do not see the desired items, click Reload to refresh the view. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 301 If an item is marked unavailable, check that the database, storage group, NDMP volume, or VM is online. 3 Check boxes to select the items you wish to replicate. 4 Click Confirm to save your settings. Tuning bandwidth and throttling options Use this procedure to configure how your replicating systems use the available bandwidth. This procedure can be run from the source or target system. To tune bandwidth and throttling options 1 Log in to the source or target system. 2 Select the source system in the Navigation Pane, and then select Replication > Replication Attributes. 3 In the Bandwidth and Throttling Options section, configure the following: • Connection Type – The connection’s theoretical physical bandwidth. If your specific connection is not in the list, pick the closest upstream bandwidth match. • Connection Effective Bandwidth – What you expect the actual bandwidth of the physical connection to be. • Throttling Settings – Use the grid to configure settings. Throttling is simply the act of responsibly sharing the bandwidth of the WAN by which the Unitrends target provides replication and disaster recovery services. Set the weekly replication schedule using the graphical tool consisting of 7x24 small boxes that represent each hour of the week. Multiple throttling scenarios can be configured. Select the throttle percentage, then click and drag the mouse pointer to highlight the days and times to use the selected percentage. Perform this step as many times as needed to fully configure throttling scenarios. The percentage you select uses X percent of the Connection Effective Bandwidth you set above for replication. Note: 4 Throttling is enforced in one-second intervals. There could be spikes in bandwidth consumed within a fraction of a second causing utilization to exceed the level you set here. Click Confirm to save these settings. Setting replication report options After setting up replication, you can configure replication reports to be sent via email. This procedure can be run from the source or target system. To set replication report options 1 Log in to the source or target system. 2 Select the source system in the Navigation Pane, and then select > Replication > Replication Attributes. 3 In the Replication Report Options section, enter the following to receive email reports: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 302 • • The email address in the Report Email Address field. The time to receive the report in the Time to Send Report field. Note: 4 If you want to receive an email Replication report, you must enter values in each of these fields. Click Confirm to save these settings. Suspending replication You should temporarily suspend replication in the following instances: • • • When seeding the initial data set. For details, see "Seeding the initial data set" on page 299. When performing maintenance on your systems. When your network will be offline. Suspending pauses replication operations temporarily, until you click Resume Replication. It does not remove the replication configuration. For instructions on suspending replication, see "To adjust connection options and process control" on page 298. To remove the replication configuration, see "Removing replication" on page 302. Moving a source to a different replication target A source can replicate to only one target, so if you need to move a source to a different replication target, you must first remove replication between the source and the current target, as described in "Removing replication" on page 302. You can then set up replication to a new target by following the instructions for "Replication setup" on page 283. Removing replication You might find it necessary to remove a replicating source in certain situations, such as if you need to move the source to a different replication target. If you remove replication for a source, replication stops, but the target retains management privilege and operations described in "Supported target operations using the source system user account" on page 308 can still be performed through the target. Removing replication deletes all of the source’s replicated backups from the target. No backups are deleted from the source. Before removing replication, be sure you no longer need this replicated data. To remove replication CAUTION! Removing replication for a source deletes all of the source’s replicated backups from the target. 1 Log in to the target system. 2 Select Replication > System Management. Then select the source system. 3 Uncheck the Configured for Replication? 4 Click Confirm. A box displays asking if you are sure you want to remove replication for the source. To continue, check I understand that I am permanently deleting this system’s replicated backups. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 303 5 Click Confirm. 6 Refresh the target system by clicking the arrows at the bottom of the Navigation pane. 7 If desired, see "To revoke the remote management privilege" on page 97 to remove the source from the target’s Navigation pane. You can leave the source if you want to manage its operations from the target. Problem removing replication In rare instances, after removing replication, you might receive a message stating that the source is currently replicating to the previous target when you try to set up replication to a new target. If you receive this message, follow these steps to remove replication for the source: 1 Log in to the source system. 2 Select Settings > System, Updates, and Licensing > General Configuration (Advanced). 3 Expand the Replication folder by clicking the arrow next to it. 4 Click Enabled in the list of section names. 5 Change the value to no. Click Confirm. 6 Then click SyncTo in the list of section names. Clear the Value field. Click Confirm. 7 Refresh the source system by clicking the arrows at the bottom of the Navigation pane. Upgrading from legacy vaulting to replication A high-level overview of the steps required to upgrade from legacy vaulting to replication is given here. Proceed to the sections that follow for detailed instructions. These procedures assume the source (backup system) and target (legacy vault) you wish to upgrade are currently vaulting. Vaulting must be running and configured correctly to use these upgrade procedures. Run these procedures on the target for each source system you wish to upgrade. For a target receiving vaulted data from multiple sources, you must complete these procedures for each source. Migration limitations The following vaulted data does not migrate during the upgrade process: • • • Source system data vaulted with the legacy Vault Local Directory option. Vaulted CIFS/NFS NAS client backups. Vaulted legacy Exchange backups (backups run with the Windows legacy Exchange agent). Before migrating, be sure to archive this data. Run these procedures to upgrade from legacy vaulting to replication Step 1: "Prepare source and target systems" on page 304 Step 2: "Migrate legacy vaulted data" on page 305 Step 3: "Upgrade to replication" on page 306 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 304 Step 1: Prepare source and target systems Pre p a re s o u rc e a n d ta rg e ts y s te ms 1 2 Log in to the target and suspend vaulting on all source systems in preparation for installing updates. • Select a source system in the Navigation pane, then select Settings > Replication > Replication Attributes. Select Connection Options and Process Control, and click Suspend Vaulting. • Repeat for each source that is vaulting to this target. Update the target to version 7.1 or higher. With the target (brown vault icon) selected in the Navigation pane, select Settings > System Updates, and Licensing > Updates > Install. 3 Update the source to version 7.1 or higher. With the source (blue server icon) selected in the Navigation pane, select Settings > System Updates, and Licensing > Updates > Install. 4 5 Restart vaulting on all sources other than the one you are upgrading to replication. • Select the source system in the Navigation pane, then select Replication > Replication Attributes. Select Connection Options and Process Control, and click Resume Vaulting. • • Be sure that vaulting remains suspended on the source you are upgrading. The upgrade only impacts the selected source system. Restarting vaulting on the other sources enables legacy vaulting to resume and continue throughout the upgrade procedure. Configure the target as a cross-vault. (If the target is already configured as both a backup system and replication target, skip this step.) With the target selected in the Navigation pane, select Replication > System Management > Add System, check Create Cross-Vault, and click Confirm. Note: This configuration is required for replication even if the target will not be used as a backup system. 6 With the target selected in the Navigation pane, select Settings > Storage and Retention > Storage Allocation. 7 Adjust storage to add replication space, either by dragging a border in the circle or entering a value in the Backup/Replication field below. • To increase replication storage, you must decrease Vaulting and/or Instant Recovery storage. • Vaulted data is stored on the target in the Vaulting storage area. Replicated data is stored in the Backup/Replication storage area. Increase this storage area to accommodate replicated data. When you complete the "Upgrade to replication" on page 306 procedure, data will begin replicating. If there is no space in the Backup/Replication area, replication jobs fail. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 305 • If you are also using the target as a local backup system, regular backups are stored in the Backup/Replication area. Be sure to allocate enough space for both replicated and backup data. • If the target is receiving vault data from multiple sources, be sure to leave enough space in the Vaulting area. If you run out of space in the Vaulting area, legacy vault jobs fail. • When you complete the "Upgrade to replication" on page 306 procedure, vaulted data for this source is removed from the target. This frees space. For targets with multiple sources, freeing space as you upgrade one source at a time works well for tight systems. Step 2: Migrate legacy vaulted data Mig ra te le g a c y v a u lte d d a ta Note: 1 2 Verify the following prerequisites have been met: • All steps in the "Prepare source and target systems" on page 304 procedure have been completed. • The backups device on the target has as much or more free space as the total size of the backups to be migrated. To check free space, select Settings > Storage and Retention > Storage. • If any encrypted backups on the source will be replicated, encryption must be enabled on the target. See "To configure encryption" on page 129 for details. • If any encrypted backups on the source will be replicated, the source encryption passphrase must be available. You will be prompted for this passphrase when migrating data. Using a terminal emulator, such as PuTTY, connect to the target with the following: • • • 3 We strongly recommend migrating legacy vault data to avoid transferring the initial replication data set over the network. If you skip this migration procedure, the initial transfer requires a tremendous amount of time and bandwidth. After the legacy vaulted data is migrated, only changed blocks are transferred over the network. target system IP address port 22 SSH connection type Log in as a user with root privileges. login as: root [email protected]'s password: 4 Enter this command to launch the migration utility: [root]# /usr/bp/bin/vaultMigration-scripts/mr71VaultMigration.php 5 Preliminary checks are run and messages display. Check the last paragraph on the screen and do one of the following: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 306 • • 6 If you see Select the system to migrate..., continue to the next step in this procedure. If you see Found some problems..., check for Failed results above in the Preliminary Check list, correct any issues, then rerun the migration utility. In the System(s) list, find the source whose vaulted data you wish to migrate, type its number and press Enter. For example: Selection (‘q’ to quit): 0 7 Information for the selected system displays. Check the last paragraph on the screen and do one of the following: • If you see Insufficient space..., note the available space and amount needed. Allocate more space to the Backup/Retention area (Settings > Storage and Retention > Storage Allocation), then rerun the migration procedure. • If you see Enter to start migration process..., press Enter to begin migration (or type q to quit). 8 If you are migrating encrypted backups, you are prompted for the source’s encryption passphrase. Type in the passphrase and press Enter. 9 While migration is in progress, status messages display. Note: You can run up to 5 migration sessions to migrate multiple source systems concurrently. Use caution when running multiple sessions as each consumes system resources, which may adversely impact performance. To run another session, start with step 6 on page 304 in "Prepare source and target systems" above to prepare your next source. 10 When migration is complete, you see the message Done, Exiting... and the Linux command prompt returns. For example, Done, Exiting... [root]# If you see any errors, simply rerun the utility to migrate any remaining data. Once the script completes without errors, continue to "Upgrade to replication" on page 306. Step 3: Upgrade to replication Up g ra d e to re p lic a tio n WARNING! Upgrading a source system from legacy vaulting to replication deletes all vaulted data for this source on the target system. If you have multiple sources vaulting to the target, legacy vaulting for other sources continues and vaulted data for these systems is preserved. 1 Verify the following prerequisites have been met: • • 2 All steps in "Prepare source and target systems" on page 304 have been completed. All steps in "Migrate legacy vaulted data" on page 305 have been completed. Log in to the target system interface (not the command line). Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 307 3 Select the source system in the Navigation pane, then select Replication > System Management. 4 Verify that the desired source system displays in the System Username field. WARNING! Be sure the desired system displays in the System Username field. Any vaulted data associated with this system on the target will be deleted upon upgrading to replication. 5 Check the Configured For Replication box and click Confirm. 6 When the warning message displays, click Yes to continue. 7 When the upgrade is complete, restart replication. With the source system selected in the Navigation pane, select Replication > Replication Attributes > Resume Replication. 8 Verify that replication is running by selecting Replication > Dashboard. You should see system metadata replicating within minutes. For details, see "Working with the replication dashboard" on page 309. All clients and applications that were configured for legacy vaulting begin replicating. No further configuration is required. 9 To upgrade another source on this target, suspend vaulting on the source and repeat this procedure starting with step 6 on page 304 in "Prepare source and target systems" on page 304 Navigating replicating systems In replicating systems, you can view information from both the source and target systems. On either system, the tasks you can perform are based on the login credentials supplied. See "About user configuration" on page 66 for details. From the source system From the source system you can access the following: • • Backups stored on the source system itself • Completed replication tasks by viewing the Replication report (last 24-hours) or Replication History report (older history) Active, pending, and completed replication tasks as described in "Working with the replication dashboard" on page 309 From the target system Target systems can have multiple replicating sources. To restrict access by source system, there is a unique system user account on the target system for each source. The system source username and password are the hostname of the source system. For example, for a source whose hostname is CompanyBackup, log in as user CompanyBackup and password CompanyBackup. • • "To change the source system user password" on page 308 "Supported target operations using the source system user account" on page 308 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 308 • • "Supported target operations using a superuser account" on page 308 "Replicated clients on the target system" on page 309 To change the source system user password 1 Select Settings > Customers, Locations, and Users > Users. 2 Select the desired source system user. 3 Check the Change Password box. 4 Enter the new password in the Password and Verify Password fields. Passwords may contain upper and lower case letters, numbers, and special characters with the exception of a space and an equals sign ("=”). 5 Click Confirm to change the password. Supported target operations using the source system user account While logged in to the target using the source system user account, the view is filtered to show only information for that source. Source system account privileges also limit the operations that can be performed. The source system user cannot perform backup and archive operations. Using the source system user account you can do the following: • • View backups stored on the source system itself. • Manage active, pending, and completed replication tasks as described in "Working with the replication dashboard" on page 309. • • • Perform restore operations. View replicated backups stored on the target system by switching to Replication View. See "Viewing replicated backups" on page 309 for details. Manage system settings. Run reports. Supported target operations using a superuser account While logged in to the target using a superuser account, the view includes information for all replicating sources. You can perform all operations for the target system and its sources. When working from the target, select the desired system in the Navigation pane to view and manage that system. The target system has a brown vault icon to its left. Source systems have a blue server icon. From the target system you can access the following: • Backups stored on the source system itself, by selecting the source in the Navigation pane. (These are source-side, non-replicated backups.) • One source’s replicated backups stored on the target system, by selecting the source system and switching to Replication View. See "Viewing replicated backups" on page 309 for details. • Replicated backups from all sources stored on the target, by selecting the replication target (brown vault icon). • Local backups run on the target system if it is configured as both a local backup system and replication target. (For details, see "Installation types and replication" on page 282.) In this Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 309 configuration there are two system icons in the Navigation pane for the target system. Select the blue server icon to see local, non-replicated backups. • One source’s active, pending, and completed replication tasks, as described in "Working with the replication dashboard" on page 309, by selecting the source system. • Active, pending, and completed replication tasks for all sources, as described in "Working with the replication dashboard" on page 309, by selecting the replication target (brown vault icon). Replicated clients on the target system If a new client is configured for replication on a source system, the first time one of its backups replicates the target creates a replicated client with which to associate the backup. The replicated client is added to the target system’s Navigation pane when replication begins. Viewing replicated backups You can view replicated backups from the target system using the Replication View feature. In replicating systems, the backups you see on the target system are governed by whether the Replication View has been selected. If not selected, the backups displayed are those stored on the source system. If Replication View is selected, the backups displayed are replicated backups stored on the target system. Once a backup has been replicated, it is assigned a new ID on the target system. The backup ID of a replicated backup does not match that of its source-side backup counterpart. To show replication view 1 Log in to the target system. 2 Select the Gear icon at the bottom of the Navigation pane. 3 Check the Show Replication View box. 4 Click Confirm. The view changes to show the replicated backups stored on the target system. 5 To be sure you are seeing replicated backups, check for the Replication View bar above the Navigation pane and Center Stage. If Replication View does not display, you are viewing regular backups on the source system. You can also look at details of any backup on the Status > Backup: Last 7 Days tab. Click a backup to view details. In replication view, you see Replicated True in the Backup Information. Working with the replication dashboard Use the dashboard to monitor and manage replication operations on a backup system or replication target. To access the dashboard, select the target or backup system in the Navigation pane and select Replication > Dashboard. Note that you cannot access the dashboard in Replication View. If the dashboard selection is not available, switch to normal view. The dashboard shows each system that is replicating as a separate collapsible folder. The information displayed is based on the system selected in the Navigation pane. For a description of information displayed by system selected, see "Navigating replicating systems" on page 307. The dashboard is organized into three panes: Completed Replication Operations, Active Replication Operations, and Pending Replication Operations. The sections that follow describe each in detail. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 310 • • • • "Completed Replication Operations pane" on page 310 "Active Replication Operations pane" on page 312 "Pending Replication Operations pane" on page 316 "Dashboard controls" on page 318 Completed Replication Operations pane The Completed Replication Operations pane contains details of each replication operation that completed in the last 24 hours. Completed Replication Operations hierarchy The information is arranged in the following way: • Client folder - Replicated backups are grouped by client. Client folders display first in the hierarchy and are named in the following format: SourceSystem : SourceClient : BackupInstance -> TargetSystem. For a description of source, client, instance, and target, see "Viewing completed replications" on page 310. Click the arrow to the left of the folder to expand or collapse the view. • Replicated backups - Beneath the Client folder, replicated backups for this client display with the most recently created ones higher in the list. The following information displays for each backup that replicated in the last 24 hours: • • ID – The ID of the source backup. • Client – The Client name. Collapse or expand the client folder, called SourceSystem : Client, to show or hide each replicated backup. • • • • Type – The type of backup replicated. Status – An icon indicating whether the backup was replicated successfully. Green indicates success; red indicates failure. Date/Time – The time at which the operation started. Size (MB) – The size of the replicated backup. Elapsed – The elapsed time for the operation. Viewing completed replications Items displayed in the Completed Replicated Operations pane are filtered by your selection in the Navigation pane: • Select the replication target (brown vault icon) to see completed replications from all source systems. • Select the source system (blue server icon) to see completed replications for the selected system only. To view completed replication details 1 Select the desired backup system in the Navigation pane. 2 Click on any row in the pane to see additional information, including the messages associated with the replication task. Note that the ID on the Replication Detail page is that of the source Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 311 backup. The corresponding replicated backup has a new ID, which displays when viewing backup details in Replication View. Completed replication details Completed Replication Details Description BytesPerMinute Average replication speed, in bytes per minute. Client Source system client for which this backup was run. Complete Indicates whether the replication job completed. Date Date and time the replication started. Elapsed Time Duration of the replication job in hh:mm:ss format (hours, minutes, seconds). ID ID of the source backup on the source system. Instance Displays the following, depending on backup type: • • • For file-level backups, instance is file-level. • For SharePoint, instance is Farm. For VMware or Hyper-V, name of the guest VM. For SQL, Exchange, or Oracle, name of the database or storage group. Last Indicates whether this is the most recent backup of this type for this client on the source system. Purgeable Indicates whether this backup is eligible for purging on the source system. Result Status of the replication job: success or failure. For failed jobs, see KB 2970 for more information. Size Size of the replicated backup on the target. This may not match source backup size due to deduplication and compression. System Source backup system from which data was replicated. System ID ID assigned to this source system. TargetName Name of the target to which the backup was replicated. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 312 Completed Replication Details Description Type Backup type. File-level backup types include full/master, differential, incremental, selective, and bare metal. Application backup types vary by application. Application name is included in the backup type name (for example, Exchange Full). Replication Messages Success or Failure with error message. For failures, see KB 2970 for more information. Close Click to exit the Replication Detail page. Removing failed operations If a replication job has failed, select it in the Completed Replication Operations pane to view details. Check the error in the Replication Messages box, and see KB 2970 for help resolving the issue. To remove a failed job 1 Each failed job in the Completed Replication Operations pane contains a trash can icon. Click the trash can icon in the desired row to launch the Remove Items from Replication Queue page. 2 Choose one of the following criteria: 3 • Remove Queue Items by their backup number to remove the selected job and any pending and active operations with this backup number. (Multiple jobs with this number may exist if the replication has failed and is being retried.) • Remove Queue Items by their client to remove all replication jobs for this client. If desired, check Add deleted items to the end of the queue. • If the backup number criteria is selected, the failed job is added to the end of the pending operations queue unless newer backups are present. If newer backups are queued for this client/backup type, the job is not added. • If the all client items criteria is selected, any failed jobs are added to the end of the pending operations queue unless newer backups are present. If newer backups are queued for this client/backup type, the job is not added. IMPORTANT! Jobs are only moved to the end of the queue if newer backups have not yet been queued. If a newer backup has been queued for this client and type (filelevel or application), the backup is deleted. 4 Click Confirm to remove jobs. Active Replication Operations pane The Active Replication Operations pane contains details of each backup that is currently being replicated to the target. See these topics for details: • "Active Replication Operations hierarchy" on page 313 Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 313 • "Viewing backups in the Active Replication Operations pane" on page 313 Active Replication Operations hierarchy The information is arranged in the following way: • Client folder - Replicating backups are grouped by client. Client folders display first in the hierarchy and are named in the following format: SourceSystem : SourceClient : BackupInstance -> TargetSystem. For a description of source, client, instance, and target, see "To view active replication details" on page 314. Click the arrow to the left of the folder to expand or collapse the view. • Replicating backups - Beneath the Client folder, replicating backups for this client display with the most recently created jobs higher in the list. The Active Replication Operations pane contains the following information for each active operation: • • ID – The ID of the source backup. • Type – The type of backup being replicated. This includes the standard backup types, e.g., master, differential, bare metal, SQL full, etc. In addition, you may see a backup type called System Metadata, which is a small backup of internal state information that is periodically transmitted from the source system to the target. This state is preserved to be used during a system restore, if ever needed. • Phase – Current processing phase, indicating that the backup is being replicated to the target. Each replication job goes through four phases: prepare, replicate, processing, and wait/target processing. For details, see KB 2899. • • Phase Start Date/Time – The time at which replication began. • • Elapsed – The elapsed time for this operation. Status – An icon indicating that the backup is being replicated to the target. Progress – The completion percentage for this operation. In progress displays if a percentage cannot be calculated. Estimated Phase Completion – The estimated date and time replication should complete, based on the current transfer rate. It is important to note that this projection is based on speeds seen at that time interval. During the day, if throttling is being used to limit the network bandwidth used for replication, projected completion times may be displayed that are later than anticipated. If the percentage of bandwidth allowed is higher, the projected completion time will be more accurate for an environment. Note that there are some instances in which the final size cannot be determined up front, so the percent complete cannot be derived. In this case, in progress displays. Viewing backups in the Active Replication Operations pane Items displayed are filtered by your selection in the Navigation pane: • Select the replication target (brown vault icon) to see replicating backups for all source systems. • Select the source system (blue server icon) to see replicating backups for the selected system only. See the following topics for details: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 314 • • "To view active replication details" on page 314 "To terminate a replication in progress" on page 315 To view active replication details 1 Select the desired backup system in the Navigation pane. 2 Click on any row in the pane to see details about an active replication task. Note that the ID shown is that of the source backup. Active replication details Active Replication Details Description Client Source system client for which this backup was run. Complete Indicates whether the replication job completed. Current Size Amount of data replicated so far for this backup. Once replication completes, Current Size equals FinalSize. Data Remaining Amount of data not yet replicated for this job. Date Date and time the replication started. ElapsedTimePhase Duration of this phase in hh:mm:ss format (hours, minutes, seconds). ElapsedTimeTotal Duration of the overall replication job in hh:mm:ss format (hours, minutes, seconds). FinalSize Final size of the replicated backup. FullTimeRemaining Estimate of time remaining for this replication job. ID ID of the source backup on the source system. Instance Displays the following, depending on backup type: • • • For file-level backups, instance is file-level. • For SharePoint, instance is Farm. For VMware or Hyper-V, name of the guest VM. For SQL, Exchange, or Oracle, name of the database or storage group. InstanceItem Instance item. Last Indicates whether this is the most recent backup of this type for this client. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 315 Active Replication Details Description Phase Current processing phase, indicating that the backup is being replicated to the target. Each replication job goes through four phases: prepare, replicate, processing and wait/target processing. For details, see KB 2899. PhaseSource Indicates whether this phase is being run on the source or target system. Purgeable Indicates whether this backup is eligible for purging on the source system. ReplicationStart Time at which this replication job started. ReplicationPhaseStart Time at which this phase in the replication job started. System Source backup system from which data is replicating. System ID ID assigned to this source system on the replication target. TargetName Name of the target to which the backup is replicating. TimeRemaining Estimate of the time needed to complete this replication job. TransactionRate Current transfer speed of the replication job. Type Backup type. File-level backup types include full/master, differential, incremental, selective, and bare metal. Application backup types vary by application. Application name is included in the backup type name (for example, Exchange Full). Close Click to exit the Replication Detail page. To terminate a replication in progress 1 Each job in the Active Replication Operations pane contains a trash can icon. Click the trash can icon in the desired row to launch the Remove Items from Replication Queue page. 2 Choose one of the following criteria: • • 3 Remove Queue Items by their backup number to terminate the selected job only. Remove Queue Items by their client to terminate all running replication jobs and remove all pending replication jobs for this client. If desired, check Add deleted items to the end of the queue. • If the backup number criteria is selected, the active job is terminated and added to the end of the pending operations queue. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 316 • 4 If the all client items criteria is selected, any terminated active or pending jobs are added to the end of the pending operations queue. Click Confirm to terminate and/or remove jobs. Pending Replication Operations pane The Pending Replication Operations pane is a queue containing completed backups waiting to be replicated. Pe n d in g Re p lic a tio n Op e ra tio n s h ie ra rc h y The information is arranged in the following way: • Client folder - Backups to be replicated are grouped by client. Client folders display first in the hierarchy and are named in the following format: SourceSystem : SourceClient : BackupInstance -> TargetSystem. For a description of source, client, instance, and target, see "To view pending replication details" on page 317. Click the arrow to the left of the folder to expand or collapse the view. • Backups to replicate - Backups to be replicated for this client display beneath the Client Folder; the most recently created jobs appear higher in the list. The following information displays for each pending operation: • • • ID – The ID of the source backup. • Type – The type of backup that will be replicated. This includes the standard backup types, e.g., master, differential, bare metal, SQL full, etc. Additionally, you may see a backup type called System Metadata, which is a small backup of internal state information that is periodically transmitted from the source system to the target. This state is preserved to be used during a system restore, if ever needed. • • Date/Time – The time at which the backup started on the source system. Status – An icon indicating that the backup is waiting to replicate. Client – The Client name. Collapse or expand the client folder, called SourceSystem : Client : Instance/file-level -> TargetSystem, to show or hide pending operations for this client. Size (MB) – The size of the backup See the following topics for details: • "Viewing backups in the pending queue" on page 316 • "To view pending replication details" on page 317 • "To remove a pending job from the queue" on page 318 Viewing backups in the pending queue Items displayed in the pending queue are filtered by your selection in the Navigation pane: • Select the replication target (brown vault icon) to see queued backups from all source systems. In this view, the total number of backups waiting to replicate display in the title bar and the first page of pending jobs display below. If necessary, click on additional pages to see more backups. • Select the source system (blue server icon) to see queued backups for the selected system only. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 317 To view pending replication details 1 Select the desired backup system in the Navigation pane. 2 Click on any row in the pane to see details about a pending replication task. Note that the ID shown is that of the source backup. Pending replication details Pending Replication Details Description Client Source system client for which this backup was run. Command Command indicating the type of backup to replicate. Complete Indicates whether the replication job completed. Device Device where this backup resides on the source system. DeviceID ID of the source backup device. ID ID of the backup on the source system. Instance Displays the following, depending on backup type: • • • For file-level backups, instance is file-level. • For SharePoint, instance is Farm. For VMware or Hyper-V, name of the guest VM. For SQL, Exchange, or Oracle, name of the database or storage group. Instance Item Instance item. Last Indicates whether this is the most recent backup of this type for this client on the source system. Phase Processing phase, indicating that the backup is being replicated to the target. Each replication job goes through four phases: prepare, replicate, processing and wait/target processing. For details, see KB 2899. PhaseSource Indicates whether this phase is being run on the source or target system. Purgeable Indicates whether this backup is eligible for purging on the source system. Size Size of the backup on the source. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 318 Pending Replication Details Description System Source backup system from which data is replicating. System ID ID assigned to this source system on the replication target. TargetName Name of the target to which the backup is replicating. Type Backup type. File-level backup types include full/master, differential, incremental, selective, and bare metal. Application backup types vary by application. Application name is included in the backup type name (for example, Exchange Full). Output Contains additional information about the source backup, including logfile path on the source. Close Click to exit the Replication Detail page. To remove a pending job from the queue 1 Each job in the Pending Replication Operations pane contains a trash can icon. Click the trash can icon in the desired row to launch the Remove Items from Replication Queue page. 2 Choose one of the following criteria: • • 3 Remove Queue Items by their backup number to remove the selected job only. Remove Queue Items by their client to remove all pending replication jobs for this client. If desired, check Add deleted items to the end of the queue. • If the backup number criteria is selected, the pending job is moved to the end of the pending operations queue unless newer backups are present. If newer backups are queued for this client/backup type, the job is not added. • If the all client items criteria is selected, any pending jobs are added to the end of the pending operations queue unless newer backups are present. If newer backups are queued for this client/backup type, the job is not added. IMPORTANT! Jobs are only moved to the end of the queue if newer backups have not yet been queued. If a newer backup has been queued for this client and type (filelevel or application), the backup is deleted. 4 Click Confirm to remove jobs. Dashboard controls At the bottom of the dashboard is a set of controls, which include the following: • • Refresh Now – Click to manually refresh the screen. Auto Refresh – Check to automatically refresh the screen at the specified interval. This allows you to easily monitor the ongoing progress of replication operations. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 319 • Refresh Interval – Enter the number of seconds between automatic refreshes if the Auto Refresh box is checked. • Close – Click to exit the dashboard and return to the Replication subsystem. Archiving replicated backups Replicated backups can be archived to archive media such as the disk archiving unit, tape, CIFS or NFS-configured NAS, or eSATA drives. The process is similar to archive procedures on a source Unitrends system. After connecting your archive media to the replication target, click the Gear icon at the bottom of the Navigation pane, check Show Replication View, and click Confirm. Then select the source in the Navigation pane. When in Replication View, follow standard archive procedures as described in "Archiving replicated backups" on page 259. Restoring replicated backups Replicated backups can be restored to a client that is directly attached to the target. Once you have registered the client to the replication system, it can be used for restoring replicated backups stored on the target system. To restore a replicated backup 1 On the replication target system, add the client to which you will restore the replicated backup. See "About adding clients" on page 69 for details. 2 Switch to replication view by selecting the Gear icon at the bottom of the Navigation pane, checking Show Replication view, and clicking Confirm. 3 Proceed to one of the following sections for details on restoring the desired replicated backup: • To restore a bare metal backup, see "Bare metal recovery from a replication target" on page 320. • To restore a Linux or non-x86 compatible client using a bare metal ISO and master backup, see "Restore a Linux or non-x86 client from the replication target" on page 322. • To restore a file-level backup, see the procedure "Restoring from a file-level backup" on page 346. • • To restore a SQL backup, see "SQL restore from the replication target" on page 509. • To restore items from a SharePoint backup, see "To restore SharePoint items from backup" on page 544. Since catastrophic farm recovery must be performed to the original farm, you cannot run full farm restores from the replication target. Instead, restore from the source backup system as described in "To restore the entire farm from backup" on page 545. • To restore items from an Oracle backup, see "Replicated Oracle restore considerations and procedures" on page 565. Since full Oracle backups must be restored to the original database, you cannot restore them from the replication target. Instead, restore from the source backup system as described in "Oracle restore from the backup system" on page 562. To restore an Exchange backup, use the procedure "Restoring to an alternate location" on page 528. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 320 • To restore a Hyper-V virtual machine, use the procedure "To restore a Hyper-V VM to an alternate Hyper-V server" on page 609. To restore files from a Hyper-V backup, see "Restoring files from Hyper-V backups" on page 611. • To restore a VMware virtual machine, use the procedure "Restoring the entire VMware virtual machine" on page 656. To restore files from a VMware backup, see "Restoring files from VMware backups" on page 657. Bare metal recovery from a replication target Beginning in release 7.4, you have two options for bare metal recovery (BMR) from a replication target: • For most Windows clients, you can restore from eligible file-level backups using the integrated BMR feature. For details, see "Integrated BMR from a replication target" on page 320. • For Windows and x86-compatible platforms, you can restore from bare metal backups. For details, see "Restoring a bare metal backup from a replication target" on page 320. Integrated BMR from a replication target With integrated BMR, you can recover most Windows clients from eligible file-level backups residing on a replication source or target. Systems running release 7.4 or higher provide 32- and 64bit integrated BMR ISO images that you can use to recover most Windows clients. The ISO images contain WinPE 4.0, a minimal version of Windows used for installations, and the Unitrends Integrated Bare Metal Recovery Wizard that guides you through the recovery process. If your Windows clients are supported by integrated BMR, this is the recommended strategy for disaster recovery. For more details, see "Windows integrated bare metal recovery" on page 755. Restoring a bare metal backup from a replication target To recover a Windows or x86 client using a bare metal backup, you will need a replicated bare metal backup of the original source client you wish to restore. Note that you will need to create a new bare metal ISO to restore from the target. Any existing bare metal ISO you had created on the source system cannot be used for this procedure. You must restore the bare metal backup to a client that is directly attached to the target system. You will create a new directly-attached client and temporarily reassign the replicated bare metal backup to perform the restore. Notes: • The procedure described here is used for the bare metal backup type only. For clients running Linux or non-x86 compatible platforms (such as Mac OS X and AIX), you do not typically have bare metal backups as the recommended strategy is to create a bare metal boot CD and run masters. To restore these clients, boot from the bare metal CD and restore the master backup as described in "Restore a Linux or non-x86 client from the replication target" on page 322. • Windows Instant Recovery is supported on the replication target system, which might be necessary as a temporary solution until you can perform a bare metal restore. See "Windows Instant Recovery" on page 451 for more information. To restore a bare metal backup from the replication target 1 Directly attach to the target system the client to which you will restore. This can be either a physical or virtual client. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 321 2 Register the directly attached client to the target system. Be sure that both the Unitrends Windows and bare metal agents are installed. To add the client to the target, be sure you are not in Replication View and select the target’s blue backup system icon in the Navigation pane. For more on adding clients, see "About adding clients" on page 69. 3 On the directly attached client, create a bare metal ISO. For details, see "Creating the boot media for image-based recovery" on page 773. • Before creating the ISO, add the target system to the client’s host file by selecting Options > Choose Server/Device > Add Server to Host File in the Bare Metal Agent interface. • • For Server Name and Server IP, enter the hostname and IP of the target system. Client Settings contain information about the directly attached client. This information does not need to be modified. Note: You must create a new ISO from the directly attached client. An ISO created on the source system cannot be used to restore from the target. 4 On the replication target, switch to Replication View by selecting the Gear icon at the bottom of the Navigation pane and checking the Show Replication View box. 5 Select the target system in the Navigation pane (brown vault icon). 6 Select Replication > Client Associations. Current associations for the selected source system and client display in the grid. If an association exists for the desired bare metal backup and replication client, skip to step 12 below. 7 In the Client list, select the directly attached client to which you will restore. 8 In the Source System list, select the source system where the protected client resides. 9 In the Replicated Client list, select the replicated client associated with the bare metal backup you wish to restore. 10 Click Find Backups to display the list of replicated bare metal backups for the selected client. 11 On the Select a Backup page, associate a bare metal backup with the directly attached client by selecting a backup and clicking Confirm. • • If desired, repeat this step to associate additional backups. Associations display on the Current Associations page. 12 Start the bare metal restore by booting the directly attached client from the ISO. 13 Restore the backup using the bare metal interface on the directly attached client. See one of the following sections for details: • • For Windows clients, see "Image-based bare metal restore procedures" on page 776. • If you have created a cold bare metal for other client platforms, see the applicable section in the "Bare Metal for Linux" or "Bare Metal for x86 Platforms" chapters. For other x86-compatible platforms, see "Using the bare metal crash recovery boot CD" on page 798. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 322 14 Once the restore is complete, remove the association to reassign the bare metal backup to the replicated client on the target system. • • • In Replication View, select Replication > Client Associations. Select a row in the Current Associations grid. Select Yes to confirm that you wish to remove this association. IMPORTANT! If you do not remove the association, the bare metal remains associated with the directly attached client. If you remove the directly attached client from the target system, this backup is also deleted. Restore a Linux or non-x86 client from the replication target Use this procedure to restore a client running Linux or a non-x86 compatible platform, using a bare metal ISO and master backup. If you have performed a cold bare metal for the client and have a bare metal backup, use the "Restoring a bare metal backup from a replication target" on page 320 procedure instead. The following prerequisites are needed for this procedure: • • A bare metal ISO image created on the source system. A replicated master backup on the target system. To restore a Linux or non-x86 compatible client from the replication target 1 Prepare the replacement client (install with the same configuration as original). 2 Boot the bare metal media (which was created on the source). The recommended practice is to back up the ISO as part of the master backup, then selectively restore the ISO only from the replicated master to the Samba share to make it available at the target. Burn the ISO to a CD. 3 Boot the replacement client with the bare metal media. 4 While in the boot media, assign a new IP address and gateway appropriate to the target environment. 5 Register the new client to the backup system using this IP. The agent software on the boot media will respond to the registration protocol request. 6 Select the Smart Restore option in the boot media. 7 Choose the replicated master backup that you want to restore, and restore it as an alternate restore to the new client. The following target directory must be specified: /tmp/root.mnt 8 Directly attach to the target system the Linux client to which you will restore. • • 9 This can be either a physical or virtual client. The configuration and hardware must match that of the original Linux client. Dissimilar restore is not supported from the target. Install the Unitrends Linux agent, then register the directly attached client to the target system. For details, see "About adding clients" on page 69. 10 From the replicated master, restore the ISO to the target’s Samba share: Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 323 11 On the directly attached client, create a bare metal ISO. For details, see "Creating Linux hot bare metal boot media" on page 788. Before creating the ISO, add the target system to the client’s host file by selecting Options > Choose Server/Device > Add Server to Host File in the Bare Metal Agent interface. Deleting replicated backups To delete replicated backups from a target, you must first enable replication view on the target as described in "Viewing replicated backups" on page 309. This procedure permanently deletes backups from the target. It does not, however, affect backups on the source. When you delete a backup, it is logically deleted and you can no longer access it. However, the amount of available storage will not immediately increase and might not increase at all. The backups’ physical blocks are removed when the system performs a periodic purge. For deduplicated systems, a given block might be referenced by several backups, and unless all of these backups are deleted, the block is not purged, and your available storage space does not increase. To delete replicated backups 1 In replication view on the target, select the source who’s replicated backups you would like to delete in the Navigation pane. 2 Select Settings > Storage and Retention > Backup Browser. 3 Click the arrow next to the source icon to expand the list of clients and applications. Highlight the client or application for which you would like to delete replicated backups. WARNING! If you have not enabled replication view, you are viewing the backups stored on the source system, and if you delete them, they are deleted from the backup system rather than from the replication target. 4 Select a backup device in the upper pane. All backups on that device display in the lower pane. Click Refresh to ensure that the list is current. 5 Choose one or more backups by checking the corresponding boxes. To select all, check the box in the title bar. 6 Click Delete Backup, then Confirm. 7 The backup is deleted only from the replication target. To delete it from the source, disable replication view and follow the same procedure. Replication reports If configured, replication generates a synchronization report which provides the details of each vaulting event. A report is generated and sent each day at the time specified during vaulting configuration. See "To set replication attributes on the source system" on page 289 for details. The report indicates the sync activity for the last 24-hour period. The Sync engine up for value indicates the amount of time the sync engine could connect to the vault. The report lists each client that syncs to the vault, and for each client, records and displays the backup number, backup type, time completed, status, effective speed, and bytes synced. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 324 All backups listed in the backlog show the time of the backup. The vaulting operations in progress display backups with the time the vaulting operation started. You can run on-demand vaulting reports in the Reports subsystem. These include the In-Flight Vaulting Deduplication Report, the Vault Capacity Report, and the Vaulting Report. See the "Reports, Alerts, and Monitoring" chapter for details. Legacy Recovery-Series and UEB Administrator's Guide Chapter 13: Replication 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 325 Chapter 14: Legacy Vaulting This chapter discusses procedures used to configure and manage Unitrends legacy vaulting feature. This feature is available only on backup systems for which replication is not supported. For details about replication, a comparison between replication and vaulting, and the prerequisites for running replication, see the chapter "Replication". If you are currently using legacy vaulting and would like to upgrade to replication, see "Upgrading from legacy vaulting to replication" on page 303. If you are currently using legacy vaulting and prefer not to upgrade to replication, you can continue using legacy vaulting even if you upgrade your appliance’s software to a version that supports replication. See the following topics for details about legacy vaulting: • • • • • • • "Vaulting overview" on page 325 "Vaulting setup" on page 326 "Data protection vault restore" on page 334 "Working with the vaulting dashboard " on page 334 "Vaulting reports" on page 337 "Granular restore from vault" on page 337 "Export vaulted data to an archive device" on page 338 Vaulting overview Vaulting is a feature that enables data synchronization between one or more systems to a single offpremise system called a vault. Vaulting permits the storage of mission-critical data to an off-site location to protect against data loss in the event of a disaster. The on-premise backup system is used to protect against loss of files, folders, and individual machines. The on-premise system replicates data to the vault, protecting against the loss of an entire site. The replicated data from the vault is used to recover the on-premise backup system and all the servers it protects. Vaulting features include: • • • • • Total data recovery from a site disaster. • Detailed vaulting dashboard that displays active vaulting tasks, previously vaulted tasks, and tasks in the vaulting queue. Deduplication of data for optimal transfer over the Internet. Encrypted and secure connection between the backup system and vault. Data encrypted on the backup system is encrypted in-flight and at-rest on the vault system. Configurable policies for vaulting, such as the ability to select specific clients, applications, and databases to vault; configurable bandwidth throttling between the backup system and the vault; and the ability to prioritize queued data to ensure that more critical systems are vaulted first. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 326 When a Unitrends system is deployed, as discussed in the "System setup" on page 59, it is configured with one of the following installation types: • • • Local backup system – Used to protect the physical and virtual infrastructure on-premise. Vault – Used as a target for one or more backup systems. Local backup system and vault – This configuration is also known as a cross-vault in which the system is the local backup system for the local physical and virtual environment, and also serves as a vault for another local backup system(s). Once the system is set up as a vault or as a cross-vault, it can be configured as a target. The amount of data that can be vaulted from a backup system to the target depends on various factors, namely: • • The rate at which data changes on the clients protected by the local backup systems. The bandwidth available between the backup systems and the vault. Once the initial data that is marked for vaulting has been transferred to the vault, all subsequent data transfers only send the changed data blocks, deduplicating the data in-flight. The initial transfer of data from the local system to the vault can occur over the WAN. However, for large data sets it is recommended to use a disk seeding mechanism to transfer the initial data set. Even with in-flight deduplication minimizing the amount of data being transferred, the speed of transfer is primarily governed by the size of the network pipe between the backup system and the vault. In addition, there may be specific times during the day when bandwidth available is used for servicing end users and cannot be used for vaulting. Another factor affecting vaulting is the resiliency of the line. Unitrends leverages OpenVPN, an open-source technology based on the UDP protocol that creates a secure VPN tunnel and also provides resiliency to intermittent network failures via UDP knitting. If there is a network drop during vaulting, the process utilizes advanced checkpoint controls to proceed with the job at the time of failure. The vault system can be deployed as a private cloud or as a multi-tenant cloud. Vaulting architecture ensures that the local backup systems that vault to a single target only have access to their data. This secure architecture is the basis of a multi-tenant architecture. The vaulting process is fully managed from the vault or backup system. Using the vaulting dashboard, you can immediately gauge vaulting status by viewing active, previously completed, and pending vault jobs. In the event of a disaster, vaulted data from the target system is loaded on a new backup system which is then shipped on-premise to the disaster site (or to an alternate location). This backup system is then used to recover the environment to a consistent state before the disaster. For details, see the "Legacy Disaster Recovery" chapter. Vaulting setup A high-level overview of the steps required to set up vaulting between a backup system and vault is given here. Before beginning vaulting setup, determine whether the Unitrends system you plan to use as a vault has been installed as a vault, or a local backup system and a vault. If a system has been installed as a vault, a brown vault icon displays next to the name of the system in the Navigation pane. For instructions on installing a system as a vault, see "System setup" on page 59. Proceed to the sections that follow for detailed instructions on setting up vaulting. Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 327 Notes: • On vaulting setup. Vaulting and replication can both be set up using the Secure Tunnel Settings screen in the Administrator Interface. When you use this screen, the steps are the same for setting up vaulting and replication. Completing these steps sets up vaulting if replication is not supported on your Unitrends systems. You cannot set up vaulting with the Replication Wizard. • On Fibre cable. To connect the backup system and vault using 10GbE fiber cable, both systems must be using the same NIC card model. Unitrends has switched from the HP NC522SFP Ducal Port 10GbE Server Adapter to the Intel Ethernet Server Adapter X520-DA2 Dual Port 10GbE. Verify that both the vault and backup system are using the same model before setting up vaulting. • On compression. Beginning in release 8.0, appliances use LZ4 compression by default. LZ4 is not compatible with legacy vaulting. If you are running version 8.0 or higher, set compression to auto by following these steps: 1 Select Settings > System Updates, and Licensing > General Configuration [Advanced]. 2 Click to expand the Disk2DiskDefaults folder. 3 Select the row containing CompressEngine, enter auto in the Value field, and click Confirm. To set up vaulting between a backup system and vault Step 1: Configure a secure, encrypted communication channel between the vault and the backup system using OpenVPN. See "Configuring a secure tunnel with legacy vaults" on page 327. Step 2: Grant privilege to the vault to manage the local backup system. See "Granting privilege for legacy vault remote management" on page 329. Step 3: Add the local backup system to the vault. See "Adding the backup system to the vault" on page 330. Step 4: Tune the vaulting attributes on the local backup system as desired. See "Tuning vaulting attributes on the backup system" on page 331. Step 5: Enable vaulting of desired clients. See "Configuring clients for vaulting" on page 333. Step 6: (Optional) Seed the initial data set for legacy vaulting. See "Seeding the initial data set for legacy vaulting" on page 334. Configuring a secure tunnel with legacy vaults Note: The steps described here can be run as a standalone procedure or as part of a larger process. For an overview of the process, see "Vaulting setup" on page 326. This section describes how secure tunnels are used, prerequisites needed, and the steps for configuring a secure tunnel. See the following topics for details: • • "About secure tunnels for Unitrends legacy vaulting systems" on page 328 "Prerequisites to configuring a secure tunnel for legacy vaults" on page 328 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 328 • "Prerequisites to configuring a secure tunnel for legacy vaults" on page 328 About secure tunnels for Unitrends legacy vaulting systems Unitrends uses OpenVPN, an open source virtual private network program, to create an optimized, secure, encrypted tunnel for multiple Unitrends systems. OpenVPN offers a scalable solution for enabling multiple clients to connect to a single OpenVPN server process through a single UDP port. There are two typical use cases associated with using OpenVPN with Unitrends systems. The first case features is a vaulting scenario with a vault and one or more backup systems. In this case, a secure tunnel is configured between the vault and the backup systems in order to facilitate both the vaulting of data and the management of the systems. The second case occurs when two or more systems are managed by a designated management system. With this setup, you can then perform operations for all systems from one Unitrends system interface. The primary advantages of OpenVPN are that it enables radically simpler firewall management (since only one port is needed between off-premise Unitrends systems) and that it enables much higher session availability. Higher session availability results because OpenVPN can handle lower quality WAN lines that would typically result in session termination (through UDP-level ride-through of short-lived transient line failures). Prerequisites to configuring a secure tunnel for legacy vaults Verify the following before configuring a secure tunnel: • Ensure that the backup system can contact the vault, and verify that the vault IP address has been added to the backup system’s hosts table. To configure the hosts table, select Settings > Clients, Networking, Notifications > Networks > Hosts. • Ensure that the hostname of the backup system is not the same as the hostname of the vault. To change the backup system’s hostname, select Settings > Clients, Networking, Notifications > Networks > Hostname. To configure a secure tunnel for legacy vaults 1 Connect to the vault and backup systems. For easiest configuration, connect to each from one browser using two tabs. The configuration procedure requires you to switch between the two systems. 2 On the vault, select Replication > Secure Tunnel Settings. Check the Show Steps for the Target System (the Server) box. 3 In the Create a Secure Tunnel Target section of the screen, review the default IP, subnet, and port 1194 settings. The IP and subnet are used to create the virtual VPN interface. Ensure that there is no conflict in your environment with the default subnet selected by OpenVPN. If there is a conflict, enter your own values. 4 Click Create a Secure Tunnel Target to begin configuring the secure tunnel between the source and vault systems. A message displays stating that a secure tunnel target can only be established once. If you are ready to create the target, click Yes to continue. 5 Switch to the backup system and select Replication > Secure Tunnel Settings in the Generate a Secure Tunnel Certificate Requestsection of the screen, check the Show Steps for the Source System (the Client) box. Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 329 6 Click Generate Request to generate a certificate request file. You are prompted to download and save the certificate request file. It has a .csr extension. 7 Switch to the vault system. In the Sign the Secure Tunnel Certificate Request section of the screen, provide the hostname of the backup system and click Sign Request. You are prompted for the certificate request (.csr) file saved in step 6 above above. When you sign the certificate, the vault system prompts you to save two files: • A certificate file with a .crt extension. The file is named: ..crt. • A certificate authority file with a -ca.crt extension. The file is named: ca.crt. Information about the vault hostname and configured OpenVPN port are provided after you save both files. Note this information, as it is required to complete the final step from the backup system. 8 9 Switch to the backup system, and perform the following: • In the Configure the Secure Tunnel on the Source System section of the screen, enter the vault system’s hostname and the OpenVPN port you received in step 7 above above and click Complete Configuration. • When prompted for a file, select the certificate authority file (-ca.crt) and click Open. • When prompted for the certificate file (..crt), select it and click Open. • A message displays confirming successful secure tunnel configuration. Click Okay to exit. If configuration was not successful, click Complete Configuration and try again being sure to select the certificate authority file first. Proceed to "Granting privilege for legacy vault remote management" on page 329 to continue vaulting setup. Granting privilege for legacy vault remote management Note: The steps described here can be run as a standalone procedure or as part of a larger process. For an overview of the process, see "To set up vaulting between a backup system and vault" on page 327. For a vault or a management system to remotely manage a local backup system, the backup system has to explicitly grant privilege to the manager. This is done to secure a two-way handshake between the manager and the managed system. After granting remote management privilege to a system, you can administer nearly all actions on the managed system through a single pane of glass. There are a few exceptions. Log on locally to a system to perform the following functions: • • Manage and create customers, locations, and users. Change the local system password. Certain other operations are restricted if the remote system is not the same version as the manager. It is a best practice to always have all Unitrends systems on the latest version. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 330 To grant the remote management privilege to the legacy vault 1 On the local backup system, select Settings > System, Updates, and Licensing > Grid Management. 2 Select Allow Remote Management at the bottom left. 3 Enter the hostname of the vault or manager system. Be sure to enter the hostname exactly as it appears in the hosts file on the vault or manager system. To view a system’s hostname, select Settings > Clients, Networking, and Notifications > Networks > Hostname. 4 Click Confirm to grant the privilege. 5 Proceed to "Adding the backup system to the vault" to continue vaulting setup. Adding the backup system to the vault Note: These steps can be run as a standalone procedure or as part of a larger process. For an overview of the process, see "To set up vaulting between a backup system and vault" on page 327. Once the local backup system has granted management privilege, you can add the backup system to the vault’s grid. Prerequisites for UEB vaults If you have deployed a UEB vault, you will need to add storage to the vault before adding the backup system to the vault. UEB is deployed with 138 GB of backup storage. If you do not add vault storage, vaults will be stored on the backup device which can cause issues if the device becomes full. See "Adding vault storage" on page 110 for details. Once you have added vault storage, be sure to select this device as the storage target when adding the backup system, as described. To add the backup system to the vault 1 On the vault, select Settings > System, Updates, and Licensing > Grid Management. 2 Click Add System. 3 Enter the backup system hostname. 4 If you are adding a system that is configured as both a backup and vault system, check Create Cross-Vault. 5 To store the system’s vaulted data on an added disk device, check Select Storage, and select the target from the list. This option is for UEB systems only. If you have not added vault storage to your UEB system, do not add the backup system until storage is available. Once you add the backup system, you cannot change its vaulting storage target. Vaulting to the default backup device is not recommended. 6 (Optional) If desired, choose a Customer and Location to associate with the local backup system. To display customer and location information in the Navigation pane, click the red icon at the bottom of the pane. Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 331 7 Click Confirm. Upon successfully adding the backup system, the screen refreshes and the backup system is listed in the Navigation pane. You can now monitor and manage the backup system from the vault or manager system. 8 Proceed to "Tuning vaulting attributes on the backup system" to continue vaulting setup. Tuning vaulting attributes on the backup system Note: These steps can be run as a standalone procedure or as part of a larger process. For an overview of the process, see "Vaulting setup" on page 326. Once the local backup system is added to the vault, vaulting configuration is almost complete. You can now tune the backup system to perform optimally given the available bandwidth. You can also configure the amount of data that can be vaulted and other attributes. To set the vaulting attributes on the backup system This procedure can be run from the backup system or vault. 1 Select the backup system in the Navigation pane and click Replication > Replication Attributes. 2 Select Bandwidth and Throttling Options and configure the following: • Connection Type – The connection’s theoretical physical bandwidth. If your specific connection is not in the list, pick the closest upstream bandwidth match. • Connection Effective Bandwidth – What you expect the actual bandwidth of the physical connection to be. • Throttling Settings – Use the grid to configure settings. Throttling is simply the act of responsibly sharing the bandwidth of the WAN by which the Unitrends vault provides disaster recovery services. Set the weekly vaulting schedule using the graphical tool consisting of 7x24 small boxes that represent each hour of the week. Click and drag to select multiple boxes. Multiple throttling scenarios can be configured. Select the throttle percentage, then click and drag the mouse pointer to highlight the days and times to use the selected percentage. Perform this step as many times as needed to fully configure throttling scenarios. The percentage you select uses X percent of the Connection Effective Bandwidth you set above for vaulting. 3 Select Connection Options and Process Control and configure the following: • Transport Type – The transport type that should be used to sync data. Select ssh or socket. The transport type should only be set to socket when the connection between the system and the vault is secured by some other means, such as a VPN. • Poll Frequency – The number of minutes between synchronizations. Select the interval at which the system checks for new backups to vault, in minutes. For example, when set to 30, the application scans for data to be vaulted every 30 minutes. • Retries – The number of times a vault job will be retried before declaring a failure and moving to the next one in the queue. A job that cannot vault is moved to the bottom of the queue after n retries, where n is the number you specify. If retries is set to zero, each failed 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 332 attempt will log a failure. If retries is set to a non-zero number, vaulting of a backup would need to fail that number of times plus one, before a vaulting failure is logged. For example, if retries is set to three, vaulting operations have to fail four times before the failure is logged. • Maximum Space – The maximum allowable amount of disk space consumed by delta files on the system. When vaulting is initiated, a sum of all the delta files that exist on the system is determined and rounded up to the nearest GB. If that sum equals or exceeds the maximum space, vaulting then skips any sync operation that involves creating another delta file. • Vaulting Deduplication On – Check this box to enable deduplication. When deduplication is not enabled, backups are copied to the vault in full. This should only be done when the backup system and the vault are on the same network and there is a large amount of bandwidth over which data can be transferred. • Resume/Suspend Vaulting – Select to resume or suspend vaulting operations. For initial configuration, click Resume Vaulting to enable the vaulting process. If suspending vaulting, an option is presented to suspend vaulting immediately by selecting Yes, or suspend it after any vaulting operations in progress have completed by selecting No. If you suspend immediately, vaulting operations in progress are stopped. Selecting Cancel takes you back to the previous screen, and vaulting continues without interruption. Note: • Suspending pauses vault operations temporarily, until you click Resume Vaulting . It does not remove the vaulting configuration. Reset Vaulting – Stops all in-progress vaulting operations immediately and then restarts vaulting. 4 Select Report Options and configure the report email address and the time at which vaulting reports will be sent. 5 Select Local Directory Options to configure vaulting of the backup system’s local directories, if desired. Vaulting can be used to provide disaster recovery for any set of local directories on the onpremise backup system. Check the Vault Local Directory Information box and add directories to protect via the vault. Click Open File Browser to browse for directories. 6 Select Baremetal and Application Options and configure the following optional settings as desired: • • Check Vault BareMetal Backups to vault bare metals. • Check Vault Legacy Exchange Backups to vault backups of Exchange Server 2000 stores. Check Vault Legacy SQL Server Backups to vault backups of SQL Server 2000 databases. If legacy Exchange backups (pre-4.2) are to be vaulted, you must specify the directories associated with Exchange. Legacy Exchange backups are stored in the following directory: /backups/samba/ For information on the granular selection of items associated with the vaulting of specific applications or virtual machines, see "To vault application backups" on page 334. Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 333 7 Once vaulting process configuration is complete, select Confirm to save all changes. 8 Proceed to "Configuring clients for vaulting" to continue vaulting setup. Configuring clients for vaulting Note: These steps can be run as standalone procedures or as part of a larger process. For an overview of the process, see "Vaulting setup" on page 326. A backup for a client is synchronized if the following are satisfied: • • • The Syncable option is enabled for the client and/or applications for that client. The client backups are located on a disk device. The client backups are successful. The data on the vault is current at all times. Hence, there exists only one successful replicated master, differential, and bare metal backup, and the most current application data, for a given client. See the following topics for details: • • "To vault file-level backups" on page 333 "To vault application backups" on page 334 To vault file-level backups Use this procedure to set up file-level backups for vaulting. Note that any applications a client is hosting must also be configured for vaulting, as described in "To vault application backups" on page 334, for their application backups to vault. 1 From the source or vault system, highlight the backup system protecting the clients that you want to configure for vaulting. 2 From the main menu, select Settings > Clients, Networking, and Notifications > Clients. 3 Select a client to be configured for vaulting. 4 Check the All backups performed on this computer are to be replicated to a vault box. All subsequent file-level backups for this client will be vaulted. If this field is not checked, backup data for the client is not vaulted (this applies to both file- and application-level backups). To vault this client’s application backups, see "To vault application backups" on page 334. Note: 5 When using a cross-vault configuration, check this box for the backup system itself to vault system data. If you do not see the system client, click the Gear icon at the bottom of the Navigation pane and check Show System Client. Check the Advanced options box and assign the client a backup and vaulting priority by selecting the desired option. The vaulting process prioritizes the data transfer order based on the selections you choose. Jobs for higher priority clients are run before jobs of normal or lower priority clients. 6 Click Save to apply the settings. 7 Repeat this process to configure all desired clients for vaulting. 8 See "To vault application backups" on page 334 to configure application backups for vaulting. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 334 To vault application backups Use this procedure to set up application-level backups for vaulting. Note that the client must also be configured for vaulting, as described in "To vault file-level backups" on page 333, for its application backups to vault. 1 From the source or vault system, highlight the backup system protecting the clients that you want to configure for vaulting. 2 In the Navigation pane, select the application whose data or virtual machines you would like to vault. 3 Select Replication > Replication Attributes. A list of the application’s databases, storage groups, or virtual machines displays. If you do not see the desired items, click Reload to refresh the view. 4 Check boxes to select the items you wish to vault, and set a priority value between 0 and 1000. The higher the number, the higher the vaulting priority. 5 Click Confirm to save your settings. All subsequent backups of configured databases and virtual machines will be vaulted. Seeding the initial data set for legacy vaulting Note: This procedure can be run as a standalone procedure or as part of a larger process. For an overview of the process, see "Vaulting setup" on page 326. For large data sets, it is recommended that you use a disk seeding mechanism to transfer the initial data set to the vault. For instructions on seeding the initial data set, see RapidSeed for Legacy Vaulting Systems. Data protection vault restore The Disaster Recovery feature is used to restore data from the vault to the backup system. For more information, see the "Legacy Disaster Recovery" chapter. Working with the vaulting dashboard Use the vaulting dashboard to monitor vaulting operations on a backup system or vault. To access the dashboard, select the vault or backup system in the Navigation pane and select Replication > Vaulting > Dashboard. The dashboard shows each system that is vaulting as a separate collapsible folder. The screen is organized into three primary sections: previous 24-hour history of all completed vaulting operations, active vaulting operations, and pending vaulting operations, which are backups waiting to be vaulted. See the following topics for details: • • • "Completed Vaulting Operations pane" on page 335 "Active Vaulting Operations pane" on page 335 "Pending Vaulting Operations pane" on page 336 Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 335 • "Vaulting dashboard controls" on page 337 Completed Vaulting Operations pane The Completed Vaulting Operations pane contains the following information for each vaulting operation that completed in the last 24 hours: • • • • • • Status – A graphical status indicating whether or not the backup was successfully vaulted. Client – The Client name. Vaulted Date/Time – The time the vaulting operation started. Type – The type of backup vaulted. Elapsed – The elapsed time for the vaulting operation. Size (MB) – The size of the vaulted backup. Viewing completed vault details Click on any row in the pane to see additional information, including the messages associated with the vaulting operation. If the selected operation is one that has failed and is eligible to be reset, a reset button displays in the details window. Only those backups associated with repeatedly failing patch operations are eligible for reset. Click Reset to remove the signature file, the delta, and sync Info files so the entire process can begin anew. Active Vaulting Operations pane The Active Vaulting Operations pane contains the following information for each active vaulting operation: • Phase – An icon that denotes the vaulting phase. When a backup is vaulted, it goes through several phases. If deduplication is enabled for the backup system (enabled by default), a vaulting job goes through these phases: – Creating delta file. The vault operation generates a delta file on the backup system that contains just the data that has changed since this backup type for this client last vaulted. – – Copying delta file. Copying the delta file from the backup system to the vault. Patching delta file. Patching changed blocks into the backup on the vault. Note: • • • If you have selected the backup system in the Navigation pane, the patch operation displays as a ‘copy’ while changed blocks are being patched. You only see the operation as a ‘patch’ in the dashboard if you have selected the vault in the Navigation pane. You may also see a ‘creating signature’ operation if viewing the dashboard from the vault. Signatures are only created the first time a client vaults, or after a reset, to establish a trust relationship. Client – The Client name. Date/Time – The time at which this vault operation started. Type – The type of backup being vaulted. This includes the standard backup types, e.g., master, incremental, bare metal, etc. Additionally, you may see a backup type called SystemState which is a small backup of internal state information that is periodically 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 336 transmitted from the backup system to the vault. This SystemState is preserved to be used during a system restore, if ever needed. • • • Elapsed – The elapsed time for the vaulting operation. % – The completion percentage for this operation. Estimated Completion – The estimated date and time this vault operation should complete, based on the current transfer rate. See the following topics for details: • • "Viewing active vault details " on page 336 "Terminating a vault in progress" on page 336 Viewing active vault details Click on any row in the pane to see additional information, including the current size and final size associated with this operation, the rate at which the phase is progressing in MB per second, and an estimated completion time for this phase. It is important to note that this projection is based on speeds seen at that time interval. During the day, if throttling is being used to limit the network bandwidth used for vaulting, projected completion times may be displayed that are later than anticipated. This is because with throttling, the amount of bandwidth available for the vaulting operation is limited. If the percentage of bandwidth allowed is higher, the projected completion time will be more accurate for an environment. Note: There may be some instances in which the final size cannot be determined up front, so the percent complete cannot be derived. Terminating a vault in progress You may opt to terminate a vaulting job by selecting it in the list and clicking Terminate. This option is available for every active vaulting operation, allowing you to stop the job, modify backup and vaulting options, then easily restart the vaulting process. For file-level backups, an additional Terminate/Clear option is available. Selecting this clears the sync needed status of the backup, removing it from the pending vaulting operations queue. If a patch operation is in progress, all patch information is removed so a fresh vault process will run for this backup. (Secure sync will not think it should resume patching that backup on the next pass.) Pending Vaulting Operations pane The Pending Vaulting Operations pane contains the following information for each pending operation: • • • • • • Status – A status indicating whether the vaulting operation is active or waiting. Client – The Client name. Backup Date/Time – The time at which the backup started. Type – The type of backup. Elapsed – The elapsed time for the backup operation. Size (MB) – The size of the backup Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 337 Vaulting dashboard controls At the bottom of the screen is a set of controls, which include the following: • Refresh checkbox– Check this box to automatically refresh the screen at a specified interval. This allows you to easily monitor the ongoing progress of vaulting operations. • Refresh Interval – Enter the number of seconds between automatic refreshes if the Refresh box is checked. • • Refresh – Click to manually refresh the screen. • Close – Closes this subsystem and returns you to the Vaulting system. Clock – Click to see when vaulting ran last and when any new pending vaulting operations will be considered for vaulting. The primary vaulting controlling process, Securesync, checks periodically to see if new backups are ready to be vaulted. Clicking Clock shows the last time and next time checked, and if vaulting is suspended, it also lets you know, as new backups will not be considered for vaulting when vaulting is suspended. The interval time may be modified as necessary. Vaulting reports If configured, vaulting generates a synchronization report which provides the details of each vaulting event. A report is generated and sent each day at the time specified during vaulting configuration. See "Tuning vaulting attributes on the backup system" on page 331 for details. The report indicates the sync activity for the last 24-hour period. The report lists each client that syncs to the vault, and for each client, records and displays the backup number, backup type, time completed, status, effective speed, and bytes synced. All backups listed in the backlog show the time of the backup. The vaulting operations in progress display backups with the time the vaulting operation started. You can run on-demand vaulting reports in the Reports subsystem. These include the In-Flight Vaulting Deduplication Report, the Vault Capacity Report, and the Vaulting Report. See the "Reports, Alerts, and Monitoring" chapter for details. Granular restore from vault Granular restore enables you to restore a volume, directory, or file that has been vaulted. Granular restore is a two-phase process in which you first specify the volume, directory, or file, which is then encapsulated in the form of a selective backup and transferred from the vault to the backup system. Once the selective backup has been completed, use the standard recovery process to restore or verify the data. See "Restoring from a file-level backup" on page 346 for details. To perform a granular restore from vault 1 Select the backup system in the Navigation pane and choose Settings > Replication > Granular Restore. 2 Select the desired backup in the Available Vaulted Backups pane. Available Vaulted Backups contains a list of the most recently vaulted master and incremental backups for each client registered to the selected backup system. If a client or a vault is 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 338 selected in the Navigation pane, an error occurs since the restore must have an associated backup system specified. Upon selecting a backup, its contents display above in the Files Available pane. 3 Select the volume, directory, or file to restore by browsing the Files Available pane. Only a single volume, directory, or file can be selected. Multiple selections are not allowed. 4 With the desired item selected, click Transfer Data. This button is enabled (highlighted) once a selection is made in the Files Available section. If clicked, the selected item is transferred to the backup system and encapsulated in the form of a selective backup. 5 Restore or verify one or more files from the selective backup. See "Restoring from a file-level backup" on page 346 for details. Export vaulted data to an archive device This section describes the procedures used to export vaulted data to an archive device. You may want to export from vault to archive in these situations: • You wish to retain older copies of client data off-site at the vault location. Rather than archiving from the backup system and taking the data off-site after, you can export directly from the vault to archive format at the off-site location itself. • You need to restore a Unitrends virtual system using vaulted data. To restore to a virtual system, you must create a CIFS or NFS-configured NAS archive device on the virtual system and restore the vaulted data there. From the archive device you can then restore the system state and archived backup data. To export vaulted data to an archive device 1 If necessary, create the archive device on the vault system. If you will be restoring the exported archive data to a virtual system, create archive storage of type NAS. For details, see "Adding archive storage" on page 109. 2 On the vault system, note the path mapped to the archive device. You will need this information in step 5 below. To see the path, select Settings > System, Updates, and Licensing > Support Toolbox > Mountpoints. The path will look similar to /dev/sdd. 3 Using a terminal emulator, such as PuTTY, connect to the vault system with the following: • • • vault system IP address port 22 SSH connection type 4 Log in as user root. The default password is unitrends1. 5 At the command prompt, type the following command and press Enter: /usr/bp/bin/transferVaultDataUI.php 2>/dev/null Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 339 6 At the Selection: prompt, enter the ID of the backup system whose vaulted data you would like to export, then press Enter. In the following example, there is one system called Hyper-V_ UEB_100 on the vault. If multiple systems are vaulting, you see them all in the list. Beginning selection process for transferring off-premise data to archive drive 0 [Hyper-V_UEB_100] Select the appliance you want to pick clients from. Enter number corresponding to the system name. Selection: 0 7 At the Selection (Enter 'a' or 'i'): prompt, do one of the following: • To export all vaulted data for this backup system, type a then press Enter. • To export vaulted data by client, type i and Enter, then type the client ID and Enter. Repeat for each client you wish to export. Type q and enter to quit. In the following example, all vaulted data is exported. Selected appliance:Hyper-V_UEB_100 Number of clients available 1 Client List: 0 [hv-stress] 1 [SBS11] Select clients to transform. [Enter 'a' for selecting all clients or 'i' to select individual clients'] Selection (Enter 'a' or 'i'): a 8 At the Selection: prompt, type the ID of the archive media target and press Enter. In this example, one archive device is available. If multiple devices are mounted, you see them all in the list. Select the media by entering the number corresponding to the name. Or, enter 'q' to exit. 0 [dom_arch] Selection: 0 Archive jobs are queued. See Job Queue for details Exiting... 9 Connect to the vault using the Unitrends Administrator Interface, then select Status > Present to see the archive job running. The job type is Archive and the client is the vault system. When 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 340 the export completes, status changes to Successful and you see the job comment Successfully wrote x archives. 10 Once the archive job completes, archive data is stored on the device. If you need to restore a backup system from the archived data, do one of the following: • To restore from an external eSATA or USB docking unit or from a tape device/library, attach the device to the backup system and restore as described in "Disaster recovery from archive" on page 421. • To restore from a SAN or NAS device, create archive storage on the target backup system as described in "Adding archive storage" on page 109, then restore from the archived data as described in "Disaster recovery from archive" on page 421. Legacy Recovery-Series and UEB Administrator's Guide Chapter 14: Legacy Vaulting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 341 Chapter 15: Restore Overview This chapter provides an overview of Unitrends restore operations. It identifies the types of backed up data you can restore, introduces the procedures for restoring data, and explains how the different types of restores work. The Unitrends Administrator Interface (AI) provides a centralized location where you can perform restore operations. You can restore from a particular backup and you can also perform a point-in-time restore to recover your data from a recovery point. This chapter contains the following topics: • "Types of backed up data that can be restored" on page 341 • "Types of restores" on page 342 Types of backed up data that can be restored The following types of data can be restored from a backup: • • • • • • "Protected files" on page 341 "Protected applications" on page 341 "Protected operating systems" on page 342 "Protected virtual machine infrastructure" on page 342 "Replicated data" on page 342 "Archived data" on page 342 Protected files When recovering data from a file-level backup, you can restore individual files or an entire backup. You can restore the data to the original client or to an alternate location. For details, see "Restoring File-level Backups" on page 345. For details about recovering files from application and virtual machine backups, see "Protected applications" on page 341 or "Protected virtual machine infrastructure" on page 342. If you are protecting virtual machines with file-level backups using a Unitrends agent, you can recover data using the procedures discussed in "Restoring File-level Backups" on page 345. Protected applications To recover application backups, you can restore the entire database or perform item-level recovery with some applications. For application-specific details, see the following chapters: • • • • • "Microsoft Exchange recovery" on page 524 "Oracle restore from the backup system" on page 562 "Restoring SharePoint backups" on page 543 "Restoring SQL backups" on page 504 "Restoring UCS service profile backups" on page 692 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 15: Restore Overview 342 Protected operating systems Use disaster recovery procedures to recover operating systems. For details, see "Bare Metal Protection Overview" on page 749. Protected virtual machine infrastructure You can restore entire virtual machines or individual files from VMware or Hyper-V backups. For details, see "Restoring the VMware virtual infrastructure" on page 656 or "Restoring the Hyper-V virtual infrastructure" on page 606. Replicated data You can restore replicated backups to a client that is directly attached to the target. For details, see "Restoring replicated backups" on page 319. Archived data Archived backups can be restored by performing a two procedure process: 1 Restore the archive to the backup system. 2 Restore the available backup from the backup system to the desired client. For further details about restoring archived data to desired clients, see "Archive restore" on page 212. Types of restores You can restore your data using either a point-in time restore or a restore from the status tab. A point-in-time restore allows you to restore all data up to a specified point in time, whereas a restore from the status tab allows you to search and restore a specific backup or file. See the following topics for details: • • "Point-in-time restore" on page 342 "Restore from the Status tab" on page 343 Point-in-time restore The point-in-time restore is useful when you want to ensure that your client has the same data as a previous point in time. If files had been deleted from miscellaneous folders and volumes, you can select a recovery point from the moment before the files were compromised. The recovery point takes the information from the selected backup and bundles it with all data in the associated backup group. For details, see "Backup groups" on page 145. Legacy Recovery-Series and UEB Administrator's Guide Chapter 15: Restore Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 343 Restore from the Status tab Running a restore from the Status tab is useful if you are looking for one or more files in a single backup. To restore from the Status tab, select a single backup. Only files within the selected backup are available for restore, without regard to the data of the entire backup group. For details, see "Backup groups" on page 145. The following graphic provides an illustrated explanation of a restore performed from the Status tab. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 15: Restore Overview 344 Legacy Recovery-Series and UEB Administrator's Guide Chapter 15: Restore Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 345 Chapter 16: Restoring File-level Backups This chapter describes the procedures used to restore file-level backups. Clients must have an eligible backup before running these procedures. For details, see "Types of backed up data that can be restored" on page 341. For descriptions of the procedures used to restore backups of applications or virtual infrastructure, see the applicable chapters. For recovery of operating systems, see "Bare Metal Protection Overview" on page 749. It is recommended that you read the "Restore Overview" chapter before running the procedures listed here. The overview chapter provides a detailed discussion of the types of data that can be restored, different ways to restore your data, and other key concepts referenced throughout this chapter. This chapter contains the following topics: • • • • "Restore types" on page 345 "Restoring from a file-level backup" on page 346 "Restore options" on page 348 "Monitoring running restore jobs" on page 355 Restore types To recover files from a file-level backup, you can restore all data back to a specified recovery point or restore from a particular backup. You can use inclusion and exclusion options in selecting files for restore and decide whether to restore files to the original location or to an alternate location. Restore types are described in the table below. Restore Type Description Point-intime restore The point-in-time restore option is useful when you want to ensure that your client has the same data as a previous point-in-time. For details, see "Types of restores" on page 342. Restore from the Status tab A restore from the status tab allows you to search for and restore a single file or choose one backup to restore with no regard to the data in the entire backup group. For details, see "Types of restores" on page 342. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 16: Restoring File-level Backups 346 Restoring from a file-level backup This section explains how to execute a file-level restore using either the point-in-time restore method or restoring from the Status tab. Excluding files from the restore and restoring data to an alternate location are options that can be used when performing a point-in-time restore or a restore from the status tab. See the following for details: • • • • "Excluding files from the restore" on page 346 "Executing a point-in-time restore" on page 346 "Executing a restore from the Status tab" on page 347 "Restoring to an alternate location" on page 348 Excluding files from the restore When performing a point-in-time restore or a restore from the Status tab, you can opt to exclude a subset of selected files. Follow the "Executing a point-in-time restore" on page 346 or "Executing a restore from the Status tab" on page 347 procedure and specify data to restore by: • Selecting files and folders to include, by checking the boxes next to the items you wish to restore. All unchecked items are excluded from the restore. • Excluding a subset of included files by entering an exclusion pattern. For details, see "File exclusion options" on page 350. • Using the include and exclude options to exclude a subset of included items. Executing a point-in-time restore A point-in-time restore enables you to restore a client to a specified point in time. All requested data in the backup group is synthesized by the system so that the client is restored to this prior state. For an explanation of backup groups, see "Backup groups" on page 145. To execute a point-in-time restore, follow the procedure below, or watch our video tutorial, File-Level Restores, for a walk through of how to perform a point-in-time restore. To execute a point-in-time restore 1 Select the client in the Navigation pane. 2 Select Restorefrom the Main Menu. A wheel representing a 24-hour time period displays. 3 Select a backup from the Recovery Point Times list on the left side of the Center Stage or select a green slice from the 24-hour time wheel. If no backups are displayed, click through the calendar until a date displays in bold, signifying an available backup. 4 Select Next (Select Files/Items) at the bottom right of the screen. 5 Select the volumes or files you wish to restore. Note: 6 Use the Advanced File Selection option if you have a large amount of volumes and want to quickly select all for restore. (Optional) To exclude a subset of the files you selected in step 5 above, click Show File Exclusion Options. Enter exclusion patterns to exclude files that you do not wish to restore. See "File exclusion options" on page 350 for details. Legacy Recovery-Series and UEB Administrator's Guide Chapter 16: Restoring File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 347 7 (Optional) Select Show Advanced Execution Options to display additional restore options. See "Advanced Execution Options for restore" on page 351 for details. 8 Click Restore. The restore progress bar displays. Progress can also be viewed by selecting Status > Present (Currently Executing Jobs). For details, see "Monitoring running restore jobs" on page 355. 9 For Windows restores only, a reboot of the Windows client may be required to reset locks on any files that were locked during the restore. Executing a restore from the Status tab If you wish to restore from one backup, follow the procedure below: Note: For NDMP clients. Selective restore of files containing non-UTF-8 compatible characters is not supported. Instead, perform a full restore of this data as described in "Point-in-time NDMP restores" on page 578. For backups containing files with non-UTF-8 compatible characters and files without non-UTF-8 compatible characters, selective restore of the files without these special characters is supported. To execute a restore from the Status tab 1 Select the client in the Navigation pane. 2 Select Status from the Main Menu. 3 Select one of the following tabs from the bottom of the Center stage. These tabs display backups completed for the selected client in the last seven days or in the selected month: • • 4 Backup: Last 7 days Backup: Month Click on the backup you wish to restore within the Backup: Last 7 days or Backup: Month pane. The Backup Information window displays. Note: If the backup was restored from archive, the date displayed here is the archive restore date, not the original backup date. 5 Select Restore Files from the bottom of the Backup Information window. The Restore from Backup window displays. 6 Select the volumes and files you wish to restore. For more granular control, expand volumes and directories to select subdirectories or files. 7 (Optional) To exclude a subset of the files you selected in step 6 above, click Show File Exclusion Options. Enter exclusion patterns to exclude files that you do not wish to restore. See "File exclusion options" on page 350 for details. 8 (Optional) Select Show Advanced Execution Options to display additional restore options. See "Advanced Execution Options for restore" on page 351 for details. 9 Click Restore. The restore Progress bar displays. Progress can also be viewed by selecting Status > Present (Currently Executing Jobs). For details, see "Monitoring running restore jobs" on page 355. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 16: Restoring File-level Backups 348 10 For Windows restores only, a reboot of the Windows client may be required to reset locks on any files that were locked during the restore. Restoring to an alternate location You can restore to a new location on the original client, or you can restore to an alternate client if the client has been corrupted, is being deprecated, or if you are migrating data. The alternate location must be a client registered to the Unitrends system. To execute a restore to an alternate location, follow the procedure below or watch our video tutorial, File-Level Restores. To restore to an alternate location Use this procedure to restore to a different path on the original client or to restore to another client registered to the Unitrends system. 1 Complete step 1 on the previous page - step 5 on page 346 in "Executing a point-in-time restore" or step 1 on the previous page - step 7 on the previous page in "Executing a restore from the Status tab". 2 Click Show Advanced Execution Options in the Restore from Backup of Client window. 3 Select the desired client from the Client To Which To Restore drop-down menu. • • 4 The drop-down contains all eligible clients that have been registered to the backup system. Choose the original client or a different client. (Optional) Enter a Target Directory for your restore. Files are restored to this destination on the client you selected in step 3 above. • The use of spaces in Target Directory names should be avoided. For example: c:\\RestoredData. • • • If no target directory is entered, the files or folders are restored to the original path. If the directory does not exist, it is created during the restore. To restore CIFS/NFS backups to another path on a NAS device, specify the full path. See "Restoring backups of CIFS/NFS clients" on page 583 for details. 5 Check or uncheck the Advanced Execution Options as desired. See "Advanced Execution Options for restore" on page 351 for details. 6 Click Restore at the bottom right of the screen. The restore Progress bar displays. Progress can also be viewed by selecting Status > Present (Currently Executing Jobs). For details, see "Monitoring running restore jobs" on page 355. 7 For Windows restores only, a reboot of the Windows client may be required to reset locks on any files that were locked during the restore. Restore options When restoring data, you need to choose what data to restore. You can restore an entire backup or selected files. See the following topics for details: • • "Searching for a file to restore" on page 349 "File exclusion options" on page 350 Legacy Recovery-Series and UEB Administrator's Guide Chapter 16: Restoring File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 349 • "Advanced Execution Options for restore" on page 351 Searching for a file to restore Se a rc h in g fo ra file to re s to re This enables you to search for a single file that has already been backed up. Searching this way allows you to determine the backup location of a deleted or missing file. To find files to restore Use this procedure to search for files in a client’s backup history. These files can be deleted, viewed, or restored. 1 Click Status on the main menu. 2 Select a client in the Navigation pane and click Show Search Options above the calendar in the Center Stage as shown in the figure above. 3 Enter search criteria. Search by name, date, size, or any combination. • Name – To search by name, check the Name box and enter text. For the quickest search, include the entire path. Wildcards, such as “*” and “?”, can be used. For example, if the file name is: restoretest.doc. You could search by entering the following: – – – *test*  *test.doc restore* When using wildcards, such as ‘\\’, ‘%’, ‘_’, ‘*’, ‘?’, and ‘\’, do NOT check the Regular Expression box. These characters are interpreted differently as regular expressions and do not yield the same search results. • Regular Expression: Check this box to search using regular expressions. (Do NOT check this box to search using wildcards.) • • Ignore Case: Check this box to search for filenames regardless of case. • Size (KB): Check this box and enter a range in kilobytes to narrow the search by file size. Date: Check this box to search for files modified within a certain time frame. Calendar icons are provided to assist with date selection. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 16: Restoring File-level Backups 350 • Include: Select to return files that meet the search criteria you entered. This is the default setting. • Exclude: Select to return all files other than ones that meet the search criteria you entered. Entered criteria is used to exclude files from search results. 4 Click Search. Files matching the specified criteria display on the Search: File Results tab. 5 Click on a file to view more details. This opens the Backup Information window. • • • To restore this backup, continue with this procedure. To delete this backup and any associated dependent backups, click Delete Backup. To exit the Backup Information page, click Cancel. 6 Click Restore. 7 In the Restore from Backup of client window, do one of the following: 8 • Continue with this procedure to restore to the original location. • Click Advanced Execution Options to specify an alternate directory and other options. For details, see "Advanced Execution Options for restore" on page 351. Click Restore. File exclusion options F ile e x c lu s io n o p tio n s This option provides the ability to exclude files and folders based on file pattern. The following are different ways to exclude files from your restore: • • Drag and drop files into the exclusion pattern field from the File Selection List. Manually add files/folders by typing file location into the exclusion pattern field. Note: If files are in the exclusion list box and you wish to remove them, highlight and click Remove. The syntax of the paths you enter depends on the client Operating System type. See the following table for information. Operating System Proper syntax Windows C:\\FolderName or C:\FolderName Linux/ UNIX C://FolderName or C:/FolderName Note: Wildcards are not supported for Linux/UNIX Operating System. Only folder-level exclusions are supported. Example exclusion patterns Legacy Recovery-Series and UEB Administrator's Guide Chapter 16: Restoring File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 351 Exclusion Pattern Example *.txt C:\windows\sys* C:\PCBP\Lists.dir\p_client?.spr C:\Programfiles\Case?\ C:\?Log?\*.logs C:\\DataRestore Description How to exclude all files where zero or more characters match the exclusion pattern. Windows only. How to exclude directories and their contents within the specified path where zero or more characters match the exclusion pattern. Windows only. How to exclude all files within a specified path that matches a single character within exclusion pattern. Windows only. How to exclude all directories and their contents within specified path that matches a single character within exclusion pattern. Windows only. An example of Exclusion lists that have multiple “?” wildcards and only one * wildcard. Windows only. If an entire directory is excluded, the directory name will still appear in the backup; however, its contents will be empty. All clients. See the table below for exclusion pattern limitations and examples. Limitation Example of limitation Should not be used to exclude all folders that match folder_ abc on the system. The full path must be provided. *folder_abc C:\*\*\abc.txt Multiple wildcard matches are not supported. Wildcards are not supported on Linux/Unix systems. Folder-level exclusions only. C://BobsFolder Advanced Execution Options for restore Ad v a n c e d Ex e c u tio n Op tio n s fo re s to re The options in this section allow you to input a target directory, overwrite existing files, restore only the newest versions, and exclude files. See below for a description of each option: Target Directory If no Target Directory is entered, the files or folders are restored to their original location. Using spaces in a Target Directory name should be avoided. An example of a correct Target Directory is: C:\\RestoredData. To restore to the appliance's Samba share, enter /backups/samba. Client Pre-Restore Commands Use this field to specify commands or scripts to run on the client before starting the restore. For example, enter the command to shut down the database before a restore. The output from the command is directed to the restore summary. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 16: Restoring File-level Backups 352 To specify a pre-restore command, enter the full path to the command in the Pre-Restore Commands field. For example, C:\Data\script.bat or /usr/jsmith/script.sh. Note: For Linux clients, running long pre-restore commands can cause restores to fail. To prevent this, adjust the timeouts setting in the client’s master.ini file as described in KB 3107. Client Post-Restore Commands Use this field to specify commands or scripts to run on the client after the restore completes. For example, enter the command to restart a database after a restore completes. The output from the command is directed to the restore summary. To specify a post- restore command, enter the full path to the command in the Post-Restore Commands field. For example, C:\Data\script.bat or /usr/jsmith/script.sh. Note: For Linux clients, running long post-restore commands can cause restores to fail. To prevent this, adjust the timeouts setting in the client’s master.ini file as described in KB 3107. Save Selected Options Allows you to save field inputs for future use. You can save multiple versions and designate a name. Once you select a saved option from the drop-down list, you have the option to load or delete the selected options. Preserve Directory Structure This option is selected by default. If selected, this preserves the existing file structure within the target directory. Note: If you wish to restore the file(s) to the original location, Preserve Directory Structure must be selected. If you attempt a restore to the original location and uncheck this box, the restore fails. Below is an example of the file selection screen in the Administrator Interface. When files are selected, their parent folders are selected by default. In the example, the Target Directory is C:\\AmandaVelez. All files selected for restore are restored to this folder on the target client. Legacy Recovery-Series and UEB Administrator's Guide Chapter 16: Restoring File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 353 If Preserve Directory Structure is checked, parent folders are restored as shown here: If Preserve Directory Structure is not checked, parent folders are not restored, as shown here: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 16: Restoring File-level Backups 354 Overwrite Existing Files and Restore Newer Files Only options How you set these options determines which files are restored and whether existing files on the target client are overwritten. • Overwrite Existing Files - This option is selected by default. If selected, files in the Target Directory may be overwritten. (See the table below to determine when overwrite will happen.) This is useful if you are restoring an updated version of a document and only want the most up to date version. • Restore Newer Files Only - This restores a file only if its date is newer than the existing version in the Target Directory. (See the table below to determine when newer files overwrite existing files.) If the file does not exist in the Target Directory, the file is restored.  • How these options work if the file exists in the Target Directory: Option selected? Overwrite Existing Files = Yes Restore Newer Files Only = Yes Restore behavior Windows backup Non-Windows backup Restores the file and overwrites the existing file. • If the file to restore is newer than the one in the Target Directory, restores the file and overwrites the existing file. • If the file to restore is older than the one in the Target Directory, does not restore the file. Overwrite Existing Files = Yes Restore Newer Files Only = No Restores the file and overwrites the existing file. Restores the file and overwrites the existing file. Overwrite Existing Files = No Restore Newer Files Only = Yes Does not restore the file. Does not restore the file. Legacy Recovery-Series and UEB Administrator's Guide Chapter 16: Restoring File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 355 Set file Dates to Today This stamps the restored files with the restore date and time. If not checked, file dates are not updated during the restore. UNIX Text Conversion This option is selected by default. When restoring UNIX Text files to MS-DOS systems, checking this option prevents new lines from being converted to CR-LF. Monitoring running restore jobs To view and manage queued and running restore jobs 1 Select the system or client in the Navigation pane and click Status. Selecting the client displays only jobs run for that client. Selecting the system displays all queued and running jobs. 2 On the side of the Status page, click the Present (Currently Executing Jobs)blind. On the Present page, all queued and running jobs for the selected system or client display. To identify restore jobs, check the Job Type column for type Restore. For information on other job types, see "Monitoring running backup jobs" on page 147 or "Monitoring running archive jobs" on page 259. The following information is given for each restore job: Field Description ID Restore ID. Client The client for which the job is executing. DB/VM Shows the virtual machine or application instance, if applicable. Job Type Restore. Status The real-time status of a task is displayed in the Status column. Successful Indicates that all the files have been restored successfully. Failed Indicates that the restore failed. Click Detail for more information. Proc Aborted Indicates the job was unexpectedly aborted. Click Detail for more information. Canceled Indicates the restore was terminated by clicking the Terminate button on this page. Job Comment 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Restore progress can be monitored in the Job Comment column. Legacy Recovery-Series and UEB Administrator's Guide Chapter 16: Restoring File-level Backups 356 When a row is selected in the table, details concerning that job display near the bottom of the Center Stage. Details include the name of the job, the job ID, the job type, the client, the device, the status of the job, and the comment. At the bottom of the page are a set of controls: Control Description Auto Refresh Check this box to refresh the page every n seconds, where n is the number entered. Refresh Interval The number of seconds between automatic refreshes if the Auto Refresh box is checked. Advanced Options > Stop Tasker/Start Tasker This button toggles starting and stopping the Tasker process, which manages jobs. If there are any modifications to the backup system’s configuration settings, Tasker must be stopped and re-started for changes to take effect. To access Tasker, click the Advanced Options checkbox. Refresh Now Click to manually refresh the page. Suspend/ Resume Select a job in the list and click this button to suspend active jobs or to resume suspended jobs. Terminate Click this button to terminate a selected job(s). Close Click to close this view and return to the previous screen. Multi-job selection Use Shift + Click to select contiguous rows. Use Ctrl + Click to select noncontiguous rows. For best results, disable auto-refresh before acting on multiple jobs. Once the action is complete, click Refresh Now or check Auto-Refresh to see job statuses. Legacy Recovery-Series and UEB Administrator's Guide Chapter 16: Restoring File-level Backups 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 357 Chapter 17: Reports, Alerts, and Monitoring The following tools are used to support the management of backups and systems: • • "Reports" on page 357, allow you or the system to generate reports for distribution or analysis. • "Monitoring" on page 397, are tools that allow you to monitor backup and restore activities on a real-time basis. "Alerts " on page 397, are system generated alerts that provide immediate notification of an outof-normal range event. Reports Two types of reports are available: • • "Standard system reports (system-generated)" on page 357 "User-generated reports" on page 360 Standard system reports are generated by the system and can be delivered by email with the option to include a PDF version as an attachment. User-generated reports are customizable and can be generated from the Reports menu as needed. Standard system reports (system-generated) You can configure systems to automatically generate reports that are delivered by email with the option to include a PDF version of the report as an attachment. Reports are sent at pre-determined times of the day to provide system, backup, replication or vaulting, and archive status. Notices of failed scheduled backups can be delivered within an hour of their occurrence. Archive jobs can be configured to send an email summary upon completion. For details, see "Configuring email for reporting" on page 357. See "Standard system report descriptions" on page 358 for details about each report. Configuring email for reporting Note: This option is available only for standard system reports. The system cannot be configured to automatically send user-generated reports. You can set up your system to email notifications and reports to certain recipients. You can also select to include a PDF version of the report as an email attachment. See "About configuring notifications" on page 62 for instructions on configuring email notifications and email report recipients. Scheduled notifications are generated and sent at 8:00 AM by default, but you can change the time reports are sent. Other reports are sent upon completion of a given job. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 358 To modify the time that scheduled reports are generated 1 Select Settings > System, Updates, and Licensing > General Configuration [Advanced]. 2 Expand the Alertman section. 3 Select the row containing ReportHourMin in the Name column and modify the value below to the desired report time. This is in a 24-hour format, where 00:00 is midnight, and 12:00 is noon. 4 Click Confirm. Standard system report descriptions Standard system reports are generated by the Unitrends system and delivered via email. You can update your preferences for receiving these reports. Reports are sent either upon completion of a given job or at a set time each day. For example, failure reports are sent within the hour, whereas the Daily Backup Status report is sent at a scheduled time each day. To modify this setting, see "Configuring email for reporting" on page 357. See the following for details about each report: • • • • • • • "System Status Report" on page 358 "Failure Report" on page 358 "Securesync Report" on page 359 "Archive Status Report" on page 359 "Replication Report (system-generated)" on page 359 "Capacity Warning Email Alert Report" on page 359 "Management Status Report" on page 360 System Status Report This is a daily report that shows a summary status of all backup and replication jobs that have occurred on the system within the last 24 hours. This information displays in a view that is similar to the status page in the Unitrends interface. The first section of the report displays file-level and bare metal backups. The remaining sections show application-specific backups for Microsoft SQL Server, Microsoft Exchange Server, SharePoint, Oracle, UCS service profiles, Hyper-V, and VMware servers. The color-coded columns show the backup status and replication/vaulting status for seven days. The column for the current day of the week is highlighted. Days following the current day refer to the previous week (for example, if today is Wednesday, the Thursday through Saturday columns refer to last week). A green status means that no failures or warnings occurred. Warnings are indicated by yellow. For each day, if any backup or replication operation failed for the client or application object represented by a row, that day is marked red. At the bottom of the report, there is a list of alerts from the system for the previous seven days. Failure Report A process periodically checks to see if any scheduled backups have failed in the last hour. If so, the system sends an email report to the recipients on the failure report mailing list (unless the client’s schedule was modified to not send this report). The report identifies the name of the schedule, the client and/or application object, and status information to identify the failure. More details about the failure can be obtained by logging into the system. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 359 Securesync Report This report shows legacy vaulting activity during the previous 24 hours. This report displays the amount of time the Sync engine was up, the average copy transfer speed, the average patch transfer speed, and the space used on the vault. Vaulting can occur in one of two modes: • Copy: A copy transfer copies the entire file to be vaulted to the system. This is the average copy transfer speed. • Patch: A patch transfer sends only the changed portions of the file to the vault. The average patch transfer speed is calculated as if it were a copy and the whole file was transferred. This generates an average patch transfer speed which is much higher than the average copy transfer speed. All clients that completed a vaulting process during the previous 24 hours will be displayed with the backup number and type vaulted, the time vaulting completed, the status of the vaulting process (success or failed), the effective speed of the vaulting process, and the amount of data synced to the vault. Backups waiting to be vaulted and vaulting operations in progress are listed. Vaulting operations in progress will show a percentage complete and a projected completion time. Archive Status Report If an archive job is scheduled, runs, and completes, a report generates listing the clients and their associated backups that were copied to the archive target. Additionally, a report is created if an archive drive is not large enough to handle the data requested by the archive profile. Replication Report (system-generated) The replication report is sent daily at a time you designate when configuring replication. All successful, active, and queued replication jobs from the last 24 hours across all replication source systems are listed. Information presented in the report includes backup type, completed date and time, total elapsed replication time, size of the replicated backup in megabytes, the number of files associated with the replicated backup, and whether or not the backup was encrypted. You can also access this report in the Unitrends Administrator Interface by selecting Reports > Replication. Capacity Warning Email Alert Report As with most devices that have hard drives, there are limits on the percentage of space that the device may use. For a complete list of Unitrends systems, their raw usable capacity, and their maximum recommended backup capacity, see the appliance family DataSheet applicable to your system. In order to provide enhanced system capacity management, your system is designed to examine the amount of disk space used daily. If the system determines that it is approaching, or has exceeded, its maximum recommended backup capacity, the system does the following: • • Automatically suspends deduplication • Provides an alert Makes the Data Reduction Report unavailable (If you attempt to access this report you will receive a message that deduplication is supported but currently disabled.) 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 360 These messages pro-actively inform you of your system capacity and report your Raw Usable Capacity and the current amount of space used (also shown as the Total Used amount at the bottom of your Capacity Report). The email is sent every day, as long as the capacity condition exists. The alert is updated with any change in the value of critical data. After your system detects that the capacity issue no longer exists and the current amount of space used is less than the maximum recommended backup, the following actions occur: • • • • The alert is closed. Another alert is created and displayed stating that deduplication has been re-enabled. The Data Reduction Report is re-enabled. You stop receiving daily capacity warning email alerts. Management Status Report This is a daily report that provides details on backup and replication jobs for a manager system and for all systems that it is managing. This report is applicable only for manager systems. (See "About remote system management" on page 95 for information about manager systems.) The report contains details on jobs that occurred on the manager and managed systems within the last seven days, and the column for the current day of the week is highlighted. Days following the current day refer to the previous week (for example, if today is Wednesday, the Thursday through Sunday columns refer to last week). The report organizes information alphabetically by customer, location, and system. The Management Status Report contains the following sections: • System summary: Summarizes the jobs on each system using color-coded columns to indicate successes (green), warnings (yellow), and failures (red). A warning indicates that 99.9% of the job completed, but less than 100%. A failure indicates that a job did not run or that more than one in one-thousand files failed to backup or replicate. Note: • • • A warning or failure indication for a system does not necessarily mean that all jobs for the system failed to complete at 100%; rather, it indicates that at least one job for one client on the system failed to complete at 100%. For details about failures, see the alerts section of the report. Alerts: Lists the alerts generated by each system. Status of file-level and bare-metal backup jobs, and the replication status of these backups. Status of application and virtual machine backup jobs, and the replication status of these backups. User-generated reports You can create, save, run, print, and download reports through the Reports menu. These customizable reports provide information on system alerts, backups, replication or legacy vaulting, backup devices, schedules, and system capacity. You can determine what information populates each report by selecting report fields for inclusion. You can then save your customized settings to define new defaults, or you can use them to create custom reports that you can execute as needed. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 361 You can download user-generated reports and save them as comma-separated files or PDFs (releases 7.4 or higher). To generate a report, select the Reports button in the main menu, and then from the Reports screen, click the icon for your desired report. Some reports, such as the Capacity report, display different information depending on what you select in the Navigation pane. For a list of reports that you can generate, see "User-generated reports descriptions" on page 367. See the following topics for details about user-generated reports: • • • • • "Generating reports" on page 361 • "Downloading and printing reports" on page 366 "Report buttons" on page 361 "Customizing reports" on page 362 "Saving custom report settings" on page 365 "Other report options" on page 366 Generating reports You can generate reports on the system, client or navigation group level using the procedure described here. For details about navigation groups, see "Navigation grouping" on page 45. To generate a report 1 Click the system, navigation group, or client in the Navigation pane. Selecting the system displays information for all applicable clients on the system. Selecting the navigation group only shows information for the items in the group. Selecting a client from the Navigation pane offers the most granular information by only displaying information for the single client selected. 2 Click Reports from the Main Menu. 3 Select the report you wish to generate. For a description of the reports, see "User-generated reports descriptions" on page 367. Report buttons There are a series of buttons in the lower right corner of each report. Refer to the following table for more information. Button Description Allows you to enable (make visible) or disable (make invisible) the columns that constitute the report. See "To enable/disable report columns" on page 363. Allows you to define new default settings for reports. See "To save default report options" on page 365. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 362 Button Description Allows you to create a custom report based on the changes made to the current report. See "To save a custom report" on page 365. Allows you to create a PDF version of the current report (7.4 and higher). The PDF includes all visible columns and any applicable graphs. See "To create a PDF report" on page 366. Allows you to print a report directly from the system. Allows you to save all of the columns available (not just visible) for the report in the comma-separated value (CSV) format. See "To export a report to a CSV file" on page 366. Allows you to close the current report and return to the front page of the report subsystem. Graphical and date range buttons display in the left corner of the report, if these options are available for the report you select. See the following for more information. Allows you to view the report in chart form. See "Other report options" on page 366. Allows you to specify the date range for the report. See "Other report options" on page 366. Customizing reports You can customize reports according to certain desired specifications; for example, you could alter the order of the columns. You may then exit without saving your changes and, therefore, preserve the system defaults. You can also save your changes using one of the following two options: Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 363 Option Description Defining new default settings You can define your own defaults for each type of user-generated report. Each user of the system can save his or her own default settings. Define new defaults if you want to change the settings for reports that you run regularly. For example, if you set new defaults for backup reports, the new settings apply to all subsequent backup reports. Creating Settings saved as a custom report apply only when you execute that particular report. custom You can create and save multiple custom reports. Create custom reports for reports reports that you execute less frequently. For example, for backup reports, you can choose to enable a column indicating whether a backup was synthesized, but you may not want this column enabled for all of your backup reports. In this case, you could create a custom report that you run only when you want to see whether a backup was synthesized. To customize a report, configure each of the desired options, and then save the settings as the default or as a custom report. (See "Saving custom report settings" on page 365.) See the following options for customizing reports: • • • • "To enable/disable report columns" on page 363 "To sort reports by a column or by multiple columns" on page 363 "To change the order of columns" on page 364 "To modify the width of columns" on page 364 To enable/disable report columns You can enable and disable report columns to customize the information that displays in reports. Note: Available columns vary by report. 1 Click Reports in the main menu and select the report you want to customize. 2 Click the Enable/Disable column button in the lower right corner to display the Column Chooser box. 3 Check or uncheck the options as desired. 4 Click Confirm to apply the new settings. 5 If you are finished customizing, skip to the next step. To continue customizing the report, see "To sort reports by a column or by multiple columns" on page 363, "To change the order of columns" on page 364, or "To modify the width of columns" on page 364. (You can save all of your changes after you have finished customizing the report.) 6 (Optional) Save the settings. See "Saving custom report settings" on page 365 for details. To sort reports by a column or by multiple columns You can sort the columns on a report to provide a more informative view of the report’s data. Manage multiple-column sorting using the column heading (the top row of each column) and the column sort 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 364 area (the “box” to the right of the column heading). You can also sort in ascending or descending order. 1 Click Reports in the main menu and select the report you want to sort. Notice that each column heading is divided into two sections by a vertical white line, called the column sort area. This forms a “box” to the right of the column name. 2 Click on the column heading to sort the column (alphabetically or numerically, depending on the column information). You see a number and triangle in the column sort area (to the right of the heading). 3 Click on the triangle to resort the column, if necessary. 4 To sort using multiple columns, click on the first column heading you want to use for sorting. Clicking the triangle in the column sort area toggles between ascending or descending order. 5 Click in the second column sort area (the right side of the column header) for any subsequent columns you want to use for sorting. Repeat for as many columns as you want to use for sorting. Columns are sorted in the order you select them. 6 If you are finished customizing, skip to the next step. To continue customizing the report, see "To enable/disable report columns" on page 363, "To change the order of columns" on page 364, or "To modify the width of columns" on page 364. (You can save all of your changes after you have finished customizing the report.) 7 (Optional) Save the settings. See "Saving custom report settings" on page 365 for details. To change the order of columns You can change the display order of columns in a report. 1 Click Reports in the main menu and select the report you want to modify. 2 Click the heading of the column you want to move and drag it to the desired location. Repeat as necessary to reorder the columns. 3 If you are finished customizing, skip to the next step. To continue customizing the report, see "To enable/disable report columns" on page 363, "To sort reports by a column or by multiple columns" on page 363, or "To modify the width of columns" on page 364. (You can save all of your changes after you have finished customizing the report.) 4 (Optional) Save the settings. See "Saving custom report settings" on page 365 for details. To modify the width of columns 1 Click Reports in the main menu and select the report you want to modify. 2 Hover over the border of the column you want to modify. 3 Click and hold to drag the cursor to the right to widen the column or to the left to narrow it. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 365 4 If you are finished customizing, skip to the next step. To continue customizing the report, see "To enable/disable report columns" on page 363, "To sort reports by a column or by multiple columns" on page 363, or "To change the order of columns" on page 364. (You can save all of your changes after you have finished customizing the report.) 5 (Optional) Save the settings using one of the following procedures: Saving custom report settings After customizing a report, you can either save the settings as new defaults or use them to create a custom report. For an explanation of the differences between defining new default settings and creating custom reports, see "Customizing reports" on page 362. For details, see the following: • "To save default report options" on page 365 • • • "To restore system default settings for a report" on page 365 "To save a custom report" on page 365 "To access a custom report" on page 365 To save default report options 1 Click Reports in the main menu and select the report you want to customize. 2 Configure the desired report options listed under "Customizing reports" on page 362. 3 Click the Save Default Report Options in the lower right corner of the report screen. 4 Click Confirm to save the options. The new settings are applied each time the report runs. To restore system default settings for a report 1 Click Reportsin the main menu and select the report for which you would like to restore system defaults. 2 Click the Save Default Report Options in the lower right corner of the report screen. 3 Click Reset Preferences to restore system defaults for the report. To save a custom report 1 Click Reportsin the main menu and select the report you want to customize. 2 Configure the desired report options listed under "Customizing reports" on page 362. 3 Click Save Custom Report in the bottom right corner. 4 Give your custom report a name and description, then click Confirm. To access a custom report 1 To access your custom report at a later date, navigate to Reports > Custom. 2 Select your report from the menu and click Execute. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 366 Other report options See the following topics for additional report options: • • "To create a chart/graphical view" on page 366 "To specify a date range for the report" on page 366 To create a chart/graphical view Some reports have a graphical button (an icon resembling a bar chart) in the lower left corner of the report pane. Click this button to view the report in chart form; click this button again to return to a column view. To specify a date range for the report Some reports have a date range selection box in the lower left corner of the report pane. Click the arrow on the right of the selection box to specify the date range for the report. Downloading and printing reports You can choose to download a report as either a comma-separated value (CSV) file, or a PDF file (release 7.4 and higher). Exporting to a CSV file gives you complete control of the raw report data, allowing you to create graphs for analysis, and includes all columns associated with the generated report. A PDF version of a report includes only the columns you have enabled and any graphs associated with the report. You can then print reports after downloading them or print them directly from the system. See the following topics for instructions on downloading and printing reports: • • • "To export a report to a CSV file" on page 366 "To create a PDF report" on page 366 "To print a report directly from the system" on page 367 To export a report to a CSV file Exporting a report to a CSV file gives you complete control over the raw data within the report through a third party. Data can be used to create graphs, charts, or other forms of analysis. To use this feature, Macromedia Flash Player version 10 or higher must be installed. If Flash Player version 10 or higher is not being used, the report is saved to the system in the /usr/bp/reports.dir directory. Follow these instructions to export to a CSV file: 1 Generate a report (See "User-generated reports" on page 360). 2 Select the CSV button in the lower right corner of the screen to display the Save As box. 3 Enter a name for the report or use the default name. 4 Choose a destination for the file, and click Save. 5 If desired, print the CSV file. To create a PDF report Beginning in Unitrends release 7.4, you have the option to create a PDF version of all usergenerated reports. The PDF contains only the columns you have enabled and any graphs associated with the report. You can choose to save the report in portrait or landscape view, and you can select the page size. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 367 Follow the instructions below to create a PDF report: 1 Generate a report (See "Customizing reports" on page 362). 2 Select the PDF button in the lower right corner of the screen to display the Create PDF box. 3 Enter a name for the report in the Name field or use the default name. 4 Select a page orientation. 5 Select a page size using the drop-down menu. 6 Click Save and determine the save location. 7 (Optional) Print the PDF file. Note: The PDF report includes all applicable graphs and charts. If you do not wish for these to be printed, you can omit pages within the PDF print box. To print a report directly from the system If you want to print a report without downloading it, you can use the print button in the lower right corner of the screen. However, for optimal results it is recommended that you either export a report to a CSV file (see "To export a report to a CSV file" on page 366) or create a PDF file (see "To create a PDF report" on page 366) and then print from the saved file. User-generated reports descriptions For an explanation of user-generated reports, see "User-generated reports" on page 360. Access the Reports section of the Unitrends interface to see the status of any and all operations that have occurred on the Unitrends system. You can run these reports to gather information on anything from elapsed time of backups to a Unitrends system’s licensed capacity. To generate a report, select System > Reports, and then select the desired report option from the menu. The following topics provide details about these reports: • • • • • • • • • • • • • • "Alerts Report" on page 368 "Audit History Report" on page 368 "Backups Report" on page 369 "Capacity Report" on page 371 "Client Information Report" on page 373 "Data Reduction Report" on page 374 "Devices Report" on page 375 "Failures Report" on page 376 "Last Backups Report" on page 378 "Legal Hold Backups Report" on page 381 "Policies Report " on page 383 "Replication Report (user-generated)" on page 384 "Replication Capacity Report" on page 384 "Replication History Report" on page 386 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 368 • • • • • • • • • "Restores Report" on page 388 "SQL Server Report" on page 389 "Schedule History Report" on page 390 "Securesync Report" on page 391 "Storage Report" on page 391 "Vault Capacity Report" on page 392 "Vaulting Report" on page 393 "Vaulting Deduplication Report" on page 394 "Windows Virtual Restores Report" on page 395 Alerts Report This report is a list of system events. Examples of alerts include update notifications, licensing capacity notifications, software failures, or hardware failures. Please note that an alert does not necessarily mean that a failure has occurred, rather it means that an event has occurred that may require some action (see Severity below for more information). The report contains the following information: Column Description Name The name of the system issuing the alert. Severity The severity of the alert. A green flag indicates non-critical information, yellow indicates a potentially critical issue, while red indicates a severe issue. Resolved Whether or not the alert has been resolved. A check mark indicates the alert has been resolved. This field will be blank if the alert has not been resolved. Date The date the alert was issued. Time The time the alert was issued. Source The subsystem issuing the alert. This varies depending on the system. For example, a replication system may issue an alert from a subsystem such as its disk subsystem or its core software subsystem. Description The descriptive text that is associated with the alert. Total Alerts The total number of alerts for the system(s). Audit History Report This report consists of system audit history information. The report contains the following information: Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 369 Column Description Date The date the event occurred. Time The time the event occurred. User If the event was logged from a Unitrends interface operation, this is the user who generated the event. If an internal subsystem generated the event (e.g. tasker or the purger), the user is System. Category The area of the event. Message The text of the notification, describing what action was performed. Additional available columns System The system where the event occurred. Notification The ID of the event. ID Total The total number of audits for the specified time period. Backups Report This report depicts the backup operations that have occurred over the specified time period. The report contains the following information: Column Description Client The name of the client which the backup operation protects. ID The backup operation’s unique numeric identification. Status The status of the backup operation. Green indicates a successful backup, yellow indicates a backup completed with warnings, and red indicates a failed backup. Currently active backup operations are represented with an hourglass. Date The date of the backup operation. Start Time The time that the backup operation started. End Time The time that the backup operation ended. Elapsed The amount of time that the backup operation took to process. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 370 Column Description Type The type of backup operation. The type may include master, differential, incremental, bare metal, etc. Last Whether or not the backup operation was the last one of that type for the client being protected. Size (MB) The size of the backup operation in megabytes. Files The number of files associated with the backup operation. Additional available columns System The name of the system on which the backup operation resides. Complete Whether or not the backup operation has completed. Encrypted Whether or not the backup operation was encrypted. Synthesized If this backup was synthesized on the Unitrends system or if it ran on a client. Purgeable Whether or not the backup operation is currently eligible for purging. Purging is the process by which space is made available on the system for additional backups. All backups that are not the last of any given type for a client or affected by legal hold are purgeable. Sync/Replication The vaulting/replication status of the backup operation. Status Application The application that was backed up (SQL, VMware, etc.). Database The database or VM name that was backed up. Elapsed The elapsed time of the backup operation. Certified Indicates that this backup has been certified using ReliableDR, either successfully (Certification successful) , with errors (Certification completed with errors), or with warnings (Certification completed with warnings). If the backup has not been certified, the column is empty. Comment The comment associated with the backup operation. Command The command associated with the backup operation. This is the actual command that was executed on the client to perform the backup operation. Output The low level detail associated with the backup operation. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 371 Column Description Backups Report Summary Total Backups The total number of backups for the given date range. Total Files The total number of files across all backups for the given date range. Capacity Report This report depicts the maximum capacity the system can use to store the last successful full and bare metal backup types from each of its protected clients and applications. The capacity limit ensures the system has enough available space to store new backups before purging older ones. The information you see varies based on your selection in the Navigation pane. See the following for details: Column Description Replication target or vault information The following information displays when a replication target or legacy vault is selected in the Navigation pane. System The name of all backup systems replicating to this target. Available (GB) The maximum amount of space the backup system can use to store the last successful backups. Used (GB) The amount of capacity used for storage for last successful backups of all protected clients and applications, full and bare metal and older full and bare metals. Incrementals and differentials are not included in the calculation for amount used. Comment A general comment concerning the amount of space available. System Capacity Totals This field displays in the bottom portion of the screen and includes the sums of the values in each column. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 372 Column System Capacity Report Summary Backup system information Description The following fields display in the bottom portion of the screen: • • Total Systems: Number of backup systems replicating to the target. • Instant Recovery Space Used: Instant recovery spaced used on all replicating systems combined. • Total Used Including IR Space: Total last backup space used for all replicating systems combined, including instant recovery space. Capacity: Total maximum last backup capacity of all replicating systems combined. Each row of the report may contain the following information if a backup system is selected in the navigation pane. Note that you only see backup types that you use. You can select a client in the Navigation pane to filter these results at the clientlevel. (If you choose to view the results at the client-level, the System Capacity Report Summary section at the bottom of the screen displays information for the backup system.) Client Name The name of the client being protected. Master (GB) The amount of data protected for the client’s last successful master backup. BareMetal (GB) The amount of data protected for the client’s last successful bare metal backup. Exchange (GB) The amount of space protected for the client’s last successful Exchange backup. SQL (GB) The amount of space protected for the client’s last successful Microsoft SQL Server backup. VMware (GB) (Displays if you are using VMware.) The amount of space protected for the client’s last successful full VMware backups for all VMware guests. Hyper-V (GB) (Displays if you are using Hyper-V.) The amount of space protected for the client’s last successful full Hyper-V backups for all Hyper-V guests. Oracle (GB) (Displays if you are using Oracle.) The amount of space protected for the client’s last successful Oracle backup. SharePoint (Displays if you are using SharePoint.) The amount of space protected for the (GB) client’s last successful SharePoint backup. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 373 Column Cisco UCS (GB) Description (Displays if you are using UCS service profiles) The amount of space protected for the client’s last successful UCS service profile backup. System Capacity Totals This field displays in the bottom portion of the screen and includes the sums of the values in each column. System Capacity Report Summary The following fields display in the bottom portion of the screen: [Additional Columns] • Total Systems: The value in this field is 1, indicating that you are viewing capacity information for one backup system. • • Capacity: Total maximum last backup capacity. • Total Used Including IR Space: Total last backup space used for the system, including IR space. Instant Recovery Space Used: Instant recovery space used. Click the Enable and disable report columns icon in the bottom right of the screen to see the Column Chooser window. Click the check-boxes to see these columns on the main screen. This information allows you to view the number of retained backups at a glance, making it easier to determine your capacity requirements. Only the last successful master in included in the capacity used calculation. • # Masters: The number of master backups currently held by the system for a client. • # Differentials: The number of differential backups currently held by the system for a client. • # BareMetals: The number of bare metal backups currently held by the system for a client. You can uncheck these or any other columns to remove them from view. Client Information Report The Client Information report generates a summary of the system’s client information. It displays the attributes and software version for each client configured on the system. Each row of the report may contain the following information: Column Description Client The client name. Syncable Indicates whether or not the client is set to vault/replicate. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 374 Column Description Priority Displays the priority assigned to the backup of a particular client (i.e., Normal, Lower, Higher). Encrypted Indicates whether or not a client scheduled for backup is encrypted. Machine Type The machine/processor type on which a client resides. OS The operating system or platform associated with the client machine. Version The current version of the Unitrends agent installed on the client. Total Clients The total number of clients added to the system. Data Reduction Report This report displays deduplication and data reduction on platforms that support deduplication. You can view this information in a chart by selecting the graphical button. (See "Other report options" on page 366.) Data reduction, whether it is compression or deduplication, is the substitution of processor, memory, and disk I/O for disk storage space. For systems that support deduplication, the data reduction ratio is measured by combining the space savings achieved through compression and deduplication. The data reduction ratio is represented as follows, where: x = the size of data received by the system from all its client backups and y = the space used on the system by these backups then DATA REDUCTION Ratio = x / y For example, if your data reduction ratio is 2.5, then for every 2.5 GB of raw data being backed up from your clients, the Unitrends system is using only 1 GB of data. Prior to Unitrends release 5, all data reduction was accomplished using compression. Starting with release 5 and the introduction of Unitrends’ adaptive deduplication, data reduction is accomplished using both compression and deduplication for platforms that support deduplication. The deduplication ratio is a measure of the space saved by deduplication, and is represented where: a = the size of data received by the system from all of its clients’ backups that are deduplicated and b = the space used on the system by these deduplicated backups then DEDUPLICATION Ratio = a / b If using the graphical view, the chart depicts both the system’s data reduction and deduplication ratios in a graphical manner. The date that the ratios were gathered is shown along the x-axis, while the data reduction (the orange bars) and deduplication (the green line) ratios are shown on the y-axis. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 375 The data reduction and deduplication ratios vary widely based on the following environmental variables: • The type and amount of data being backed up, including how much data is being backed up with file-based backups and how much with application backups. • The backup types and schedules for clients being protected (frequency of master and differential backups). • • The level of commonality among clients’ operating systems. • • The retention of the data (longer retention periods will see higher data reduction ratios.) The frequency and degree of data that is changed (lower change rates will see higher data reduction ratios). The specifics of the data reduction algorithms being used. On a day-to-day basis, you should expect to see variations in your system’s data reduction and deduplication ratios, depending on the clients’ operating systems and filesystem sizes, as well as the backup types and schedules and amount of available system device space. A typical schedule of weekend master backups followed by daily differential backups during the week will cause the system to exhibit higher levels of deduplication after the masters complete. This occurs because the client’s latest master backup and its latest differential are not considered for deduplication until another successful master backup has completed. This will be seen in the chart as deduplication and data reduction ratios rise after a master backup, and then trend downward as the differentials are completed. They will be seen to rise again after the next master backup has completed because the prior master and differentials are then deduplicated. Over time, higher levels of retention (i.e., increased numbers of master backups on the system for each client) will be seen, and will also be reflected by a higher deduplication ratio. Devices Report This report depicts the backups that have occurred over the specified time period as they are associated with a system device. Each row of the report may contain the following information: Column Description Client The name of the client associated with the backup operation. Device The name of the system device associated with the backup operation and upon which the backup resides. ID The backup operation's unique numeric identification. Status The status of the backup operation. Green indicates a successful backup, yellow indicates a backup completed with warnings, and red indicates a failed backup. Currently active backup operations are represented with an hourglass. Date The date of the backup operation. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 376 Column Description Time The time of the backup operation. Type The type of backup operation. Last Whether the backup operation was the last one of that type for the client being protected. Size (MB) The size of the backup operation as it exists on the system device. Additional available columns System The name of the system on which the backup operation occurred. Complete Whether the backup operation has completed or not. Encrypted Whether the backup operation was encrypted or not. Compressed Whether the backup operation is compressed on the system device or not. Elapsed The elapsed time of the backup operation. Files The number of files associated with the backup operation. Backup Filename The name of the backup as it exists on the system device. Devices Report Summary Total Backups The total number of backups across all backup devices for the specified date range. Average Size (MB) The average size of the backups in megabytes. Total Size (MB) The total size of all backups in megabytes. Failures Report This report depicts the backup, restore, and verify failures that have occurred over the specified time period. The report contains the following information: Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 377 Column Description Client The name of the client associated with the operation. ID The operation’s unique numeric identification. Status The status of the backup operation. All backups in the Failures report will have a failed status (red). Purgeable Whether or not the operation is currently eligible for purging. Purging is the process by which space is made available on the system for additional operations. Date The date of the operation. Time The time of the operation. Type The type of operation. Elapsed The elapsed time of the operation. Command The command associated with the operation. This is the actual command that was executed on the client to perform the operation. Additional available columns System The name of the system upon which the operation occurred. Complete Whether the operation has completed or not. Encrypted Whether the operation was encrypted or not. Replication/Sync Status The replication/vaulting status of the operation. Application The application that was backed up (SQL, VMware, etc.). Database The database or VM name that was backed up. Size (MB) The size of the backup. Files The number of files associated with the operation. Comment The comment associated with the operation. Output The low level detail associated with the operation. Failures Report Summary 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 378 Column Description Total Backup Failures The total number of failed backups during the specified date range. Last Backups Report This report shows information about the most recent backups. The information you see varies based on your selection in the Navigation pane. See the following for details: Column Description System and non-application clients Client The name of the client associated with the operation. Application Backups Whether the client has application backups or not. (Select an application in the Navigation pane for details.) Master Date The date and time of the last successful master backup. Differential Date The date and time of the last successful differential backup. Incremental Date The date and time of the last successful incremental backup. Selective Date The date and time of the last successful selective backup. BareMetal Date The date and time of the last successful bare metal backup. System The name of the system upon which the operation occurred. Master ID The master backup’s unique numeric identification. Differential ID The differential backup’s unique numeric identification. Incremental ID The incremental backup’s unique numeric identification. Selective ID The selective backup’s unique numeric identification. Bare Metal ID The bare metal backup’s unique numeric identification. Application clients Exchange The following columns display when an Exchange client is selected in the Navigation pane: Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 379 Column Description Client The name of the client associated with the operation. Exchange Full Date The date and time of the last successful full backup. Exchange Differential Date The date and time of the last successful differential backup. Exchange The date and time of the last successful incremental backup. Incremental Date Additional available columns System The name of the system upon which the operation occurred. Exchange Full ID The full backup’s unique numeric identification. Exchange Differential ID The differential backup’s unique numeric identification. Exchange Incremental ID The incremental backup’s unique numeric identification. Hyper-V The following columns display when a Hyper-V client is selected in the Navigation pane: Client The name of the client associated with the operation. Hyper-V Full Date The date and time of the last successful full backup. Hyper-V The date and time of the last successful incremental backup. Incremental Date Hyper-V Differential Date The date and time of the last successful differential backup. Additional available columns System The name of the system upon which the operation occurred. Hyper-V Full ID The full backup’s unique numeric identification. Hyper-V Incremental ID The incremental backup’s unique numeric identification. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 380 Column Hyper-V Differential ID Oracle Description The differential backup’s unique numeric identification. The following columns display when an Oracle client is selected in the Navigation pane: Client The name of the client associated with the operation. Oracle Full Date The date and time of the last successful full backup. Oracle The date and time of the last successful incremental backup. Incremental Date Additional available columns System The name of the system upon which the operation occurred. Oracle Full ID The full backup’s unique numeric identification. Oracle Incremental ID The incremental backup’s unique numeric identification. SQL The following columns display when an SQL client is selected in the Navigation pane: Client The name of the client associated with the operation. SQL Full Date The date and time of the last successful full backup. SQL Differential Date The date and time of the last successful differential backup. SQL Transaction Date The date and time of the last successful transaction log backup. Additional available columns System The name of the system upon which the operation occurred. SQL Full ID The full backup’s unique numeric identification. SQL Differential ID The differential backup’s unique numeric identification. SQL Transaction ID The transaction log backup’s unique numeric identification. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 381 Column Description VMware The following columns display when an VMware client is selected in the Navigation pane: Client The name of the client associated with the operation. VMware Full Date The date and time of the last successful full backup. VMware Differential Date The date and time of the last successful differential backup. VMware The date and time of the last successful incremental backup. Incremental Date Additional available columns System The name of the system upon which the operation occurred. VMware Full ID The full backup’s unique numeric identification. VMware Differential ID The differential backup’s unique numeric identification. VMware Incremental ID The incremental backup’s unique numeric identification. Last Backups Report Summary Total Clients The total number of clients capable of file-level backups registered to the system. Legal Hold Backups Report This report shows all backups that are under the effects of a legal hold and contains the following information: Column Description Client The name of the client which the backup operation protects. ID The backup operation unique numeric identification. Legal Hold Expiration Date The date legal hold settings expire and the backup follows standard retention policies. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 382 Column Description Legal Hold (Days) The number of days a backup is under legal hold. If legal hold is set per backup and per client, this column displays the higher of the two values. Date The date of the backup operation. Type The type of backup operation. The type may include master, differential, incremental, bare metal, etc. Size (MB) The size of the backup operation in megabytes. Additional available columns Setting for Individual Backup (Days) The number of days a backup is under legal hold. Only applicable when legal hold is set at the individual backup level. Setting for Client/App (Days) The number of days all of a client’s backups are under legal hold. Only applicable when legal hold is set at the client level. System The name of the system on which the backup operation resides. Status The status of the backup operation. Green indicates a successful backup, yellow indicates a backup completed with warnings, and red indicates a failed backup. Currently active backup operations are represented with an hourglass. Complete Whether or not the backup operation has completed. Encrypted Whether or not the backup operation was encrypted. Purgeable Whether or not the backup operation is currently eligible for purging. No backups listed in the Legal Hold Backups report are eligible. Replication status The replication status of the backup operation. Application The application that was backed up (SQL, VMware, etc.). Database The database or VM name that was backed up. Time The time of the backup operation. Elapsed The elapsed time of the backup operation. Files The number of files associated with the backup operation. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 383 Column Description Comment The comment associated with the backup operation. Command The command associated with the backup operation. This is the actual command that was executed on the client to perform the backup operation. Output The low level detail associated with the backup operation. Legal Hold Backups Report Summary Total backups currently on legal hold The number of backups currently affected by legal hold settings. Total protected size (MB) The total size of all backups currently affected by legal hold in megabytes. This total does not take into account that the backups may have been deduplicated and are actually using less space on the system. Policies Report The purpose of the Policies report is to ensure that your environment is being properly protected by adhering to regulatory guidelines in the event of a compliance audit. This report can be used in conjunction with the Schedule History Report to monitor the success of your schedules. See "Schedule History Report" on page 390 for additional details. The Policies report displays all policies applied to your schedules, including retention policies, schedule frequencies, inclusions, and exclusions. Each protected asset has a separate entry line in the report. Fields are described in the following table; the fields that display are dependent on your schedule and report settings. Column Description System The system that hosts the assets being protected. Client The name of the client associated with the backup schedule. Based on your schedule, this may not be the protected asset. Application The application associated with the backup schedule. Based on your schedule, this may not be the protected asset. DB/VM The database or virtual machine associated with the backup schedule. Based on your schedule, this may not be the protected asset. Backup types The backup type scheduled to run (incremental, differential, full). 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 384 Column Description Schedule name The name of the backup schedule. Description The description of the schedule. Schedule Frequency The days and times the backup schedule is executed. Inclusions The total number of inclusions applied to the schedule. Select the output field for detailed information. Exclusions The total number of exclusions applied to the schedule. Select the output field for detailed information. Legal Hold (days) The hard minimum limit on the number of days a backup will be held. Any backup within the legal hold limits cannot be purged. Min retention goal (days) The minimum number of days to attempt to retain backups. Max retention goal (days) The maximum number of days to retain backups before purging. Output Detailed information about the inclusions and exclusions as well as other schedule settings. Replication Report (user-generated) The user-generated Replication report is identical to the system-generated Replication report sent daily. It lists all successful, active, and queued replication jobs from the last 24 hours across all replication source systems. Information presented in the report includes backup type, completed date and time, total elapsed replication time, size of the replicated backup in megabytes, the number of files associated with the replicated backup, and whether or not the backup was encrypted. Replication Capacity Report This report depicts how much space each of your source systems and their clients are using on a replication target, as well as giving an overall amount in gigabytes of data replicated. This report contains the following information: Column Description Replication target information displayed The following information displays when a replication target is selected in the Navigation pane. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 385 Column Description System The name of the source backup system that is replicating to the replication target. Replicated (GB) The amount of data in gigabytes that a particular system has replicated to the target. Comment A general comment concerning the status of the replication report. Backup system information displayed Each row of the report may contain the following information if a backup system is selected in the Navigation pane. Client Name The name of the client being replicated. Master (GB) The total number of GBs of master backups replicated to the replication target. Bare Metal (GB) The total number of GBs of bare metal backups replicated to the replication target. Exchange (GB) The total number of GBs of Exchange backups replicated to the replication target. SQL (GB) The total number of GBs of SQL backups replicated to the replication target. VMware (GB) The total number of GBs of VMware backups replicated to the replication target. Hyper-V (GB) The total number of GBs of Hyper-V backups replicated to the replication target. Oracle (GB) The total number of GBs of Oracle backups replicated to the replication target. Sharepoint (GB) The total number of GBs of Sharepoint backups replicated to the replication target. Minimum Retention Goal (Days) The minimum number of days to attempt to retain backups on the replication target. Maximum retention Limit (Days) The maximum number of days to retain backups before they are purged from the replication target. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 386 Column Description Actual Retention (Days) The actual number of days for which the replication target is storing backups. Note: Retention on the replication target can be different than that on the source backup system. Retention settings are set individually on each system. System Capacity Report Summary Total Systems Indicates how many source systems are replicating to this replication target. Replicated (GB) Total amount of data in gigabytes replicated to the replication target from either all source systems if you have the replication target selected in Navigation, or a single backup system if you have a backup system selected in Navigation. Replication History Report The Replication History report lists all the backups that have been replicated to the target during the selected time period. When a replication target is selected in the Navigation pane, all replication jobs across all backup source systems are displayed. Select a single backup system or client to view only its replication history. This report contains the following information: Column Description Client The name of the client that has replicated data. If the system is offline, you see a system offline message in this field. ID The ID of the backup that was replicated. Status The status of the backup job that was replicated. Green indicates a successful backup, yellow indicates a backup completed with warnings, and red indicates a failed backup. Encrypted Whether the backup was encrypted or not. Date The date the backup replicated. Time The time of day the backup replicated. Type The type of backup that was replicated (full, differential, etc.). Size (MB) The logical size in megabytes of the backup that was replicated. This will be larger than the amount of data actual replicated as duplicate blocks of data are not sent across the wire. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 387 Column Description Replication Size (MB) The physical size in megabytes of the backup that was replicated. Files The number of files associated with the replication operation. Additional available columns System The name of the system upon which the operation occurred. Complete Whether the operation has completed or not. Synthesized Indicates if this backup was synthesized on the Unitrends system or if it ran on a client. Purgeable Whether or not the backup operation is currently eligible for purging. Purging is the process by which space is made available on the system for additional backups. All backups that are not the last of any given type for a client or affected by legal hold are purgeable. Application The application was backed up (SQL, VMware, etc.). Database The database or VM name that was backed up. Elapsed The elapsed time of the operation. Comment The comment associated with the operation. Command The command associated with the backup operation. This is the actual command that was executed on the client to perform the backup operation. Output The low level detail associated with the operation. Replication History Report Summary Total Replications The total number of replication jobs found within the specified date range. Total A sum of all the physical backup sizes in megabytes. Backup Size on Source (MB) Total Replicated (MB) A sum of all the logical replication sizes in megabytes. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 388 Restores Report This report depicts all restore operations that have occurred over the specified time period. Each row contains the following information: Column Description Client The name of the client for which the restore operation occurred. If the system is offline, you see a system offline message in this field. ID The restore operation unique numeric identification. Status The status of the restore operation. Green indicates a successful restore, yellow indicates a restore completed with warnings, and red indicates a failed restore. Currently active restore operations are represented with an hourglass. Date The date of the restore operation. Time The time of the restore operation. Type This is always “Restore” in the Restores report. Elapsed The elapsed time of the restore operation. Files The number of files associated with the restore operation. Additional available columns System The name of the system on which the restore operation occurred. Complete Whether the operation has completed or not. Application The application that was restored (SQL, VMware, etc.). Database The database or VM name that was restored. Size (MB) The size of the restore operation in megabytes. Comment The comment associated with the restore operation. Command The command associated with the restore operation. This is the actual command that was executed on the client to perform the restore operation. Output The low level detail associated with the restore operation. Restores Report Summary Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 389 Column Description Total Restores The total number of restores found within the specified date range. Total Files The total number of files restored for all jobs. Average The average number of files restored across all restore jobs. Files/Restore SQL Server Report This report depicts the SQL Server backups that have occurred over the specified time period. Each row contains the following information: Column Description ID The backup operation unique numeric identification. Client The name of the client which the backup operation protects. Instance The instance of the SQL Server database being protected. Database The name of the SQL Server database being protected. Type The type of the backup operation. The type may be SQL full, SQL differential, or SQL transaction. Date The date of the backup operation. Time The time of the backup operation. Last Whether the backup operation was the last one of that type for the client being protected. Additional available columns System The name of the system upon which the backup operation resides. Status The status of the backup operation. Green indicates a successful backup, yellow indicates a backup completed with warnings, and red indicates a failed backup. Currently active backup operations are represented with an hourglass. Complete Whether the backup operation has completed or not. Encrypted Whether the backup operation was encrypted or not. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 390 Column Description Purgeable Whether the backup operation is currently eligible for purging. Purging is the process by which space is made available on the system for additional backups. Sync/Replication The vaulting/replication status of the backup operation. Status Elapsed The elapsed time of the backup operation. Size (MB) The size of the backup operation. Group The group of the SQL Server database being protected. Order The order within the group of the SQL Server database being protected. Comment The comment associated with the backup operation. Command The command associated with the backup operation. This is the actual command that was executed on the client to perform the backup operation. Output The low level detail associated with the backup operation. SQL Report Summary Total Backups The total number of backups found within the specified date range. Total Size (MB) The total size of all available backups in megabytes. Average Size (MB) The average size of all backups in megabytes. Schedule History Report This report displays information on backup and archive schedules. Each row contains the following information: Column Description Schedule Name The name of the schedule. Status The status of the schedule. Green indicates all jobs have been successful and red indicates at least one failure has occurred. Application The application for which the schedule was created. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 391 Column Description Client The client for which the schedule was created. # Backups The number of backups that exist for the specified date range. # Failures The number of failures that exist for the specified date range. Description The description of the schedule. Additional available columns System The system on which the schedule is located. # Instances The number of times the schedule has been run. Output The raw output of the schedule history. Schedule History Report Summary Total Schedules Total schedules available in the specified time period. Total Backups The total number of backups that exist within the specified time period. Total Failures The total number of failures that exist within the specified time period. Securesync Report Clicking on the Securesync report icon in the list of reports will open a pop-up identical to the Securesync email report sent daily. See "Securesync Report" on page 359 for details Storage Report This report displays all storage and protection devices associated with a system. Each row contains the following information: Column Description Storage Internal by default, or a user-defined storage name. Type The type of storage device. For example, NAS, iSCSI, or internal. Usage The user-defined purpose of the storage, such as Backups, Archiving, Vaulting, or Protect. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 392 Column Description Device Devices associated with the storage. D2DBackups is the default, with anything else being user-defined. The appearance of “(Storage)” indicates the storage itself. Size (GB) The amount of allocated storage in gigabytes. Online Whether or not the storage is connected and operational. Additional available columns System The system to which the storage is allocated. Hostname The host where the storage resides if it is not internal. Port The port the storage uses for network communication. Share The name of the network share used for storage. Protocol The protocol the storage uses for network communication. Storage Report Summary Total The total number of storage devices. Vault Capacity Report This report depicts the licensed capacity associated with a vault. Select the vault in the Navigation pane to see a list of vaulting systems. Each row contains the following information: Column Description System The name of the on-premise backup system whose data replicates to the vault. Backup System Accessible? Whether the system was accessible at the time the report was run. If not accessible, the amount of space used may be reported as zero. Used (GB) The amount of storage space used, in gigabytes, on behalf of the system. Additional available columns Number of Clients Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring The number of clients associated with the system. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 393 Column Description To view details about a system, select a row in the report. The Report Entry window displays details about the system’s vaulting clients, including client name and amount of capacity used on the vault (GB Used). Vault Capacity Report Summary Total Systems The total number of source backup systems vaulting to the target vault. Total Capacity (GB) The total capacity of the vault in gigabytes. Total Used (GB) The capacity used across all DPUs on the vault in gigabytes. Vaulting Report This report depicts the vaulting operations that have occurred over the specified time period. Each row contains the following information: Column Description Client The name of the client that backup operation protects and is also the candidate for vault-based protection. ID The vaulting operation unique numeric identification. Status The status of the vaulting operation. Green refers to a successful vaulting operation, red refers to a failed vaulting operation, and an hourglass refers to a vaulting operation currently in progress. Encrypted Whether the vaulting operation was encrypted or not. Date The date of the vaulting operation. Time The time of the vaulting operation. Type The type of the backup operation that is the candidate for vault-based protection (master, differential, etc.). Size (MB) The size of the backup operation that is the candidate for vaulting in megabytes. Files The number of files associated with the backup operation that is the candidate for vaulting. Additional available columns 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 394 Column Description System The name of the on-premise backup system that is the candidate for vault-based protection. Complete Whether the vaulting operation has completed or not. Synthesized Indicates if the vaulted backup is synthesized (true) or not (false). Purgeable Whether the backup being protected by the vaulting operation is currently eligible for purging. Purging is the process by which space is made available on the system for additional backups. Application The application data being vaulted. Database The SQL or Exchange database being vaulted. Elapsed The elapsed time of the vaulting operation. Sync Size (MB) The amount of unique blocks of data transferred to the vault in megabytes. Comment The comment associated with the backup operation that is the candidate for vaulting. Command The command associated with the backup operation that is the candidate for vaulting. This is the actual command that was executed on the client to perform the backup operation. Output The low level detail associated with the backup operation that is the candidate for vaulting. Vaulting Deduplication Report This report depicts the status and deduplication ratio of vaulting operations. When a vault is selected in the Navigation pane, all vaulting jobs across all backup source systems are displayed. Select a single backup system, client, or navigation group to view only its vaulting deduplication information. The report contains the following information: Column Description System The source backup system. Client The client vaulting data. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 395 Column Description Status The status of the vaulting operation. Green refers to a successful vaulting operation, red refers to a failed vaulting operation, and an hourglass refers to a vaulting operation currently in progress. Date The date the vaulting operation took place. Time The time of day the vaulting operation took place. Type The type of backup vaulted (master, differential, etc.). Size (MB) The size of the backup that vaulted in megabytes. Deduplication The ratio of the size of a backup on the source backup system to the size of the Ratio data on the vault. Additional available columns ID The backup ID of the vaulted job. Complete Indicates whether or not a job has finished vaulting. Application The application data being vaulted. Database The SQL or Exchange database being vaulted. Elapsed The time taken to complete the vaulting operation. Deduplication The antecedent of the deduplication ratio. Factor Vaulting Deduplication Report Summary Total Vaulting The total number of vaulting operations found on the vault. Operations Total Size on Vault (MB) The size that is currently being used by source backup systems on the vault in megabytes. Windows Virtual Restores Report This report depicts the history and status of all Windows Instant Recovery (WIR) restore operations. Each row contains the following information: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 396 Column Description Client The client on which the WIR restore took place. ID The ID of the WIR restore operation. Status The status of the WIR restore operation. Green refers to a successful operation, red refers to a failed operation, and an hourglass refers to an operation currently in progress. Date Indicates the date of the WIR restore took place. Time Indicates the time of the WIR restore. Type The type of backup that was restored to the WIR partition. Elapsed The time it took to complete the WIR restore. Files The number of files that were part of the WIR restore. Additional available reports System The system on which the WIR restore process took place. Complete Whether or not the restore is complete. Application The application being restored. Database The SQL or Exchange database being restored. Size (MB) The size of the restore in megabytes. Comment The comment associated with the restore operation. Command The command associated with the restore operation. Output The low level detail associated with the restore operation. Windows Virtual Restores Report Summary Total Restores The total number of WIR restore operations that occurred in the specified date range. Total files The total number of files have been restored across all WIR restore operations within the specified date range. Average The number of files that are restored on average for each WIR restore operation Files/Restore for the specified date range. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 397 Alerts The Alerts feature is a powerful communication tool that allows you to monitor software and hardware failures. The status of the system is updated every 15 minutes to the vault. A report consisting of system alerts and the status of backups is issued daily. Once the system software has been installed, it continuously monitors the system and captures the following alerts: Alert Description RAID conditions and failures Indicates a RAID device status of degraded, verifying, rebuilding, or OK. Client connections Communication errors between system and registered and enabled clients. PCI card modifications Removal or addition of PCI devices, such as an RX9 card. System Licensing Notifies when the license has expired. Tasker Alerts when tasker is not running. Continuous Exchange Protection (CEP) Notifies if there are any Workspace errors or errors in the Global Exchange log. CryptoDaemon Notifies the user if CryptoDaemon is running. Software Availability Notifies the user if a software update has been made available. Support Contract Notifies the user if the support contract has expired or is about to expire. Licensed Capacity Warnings The system is near its capacity limit (alerts raised at 70%, 80%, and 90%). Monitoring This section explains system tools that help you monitor system performance. See the following for details: • • • "Failures and warnings" on page 397 "System load" on page 398 "Support toolbox" on page 398 Failures and warnings When viewing backup history, you might see backup failures or warnings. Backup failures indicate the backup did not run, or that it ran but failed to back up more than one in one-thousand files. A 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 398 backup warning indicates the backup ran and completed, backing up more than 99.9% of all files, but less than 100%. When you see a backup failure or warning, you should investigate the reason for the backup status. View the Backups Report for details of a failure or warning. Click on a backup in the Backups Report to view information regarding that backup. This window shows the raw output of any failure or warning messages that the system generated. These messages provide a good indication of why a backup failed, or completed but had warnings. View the Failures Report for details of the backup failure. System load System load is used to monitor the system’s load statistics over a 24-hour, 7-day, or 30-day period. You can also view the load over a custom date range. Select Settings > System Monitoring > Load to view the system load. Use the date range drop-down menu in the lower-left corner of the screen to specify a date range. The System Load screen displays the load levels in the following three areas: Load Level Description Ideal Area If the system load is primarily in this area, the system load is within guidelines and will result in optimal backup performance. Warning There are times when the load level remains in the ideal area, but occasionally spikes Area into the warning area. This is normal depending on scheduled backups or other daily operations that take place on the system. However, if the load level remains in the Warning Area for extended periods of time, this is indicative of a high load that could lead to longer backup or vaulting times. Alarm Area The system load can occasionally spike into the alarm area. If this occurs, backup times must be monitored periodically to determine if the load level decreases out of the Alarm Area. If the load remains in the Alarm Area and does not decrease over a period of days or weeks, consider adding an additional system. If a backup system, register some of the clients to a different system and assign their backups to the new system to lessen the load. If a vault, reassign some of the systems to another vault for vaulting. If using the Unitrends Enterprise Backup virtual machine, consider giving the VM additional processors and memory. Support toolbox Use these tools to check the system. This is recommended for more advanced users. Many of these tools are useful when troubleshooting with the Unitrends Support team. Select Settings > System, Update, and Licensing > Support Toolbox to access these tools. Tools Description Active Ports All active or listening network ports on the system. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 399 Tools Description Asset Tag The Asset Tag number assigned to the system. Date and Time The system’s display of the current date and time. Disaster Recovery Log Details from the latest recovery operation for each system recovered from this vault. This tool will not produce results on a backup system. Disk Free Space Free space available on each partition. Disk Status Gathers all relevant Disk Status from the Unitrends system. Filesystem Information Information about all filesystems on the System. Hardware Detected Information associated with all hardware detected on the system. Host Statistics XML-formatted output of host statistics over time. Hosts File The contents contained in the system’s host file. To update the hosts file, see "About adding clients" on page 69. IPMI Status Gathers all relevant IPMI Status from the Unitrends System. Kernel Information The system’s Kernel revision, build date, and system architecture. LVM Status Information regarding the status of the LVM subsystem, including the physical volumes, logical volumes, and volume groups. Maximum Backup The maximum amount of client data supported on this platform (if defined). Memory Usage Information regarding the status of system memory, including the amount of the memory installed, used, and free. Modules Loaded Information regarding the status of modules loaded into the Linux kernel. Mountpoints All current file system mount points on the system. On-Demand iSeries Backup Interface where on-demand iSeries backups are launched using the default profile. For more information, see "Getting started with iSeries protection" on page 701. Open Ports All open ports on the system. Process Listing Processes running on the system. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 400 Tools Description Process Resource Usage A snapshot of the resources being used by each process and details on the number of tasks running, CPU usage, memory usage, and swap space usage. Processor Information Information regarding details of the system’s processors. RAID Software Information Information about software RAID arrays. Samba On/Off A button to enable or disable Samba as needed. Securesync Date for Vaulting Systems The date and time of the last and next Securesync iteration. This option is only useful on systems configured for vaulting. Securesync Report for Vaulting Systems A local system report of Securesync activities. This option is only useful on systems configured for vaulting. Support Tunnel Create/close a support tunnel for a Unitrends Customer Engineer. System Information The system type, generation, kernel version, system software version, and the date the software was installed. System Log The backup system log. System Services The system services and their status. Upload System Information Uploads system information to Unitrends for use in support cases. Legacy Recovery-Series and UEB Administrator's Guide Chapter 17: Reports, Alerts, and Monitoring 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 401 Chapter 18: Disaster Recovery IMPORTANT! Procedures in this chapter are for Unitrends systems running version 7.0 and higher. If replicating, both the source and target systems must be running 7.0 or higher. For systems running older versions, see the "Legacy Disaster Recovery" chapter. If restoring a UEB appliance that was originally deployed on Unitrends, version 8.1 or higher, you can recover using the storage from the failed UEB. See the "Setting up a UEB appliance with existing backup data" procedure in one of these guides: UEB Deployment Guide for Installable Software, UEB Deployment Guide for VMware, or UEB Deployment Guide for Hyper-V. Protecting an organization’s data and IT infrastructure has never been more important. This document describes the steps the Unitrends customer needs to take when planning and implementing a disaster recovery (DR) strategy. This strategy includes decisions that are best made long before a failure occurs. An effective disaster recovery strategy consists of four aspects: • • • • The decision to archive or replicate Preparation Restoring to a physical or virtual system Restoring backup data to clients See the following topics for details: • • • • • • • • • "Archive or replicate" on page 401 "Preparation" on page 402 "Restoring the system" on page 403 "Scenario 1: Restoring a backup system" on page 403 "Scenario 2: Recovering from a corrupt backup device" on page 409 "Scenario 3: Recovering from a corrupt RAID" on page 409 "Scenario 4: Recovering a corrupt internal drive" on page 410 "Post-recovery considerations" on page 410 "Restoring backup data to the clients" on page 411 Archive or replicate Unitrends offers disaster recovery with both on-premise archiving and off-premise replication. Choosing which to use will be based on your particular needs, but the most effective disaster recovery strategy will be one in which these choices have been made well in advance. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 18: Disaster Recovery 402 Archiving is accomplished by storing backups on removable media, while replication involves blocklevel deduplication of backups to an off-site location (also referred to as the disaster recovery site) in which a replication target system has been configured. Replication may be used alone for disaster recovery or in conjunction with archiving. Note: Disaster recovery from tape archive is not supported. Successful recovery from a disaster using the Unitrends solution requires that replication and/or archiving has been previously configured and implemented. A Unitrends system’s metadata (its system state) is automatically backed up when archiving or replicating. This metadata holds information such as clients added to the system, client schedules, storage configuration, and system settings. Restoring this metadata rebuilds a Unitrends system in the event of a disaster. WARNING! A system automatically protects itself by sending metadata to archive media or a replication target each time you archive or replicate backups. You should never manually back up a Unitrends system itself. Preparation In the case of a disaster recovery event, the administrator will need a fresh system to which data may be restored. Depending on the business impacts of being down in the event of a true disaster, end-users may choose to: • Rely on their Platinum maintenance contract to deliver a replacement system to their disaster recovery site (shipped next business day). • Purchase a replacement chassis at the time of the disaster under Silver and Gold maintenance contracts and wait 2 weeks (Silver) or 3-5 business days (Gold) for delivery of a new system to their disaster recovery site. • Purchase a standby, spare system chassis from Unitrends to have onsite in their disaster recovery center for the ultimate recovery scenario. • • For UEB systems only, perform DR to a CIFS or NFS-configured NAS. For replicating systems, perform hot/hot restore from the replication target to a new, directly attached system. The new system can then be shipped to the DR site. Next, to prepare your disaster recovery strategy, keep the following in mind: • Archive data at regular intervals and store disks in a safe location. (Archive to disk is not available for SFF-RecoveryOS). • Replicate data directly to an off-site system at regular intervals. Step 1: A complete disaster recovery strategy must include a record of certain information. You will need this information to restore protected systems in the event of disaster. Once the Unitrends system has been configured and the appropriate clients registered, the following information should be recorded so it can be accessed in the event of a system failure. Asset #:__________________________________________ Software Serial #:__________________________________ Legacy Recovery-Series and UEB Administrator's Guide Chapter 18: Disaster Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 403 User String:_______________________________________ Feature String:_____________________________________ License Key:_______________________________________ Note: License information can be found by accessing Settings > System, Updates, and Licensing > License through the Administrator Interface. Step 2: Decide whether backups will be archived or replicated. Step 3: Set up the Unitrends system for replication, archiving, or both. Depending on the type of protection you settle on, see the "Archiving Overview" or "Replication" chapters for more information. Step 4: Determine which clients will be protected. The steps for registering clients are covered in "About adding clients" on page 69. Step 5: Create bare metal media for each of the registered clients. It is typically recommended that every client have a crash recovery media created as soon as it is set up, and then bare metal backups should be performed on a monthly basis, or, whenever major hardware or software changes are made to the client. For detailed information on this procedure, see the "Bare Metal Protection Overview" chapter. Step 6: Create schedules for running your desired backups. Go to the "Backups Overview" chapter for instructions on setting up backup schedules. Restoring the system We all hope it never happens, but if it does, the above preparation will leave you in the best possible position. The next part of the Disaster Recovery strategy involves the actual recovery. This is the information you will need to keep in mind if you find yourself having to restore your protected systems. The following sections provide disaster recovery instructions for specific scenarios: • • • • "Scenario 1: Restoring a backup system" on page 403 "Scenario 2: Recovering from a corrupt backup device" on page 409 "Scenario 3: Recovering from a corrupt RAID" on page 409 "Scenario 4: Recovering a corrupt internal drive" on page 410 Scenario 1: Restoring a backup system The following are required when restoring a backup system: • Both the original system being restored and the new system must be running Unitrends version 7.0 or higher. • A fresh system to restore to must be available. This can either be a new or a re-imaged system. If you need to re-image a system for this process, contact your authorized Unitrends partner or Unitrends Support for additional details before proceeding. • The new system must be configured as described in "Configuring the newly imaged system" on page 404 before you start the DR procedure. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 18: Disaster Recovery 404 • if restoring to a Recovery-Series appliance, the new appliance must have a minimum of 128GB of storage space available, and at least as much storage space as the original system. • If restoring to a UEB system, you’ll need to add a minimum of 140GB of backup storage space or as much storage as the original system, whichever is higher. • You must have a replicated backup or archive from which to restore. (DR from tape archive is not supported.) Additional DR considerations are listed here. You will be asked to make choices during the DR process. It is best to consider your options before you start the DR procedure. • The new backup system can be set up with additional storage devices that will house restored backups. This has to be done prior to the restore process. • During DR you will choose whether to retain the storage devices on the new system or restore devices from the original system. See "Selecting storage devices during DR" on page 404 for details. • If encryption is configured on the original system, you will reset encryption on the new system after system metadata has been restored. To do this, you must know the original system’s encryption passphrase. Selecting storage devices during DR During the DR setup, you will be asked whether to retain storage devices on the new system or restore storage devices from the original system. Differences are described here. Restore using storage devices on the new system Storage configuration of the new system is retained after system metadata restore completes. Schedules from the original system are updated to use the default device on the new system. Example: Original system: 2 backup devices, D2DBackups and NewBackups. Backups for Client1 go to NewBackups. New system: 2 backup devices, D2DBackups and MoreBackups. After the restore, the new system still contains devices D2DBackups and MoreBackups. Since the original NewBackups device does not exist, the schedule for Client1 is updated so that its backups go to the default device, D2DBackups. Restore using storage devices from the original system Storage configuration of the original system is restored. Schedules from the original system use the original configuration. In the example above, backups for Client1 continue to go to the NewBackups device. Configuring the newly imaged system Prepare the new system as described here. To configure the new system 1 Configure a freshly imaged system onto the network with an IP that does not match that of the system to restore. Legacy Recovery-Series and UEB Administrator's Guide Chapter 18: Disaster Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 405 2 3 4 • For physical systems, follow the procedure "Initial configuration of Unitrends systems" on page 57. • For UEB systems, follow the procedures in one of the following guides: UEB Deployment Guide for Installable Software, UEB Deployment Guide for VMware, or UEB Deployment Guide for Hyper-V). Verify that the newly images system has adequate storage space. • If restoring to a Recovery-Series appliance, the new appliance must have a minimum of 128GB of storage space available or at least as much storage space as the original system. • If restoring to a UEB system, you'll need to add a minimum of 140GB of backup storage space or as much as the original system, whichever is greater. Use the Setup Wizard to configure Unitrends system settings as described in "System setup" on page 59. For Disaster Recovery, be sure to set these items as follows: • Hostname - Enter a unique hostname for the new system. Do not use the hostname of the original system. This hostname will be overwritten with that of the original system during the DR process. • Installation type - Select the installation type that matches that of the system you will restore. • You do not need to configure other Setup Wizard items (such as adding clients and users) since these will be set to match the original system during the DR process. Continue to one of the following procedures to restore the system: • • "System restore from the replication target" on page 405 "System restore from archive" on page 407 System restore from the replication target Once you have configured the new system as described in "Configuring the newly imaged system" on page 404, use these procedures to restore the backup system from a replicated backup. Note: You must perform some tasks on the replication target and others on the newly imaged system; the steps are labeled accordingly. On the replication target 1 Select the target in the Navigation pane (brown vault icon) and click Restore. 2 On the Vault Restore page, select the source from the Restore a System (Perform DR) list. 3 Click Add New Target and enter the following for the freshly imaged system: • • • • Hostname IP Address Qualified Name Alias Name if desired (this is optional) 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 18: Disaster Recovery 406 4 Click Confirm in the Target System name area. An entry is added to the target’s host file for the newly imaged system. 5 On the Vault Restore page, select the new system from the Target System Name list. 6 Click Prepare Target System. The system metadata backup is sent to the new system and a list of clients displays below. Note: Check the Replication Dashboard to be sure the system metadata backup is replicating. If there are jobs ahead of it in the Pending Operations queue, remove them with the Add items to the end of the queue option as described in "To remove a pending job from the queue" on page 318. On the newly imaged system 1 Click the Gear icon below the Navigation pane, check Show System Client, and click Confirm. 2 Select the system client in the Navigation pane (below the blue system icon) and click Status. 3 Select Past (Historical Status) , and then select the Backup tab to display the calendar. Use the arrows to navigate the calendar and locate the System Metadata backup that was just sent to the system. The date for this backup is the date it was run, and not the date when the backup was sent to the newly imaged system. 4 Click the System Metadata backup to display the Backup Information page. 5 On the Backup Information page, click Restore System Metadata. 6 Select the storage configuration to use for the restore. • • • Click Yes to use storage devices configured on the new system. Click No to use storage devices configured on the old system. For more information, see "Selecting storage devices during DR" on page 404. 7 When the confirmation message displays, check the I understand... box and click Confirm to continue with the DR and restore system metadata. 8 A message displays indicating system metadata has been restored. 9 If encryption was configured on the original system, reset the encryption state on the new system: Note: • • • This reset must be performed after system metadata has been restored. Select Settings > System Monitoring > Encryption. Turn encryption off and Confirm. Turn encryption back on, enter the encryption passphrase, and click Confirm. 10 Return to the replication target to continue the DR procedure. On the replication target 1 Click Okay to close the restore metadata message. 2 Click Select Target Device. Legacy Recovery-Series and UEB Administrator's Guide Chapter 18: Disaster Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 407 3 In the grid below, check boxes to select clients to restore. • You do not need to select the original Unitrends system as its metadata has already been restored. • If you chose to restore storage from the new system, specify the device to which backups will be restored for each client selected. Note: The device selected here is for this restore only. During DR, schedules are updated so that the default D2DBackups device is used. Scheduled backups for the client will be stored on the D2DBackups. To change this, apply an option to the schedule once DR is complete. 4 Click Confirm. 5 A message displays indicating that backups have been added to the replication queue. Click Okay. 6 Monitor replication by selecting Replication > Dashboard. For details, see "Working with the replication dashboard" on page 309 7 Once backups have replicated, restore clients. See "Restoring backup data to the clients" on page 411 8 After all systems have been restored, configure the new system for replication as described in "Replication setup" on page 283. For additional considerations, see "Post-recovery considerations" on page 410. System restore from archive Once you have configured the new system as described in "Configuring the newly imaged system" on page 404, use this procedure to restore the backup system from archive. Note: 1 Disaster recovery from tape archive is not supported. Attach archive media to the new system. • If restoring from a disk device, attach the device to the new system. For UEB systems, attach to the ESX or Hyper-V host machine and configure the device for access by the UEB VM within the hypervisor interface. • If restoring from external archive storage (NAS or SAN), configure this storage on the new system. See "Adding archive storage" on page 109. • If restoring a UEB archive from virtual disk, configure this storage on the new system. See "Adding archive storage" on page 109 and follow instructions for Added Disk. 2 On the new system, select the blue system icon in the Navigation pane and click Restore. 3 On the System Restore page, select the new system from the Restore a System (Perform DR) list. 4 Click the arrows to Scan for Archive Media. 5 Select the archive media in the Select Media list. 6 Select the storage configuration to use for the restore. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 18: Disaster Recovery 408 • • • Click Yes to use storage devices configured on the new system. Click No to use storage devices configured on the old system. For more information, see "Selecting storage devices during DR" on page 404. 7 When the confirmation message displays, check the I understand... box and click Confirm to continue with the DR and restore system metadata. 8 A message displays indicating system metadata has been restored. Click one of the following: • • 9 Click Yes to continue restoring archives for protected clients. Click No to exit DR and unmount the archive media. An encryption message displays. If encryption was configured on the original system, reset the encryption state in a new browser window: Note: • • • • • This reset must be performed after system metadata is restored. Log in to the new system using a different browser window. Select Settings > System Monitoring > Encryption. Turn encryption off and Confirm. Turn encryption back on, enter the encryption passphrase, and click Confirm. Return to the DR procedure in the original browser window. 10 Click Okay to close the encryption message and continue. 11 Click Select Target Device. 12 In the grid below, check boxes to select clients to restore. If you chose to restore storage from the new system, specify the device to which backups will be restored for each client selected. Note: The device selected here is for this restore only. During DR, schedules are updated so that the default D2DBackups device is used. Scheduled backups for the client will be stored on D2DBackups. To change this, apply an option to the schedule once DR is complete. 13 Click Confirm, then Yes to indicate that you wish to overwrite the selected client’s backups. 14 A message displays indicating that DR has started. Click Okay. 15 Monitor the DR job. Click Status, then click the Present blind on the side of the Status page. The DR job displays in the grid as an Archive Restore. 16 When the Archive Restore job completes, its status changes to successful. Click the refresh arrows below the Navigation pane to reload the system. Restored clients and data display in the system. 17 Restore clients as necessary. See "Restoring backup data to the clients" on page 411. 18 After all systems have been restored, see "Post-recovery considerations" on page 410 for additional tasks you may need to perform in your environment. Legacy Recovery-Series and UEB Administrator's Guide Chapter 18: Disaster Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 409 Scenario 2: Recovering from a corrupt backup device The following steps describe the recommended approach for recovering a system from a corrupted backup device. Examining the system logs to determine disk failure: /var/log/messages or /var/log/syslog In the event of a single disk failure: 1 Determine the failed disk drive by executing the appropriate disk controller command or by launching the disk controller tools (this can also be performed in BIOS): tw_cli info [3ware-based systems] or cat /proc/mdstat [for desktops and 1U systems] 2 Insert the new disk drive. Ideally, the new drive should be the same size, type, and model as the original drive. Once the new drive is inserted, the rebuild process should begin automatically. If it does not, use the 3ware utility (for rack-mount units), or the rebuild_disk script (desktops and 1U systems) to add the drive and launch the rebuild process. When the new device has been rebuilt successfully, it is ready for use. Scenario 3: Recovering from a corrupt RAID The following steps describe the recommended approach for recovering a system from a corrupted RAID. Examine the system logs (/var/log/messages or /var/log/syslog) to determine if the disks on the disk controller are failing. If the failing disks are located on a controller that is failing, installing new disks on the failing controller will not solve the problem. This scenario assumes that the corrupted RAID is a result of multiple failed disks: 1 Determine the failed disks by executing the appropriate disk controller commands or by launching the 3Ware utility (this can also be performed in BIOS): tw_cli info [for 3ware-based systems] or cat /proc/mdstat [desktops and 1U systems] 2 Insert the new disk drives. Ideally, the new disks should be the same size, type and model as the original disks. Once the new disks have been inserted, the rebuild process should begin automatically. If it does not, use the 3Ware utility (for rack-mount units), or the rebuild_disk script (desktops and 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 18: Disaster Recovery 410 1U systems) to add the drives and launch the rebuild process. 3 When the new device has been rebuilt successfully, create a new Unitrends Postgres database with the following command: /usr/bp/bin/setup_postgresql.sh create 4 Perform disaster recovery from replication target or archive. (See "System restore from the replication target" on page 405 and "System restore from archive" on page 407 for instructions.) 5 If applicable, apply the manual steps following Disaster Recovery. (See "Post-recovery considerations" on page 410 for details.) Scenario 4: Recovering a corrupt internal drive The following steps describe the recommended approach for recovering the system root drive on a Recovery-720 or Recovery-730. 1 To determine which internal drive failed, view the alerts on the status window of the Administrator interface. You may also view the contents of /proc/mdstat. 2 If the drive is offline, bring the drive online and run the script /usr/bp/bin/rebuild_disk 3 If the drive is corrupt, insert a new disk drive. The new disk drive must be the same size as the original disk drive. Once the new disk drive has been inserted, the rebuild process should begin automatically. If it does not, use the /usr/bp/bin/rebuild_disk script to format the new drive. Post-recovery considerations The system’s configuration information will be recovered when the system state data has been restored. However, depending on the setup, you may need to perform the following in order to complete the disaster recovery operation. • If required, re-configure the network with the new IP address. On the Administrator Interface go to Settings > Clients, Networking, and Notifications > Networks > Ethernet (eth0). Enter the new IP address and gateway as required. Select Confirm. • • • • If required, change the hostname via the Administrator Interface. • If Microsoft Exchange CEP backups have been restored, change the login information for the workspace. Modifications to the workspace can be performed via the Exchange Web Admin application. Make sure replication is turned off if changing the hostname. Reconfigure the system for synchronization via the Administrator Interface. Because synchronization is disabled during the restore process, ensure that the system is set to replicate. On the Administrator Interface go to Replication > Replication Attributes > Connection Options and Process Control > Resume Replication. Legacy Recovery-Series and UEB Administrator's Guide Chapter 18: Disaster Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 411 • Change owner and group of Exchange workspace on Samba share to nobody. Use the following command for this: chown -R : Also change the permissions to 777. • If bonding was in use it will need to be reconfigured after the restore process is completed because it does NOT get restored. • Once the system has been restored, individual clients can be restored using the Administrator Interface. See the next section for details on restoring individual clients. Restoring backup data to the clients Now that the backup system has been restored, restoring the clients can begin. Backups should be restored in the following order: 1 Bare metal backups 2 File-level backups (masters, differentials or incrementals) 3 Application backups Bare metal basic steps 1 Boot the client from the bare metal media. 2 Restore the bare metal backup to the client. See the "Bare Metal Protection Overview" chapter for detailed instructions. 3 Reboot the client. 4 Restore to the latest available restore point (see "Executing a point-in-time restore" on page 346). This restores the last master and any subsequent incremental or differential backups. File-level and application restore basic steps To begin the restore process, log in to the system’s Administrator Interface and select the appropriate client from the Navigation pane: 1 With the client selected in the Navigation pane, click Restore. 2 In the Restore pane, select the date from which the backup will be restored by clicking on the appropriate date in the Recovery Point Day calendar. 3 Select the appropriate time of day from which to restore a backup. The selection of this time can be made from either the available list of times in the Recovery Point Times table or by simply clicking on available wedges of time that appear on the 24-hour circle. 4 The command button for this operation changes depending on the type of restore. For file-level restores (as depicted in the above example) the user will click the Restore to initiate the restore process. For VM backups the user will click Restore Files, and Restore Items for Exchange backups. 5 In the Restore from Backup of Client pane, select individual files and applications to be restored, or place a check-mark by the client itself to perform a full restore. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 18: Disaster Recovery 412 6 If desired, change the File Exclusion options or the Advanced Execution by clicking on the links at the bottom of the pane. Otherwise, click on Restore. Note: For more information on configuring these options, see the "File exclusion options" on page 350 and "Advanced Execution Options for restore" on page 351. The Restore Progress bar will display the status of the restore and will indicate when it is complete. Legacy Recovery-Series and UEB Administrator's Guide Chapter 18: Disaster Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 413 Chapter 19: Legacy Disaster Recovery IMPORTANT! Procedures in this chapter are for Unitrends systems running pre-7.0 versions. For systems running version 7.0 and higher, see the "Disaster Recovery" chapter. Protecting an organization’s data and IT infrastructure has never been more important. This document describes the steps the Unitrends customer needs to take when planning and implementing a disaster recovery strategy. This strategy includes decisions that are best made long before a failure occurs. An effective disaster recovery strategy consists of four aspects: 1 The decision to archive or vault 2 Preparation 3 Restoring to a physical or virtual system 4 Restoring backup data to clients See the following topics for details: • • • • • • • • • • • • • • "Archive or vault" on page 413 "Preparation" on page 414 "Restoring the system" on page 415 "Scenario 1: Restoring a backup system " on page 415 "Scenario 2: Recovering from a corrupt backup device" on page 416 "Scenario 3: Recovering from a corrupt RAID" on page 417 "Scenario 4: Recovering a corrupt internal drive " on page 417 "Additional requirements for restoring to a virtual system" on page 418 "Storage setup" on page 418 "Disaster recovery from vault " on page 419 "Automatic disaster recovery from vault" on page 420 "Disaster recovery from archive" on page 421 "Post-recovery considerations " on page 422 "Restoring backup data to the clients" on page 422 Archive or vault Unitrends offers disaster recovery with both on-premise archiving and off-premise electronic vaulting. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 19: Legacy Disaster Recovery 414 Choosing which to use will be based on your particular needs, but the most effective disaster recovery strategy will be one in which these choices have been made well in advance. Archiving is accomplished by storing backups on removable media, while vaulting involves blocklevel, in-flight deduplication of backups to an off-site location (also referred to as the disaster recovery site) in which a vault has been configured. Vaulting may be used alone for disaster recovery or in conjunction with archiving. Archiving onsite to a Unitrends system offers a fuller level of retention, while vaulting may provide a higher level of reliability, since the data is transmitted to a location that is geographically distant to the disaster. Successful recovery from a disaster using Unitrends’ system solution requires that vaulting and/or archiving has been previously configured and implemented. Note: Disaster recovery from tape archive is not supported. A Unitrends system’s system state is automatically backed up when archiving or vaulting. The system state holds information such as clients added to the system, client schedules, storage configuration, and system settings. Restoring the system state rebuilds a Unitrends system in the event of a disaster. WARNING! A system automatically protects itself by sending its system state to archive media or a vault each time your archive or vault. You should never manually back up a Unitrends system itself. Preparation In the case of a disaster recovery event, the administrator will need a fresh system to which data may be restored. Depending on the business impacts of being down in the event of a true disaster, end-users may choose to: • Rely on their Platinum maintenance contract to deliver a replacement system to their disaster recovery site (shipped next business day) • Purchase a replacement chassis at the time of the disaster under Silver and Gold maintenance contracts and wait 2 weeks (Silver) or 3-5 business days (Gold) for delivery of a new system to their disaster recovery site • Purchase a standby, spare system chassis from Unitrends to have onsite in their disaster recovery center for the ultimate recovery scenario. Next, to prepare your disaster recovery strategy, keep the following in mind: • Archive data at regular intervals and store disks in a safe location. (Archive to disk is not available for SFF-RecoveryOS). • Vault data directly to an off-site system at regular intervals. Step 1: A complete disaster recovery strategy must include a record of certain information. You will need this information to restore protected systems in the event of disaster. Once the Unitrends system has been configured and the appropriate clients registered, the following information should be recorded and in such a way it can be accessed in the event of a system failure. Legacy Recovery-Series and UEB Administrator's Guide Chapter 19: Legacy Disaster Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 415 Asset #:__________________________________________ Software Serial #:__________________________________ User String:_______________________________________ Feature String_____________________________________ License Key:_______________________________________ Note: License information can be found by accessing Settings > System, Updates, and Licensing > License through the Administrator Interface. Step 2: Decide whether backups will be archived or vaulted. Step 3: Setting up the Unitrends system for either vaulting or archiving. Depending on the type of protection you settle on, see the "Archiving Overview" or "Legacy Vaulting " chapters for more information. Step 4: Determine which clients will be protected. The steps for registering clients are covered in the "About adding clients" on page 69. Step 5: The creation of bare metal media for each of the registered clients. It is typically recommended that every client have a crash recovery media created as soon as it is set up, and then bare metal backups should be perform on a monthly basis, or, whenever major hardware or software changes are made to the client. For detailed information on this procedure, see the "Bare Metal Protection Overview" chapter. Step 6: Create schedules for running your desired backups. Go to the "Backups Overview" chapter for instructions on setting up backup schedules. Restoring the system We all hope it never happens, but if it does, the above preparation will leave you in the best possible position. This next part of the Disaster Recovery strategy involves the actual recovery. This is the information you will need to keep in mind if you find yourself having to restore your protected systems. The following sections provide disaster recovery instructions for specific scenarios: • • • • "Scenario 1: Restoring a backup system " on page 415 "Scenario 2: Recovering from a corrupt backup device" on page 416 "Scenario 3: Recovering from a corrupt RAID" on page 417 "Scenario 4: Recovering a corrupt internal drive " on page 417 Scenario 1: Restoring a backup system The following requirements are applicable whether you are restoring to a physical or virtual system. Additional requirements for restoring to a virtual system follow this section. • The original system being restored can be running any previous version of Unitrends software. It is possible to restore to a system older than version 6.0.0 from a v6.0.0 Vault. However, the 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 19: Legacy Disaster Recovery 416 version of the new backup system has to be of a same or newer version than the original system. • A fresh system to restore to. This can either be a new or a re-imaged system. If you need to re image a system for this process, contact your authorized Unitrends partner or Unitrends Support for additional details before proceeding. It is recommended that the new system is assigned the same hostname as the original system. When performing disaster recovery from an external storage, like SAN/NAS or an internal data store that was previously configured as an archive device, the same storage should be added to the system by using the Storage Configuration (by navigating to Settings > Storage and Retention > Storage). The purpose of the storage should be set as Archive. Note: If a storage device will be set up on the new system, it must be done prior to the restore process. Disaster recovery (Settings > Vaulting > System Restore) should be started by: • • Selecting the vault in the navigation pane if restoring from a vault. Selecting the system in the navigation pane if restoring from an archive media. The target system can be set up with additional storage devices that will house restored backups. This has to be done prior to the restore process. See "Storage setup" on page 418 for details. When using external storage or alternate storage, the target system must grant management privileges to the vault. To do this follow these procedures: 1 Log in to the Administrator Interface of the target system. 2 Navigate to Settings > Vaulting > Vault Management. 3 Click on Allow Remote Management on lower left side of the window. When restoring from a vault, it is recommended that the target system and the vault be placed on an isolated network. This will help to ensure the integrity of the system during the restore process. For optimal results, it is recommended to use a cross-over cable to connect the target system to the vault. Scenario 2: Recovering from a corrupt backup device The following steps describe the recommended approach for recovering a system from a corrupted backup device. Examining the system logs to determine disk failure: /var/log/messages or /var/log/syslog In the event of a single disk failure: 1 Determine the failed disk drive by executing the appropriate disk controller command or by launching the disk controller tools (this can also be performed in BIOS): tw_cli info [3ware-based systems] Legacy Recovery-Series and UEB Administrator's Guide Chapter 19: Legacy Disaster Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 417 or cat /proc/mdstat [for desktops and 1U systems] 2 Insert the new disk drive. Ideally, the new drive should be the same size, type and model as the original drive. Once the new drive is inserted, the rebuild process should begin automatically. If it does not, use the 3ware utility (for rack-mount units), or the rebuild_disk script (desktops and 1U systems) to add the drive and launch the rebuild process. When the new device has been rebuilt successfully, it is ready for use. Scenario 3: Recovering from a corrupt RAID The following steps describe the recommended approach for recovering a system from a corrupted RAID. Examine the system logs (/var/log/messages or /var/log/syslog) to determine if the disks on the disk controller are failing. If the failing disks are located on a controller that is failing, installing new disks on the failing controller will not solve the problem. This scenario assumes that the corrupted RAID is a result of multiple failed disks: 1 Determine the failed disks by executing the appropriate disk controller commands or by launching the 3Ware utility (this can also be performed in BIOS): tw_cli info [for 3ware-based systems] or cat /proc/mdstat [desktops and 1U systems] 2 Insert the new disk drives. Ideally, the new disks should be the same size, type and model as the original disks. Once the new disks have been inserted, the rebuild process should begin automatically. If it does not, use the 3Ware utility (for rack-mount units), or the rebuild_disk script (desktops and 1U systems) to add the drives and launch the rebuild process. 3 When the new device has been rebuilt successfully, create a new Unitrends Postgres database with the following command: /usr/bp/bin/setup_postgresql.sh create 4 Perform disaster recovery from vault or archive. (See "Disaster recovery from vault " on page 419 and "Disaster recovery from archive" on page 421 for instructions). 5 If applicable, apply the manual steps following Disaster Recovery (see "Post-recovery considerations " on page 422 for details). Scenario 4: Recovering a corrupt internal drive The following steps describe the recommended approach for recovering the system root drive on a Recovery-720 or Recovery-730. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 19: Legacy Disaster Recovery 418 1 To determine which internal drive failed, view the alerts on the status window of the Administrator interface. You may also view the contents of /proc/mdstat. 2 If the drive is offline, bring the drive online and run the script /usr/bp/bin/rebuild_disk 3 If the drive is corrupt, insert a new disk drive. The new disk drive must be the same size as the original disk drive. Once the new disk drive has been inserted, the rebuild process should begin automatically. If it does not, use the /usr/bp/bin/rebuild_disk script to format the new drive. Additional requirements for restoring to a virtual system Disaster recovery to a virtual system from a vault or archive media requires all systems to be running version 6.0.0 (or higher) of Unitrends software. When restoring to a virtual system or to a new storage device on the target, the storage device must be set up prior to the restoration process. When restoring from a vault, the target system should grant management privileges to the vault. To do so, log in to the Administrator Interface of the target system, navigate to Settings > Vaulting > Vault Management. Click on Allow Remote Managementat the left bottom. Storage setup When restoring to a virtual system, such as Unitrends Enterprise Backup, it is required to be configured with storage devices to which data would be restored. Backup devices should be created on the target system prior to the restore. Storage can be internal data stores or external storages like SAN (connected via ISCSI or fibre channel) or NAS. Because the recovery process will not attempt to connect to any storage, this connection should be made prior to beginning the restore. Depending on the amount of data that has to be restored to the system, the set up could vary. In all cases, if storage is directly added to the virtual system, it cannot be packaged into an Open Virtualization Format (OVF); therefore external storage needs to be added as a data store to the ESX server hosting the virtual system. Next, a virtual disk must be added to the virtual system using the designation of Added Internal. Set the purpose to Backups by clicking on Settings > Storage and Retention > Storage. The following scenarios are possible, and depend on the size of vaulted data: Scenario Description Data less than 2TB One virtual disk needs to be created on the data store housing the external storage. Legacy Recovery-Series and UEB Administrator's Guide Chapter 19: Legacy Disaster Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 419 Scenario Description Data greater Appropriate number of virtual disks need to be created with none greater than 2TB. than 2TB, The recovered system cannot be directly packaged into an Open Virtualization no client Format (OVF). greater than 2TB Data greater than 2TB, at least one client greater than 2TB A floating storage device needs to be used to house client data greater than 2TB. Because the recovered system cannot be directly packaged into an Open Virtualization Format (OVF), this is required. The floating storage device is directly connected to the target system and backup devices are added onto this storage. This device has to be NAS only. After storage devices are added to the target system, management privileges need to be granted to the vault, by navigating to Settings > Vaulting > Vault Management. Disaster recovery from vault 1 Log in to the system where the backups are vaulted. (By default, username is root and password is unitrends1) 2 Select the appropriate vault in the Navigation pane. 3 Click Settings > Vaulting > System Restore. 4 Select the backup system from the drop-down list. This is the name of the system being restored. 5 Enter the IP address of the target system. This is the location to which the vaulted backups will be restored. If this is the original system, the default IP address that appears in this field should be used. If restoring to an alternate system, enter the new IP address. Note: If alternate storage is configured on the target, management privileges should be granted to the vault. 6 If restoring to a virtual system or alternate storage, click Select Target Storage. Answer Yes to the question Do you wish to get the list of devices defined on the new system? The option to select the device for each client will be shown adjacent to the client. 7 In the Select Clients table, select the client(s) and the devices to which those clients will be restored. 8 Once the Disaster Recovery confirmation window opens, confirm the operation by placing a check-mark by the statement, I understand the database and hosts file will be overwritten, and all existing backups on all devices will be deleted, and click Confirm. 9 If encryption was enabled on the original system you will be prompted to turn on encryption on the target system. For this, open the Administrator Interface of the target system in a new browser window. Click Settings > System Monitoring > Encryption. Turn off encryption and restart it. You are required to enter your master passkey to enable encryption. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 19: Legacy Disaster Recovery 420 10 To check the status of the restore, select the vault again in the Navigation pane click Settings > System Monitoring > Jobs. 11 Details from the latest recovery operation for each system recovered from the vault can be viewed in the Disaster Recovery log found in the General Support Toolbox. Automatic disaster recovery from vault An automated disaster recovery from vault operation may be performed on a regular basis. A key component of configuring this automated process involves the creation of a unique profile. A profile consists of information identifying the system being restored, the target IP address, clients and devices to be recovered, the start date and time, and the frequency with which the recovery will be performed. See the following topics for details: • "Create an automatic disaster recovery profile" on page 420 • • • "View an automatic disaster recovery profile" on page 420 "Remove an automatic disaster recovery profile" on page 421 "Change, stop, or suspend an automatic disaster recovery profile" on page 421 Create an automatic disaster recovery profile To set up the profile 1 In the Disaster Recovery pane, select the target system. 2 Enter the IP address. 3 Click Check for Automatic Disaster Recovery Profile. 4 Assuming a profile does not already exist, check the box labeled, Save Auto Disaster Recovery Profile when it appears under the client table. 5 Select the clients and devices to be recovered. 6 Click Confirm. 7 Once the Disaster Recovery Profile Options screen appears, select the start date and time and whether or not the system should check for encryption. Note: it is recommended this option be set to YES. If any backups on the vaulted system are encrypted, skipping this process will cause the Auto Disaster Recovery to fail. Additionally, it is recommended that a persistent passphrase be set for encryption. 8 Once the profile options are set, click Confirm. 9 When the Disaster Recovery Profile Selections detail screen opens, confirm the settings are correct. To make changes to the profile, click Cancel. Otherwise, click Save to proceed. View an automatic disaster recovery profile To view an automatic disaster recovery profile 1 Select the system from the drop-down box. Legacy Recovery-Series and UEB Administrator's Guide Chapter 19: Legacy Disaster Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 421 2 If the IP address of the target system is known, change the default IP address shown. 3 Click Check For Automatic Disaster Profile. 4 If a profile exists for the given IP address, a View Profile option is shown. 5 Click on View Profile to see the profile selections. Saved profiles may be checked anytime by selecting a system from the drop-down box, and then entering the IP address. Clicking Check for Profile will display profiles if profiles exist. Clicking on View Profile will display the profile settings, where profiles may be removed. Existing profiles cannot be modified. To change a profile, you must remove the profile and create a new profile with your changes. Remove an automatic disaster recovery profile To remove an automatic disaster recovery profile, first view the existing automatic disaster recovery profile (see "View an automatic disaster recovery profile" on page 420) and click Remove Profile. Change, stop, or suspend an automatic disaster recovery profile An automatic disaster recovery profile cannot be changed or updated, but a new one can be created in its place. You will need to remove an existing automatic disaster recovery profile and then create and save a new one. Once created, a profile cannot be stopped or suspended for a temporary period of time. It must be removed and recreated when required. Disaster recovery from archive 1 Log in to the system’s Administrator Interface. 2 Select the backup system in the Navigation pane select Settings > Vaulting > System Restore. 3 Click Scan for Archive Media. External archive devices should be connected prior to attempting the restore. 4 In the Select Media drop-down list, select the desired type of media device. 5 If restoring to a virtual system or external storage, you may choose to replace storage by answering YES to the question Media has been mounted. Would you like to use the storage (D2D) devices configured on the new system? 6 If YES is selected, the Select Target Storage option will appear. 7 If encryption was enabled on the original system you will be prompted to turn on encryption on the target system. For this, open the Administrator Interface of the target system in a new browser window. Click Settings > System Monitoring > Encryption. Turn off encryption and restart it. You are required to enter your master passkey to enable encryption. 8 A list of clients will be populated. The list of clients is populated only after the state restore is complete. Select the desired client(s) to restore and the devices to which the client backups will be restored. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 19: Legacy Disaster Recovery 422 9 Once the Disaster Recovery confirmation window opens, confirm the operation by placing a check-mark by the statement, I understand the database and hosts file will be overwritten, and all existing backups on all devices will be deleted, and click Confirm. Note: If restoring to an alternate system, it might be necessary to change the hostname of the newly-restored system. The hostname will be that of the original while the IP address will be that of the new target system. They can be changed appropriately using the Settings > Clients, Networking, and Notifications > Networks > Hosts interface after the restore is complete. Post-recovery considerations The system’s configuration information will be recovered when the system state data has been restored. However, depending on the setup, you may need to perform the following in order to complete the disaster recovery operation. • If required, re-configure the network with the new IP address. On the Administrator Interface go to Settings > Clients, Networking, and Notifications > Networks > Ethernet (eth0). Enter the new IP address and gateway as required. Select Confirm. • • • • If required, change the hostname via the Administrator Interface. • If Microsoft Exchange CEP backups have been restored, change the login information for the workspace. Modifications to the workspace can be performed via the Exchange Web Admin application. • Change owner and group of Exchange workspace on Samba share to nobody. Use the following command for this: Make sure vaulting is turned off if changing the hostname. Reconfigure the system for synchronization via the Administrator Interface. Because synchronization is disabled during the restore process, ensure that the system is set to vault. On the Administrator Interface go to Settings > Vaulting > Vaulting Attributes > Connection Options and Vaulting Control > Resume Vaulting. chown -R : Example command: chown -R nobody:nobody Also change the permissions to 777. • If bonding was in use it will need to be reconfigured after the restore process is completed because it does NOT get restored. • Once the system has been restored, individual clients can be restored using the Administrator Interface. See the next section for details on restoring individual clients. Restoring backup data to the clients Now that the backup system has been restored, restoring the clients can begin. Backups should be restored in the following order: Legacy Recovery-Series and UEB Administrator's Guide Chapter 19: Legacy Disaster Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 423 1 Bare metal backups 2 File-level backups (masters, differentials or incrementals) 3 Application backups Bare metal basic steps 1 Boot the client from the bare metal media. 2 Restore the bare metal backup to the client. See the "Bare Metal Protection Overview" chapter for detailed instructions. 3 Reboot the client. 4 Restore to the latest available restore point (see "Executing a point-in-time restore" on page 346). This restores the last master and any subsequent incremental or differential backups. File-level and application restore basic steps To begin the restore process, log in to the system’s Administrator Interface and select the appropriate client from the Navigation pane: 1 With the client selected in the Navigation pane, click Restore. 2 In the Restore pane, select the date from which the backup will be restored by clicking on the appropriate date in the Recovery Point Day calendar. 3 Select the appropriate time of day from which to restore a backup. The selection of this time can be made from either the available list of times in the Recovery Point Times table or by simply clicking on available wedges of time that appear on the 24-hour circle. 4 The command button for this operation changes depending on the type of restore being performed. For file-level restores (as depicted in the above example), the user will click the Restore to initiate the restore process. For VM backups, the user will click Restore Files, and for Exchange backups, the user will click Restore Items. 5 In the Restore from Backup of Client pane, select individual files and applications to be restored, or place a check-mark by the client itself to perform a full restore. 6 If desired, change the File Exclusion options or the Advanced Execution by clicking on the links at the bottom of the pane. If these options are not being changed, click on Restore. Note: For more information on configuring these options, see the "File exclusion options" on page 350 and "Advanced Execution Options for restore" on page 351. The Restore Progress bar will display the status of the restore and will indicate when it is complete. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 19: Legacy Disaster Recovery 424 Legacy Recovery-Series and UEB Administrator's Guide Chapter 19: Legacy Disaster Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 425 Chapter 20: Windows Protection This chapter contains procedures for preparing and working with Windows clients. To protect Windows clients, lightweight core and bare metal agents are installed on the client machine. These agents are either installed automatically using the agent push feature, or manually in cases where the push feature is not supported. This chapter describes push and manual agent installation procedures, agent upgrade procedures, agent uninstall procedures, and additional Windows setup and protection considerations. See the following topics for details: • • • • • • • "Windows agent versions" on page 425 "Windows agent requirements" on page 426 "Push installing the Windows agents" on page 426 "Manually installing the Windows agents" on page 428 "Removing or repairing Windows agents" on page 434 "Updating the Windows agents" on page 435 "About Windows protection" on page 438 Note: For information about Windows Instant Recovery and instructions for creating a virtual failover client (VFC) for instant recovery from a backup system on a physical appliance, replication target, or UEB, see "Windows Instant Recovery" on page 451. Windows agent versions File-level backups are performed using the core Windows agent. The core agent needed depends on the client’s operating system. If push-installing the agent, the system automatically installs the required core agent. If manually installing the agent, go to Latest Agent Releases to access the core agent for your operating system. For a complete list of supported Windows operating systems, see the Unitrends Compatibility and Interoperability Matrix. To create the ISO media used to perform image-based hot bare metal backups for Windows XP, 2003 and later clients, an additional agent called Unitrends_BareMetal.msi must also be installed. This bare metal agent is not used for the integrated hot bare metal feature available on Unitrends 7.4.0 and later systems. For a description of image-based and integrated hot bare metal, see "Windows Bare Metal Protection" on page 753. Before installing the core agent, see "Windows agent requirements" on page 426. For agent installation and update procedures, see the following: • • • "Push installing the Windows agents" on page 426 "Manually installing the Windows agents" on page 428 "Updating the Windows agents" on page 435 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 426 Windows agent requirements The following requirements must be met before installation: • • • • Administrative privileges for the user executing the client installation For legacy Exchange agent, .NET 2.0 Framework or higher For legacy SQL Server agent, Microsoft SQL Server Browser Approximately 1100 MB of free space on the system drive, usually volume C:. (Applicable even if installing on a volume other than C:.) • Single Instance Storage (SIS) on Windows Storage Server 2008 is not supported and must be disabled for the agent to properly perform backups. • To protect Exchange, SQL Server, or Hyper-V, the following VSS writers are required: – VSS Exchange Writer is required for the Exchange agent. – – VSS SQL Writer is required for the SQL Server agent. VSS Hyper-V Writer is required for the Hyper-V agent. Note: VSS writers are not required for Windows 2000 and NT clients as these older environments do not use Microsoft VSS technology. Backups of Exchange and SQL data in these environments use the legacy SQL and Exchange agents. Push installing the Windows agents The agent push feature installs the Unitrends protection software on Windows clients automatically, greatly reducing setup time. When you add a Windows client to the backup system, lightweight core and bare metal agents are automatically installed and you can immediately begin protecting the client. The push feature can also be used to update agents on existing Windows clients. See "Updating the Windows agents" on page 435 for details. Note: Agent push is not supported for Windows NT or 2000 clients. A push install is initiated when you add a new Windows client to the backup system, as described in "About adding clients" on page 69. If the requirements described below have not been met and you attempt to push install, you receive the message Please download and install the latest agent release on your Windows server from the Unitrends website. After installation, uncheck 'Establish Trust' when setting up your client. Proceed to "Manually installing the Windows agents" on page 428 and manually install both the Windows core and bare metal agents. The agent is installed to the C:\PCBP directory. If you wish to install to another volume or location, you will need to install the agent manually. Agent push install requirements Ag e n tp u s h in s ta lre q u ire me n ts In addition to the items described in "Windows agent requirements" on page 426, the following prerequisites must be met before push installing the Windows agent: Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 427 Item Description Windows versions supported Windows XP Professional, 2003, and up are supported (32- and 64-bit). Windows NT and 2000 are not supported. For these versions, install the agent manually. See "Manually installing the Windows agents" on page 428 for details. Unitrends system version Release 7.0 and higher (8.2 and higher for Windows Server 2012 R2 and Windows 8.1). Backup system installation type Push installations are only supported on systems configured with the local backup system, replication target, and local backup system and replication target installation types (see "About the installation type" on page 67). Legacy vault and cross-vault configurations do not support agent push installations. Credentials Trust credentials must be defined for the client on the backup system. See "Client trust credentials" on page 91 for details. Windows The Windows client must be configured as described in "Windows configuration environment requirements" on page 427. Windows configuration requirements The following Windows configuration settings are required for the agent push feature: • • Workstation and Server services must be running and set to automatic restart. • For Windows XP Professional and 2003, File and Printer Sharing for Windows Networks must be enabled for the network adapter itself. Select Control Panel > Network and Sharing Center > Change Adapter Settings, right-click the adapter, select Properties and check File and Printer Sharing for Microsoft Networks. • For Windows XP Professional, turn off Simple sharing in Control Panel > Folder Options > View > Use simple file sharing. • Trust credentials entered on the Unitrends Add Client page must have administrative privileges. On systems with user account controls (UAC) enabled, at least one of the following must also apply: • For Windows Vista and later, Network discovery and Printer and File Sharing must be enabled for the current network profile (in Control Panel > Network and Sharing Center). – – The trust credentials entered are for a domain administrator account. – Registry key LocalAccountTokenFilterPolicy must exist and be set to 1. The trust credentials entered are for a system administrator account. Being a different member of the Administrators group is insufficient. If the administrator account is disabled, enable it by executing the following in an elevated command prompt: net user administrator /active:yes Firewall rules must allow inbound and outbound traffic between both machines. Default Windows firewall rules limit many services to the subnet. If the backup system is outside the client subnet, modify firewall Printer and File Sharing settings (TCP ports 139 and 445) to allow communication between the systems. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 428 • For 32-bit clients only, the Windows client must be configured with English as the default language. Select non-English default languages are supported for 64-bit clients. For a list of supported languages, see the Unitrends Compatibility and Interoperability Matrix. Manually installing the Windows agents In most cases, the Windows agents are automatically installed when you register the client to the backup system. If you need to install them manually, use the procedures in this section. To install the Windows core and bare metal agents, download the desired .msi files from the Unitrends website to the Windows machine. Download agents from: http://www.unitrends.com/support/latest-agent-releases.html. You can then install each agent by launching the installer or from the command line. In most cases, you will use the installer. You will need to use the command line option if you have deployed a Windows 2008 server with the server core option, or are using Group Policy to deploy to multiple Windows machines. See the following procedures: • • • "Agent installer for Windows XP, 2003, and up" on page 428 "Agent installer for Windows 2000 client" on page 430 "Command-line installer for Windows clients" on page 431 For Vista and Windows Server, see these additional considerations before installing the agent: "Special installation instructions for Microsoft Vista clients" on page 429 and "Special installation instructions for Windows Server" on page 430. Agent installer for Windows XP, 2003, and up The core agent installer for Windows XP, 2003, and later clients, loads all components in Unitrends_ Agentx86.msi or Unitrends_Agentx64.msi onto the system during installation. Microsoft SQL Server and Exchange Server application software must be installed on the Windows machine to enable execution of Unitrends SQL Server and Exchange agents. These agents are installed on all Windows clients, but they will not function without the required underlying SQL or Exchange software. Installation of Microsoft SQL Server and Microsoft Exchange Server software may occur after installing the Unitrends Windows agent without consequence. For more information, see the "Microsoft Exchange Protection" and "Microsoft SQL Protection" chapters. To install Unitrends_Agent86.msi, Unitrends_Agent64.msi, or Unitrends_BareMetal.msi T o in s ta lUn itre n d s _ Ag e n t8 6 .ms i,Un itre n d s _ Ag e n t6 4 .ms i,o rUn itre n d s _ Ba re Me ta l.ms i Note: To install Unitrends_BareMetal.msi on Vista or Server 2012/2008 systems that are running User Account Control, special installation is required. Use the procedure below. For command-line instructions, see "Command-line installer for Windows clients" on page 431. 1 Log in to the Windows system as a user that has full access to all files and folders on the system (i.e. local administrator). 2 Download the desired core Agent.msi or BareMetal.msi file from Unitrends at http://www.unitrends.com/support/latest-agent-releases. Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 429 3 Launch the downloaded file and follow the instructions on the screen to complete the installation. 4 Review the license agreement and select I Agree to accept the terms and conditions. 5 Select an installation directory. The default directory is C:\PCBP. To install in another location (folder or volume), click Browse or manually enter the directory path. 6 Click Back to review or modify data, or click Next to begin the installation process. The installation can be interrupted at any time by clicking Cancel. Note: If the client has a firewall enabled, the installer opens port 1743 and creates firewall exceptions for the necessary processes. To install Unitrends BareMetal.msi on Vista or Windows Server 2012/2008 running User Account Control T o in s ta lUn itre n d s _ Ba re Me ta l.ms io n Vis ta o rWin d o ws Se rv e r2 0 1 2 /2 0 0 8 ru n n in g Us e rA c c o u n tCo n tro l User Account Control (UAC) is enabled by default on Windows Vista, Windows Server 2008, and Windows Server 2012. To install Unitrends_BareMetal.msi on systems where UAC is enabled, you must invoke the installation with elevated privileges. 1 Download Unitrends_BareMetal.msi file from Unitrends at http://www.unitrends.com/support/latest-agent-releases, and save it to the Vista or Server 2008 machine. 2 From the Vista or 2008 server, select Start > All Programs > Accessories. 3 Right click Command Prompt and select Run as administrator. 4 Select Yes in the UAC window to continue. 5 Issue this command to install the agent: Msiexec /package C:\FullInstallPath\Unitrends_BareMetal.msi where FullInstallPath is the full path of the location where you saved Unitrends_BareMetal.msi. For directories with spaces in the name, add quotes to the command. For example, if you wish to download Unitrends_BareMetal.msi to C:\Program Files, use the following command: Msiexec /package "C:\Program Files\Unitrends_BareMetal.msi" 6 Exit the Command Prompt window and restart your system to apply the changes. 7 Proceed to one of the following procedures below to perform additional bare metal setup steps: • • "Special installation instructions for Microsoft Vista clients" on page 429 "Special installation instructions for Windows Server" on page 430 Special installation instructions for Microsoft Vista clients Administrator privileges are required to install the system protection software on the Vista operating system. Please make certain that the user applying the system protection software has administrator privileges on the client. Members of the Administrator group who have not been assigned administrator privileges will not be able to install the product successfully. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 430 Additional configuration is required for bare metal protection of Vista clients. Work with Unitrends support to setup this configuration. See "Contacting Unitrends Support" on page 40 for details. Special installation instructions for Windows Server The core agent for Windows Server performs backup and recovery of the system state, including support for ISS, COM+, Cluster Database, and Active Directory. The system protection software must be installed on the Microsoft Windows Server client while logged in using the local system Administrator account. If the local system Administrator account cannot be used for the installation, the Windows User Account Control facility must be disabled. When the installation of the system protection software completes, User Account Control can be re-enabled. To disable User Account Control (UAC) 1 Launch MSCONFIG from the Run menu. 2 Select the Tools tab. 3 Select Disable UAC. 4 Press Launch (wait for this step to complete). After having successfully installed the system protection software, locate the Unitrends Agent entry on the Windows Start menu, right click on the Unitrends Agent Menu, and select Run as administrator. This process is required following the initial installation of the software. Subsequent invocations of the application can be launched using the usual method. Additional configuration is required for bare metal protection of Windows Server clients. Work with Unitrends support to setup this configuration. See "Contacting Unitrends Support" on page 40 for details. Agent installer for Windows 2000 client The agent installer for Microsoft Windows supports a graphical Administrator Interface as well as a command-line installation option. Windows 2000 clients can use either the complete installation or the custom installation. To install the agent using the installer 1 To begin the installation process, log in to the system as a user that has full access to all files and folders (i.e. local administrator) and launch the installer file that is located on the installation media or that has been downloaded from the Unitrends Customer Care Center online. 2 Once the installer has been launched, a message indicating the required access and permissions will be displayed; simply acknowledge this message to continue. 3 Review the license agreement and select the radio button that corresponds to acceptance of terms and conditions of the agreement. Print a copy of the license agreement by clicking Print before continuing. 4 Select the Complete or Custom option and click Next. Note: If the Windows OS is upgraded to a newer release or service pack then the Unitrends agent must be uninstalled and reinstalled. Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 431 5 Proceed to one of the following: • • "Complete Installation for Windows 2000 client" on page 431 "Custom installation for Windows 2000 client" on page 431 Complete Installation for Windows 2000 client Co mp le te in s ta la tio n fo rWin d o ws 2 0 0 0 c lie n t The complete installation method installs the core component, which includes Windows bare metal, remote administration, and the ODM driver. By default, the USNAPS driver is installed only on Microsoft Windows Server 2000 operating systems. Installation of the USNAPS driver always requires a reboot of the client following installation. If the installer detects that Microsoft Exchange Server is installed on the system, then the legacy Exchange agent is installed. Likewise, if Microsoft SQL Server is detected on the system, the legacy SQL Server agent is installed. The installation directory for the complete install is C:\PCBP. The installation takes only a few minutes to configure the system and to copy necessary files. When the process is complete, a message displays indicating the status of the installation. Custom installation for Windows 2000 client Cu s to min s ta la tio n fo rWin d o ws 2 0 0 0 c lie n t The custom installation method allows you to select which components to install on the system. Any combination of components may be selected for installation. The installer does not prohibit the installation of a component when the underlying software is not installed on the system. For example, the legacy SQL Server agent may be selected for installation on the client even when the Microsoft SQL Server software is not installed. In this case, the application agent will not function as designed. Therefore, it is recommended that all appropriate software be installed or planned for installation, prior to installing the corresponding agent. The installation takes only a few minutes to configure the system and to copy necessary files onto the system. When the process is complete, a message displays indicating the status of the install. Command-line installer for Windows clients The protection software command-line option allows the installation, removal, and maintenance of the system protection software from the command-line. In addition, these command line options may be used in conjunction with Microsoft’s Group Policy methodology to deploy mass installations of clients. See the following for details: • • "Command-line installer parameters" on page 431 "Windows agent installer command-line examples" on page 432 Command-line installer parameters Co mma n d -lin e in s ta le rp a ra me te rs The agent installer utilizes the msiexec command to manage the system protection software from the command-line. However, not all of the msiexec default parameters are supported with the installer. The following msiexec parameters are available: /I - Installs and modifies the software. /f - Repairs the software. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 432 /uninstall - Removes the software. /quiet - Installs software in quiet mode with no user interaction. /l* - Enables logging. The option below is used to manage the restart of a client after the installation is complete: FORCE_BOOT If set to True, will restart the system after installation. If set to False, will suppress restart after installation. The following table depicts the optional parameters available for specification on the command-line. Please note that these parameters are case sensitive and must be entered in upper case on the command line. The values specified for the parameter are not case sensitive. Parameter name (upper case) Parameter value Default value USNAPS True | False False BARE_METAL True | False True REMOTE_ ADMIN True | False True ODM True | False True SQL_AGENT True | False True, if SQL Server is installed on the client, otherwise False. EXCHANGE_ AGENT True | False True, if Microsoft Exchange server is installed on the client, otherwise False. INSTALLDIR "C:\PCBP" Note: IP FIREWALL Directory name must not contain spaces and must be included in double quotes. 127.0.0.1 True | False False Windows agent installer command-line examples Win d o ws a g e n tin s ta le rc o mma n d -lin e e x a mp le s Example 1: Install software using default values msiexec /i "C:\\Unitrends_Agent.msi" where is the path of the downloaded agent Example 2: Install software with default values and turn on logging msiexec /quiet /l* "C:\temp\Unitrends.log" /i "C:\\_Agent.msi" Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 433 Where "C:\temp\Unitrends.log" is the full path location of the log file named Unitrends.log. Example 3: Uninstall software from the system msiexec /quiet /uninstall "C:\\_Agent.msi" Windows protection software deployment using Group Policy Deploying software is typically a simple task. However, this is not necessarily the case when the software being deployed must be installed on dozens, or even hundreds, of computers. Physically installing software on every single machine can be a burdensome task. Fortunately, Microsoft provides a much easier method through group policy-based software installation. With the installer and command-line options, the ability to mass deploy installations is readily available. See the specific Microsoft Group Policy literature for details regarding the download and use of Group Policy software. While the group policy-based technology may provide a number of ways to deploy software, this section describes use of the msi installer file to deploy and install software. To deploy software via Group Policy 1 An Active Directory domain is needed. Begin by creating a new Group Policy Object (see Microsoft documentation for details). 2 When the object has been created, select and edit it. If using the Group Policy Management Console, this action will invoke the Group Policy Object Editor. 3 Determine whether the Group Policy Object will be a computer configuration or a user configuration. Depending on the configuration selected, expand the Software Settings folder and select the Software Installation option. 4 Right-click Software Installation, point to New, and then click Package. 5 In the Open dialog box, type the full Universal Naming Convention (UNC) path of the shared installer package. For example: \\fileserver\share\file name.msi. IMPORTANT! Do not use the Browse button to access the location. Make sure to use the UNC path to the shared installer package. 6 Click Open. 7 Click Assigned, and then click OK. The package is listed in the right pane of the Group Policy window. 8 Close the Group Policy snap-in, click OK, and then quit the Active Directory Users and Computers snap-in. 9 Link the Group Policy Object to the domain by dragging the object to the domain name. 10 Finally, double click the Group Policy Object name to add computers or users to the object. • If the computer configuration was selected, the protection software will be installed on the specified computer(s) whenever it is restarted. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 434 • If the user configuration was selected, the protection software will be installed on any computer in the domain where the specified users log in to the domain. • Once installed, an entry for the application displays in the Add/Remove Programs interface of the Microsoft Windows operating system. Windows version USNAPS driver installation (default) MICROSOFT driver used? REBOOT required after installation? Windows 2000 YES NO YES Windows XP NO YES NO Windows 2003/2003 R2 (32-bit & 64-bit) NO YES NO Windows Vista (32-bit & 64-bit) NO YES NO Windows 2008/2008 R2 (32-bit & 64-bit) NO YES NO Windows 2012 (64bit) NO YES NO Windows 7 (32-bit & 64-bit) NO YES NO Windows 8 (32-bit & 64-bit) NO YES NO Windows 8.1 (32-bit & 64-bit) NO YES NO Removing or repairing Windows agents The system protection software can be removed or repaired using maintenance mode. If installation is done via group policy, removal of Unitrends software should be performed using the command line as well. See "Command-line installer for Windows clients" on page 431 for details. Note: If the USNAPS driver is installed, a reboot is always required regardless of the operating system. See the following procedures: • • "Maintenance mode for Windows XP, 2003, and up" on page 435 "Maintenance mode for Windows 2000 client" on page 435 Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 435 Maintenance mode for Windows XP, 2003, and up Ma in te n a n c e mo d e fo rWin d o ws XP,2 0 0 3 ,a n d u p The Unitrends application may be repaired or removed via the Add/Remove Programs interface. Repair and remove features can also be accessed by executing the Unitrends Agent.msi file again. Select the Repair option to restore an existing installation to operating form or choose Remove to delete the system protection software from the client. Maintenance mode for Windows 2000 client Ma in te n a n c e mo d e fo rWin d o ws 2 0 0 0 c lie n t When the protection software has been installed, execute the installer file again to initiate maintenance mode. Select the Modify option to make changes to the currently installed options and add or remove components as desired. Select the Repair option to restore an existing installation to operating form and choose Remove to delete the system protection software from the client. Updating the Windows agents Windows agent updates can be pushed to clients using the Agent Updates page, or manually for environments that do not support push installation. See the following topics for details: • • "Push installing agent updates" on page 435 "Manually updating Windows agents" on page 437 Push installing agent updates Pu s h in s ta lin g a g e n tu p d a te s Pushing updates to Windows clients greatly reduces administration time and ensures that the latest protection software is running on your clients. See the following topics for details: • • • "Push install update notifications" on page 435 "Requirements for pushing agent updates" on page 435 "To push install agent updates" on page 436 Push install update notifications Pu s h in s ta lu p d a te n o tifc a tio n s In Unitrends release 7.0 and higher, an alert displays on the front Status page any time an agent update is available for your push-install clients. Once you install the update, the alert message moves to the Previously Resolved folder. Note that alerts display only for clients that meet the push update requirements described in "Requirements for pushing agent updates" on page 435. Requirements for pushing agent updates Re q u ire me n ts fo rp u s h in g a g e n tu p d a te s In addition to the general "Windows agent requirements" on page 426, the following prerequisites must be met before pushing Windows agent updates: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 436 Item Description Windows versions supported Windows XP, 2003, and up are supported (32-bit and 64-bit). Windows NT and 2000 are not supported. For these versions, install the agent manually. See "Manually updating Windows agents" on page 437 for details. Unitrends system version Release 7.0 and higher (8.2 and higher for Windows Server 2012 R2 and Windows 8.1). Unitrends Windows agent version Release 5.0.2 and newer. You must manually uninstall and re-install agents for clients running releases prior to 5.0.2. Backup system installation type Push installations are only supported on systems configured with the local backup system, replication target, and local backup system and replication target installation types (see "About the installation type" on page 67). Credentials Trust credentials must be defined for the client on the backup system. See "Client trust credentials" on page 91 for details. To push install agent updates Note: You can also push updates from the Clients page as described in "To push agent updates to one client" on page 90. 1 Select Settings > System, Updates, and Licensing > Updates. 2 Before installing agent updates, check for and install any system updates. For details, see "About system updates" on page 92. 3 On the Detailed Update Management page, select the Agent Updates tab. Windows clients for which push updates are supported display in the list. 4 Check boxes to select the clients to update, then click Confirm. 5 Upon clicking Confirm, agent updates are pushed to the client if these conditions are met: 6 • • • Trust credentials are valid. • Updates are available for the client (client is not running the latest agent release). No backup or restore job is currently in progress or scheduled to run soon for the client. Push update requirements have been met (see "Requirements for pushing agent updates" on page 435). Upon completion, the Agent Push Results page displays indicating whether updates were installed successfully. Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 437 Manually updating Windows agents Ma n u a ly u p d a tin g Win d o ws a g e n ts If push installation is not supported in your environment, manually install updates as described in these topics: • • • "To manually update Windows agent versions 5.0.2 and later" on page 437 "To manually update Windows agent versions earlier than 5.0.2" on page 437 "To move the agent to another location" on page 437 To manually update Windows agent versions 5.0.2 and later Install the latest agent version as described in "Manually installing the Windows agents" on page 428. It is not necessary to uninstall existing agent software. To manually update Windows agent versions earlier than 5.0.2 1 Uninstall the agent software using one of these procedures: • "Maintenance mode for Windows XP, 2003, and up" on page 435 • "Maintenance mode for Windows 2000 client" on page 435Maintenance mode for Windows 2000 client • "Command-line installer for Windows clients" on page 431 (Use if you have deployed from the command line using Group Policy.) 2 Reboot the Windows client. 3 Install the latest agent version as described in "Manually installing the Windows agents" on page 428. 4 Reboot the Windows client. To move the agent to another location If you are running out of space on C: or need to move the agent for some other reason: 1 Uninstall both the core and bare metal agents. See "Removing or repairing Windows agents" on page 434 for details. Log files remain in the C:\PCBP directory. 2 Move or delete the C:\PCBP directory as desired. 3 Manually Install both the core and bare metal agents to the desired location. See "Manually installing the Windows agents" on page 428 for details. Note: 1100 MB of free space is required on the system drive (usually volume C:), even if you are installing to a different volume. This space is needed for the installer program to run. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 438 About Windows protection The Windows agents enable file-level, application, and bare metal protection of Windows clients. Note: The maximum file pathname size for Windows is 32 KB. File pathnames that exceed this limit are not included in the backup. The following topics describe Windows protection and special considerations for various Windows environments. • • • • • "Windows selection lists" on page 438 • • • • • • • • "Active Directory backup and restore on Windows Server" on page 444 "Volume Shadow Copy Service on Windows Server" on page 442 "Backing up a Windows server" on page 443 "Backing up Windows applications" on page 443 "System state backup and restore on Windows Server" on page 443 "Bare metal restore of Active Directory Server on Windows Server " on page 445 "Microsoft IIS meta-directory backup and restore" on page 445 "Certificate Services database backup and restore" on page 445 "Cluster database backup and restore on Windows Server " on page 446 "Protecting file clusters" on page 446 "Windows bare metal" on page 446 "Features of the Windows agent" on page 447 Windows selection lists When protecting Windows clients, the selection list options are different than the generic behaviors described in the File-level Backups chapter. Like all client types, inclusion lists for selective backups and exclusion lists for full, differential, and incremental backups are supported. However, for Windows clients with agent 7.2 or higher, inclusion lists are also supported for full, incremental, and differential backups. Any selection lists applied to a Windows full backup must be applied to all subsequent incremental and differential backups in the backup group. For more information, see "Using selection lists with full, differential, and incremental backups" on page 165. Note that the Windows agent has default exclusions separate from the exclusion and inclusion lists you create in the Administrator’s Interface. Notes: • • Selection lists are not supported for bare metal backups. To perform integrated bare metal recovery or Windows instant recovery, boot and critical system volumes must be included in the backup. Do not use selection lists unless you are sure these volumes will be included. Exclusion lists for Windows clients Ex c lu s io n lis ts fo rWin d o ws c lie n ts Similar to all client types, exclusion lists can be created for full, differential, and incremental Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 439 backups of Windows clients. For more information, see "Using selection lists" on page 162. Default exclusions for file-level backups of Windows servers By default, certain directories and files are excluded from file-level backups of Windows severs. These exclusions are in addition to any exclusions you have applied to the Windows server’s backups. Directories and files excluded from file-level backups of Windows servers By default, the following are excluded from file-level backups of Windows servers: • • • • • • • • • • • • Any mapped network drives • Contents of the server’s DefaultDataDirectory as specified by the registry key HKLM\Software\Microsoft\Windows • Files specified by the registry key HKLM\System\CurrentControlSet\Control\BackupRestore\FilesNotToBackup • Additionally, the following profile directories specified by the registry key HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ProfileList\*\ProfileImagePath\ are also excluded: /RECYCLER /$Recycle.Bin %TMP% %TEMP% *.tmp *.temp %AllUsersProfile%\Microsoft\Network\Downloader\Cache %WINDIR%\System32\Config %WINDIR%\System32\Catroot2 %WINDIR%\win386.swp Contents of the server’s DataDirectory as specified by the registry key HKLM\Software\Microsoft\Windows – \AppData\Local\Temp – \Local Settings\Temp – \Local Settings\Temporary Internet Files Application files excluded from file-level backups of Windows servers If your Windows server is hosting applications, the following default exclusions also apply to file-level backups of the server: • • • Files in Exchange and SQL database/log directories are excluded. Any files owned by Exchange, Hyper-V, or SQL applications are excluded. SQL files with extensions .mdf, .ldf, and *.ndf are excluded only if the SQL VSS component is running on the Windows server. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 440 To protect applications hosted by a Windows server, run application backups, as described in the chapters "Microsoft Exchange Protection", "Hyper-V Protection", and "Microsoft SQL Protection". Inclusion lists for Windows clients In c lu s io n lis ts fo rWin d o ws c lie n ts Beginning with version 7.2, inclusion lists are supported for full, incremental, and differential backups of Windows clients. Wildcards are not supported. The selection lists applied to a Windows full backup must be applied to all subsequent incremental and differential backups. IMPORTANT! To use inclusion lists for Windows, both the Unitrends appliance and the Windows agent must be version 7.2 or higher. Backups with an inclusion list will contain only files that meet the inclusion criteria. Run a new full upon creating or modifying an inclusion list for the client. Example uses for inclusion lists for Windows full, differential, or incremental backups include: • To prevent accidental inclusion of unwanted external volumes. For example, if someone adds a USB drive or maps an external file system, this is included in subsequent file-level backups. • To include only certain volumes or paths that have important data without losing the ability to capture only changes in subsequent incremental or differential backups. (Using the selective backup type would not allow for incrementals and differentials of included data.) • Configuring the list of what to include is simpler than specifying what to exclude from a backup. To specify includes for full, differential, and incremental backups of Windows clients 1 Do one of the following: • • Complete step 1 on page 167 - step 3 on page 167 in "To run a one-time backup". Complete step 1 on page 168 - step 6 on page 168 in "To create a backup schedule". 2 Click Open Client-Specific File System Selection. 3 Browse through the folders and select the appropriate volumes or folders. 4 Click Add to add your selection to the list. Repeat this process until you complete your include list. If you want to remove a selection or remove all of your selections from the Selection List, click on an item in the Selection List and click Remove or Remove All prior to clicking Confirm. Note: To perform integrated bare metal recovery or Windows instant recovery, boot and critical system volumes must be included in the backup. Do not use selection lists unless you are sure these volumes will be included. See "Using selection lists with WIR and integrated BMR" on page 442 for details. 5 When finished, click Confirm to save. 6 Do one of the following: • • Continue with step 5 on page 168 in "To run a one-time backup". Continue with step 8 on page 169 in "To create a backup schedule" Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 441 Inclusion and exclusion list combinations for Windows clients In c lu s io n a n d e x c lu s io n lis tc o mb in a tio n s fo rWin d o ws c lie n ts Beginning with version 7.2, combinations of inclusion and exclusion lists are supported for full, incremental, and differential backups of Windows clients. Wildcards are not supported for full, differential, and incremental inclusion lists. As with inclusion lists for Windows clients, both the Unitrends appliance and the Windows agent must be version 7.2 or higher, and the selection lists applied to the full backup must also be applied to all subsequent incremental and differential backups. For full, differential, and incremental backups, you can select includes and then specify excludes at either the Enterprise or client level. For selective backups, you can select includes and then specify excludes at the Enterprise level only. The following topics describe Windows inclusion and exclusion lists used together: • • "Windows full backup with an inclusion and exclusion list combination" on page 441 • "To specify includes and excludes for Windows clients" on page 442 "When to use inclusion and exclusion list combinations" on page 441 Windows full backup with an inclusion and exclusion list combination The following graphic demonstrates how data is protected when an inclusion list and an exclusion list are used together. The inclusion list determines the files to include, in this case the C: drive, and then the exclusion list is used to exclude a subset of the included files, in this case all .tmp files. When to use inclusion and exclusion list combinations Example uses for inclusion and exclusion list combinations for Windows full, differential, and incremental backups include: • Include a training folder that contains training videos, then exclude all Word and PowerPoint files within the folder. (For example, the training department is updating all of their training videos due to new requirements, and they want to back up all of their video-related files except for companion Word and PowerPoint documents.) • Include a particular volume, then exclude a folder within that volume. (For example, you want to backup your C: drive, but you want to exclude the C:\Status Reports folder.) 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 442 To specify includes and excludes for Windows clients Note: 1 Create an inclusion list for the Windows client. • • 2 To perform integrated bare metal recovery or Windows instant recovery, boot and critical system volumes must be included in the backup. Do not use selection lists unless you are sure these volumes will be included. See "Using selection lists with WIR and integrated BMR" on page 442 for details. To create the list at the client level, see "Computer selection list procedures" on page 172. To create the list at the Enterprise level, see "To create a selection list" on page 183. Create an exclusion list for the same Windows client. • • To create the list at the client level, see "Computer selection list procedures" on page 172. To create the list at the Enterprise level, see "Enterprise selection list procedures" on page 182. Using selection lists with WIR and integrated BMR Us in g s e le c tio n lis ts with WIR a n d in te g ra te d BMR To use Windows backups for Windows instant recovery (WIR) and Integrated bare metal recovery (BMR), the boot disk and any critical system volumes must be present in the backup. For example, you should not exclude Windows, boot, program, or system volume folders. If you are not sure which volumes you can exclude, either run the backups without applying selection lists or apply selection lists and check to see if the resulting backup contains all critical system volumes. To verify that a Windows backup contains required critical system volumes 1 View backup details, as described in "Backup Information page" on page 152. 2 Verify that for the Category DiskMetadata, the Entry is Yes. If the Entry is Yes, then the backup contains critical system volumes and you can use it for WIR and integrated BMR. If the Entry is No, then the backup does not contain critical system volumes. 3 If your backups do not contain required critical system volumes, then you must run new filelevel backups that capture these volumes if you want to protect the Windows client using WIR and integrated BMR. Volume Shadow Copy Service on Windows Server The Volume Shadow Copy Service (VSS) enables the backup of locked or open files allowing volume backups to be performed while applications on a system continue to write to the volumes. Unitrends system protection software uses VSS to capture the server’s system state and open files during a file-level backup and to obtain a volume image during a bare metal backup. No configuration steps are necessary to enable VSS to work with the system protection software. To confirm that the system agent is using VSS, from the agent menu on the Windows Server system, select Options > Snapshot Properties. You will see a message that reads: Snapshots are enabled using Microsoft’s VSS snapshot driver. Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 443 Backing up a Windows server See the "File-level Backups" chapter for additional details on employing backup strategies to protect Windows servers and workstations to meet the Recovery Point and Recovery Time objectives of your organization. For more information about inclusion and exclusion lists for Windows servers and workstations, see "Windows selection lists" on page 438. Windows permissions in file-level backups For each file and directory included in a backup, security information is backed up separately and then restored when the file or directory is restored. Backing up Windows applications You can schedule or run on-demand backups for applications, such as Microsoft Exchange or Microsoft SQL Server, that are installed on registered clients (where a client is a workstation, PC, notebook, etc.). For a complete list of supported applications and versions, see the Unitrends Compatibility and Interoperability Matrix. For details on protecting Windows applications, see the following: • • • • • "Microsoft Exchange Protection" on page 511 "Microsoft SQL Protection" on page 489 "Microsoft SharePoint Protection" on page 535 "Oracle Protection" on page 549 "Hyper-V Protection" on page 585 Protecting deduplication-enabled Windows 2012 Servers For Windows 2012 servers that have Windows deduplication enabled, you must run a new master backup upon upgrading the Unitrends agent. For additional considerations and best practices when using Windows deduplication, see the Microsoft TechNet article Plan to Deploy Data Deduplication. System state backup and restore on Windows Server In Windows Server, the components which make up the system state depend on the configuration of the server. System state data, at a minimum, includes: • • • • Registry COM+ class registration database Boot files, including system files DFS namespaces/replications A domain controller system state includes at least the following: • • • • Active Directory Domain Services Registry COM+ class registration database Boot files, including system files 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 444 • SYSVOL directory When installed, the following components are included in the system state: • • • Microsoft Internet Information Services (IIS) meta-directory Certificate Services database Cluster Service information When a file-level backup of a Windows Server system is performed, the server’s system state is captured in a file that is placed on the C-drive of the system. This file is present during the file-level backup and is deleted when the backup ends. The file is backed up to the system during the filelevel backup process. The file created during the backup of the Windows Server system will use space on the C: drive of the server, possibly as much as one gigabyte. If the C: drive of a Windows machine is excluded from backup, the system state is not captured, resulting in the backup completing with warnings. Instead, exclude all subdirectories and files but leave “C:” itself to be backed up. Note: System state must be present in the backup for it to be used for Windows Instant Recovery and Windows integrated bare metal restore. To recover the system state, restore the last incremental or master backup to the Windows Server system. After restoring the system state, rebooting is required before continuing to the next restore step. Note: The first boot after doing a full OS restore of Windows 2012, 2012 R2, 2008, or 2008 R2 may take 5-10 minutes or longer. You may see a blank screen during this time. The machine is not hanging. Do not reboot forcefully during this time, as it may corrupt the OS causing it not to boot up. The slow boot is due to a bulk file-rename for files which were restored with temporary file names because their production counterparts were active and locked at the time of the restore. This also happens with Windows 2003, but the file-set is much smaller and the boot-lag is therefore much shorter in duration. Protecting Windows DFS Servers When performing file-level backups of a Windows server that uses a distributed file system (DFS), the system state can grow very large over time. If your backups are growing and taking longer to complete, you can exclude the DFS writer from the system state backup. See KB 2368 for details. Active Directory backup and restore on Windows Server Active Directory database and SYSVOL backups are part of system state backup during a master or incremental backup. To restore Domain Controller and Active Directory database, the server must be booted into Directory Service Restore Mode before a master or incremental restore. To recover the Active Directory information, restore the last incremental or master backup to the Windows Server system. Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 445 By default, Unitrends agent performs non-authoritative restore of Active Directory database. You can proceed with authoritative restore using ntdsutil.exe command following a master or incremental restore. Follow the best practices around Active Directory Authoritative restores described in the Active Directory Domain Services Operations Guide at: http://www.microsoft.com/en-us/download/details.aspx?id=16849 In certain circumstances, you may wish to restore NTDS or SYSVOL files for a domain controller to an alternate location, and then Microsoft Utilities to recover from these restored files. Unitrends agent allows restoring system files into an alternate SystemState.dir location when Active Directory is running without a complete restore. Bare metal restore of Active Directory Server on Windows Server An Active Directory server can be recovered from a bare metal backup, but be aware that this is an older image of the domain controller. There are specific steps that must be completed before starting the recovered server in normal mode. If the server is booted into normal mode before completing these steps, replication will proceed with inappropriate tracking numbers, resulting in an inconsistent database among domain controller replicas. After a bare metal image is restored, when the server is booted for the first time, and it is a member of an Active Directory forest, it must be started in Directory Services Restore Mode (DSRM). You then must complete a restore of the last master and incremental file backups of the server. If a file backup of the server is not available, the server must be started in Directory Services Restore Mode and the database restored from backup registry value must be set to 1. For instructions on how to edit this registry value, please review the Microsoft TechNet article, Backup and Restore Considerations for Virtualized Domain Controllers. Note: To eliminate the possibility of starting in normal mode, when booting an Active Directory server the first time after a bare metal recovery, do so with the server disconnected from the network. After confirming the server is running in DSRM, the network can be reconnected to proceed with the file backup. Once the file backups have been restored or the “database restored from backup” registry value has been set to 1, restart the domain controller in normal mode. Microsoft IIS meta-directory backup and restore On Windows Server systems where the Internet Information Services (IIS) role is installed, the system state backup (described in the system state backup and restore section) captures the ISS meta-directory information. To recover the IIS meta-directory information, restore the last incremental or master backup to the Windows Server system. The Windows Server system agent supports IIS 7.0 and IIS 7.0 with IIS 6.0 compatibility role installed. Certificate Services database backup and restore On Windows Server systems where the certificate service role is installed, use the certification authority MMC snap-in to perform a backup of the Cert Svc site. This can be found under Administrative Tools. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 446 In the MMC, right-click on the site name and choose View Tasks > Backup. Choose to backup all options and place the backup in a new directory under c:/windows/system32. The Unitrends backup will capture the certificate services backup information. To restore certificate services data, restore the files captured by the Unitrends backup to their original location and use the certification authority MMC snap-in to perform a restore of the Cert Svc site. From the same menu with which you backed up the certificate services information, choose All Tasks > Restore. Cluster database backup and restore on Windows Server On Windows Server systems where the cluster service is active, the cluster database will be captured during the system state backup. The system state backup will skip the cluster database and log a warning if the cluster service is not active. A cluster database only need be restored if all nodes in a cluster lose their copy of the database. If just one node loses the database, the lost database will be restored from another node in the cluster. If the database must be recovered, during a restore of the system state, the cluster database (CLUSDB) will be restored to the C:/PCBP/SystemState.dir/ (the exact path may differ if the system agent was installed to a directory other than the default). From the PCBP directory, run the utility cdrestore.bat to recovery the cluster database. If a cluster database file exists in C:/PCBP/SystemState.dir, the utility will show the date that the database was restored and prompt you to ensure that the Cluster Service (ClusSvc) is stopped on all nodes of the cluster before continuing. Press y to continue and the database is restored. If the first attempt to restore the database fails, the utility will display the steps required to clear the existing clustering hive from the registry hive so that the database file may be restored. After the restore completes, the cluster service will need to be started to access the storage cluster. Protecting file clusters The Unitrends agent can protect clustered volumes no matter which physical server within the cluster hosts them. In a Windows failover cluster, each protected volume is assigned a cluster hostname, cluster IP address, and a volume name or letter via the failover cluster management interface. This resource group, when in-service, is accessible on one of the cluster nodes at any particular time. In the event of a hardware or software failure on one cluster node, the resource is moved to another node and can be accessed using the same IP address. To protect file clusters, install the Windows agent on all physical cluster nodes and add the file cluster as a separate client to the Unitrends system. For physical nodes, do not include any file cluster data in any backup schedules. For any file clusters, do not include any local data (such as the system volume) in any backup schedules. Windows bare metal Windows bare metal is a bootable tool from Unitrends, intended for system recovery in the case of software or hardware faults. The Windows bare metal feature relies on the creation of a bootable CDROM which contains system agent programs, utilities, and system specific information. The bare metal process is able to create backup copies of a normally working system and restore the system to its original state or to a previously working state. In addition, Windows bare metal Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 447 eliminates the need for operating system master CDs and floppy disks in order to restore a Microsoft Windows client. Features of the Windows agent Features of the Windows agent are listed in the following table. Feature Sparse files OS version Windows 2000 systems and above During backup During restore A sparse file is a large file which is The data blocks are not made up of a great deal of data. reconstructed to restore the When the sparse file facilities are sparse file in its original form. used, the system does not allocate hard drive space to a file except in regions where it contains something other than zeros. Sparse files are backed up in a way that only valid data blocks of the files are stored on the backup media, thus saving space that would otherwise be taken up by zero filled blocks. Encrypted files Windows 2000 systems and above (NTFS volumes only) 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Windows 2000 and above support encryption of files and folders. Encrypted folders are backed up and restored encrypted. For encrypted files the raw encrypted data that was stored to the backup media is restored back into a file. Recovery agents may be When backing up encrypted files, required in order to access the the file data is not decrypted; file if it is restored to a different instead, raw encrypted data is read system. and backed up. Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 448 Feature Hard links OS version Windows 2000 systems and above (NTFS volumes only) During backup During restore A hard link is a file system-level shortcut for a given file. Since the backup engine saves the information about the links between files, hard links are restored seamlessly, so that the same file contents can be accessed using many names. When a hard link is created to an existing file, information is added to its directory entry at the NTFS level. The original file now has two or more names that can be used to access the same content. When backing up such files, the backup engine saves the contents of a hard linked file only once. When it encounters a different name of the linked file that has already been backed up, it simply saves the link between the names instead of saving the contents of the file again. Offline files Windows 2000 systems and above (NTFS volumes only) Offline files are files whose data is not immediately available. The file data may have been physically moved to offline storage. Remote storage and the hierarchical storage management software support these types of files. Restore of a hard link succeeds only if the original file containing the contents already exists on the system. In case that the file referenced by the hard link is not already present in the system, the user is notified that he/she needs to restore the original file first. Offline files are restored like normal files. When such a file is backed up, the engine indicates to the system that the file data is requested, but it should continue to reside in remote storage. It should not be transported back to local storage. Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 449 Feature Junctions and volume mount points OS version Windows 2000 systems and above (NTFS volumes only) During backup During restore Volume mount points are based on reparse points; they allow administrators to graft access to the root of one local volume. The engine restores the reparse data that was backed up for a junction or volume mount point. For the restore process to be valid the target directory/volume should also exist in the system. Similarly, junctions are used to graft a target folder onto another NTFS folder or “mount” a volume onto an NTFS junction point. The engine follows the reparse point to backup the files/folders of the Volume Mount point. Compressed Windows files NT4 systems and above (NTFS volumes only) On the NTFS volume each file and directory has a compression bit. If this bit is set, all data in the file is compressed. The backup engine backs up uncompressed data on a file. During restore, the engine marks a file/folder as compressed before data is written to the file. Therefore, when data is restored, the system automatically compresses it and the file/folders are restored in their original compressed state. Registry aliases Windows NT4 systems and above Registry aliases are links in the registry from one key to another. When a registry link is traversed, the path searching continues at the target of the link. The backup engine detects these links in the registry and saves these links instead of copying the target key to which they point. Thus, a lot of duplicate data is eliminated from the registry backup and restore process. The registry aliases are restored as links. The target of the link has to present in order for the link to work correctly. Registry security information Windows 2000 systems and above The engine provides a mechanism to save the security information related to a registry key. The user can turn this mechanism on or off using the BackupRegSec flag in the master.ini file. If the security information of the registry keys was backed up then it is reapplied to the keys during a restore process. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 450 Feature Unmounted volumes OS version Windows XP and above During backup During restore The unmounted volumes like Microsoft System Reserved partitions are backed up by the engine The unmounted and reserved volumes are recovered on the restore operation Additional features of the Windows agent are listed below: Feature OS version During backup Temporary files Windows NT4 systems and above (NTFS volumes only) The engine provides a mechanism to allow the user to exclude temporary files during a backup process. This option can be chosen from the client GUI by selecting the Exclude Temporary Files option in the backup menus. Once selected, this option will exclude the following: All files in the Internet cache and the temporary folder of all users in the system. All files marked with the flag FILE_ATTRIBUTE_TEMPORARY. All files of the form ~xxx.tmp. Wild card exclusion All systems It is possible for the client side GUI user to specify a path containing wildcards to be excluded. The following steps describe the process: Select Backup > Master/Selective > Exclude Files. Specify the wildcard path in the Filter edit box. No other file in the list box can be selected. Click ADD. Exclusion of files Windows The engine maintains a list of files and folders that are excluded from 2000 a backup or a restore process. This list contains files such as the systems and page file, temporary files, etc. above Controlling All systems automatic shutdown for reboot A flag in the windows local master.ini file called EnableAutomaticRestart can be specified to control automatic restart behavior. This flag can be set to either Yes or No. At the end of a restore process, if a reboot is required, a dialog box is presented to query whether the engine should reboot the system. If the dialog box times out without a response, then the status of the flag is used to resolve if the system should be automatically restarted. Legacy Recovery-Series and UEB Administrator's Guide Chapter 20: Windows Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 451 Chapter 21: Windows Instant Recovery Using Unitrends Bridge™, Windows instant recovery (WIR) provides a temporary solution for rapid recovery of a failed Windows client by enabling you to create a virtual replica of the client that can immediately assume the role of the original client in the event of a disaster. This replica is referred to as a virtual failover client (VFC). As backups are completed for the original client, they are restored to the VFC to ensure that it contains all of the original client’s data. In the event of a failure, the VFC can immediately assume the role of the original client. The VFC can run on a Recovery-Series appliance (backup system or replication target), ESX host (Unitrends release 7.4 or higher), or Hyper-V server (Unitrends release 8.0 or higher). It replaces the original client until you can perform a bare metal recovery to restore the original client to new physical hardware. See the following topics for an explanation of how the feature works and instructions for using it: • • • • • • • • • "Overview of Windows instant recovery" on page 451 "Steps for implementing Windows instant recovery" on page 456 "General requirements and considerations for Windows instant recovery" on page 457 "Running backups for clients protected with Windows instant recovery" on page 464 "Setting up a virtual failover client" on page 464 "Auditing a virtual failover client" on page 471 "Monitoring and managing virtual failover clients" on page 474 "Taking a virtual failover client live" on page 481 "Troubleshooting Windows instant recovery" on page 485 Overview of Windows instant recovery To implement Windows instant recovery, you must create a virtual failover client (VFC) for each client you want to protect with this feature. The Unitrends appliance can retrieve the necessary data to create the VFC from eligible local or replicated backups run with agent release 7.3 or higher (7.4 or higher for UEFI-based clients). If no eligible backups reside on the appliance, it must communicate directly with the original client to create the VFC. A virtual failover client cannot be created after a client has failed unless eligible backups for this client reside on the appliance. For details, see "About retrieving configuration data for a virtual failover client" on page 455. The VFC can reside in one of the following locations: • • • Recovery-Series appliance (backup system or replication target) ESX host (Unitrends version 7.4 or higher) Hyper-V server (Unitrends version 8.0 or higher) 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 452 After you create the VFC, as new backups are run or replicated, the appliance continually updates the VFC by performing virtual restores. After the first virtual restore completes, you can audit the VFC to verify that it boots successfully. If the original client fails, you can set the VFC to go into live mode and boot it with all of the original client’s data. The VFC can then temporarily replace the original client, and the Unitrends appliance protects it with the original client’s backup and archive schedules. Because the VFC uses the appliance’s resources, you should perform a bare metal recovery to restore the client to new hardware as soon as possible. A VFC running on an external hypervisor does not use any appliance resources, and it can permanently replace the original client if the hypervisor has sufficient resources. See the following topics for more information about WIR: • • • "How Windows instant recovery works" on page 452 • "Appliance and hypervisor resources used for Windows instant recovery" on page 457 "About retrieving configuration data for a virtual failover client" on page 455 "Virtual restores for Windows instant recovery" on page 455 How Windows instant recovery works This section provides diagrams to illustrate how Windows instant recovery works with a virtual failover client running on a Recovery-Series appliance and on an external hypervisor. See the following topics for details: • • "Virtual failover client running on a Recovery-Series backup system" on page 452 "Virtual failover client running on an external hypervisor" on page 453 Virtual failover client running on a Recovery-Series appliance A virtual failover client can run on a Recovery-Series backup system or replication target. See the following topics for details: • • "Virtual failover client running on a Recovery-Series backup system" on page 452 "Virtual failover client running on a Recovery-Series replication target" on page 453 Virtual failover client running on a Recovery-Series backup system The diagram below illustrates a virtual failover client (VFC) running on a Recovery-Series backup system. The appliance creates the VFC using system metadata acquired from an eligible backup or from the client itself. (See "About retrieving configuration data for a virtual failover client" on page 455.) After the VFC is created, it is continually updated with virtual restores of backups from the original client. (See "Virtual restores for Windows instant recovery" on page 455.) If the original client fails, you can boot the VFC in live mode and use it to temporarily replace the original client. Because the VFC resides on the appliance, it uses the appliance’s resources such as processors, memory, and storage. A VFC cannot run on a UEB appliance. To use WIR with a UEB, you must run the VFC on an external hypervisor. For details, see "Unitrends backup system managing a virtual failover client on an external hypervisor" on page 454. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 453 Virtual failover client running on a Recovery-Series replication target The diagram below illustrates a virtual failover client (VFC) running on a Recovery-Series replication target. The replication target creates the VFC using system metadata acquired from replicated backups for the original client. After the VFC is created, it is continually updated with virtual restores of replicated backups from the original client. (See "Virtual restores for Windows instant recovery" on page 455.) If the original client fails, you can boot the VFC in live mode and use it to temporarily replace the original client. Because the VFC resides on the appliance, it uses the appliance’s resources such as processors, memory, and storage. The backup system protecting the Windows client can be a UEB or Recovery-Series appliance. However, the replication target running the VFC must be a RecoverySeries appliance. To create and manage a VFC from replicated backups on a UEB, you must create the VFC on an external hypervisor. For details, see "Unitrends replication target managing a virtual failover client on an external hypervisor" on page 454. Virtual failover client running on an external hypervisor A virtual failover client (VFC) running on a hypervisor can be managed by a Unitrends RecoverySeries or UEB appliance, and the appliance can be a backup system or replication target. The hypervisor must be an ESX or Hyper-V server. See the following topics for details: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 454 • "Unitrends backup system managing a virtual failover client on an external hypervisor" on page 454 • "Unitrends replication target managing a virtual failover client on an external hypervisor" on page 454 Unitrends backup system managing a virtual failover client on an external hypervisor The diagram below illustrates a Unitrends backup system managing a virtual failover client (VFC) on an external hypervisor. The appliance creates the VFC using system metadata acquired from an eligible backup or from the client itself. (For details, see "About retrieving configuration data for a virtual failover client" on page 455). After the VFC is created, it is continually updated with virtual restores of backups from the original client. (See "Virtual restores for Windows instant recovery" on page 455.) If the original client fails, you can boot the VFC in live mode and use it to replace the original client. It can function as a temporary replacement until you recover the original client to new physical hardware. If the hypervisor has sufficient resources, the live VFC can replace the original client permanently. Because the VFC resides on a hypervisor, it does not impact the appliance’s resources. It uses the hypervisor’s resources instead. The backup system managing the VFC can be a Recovery-Series or UEB appliance. Unitrends replication target managing a virtual failover client on an external hypervisor The diagram below illustrates a Unitrends replication target managing a virtual failover client (VFC) on an external hypervisor. The replication target creates the VFC using system metadata acquired from replicated backups for the original client. After the VFC is created, it is continually updated with virtual restores of replicated backups from the original client. (See "Virtual restores for Windows instant recovery" on page 455.) If the original client fails, you can boot the VFC in live mode and use it to replace the original client. It can function as a temporary replacement until you recover the original client to new physical hardware. If the hypervisor has sufficient resources, the live VFC can replace the original client permanently. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 455 Because the VFC resides on a hypervisor, it does not impact the appliance’s resources. It uses the hypervisor’s resources instead. The replication target managing the VFC can be a Recovery-Series or UEB appliance. About retrieving configuration data for a virtual failover client The Unitrends appliance retrieves the system metadata used to create the virtual failover client (VFC) in one of the following ways: • • By using the data from an eligible backup By communicating directly with the client A backup is eligible if it meets all of the following criteria: • • • It is a successful full, differential, or incremental file-level backup. It was run with agent release 7.3 or higher (7.4 or higher for UEFI-based clients). It contains system metadata. This metadata is contained by default unless you exclude it using selection lists. For details, see "Using selection lists with WIR and integrated BMR" on page 442. When creating a VFC, the appliance first searches for an eligible backup, and if one does not reside on the appliance, it must communicate with the client directly to retrieve the metadata. The original client’s configuration displays immediately if the appliance can obtain it from a backup. If it must retrieve the metadata directly from the client, you see a message stating, “Retrieving client configuration. Please wait.” This can take several minutes. If eligible backups reside on the appliance, you can create a VFC for a client after it has failed (but it is recommended that you plan for WIR by creating the VFC in advance). However, if eligible backups are not present, the appliance cannot create a VFC for the client without communicating with it directly. Note: All successful backups are restored to the VFC, regardless of whether they meet the criteria of an “eligible backup.” These criteria determine only whether a VFC can be created from a backup, not whether the backup can be restored to a VFC. For details, see "Virtual restores for Windows instant recovery" on page 455. Virtual restores for Windows instant recovery Once a virtual failover client (VFC) is created, the most recent backup group is restored to it (see "Backup groups" on page 145). As new backups for the original client complete, the VFC is 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 456 continually updated with virtual restores of these backups. No restores are performed while a VFC is in audit mode. Any backups that complete while a VFC is in audit mode are restored to the VFC when it is taken out of audit mode. You can view recently completed and pending restores using the instructions described in "Viewing restores for virtual failover clients" on page 477. To view older restores, login to the appliance managing the VFC and select Reports > Windows Virtual Restores Report. Virtual restores are enabled by default when you create the VFC. If you need to temporarily disable restores to free system resources, you can do so using the instructions described in "Modifying a virtual failover client" on page 478. Backups for the client that complete while restores are disabled remain in the restore queue. They are restored to the VFC when restores are enabled again. Appliance and hypervisor resources used for Windows instant recovery Depending on its location, the virtual failover client (VFC) uses system resources from the Recovery-Series appliance or hypervisor. These resources include processors, memory, and storage. Running a VFC on an appliance or hypervisor can impact the performance of other operations, so it is important to verify that the appliance or hypervisor has sufficient resources before creating a VFC. For instructions on monitoring system load for a Recovery-Series appliance, see "Unitrends system resource considerations for Windows instant recovery" on page 465. See the documentation for your hypervisor for instructions on monitoring its system load. When you create a VFC, you assign it processors and memory to use in audit and live state. In all other states, the VFC uses only 1 processor and 1 GB of memory. The appliance creates a VFC with a disk the same size as the disk on the original client. However, because the disks expand dynamically, the amount of storage actually used on the appliance or hypervisor is equal to the amount of space used on the original disk rather than the size of the disk itself. As the amount of storage space used on the original client increases, the amount of storage the VFC uses on the appliance or hypervisor increases. In many cases, the amount of storage actually used for the VFC is less than the size of the disk. Steps for implementing Windows instant recovery This section provides an overview of the steps you must follow to implement Windows instant recovery. It includes steps to perform before and after a client fails. If eligible backups run with agent version 7.3 or higher (7.4 or higher for UEFI-based clients) reside on your appliance, you can create a virtual failover client after a client fails. (For details, see "About retrieving configuration data for a virtual failover client" on page 455.) However, it is recommended that you plan in advance for disaster recovery of your critical servers by creating virtual failover clients as part of your data protection strategy. Follow these steps to implement WIR: Perform before a client fails Step 1: Review the "General requirements and considerations for Windows instant recovery" on page 457. Step 2: Create backup schedules for the clients you wish to protect with WIR. See "Running backups for clients protected with Windows instant recovery" on page 464. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 457 Step 3: Determine whether the VFC will reside on a Recovery-Series appliance, ESX host, or Hyper-V server. See "Considerations for the virtual failover client location" on page 463. Step 4: Set up the virtual failover client. See "Setting up a virtual failover client" on page 464. Step 5: Audit the VFC periodically to verify that it boots successfully. See "Auditing a virtual failover client" on page 471. Step 6: Monitor the VFC periodically using the procedures described in "Monitoring and managing virtual failover clients" on page 474. Perform after a client fails Step 7: Boot the VFC in live mode to temporarily replace the original client. See "Booting a virtual failover client in live mode" on page 481. Step 8: See one of the following depending on the location of the VFC: • "Live mode recommendations for a virtual failover client running on a Recovery-Series appliance" on page 484 • "Live mode recommendations for a virtual failover client running on an external hypervisor" on page 484 Appliance and hypervisor resources used for Windows instant recovery Depending on its location, the virtual failover client (VFC) uses system resources from the Recovery-Series appliance or hypervisor. These resources include processors, memory, and storage. Running a VFC on an appliance or hypervisor can impact the performance of other operations, so it is important to verify that the appliance or hypervisor has sufficient resources before creating a VFC. For instructions on monitoring system load for a Recovery-Series appliance, see "Unitrends system resource considerations for Windows instant recovery" on page 465. See the documentation for your hypervisor for instructions on monitoring its system load. When you create a VFC, you assign it processors and memory to use in audit and live state. In all other states, the VFC uses only 1 processor and 1 GB of memory. The appliance creates a VFC with a disk the same size as the disk on the original client. However, because the disks expand dynamically, the amount of storage actually used on the appliance or hypervisor is equal to the amount of space used on the original disk rather than the size of the disk itself. As the amount of storage space used on the original client increases, the amount of storage the VFC uses on the appliance or hypervisor increases. In many cases, the amount of storage actually used for the VFC is less than the size of the disk. General requirements and considerations for Windows instant recovery This section describes the general requirements for Windows instant recovery. Requirements vary depending on the properties and configuration of the original Windows clients and the desired location for your virtual failover clients (VFC). If you want to run the VFCs on an external hypervisor, you must meet both the Unitrends system requirements and the hypervisor requirements. See the following topics for details: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 458 • • "Unitrends system requirements for WIR" on page 458 • • • "Windows client requirements for Windows instant recovery" on page 461 "Requirements and considerations for running a virtual failover client on an external hypervisor" on page 459 "Considerations for the virtual failover client location" on page 463 "Accessing a virtual failover client" on page 464 Unitrends system requirements for WIR Un itre n d s s y s te mre q u ire me n ts fo rWIR WIR is supported on most Recovery-Series and UEB appliances. This section describes the minimum Unitrends system requirements for leveraging the feature. For details about hypervisor system requirements for running a virtual failover client, see "Requirements and considerations for running a virtual failover client on an external hypervisor" on page 459. The following appliances support WIR: • • 64-bit rack-mounted and desktop Recovery-Series appliances UEB appliances Unitrends software requirements Un itre n d s s o ftwa re re q u ire me n ts The table below provides details about the Unitrends software requirements for using WIR. To take full advantage of WIR and to benefit from significant performance enhancements, it is recommended that you update your Unitrends software to the latest release. VFC location Unitrends appliance software requirements Unitrends Windows agent requirements Recovery- Release 6.2 or Release 6.2 or higher Series higher backup system Recovery- Release 7.3 or Release 7.3 or higher Series higher replication target ESX host Release 7.4 or Release 7.3 or higher (7.4 or higher for UEFI-based clients) higher Hyper-V server Release 8.0 or Release 7.3 or higher (7.4 or higher for UEFI-based clients) must be higher installed on the clients that will be protected by WIR. Release 8.0 or higher must be installed on the Hyper-V servers where the VFCs will reside. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 459 Requirements and considerations for running a virtual failover client on an external hypervisor Re q u ire me n ts a n d c o n s id e ra tio n s fo ru n n in g a v irtu a lfa ilo v e rc lie n to n a n e x te rn a lh y p e rv is o r This section provides details about the hypervisor system requirements for running a virtual failover client (VFC). To create the VFC, you must also meet the "Unitrends system requirements for WIR" on page 458. A WIR virtual failover client VM running on a hypervisor is managed by the Unitrends appliance that created it. The appliance uses the following naming convention to mark the VM as one managed by Unitrends: Unitrends_. You should access this VM only when it is in audit or live mode. You should not make manual changes to this VM, such as powering it on or off, or altering the configuration. Doing so can render the VFC invalid, and you will have to create a new VFC to protect the original client with Windows instant recovery. For requirements and considerations specific to the different hypervisors, see the following topics: • "Requirements and considerations for running a virtual client on an ESX server" on page 459 • "Requirements and considerations for running a virtual failover client on a Hyper-V server" on page 459 Requirements and considerations for running a virtual client on an ESX server Re q u ire me n ts a n d c o n s id e ra tio n s fo ru n n in g a v irtu a lfa ilo v e rc lie n to n a n ESXs e rv e r Review the following requirements and considerations before creating a virtual failover client (VFC) on an ESX server. • The ESX server must be running paid ESXi version 5.1, 5.5, or 6.0. (WIR is not supported on free ESXi versions.) • The ESX server must be a registered client of the Unitrends appliance from which you will create the VFC. • The ESX server must have enough resources to run the VFC. You must assign the VFC a minimum of 1024MB of memory. The memory must be a multiple of 4. • The appliance creates a VFC with a disk the same size as the disk on the original client. For Windows clients with disks larger than 2 TB, the VFC must be created on an ESX server running ESXi 5.5 or higher. • The VFC virtual machine is configured with the latest hardware version supported by the ESX server. For example, a VFC created on a server running ESXi version 5.5 is configured with hardware version 10. • The VFC can run on the same ESX server as a UEB VM or on a different ESX server. Requirements and considerations for running a virtual failover client on a Hyper-V server Re q u ire me n ts a n d c o n s id e ra tio n s fo ru n n in g a v irtu a lfa ilo v e rc lie n to n a Hy p e r-V s e rv e r Review the following requirements and considerations before creating a virtual failover client (VFC) on a Hyper-V server. Requirements and considerations for all Hyper-V servers • A VFC can run on the following: – – Windows Server 2008 R2 or higher with the Hyper-V role enabled Hyper-V Server 2008 R2 or higher 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 460 • The Hyper-V server must be a registered client of the Unitrends appliance from which you will create the VFC. • The Unitrends Windows agent release 8.0 or higher must be installed on the Hyper-V server. After upgrading the agent, you must re-save the server on the Unitrends appliance from which you will perform WIR. Select Settings > Clients, Network, and Notifications > Clients. Select the Hyper-V server, and click Save. This forces the appliance to recognize the update to the agent on the Hyper-V server. • The Hyper-V server must have enough resources to run the VFC. The minimum memory required to create a VFC and start the restore process is 1024 MB. The memory must be a multiple of 2. • The appliance creates a VFC with a disk the same size as the disk on the original client. For Windows clients with disks larger than 2 TB, the VFC must be created on Hyper-V server version 2012 or higher. A VFC on Hyper-V server 2008 R2 is created with a VHD. A VFC on server version 2012/2012 R2 is created with a VHDX. • The generation of the VFC VM is determined by the firmware interface type of the client. VFCs for BIOS-based clients are created as generation 1 VMs, and VFCs for UEFI-based clients are created as generation 2 VMs. (For more details about VFCs for UEFI-based clients, see "Firmware interface type and disk and volume configuration" on page 462.) • • • • The VFC can run on the same Hyper-V server as a UEB VM or on a different Hyper-V server. A VFC for a UEFI-based client can run only on Hyper-V server version 2012 R2. A VFC cannot reside on a Hyper-V server using a selection of SMB shares as shared storage. Pass-through disks are supported on VFCs. After booting the VFC in live mode and configuring the network settings, you must refresh and reconnect any existing iSCSI targets on the client. Additional requirements and considerations for Hyper-V clusters • A VFC can run on a server in a cluster configuration. You must install Unitrends Windows agent version 8.0 or higher on each node and add each node and the cluster to the appliance from which you will create the VFC. Every node in the cluster must have the same agent version installed. • To create a clustered VFC, you must select the cluster when specifying the location for the VFC. You cannot specify an owner node. If you select an individual node in the cluster, the VFC will not be clustered. • For a clustered VFC, you must select the network switch common to all nodes in the cluster. If you do not select this switch, a VFC in live mode that fails over to another cluster will lose network connectivity. • To run the VFC on 2008 R2 servers in a cluster configuration, you must enable DCOM and WMI Virtualization access for all nodes in the cluster. For instructions, see KB 1140. • During live migration of a clustered VFC, the Unitrends appliance cannot perform restores to the VFC, verify or audit the VFC, or boot it in live mode. If a restore or verify attempt is made during a live migration, the appliance will wait several minutes and then attempt the operation again. If you attempt to boot the VFC in audit or live mode during a live migration, the appliance notifies you that the operation cannot be performed because of the migration and prompts you to attempt the operation again later. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 461 Windows client requirements for Windows instant recovery Win d o ws c lie n tre q u ire me n ts fo rWin d o ws in s ta n tre c o v e ry See the following for information about requirements for WIR clients: • • "Supported Windows operating systems and applications" "Firmware interface type and disk and volume configuration" on page 462 Supported Windows operating systems and applications Su p p o rte d Win d o ws o p e ra tin g s y s te ms a n d a p p lic a tio n s The following Windows operating systems and applications are supported for instant recovery: Item Description Client Operating Systems • • • Windows XP, 32-bit and 64-bit (SP2 and later) * • • Windows 8, 32-bit and 64-bit** Windows Vista, 32-bit and 64-bit (SP2) Windows 7, 32-bit and 64-bit Windows 8.1, 32-bit and 64-bit** Notes: Server Operating Systems • • • • • • • • • * For 32-bit Windows XP clients, the VFC must reside on a Recovery-Series appliance or a Hyper-V server. It cannot reside on an ESX server. • **A VFC running Windows 8 or higher cannot reside on Hyper-V server 2008 R2. Windows 2003, 32-bit and 64-bit (SP2) Windows 2003 R2, 32-bit and 64-bit Windows Small Business Server 2003 and later, 32-bit and 64-bit Windows 2008, 32-bit and 64-bit Windows 2008 R2 Windows 2012, 64-bit, all versions*** Windows 2012 R2, 64-bit*** Note: Applications • ***A VFC running Windows Server 2012 or higher cannot reside on Hyper-V server 2008 R2. SQL Server 2005, 2008, 2012, 2014, and 2016. Exchange 2003, 2007, 2010, 2013, and 2016. Windows Instant Recovery is not supported for Windows Cluster Server, and Hyper-V, Oracle, and SharePoint applications. You can use WIR to protect the Windows servers hosting these applications, but the feature will not protect the applications. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 462 Firmware interface type and disk and volume configuration F irmwa re in te rfa c e ty p e a n d d is k a n d v o lu me c o n fig u ra tio n For every operating system mentioned above, the following firmware interface, disk, and volume configurations are supported: Item Considerations Firmware interface type BIOS- and UEFI-based clients are supported. The following requirements must be met to create a VFC for a UEFI-based client: Disk configuration • • Unitrends system and agent versions are 7.4 or higher. The VFC location is an ESX server running ESXi version 5.1, 5.5, or 6.0, or a Hyper-V server version 2012 R2. For a VFC running on a Hyper-V server, the original UEFI-based client’s operating system must be 64-bit and Windows 8 or higher. A VFC for a UEFI-based client cannot run on a Recovery-Series appliance. WIR is supported on Windows machines configured with basic disks as well as dynamic disks, as long as the boot and system disks are not dynamic. Dynamic volumes configured as data volumes are supported for the following types: • • • • • RAID 5 Spanned Striped Mirrored Simple Note: Disk partition type Number of volumes The data from all disks for Windows 8.1 and Windows 2012 R2 is protected by WIR, but a maximum of four disks are accessible when booting. Master Boot Record (MBR) partition types are supported. GUID Partition Table (GPT) disks are supported with the following limitations: • Only the data volumes can be GPT. The boot and system volumes cannot be GPT. • A VFC for clients with GPT disks can run only on an external hypervisor. It cannot run on a Recovery-Series appliance. A client protected by WIR can have a maximum of 20 volumes, including the System Reserved volume and other unmounted volumes. A VFC created for a client with more than 20 volumes might not boot. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 463 Item Considerations Separate boot and system partitions For clients with boot and system partitions located on different disks, the system partition must be located on the first disk (Disk 0). File System The following file systems are supported for WIR: Configuration • NTFS • • Active Directory FAT/FAT32 ReFS (Windows 2012 and later) An Active Directory database (NTDS) located on the boot volume is supported. (If it is not located on the boot volume, the configuration is not supported and you see an error message when you add the VFC.) Considerations for the virtual failover client location Co n s id e ra tio n s fo rth e v irtu a lfa ilo v e rc lie n tlo c a tio n Before setting up your virtual failover client (VFC), you must determine where it will reside. Supported VFC locations vary by Unitrends software version. For details, see "Unitrends system requirements for WIR" on page 458. The table below describes considerations for determining the VFC location. Considerations VFC on Recovery-Series appliance VFC on external hypervisor Unitrends system resources VFC uses a portion of the Unitrends appliance’s processors, memory, and storage. This may impact the performance of regular system functions (such as backups, archiving, replication, deduplication, and purging). Monitor the appliance closely and make adjustments as necessary. VFC uses the hypervisor’s resources, and running the VFC does not impact performance of the Unitrends appliance. However, running the VFC can impact performance of the other VMs on the hypervisor. On-system retention On system retention is reduced because a portion of the appliance’s storage is reserved for the VFC. VFC storage resides on the hypervisor. There is no impact on the appliance’s on-system retention. Use case for the VFC Use temporarily until you can procure new hardware and perform bare metal recovery. Use temporarily or use the VFC VM to permanently replace the original Windows client. UEFI-based clients Cannot recover UEFI-based clients. Supports recovery of UEFIbased clients. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 464 Considerations VFC on Recovery-Series appliance VFC on external hypervisor GPT-partitioned clients Cannot recover GPT-partitioned clients. Supports recovery of GPTpartitioned clients. Accessing a virtual failover client Ac c e s s in g a v irtu a lfa ilo v e rc lie n t To access a virtual failover client (VFC) in audit or live mode on a Recovery-Series appliance, you must use a VNC viewer. One option for acquiring the viewer is www.realvnc.com, but any VNC viewer will work. For a VFC in audit or live mode on an ESX or Hyper-V server, you can access it with the same hypervisor manager used to access other VMs on the server. For more details about running and accessing a VFC in audit or live mode, see "Auditing a virtual failover client" on page 471 and "Taking a virtual failover client live" on page 481. Running backups for clients protected with Windows instant recovery Clients and applications that you wish to protect with Windows instant recovery should be backed up periodically. It is not necessary to create a special schedule for clients protected with WIR. If you are implementing WIR for a client that is already protected in a backup schedule, the existing schedule will work fine. It is recommended that you use an incremental forever schedule, but any schedule that consists of periodic full and differential backups or periodic full and incremental backups will work. For more details, see "Backups Overview" on page 141 and "File-level backup strategies" on page 160. For a SQL server protected with WIR, the recommended strategy is a combination of SQL Full and Transaction Log backups (see "Microsoft SQL Protection" on page 489). Once you have created a VFC, completed backups are restored to the VFC to ensure that it stays current. For details, see "Virtual restores for Windows instant recovery" on page 455. Setting up a virtual failover client The steps for setting up a virtual failover client vary depending on the desired location for the VFC. Before setting up the VFC, it is recommended that you review "Steps for implementing Windows instant recovery" on page 456. For instructions on setting up the VFC, see the following topics: • • "Setting up a virtual failover client on a Recovery-Series appliance" on page 464 "Setting up a virtual failover client on an external hypervisor" on page 470 Setting up a virtual failover client on a Recovery-Series appliance Se tin g u p a v irtu a lfa ilo v e rc lie n to n a Re c o v e ry -S e rie s a p p lia n c e Use the steps described below to set up a virtual failover client (VFC) on a Recovery Series backup system or replication target. Before setting up the VFC, It is recommended that you review "General requirements and considerations for Windows instant recovery" on page 457. Step 1: Determine the system load (optional). See "Unitrends system resource considerations for Windows instant recovery" on page 465. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 465 Step 2: Allocate system storage for instant recovery. See "Allocating storage for Windows instant recovery" on page 465. Step 3: Set up a virtual network bridge and network to access the LAN during instant recovery. (This is not client-specific, so if a bridge and network are already set up on the Unitrends system, you can skip this step.) See "Setting up a virtual network for Windows instant recovery" on page 466. Step 4: Set up a VFC. See "Creating a virtual failover client" on page 467. Unitrends system resource considerations for Windows instant recovery Un itre n d s s y s te mre s o u rc e c o n s id e ra tio n s fo rWin d o ws in s ta n tre c o v e ry A virtual failover client (VFC) residing on a Recovery-Series appliance uses the appliance’s resources and impacts system performance. Processors, memory, and storage are assigned to the VFC, so less system resources are available for functions such as backups, archiving, replication, and deduplication. Retention is also impacted, as storage allocated for instant recovery cannot be used for backups. Before creating a VFC on a Recovery-Series appliance, you should use the procedure described below to check the system load and utilization and determine whether the appliance has adequate resources to perform other functions while also running the VFC. To determine the system load and utilization 1 In the Navigation pane, select the backup system or replication target where the VFC will run. 2 Click on Settings > System Monitoring > Load and verify that the system load is at an acceptable level. Note: 3 If the system is consistently in the Alarm Area for prolonged periods of time or if backups are not completed in the desired backup window, you should reconsider the number of VFCs. If VFCs are currently residing on the appliance, select Settings > Instant Recovery > WindowsTo see resource utilization snapshots for processor, memory, and storage for these VFCs. Allocating storage for Windows instant recovery Allo c a tin g s to ra g e fo rWin d o ws in s ta n tre c o v e ry Depending on the identity of the appliance (backup system or replication target), the storage can be allocated among backups/replication, vaulting, and instant recovery. Resources allocated for a virtual failover client (VFC) can no longer be used for other features such as backups, archives, or deduplication. The amount of storage you allocate for instant recovery on the appliance should be greater than the sum of the used space on all of the original clients for which you will create VFCs. Before allocating storage, it is recommended that you note the following: • The system load and utilization (see "Unitrends system resource considerations for Windows instant recovery" on page 465). • The storage used on the client. The amount of storage you allocate for instant recovery on the appliance should be greater than the sum of the used space on all of the original clients for which you will create VFCs. You can determine the amount of space used on a client by selecting the computer window and viewing the disks. The figure below provides an example. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 466 To allocate storage for the virtual failover client 1 On the Unitrends appliance that will run the VFC, select Settings > Storage and Retention > Storage Allocation. You see the storage allocation chart which shows the storage allocated for backup/replication, vaulting, and instant recovery. 2 Allocate storage for instant recovery by sliding the pie chart or entering the desired size in the field below the graphic. The amount of storage allocated for instant recovery should be greater than the sum of the used space on the original Windows clients. If the storage allocated for instant recovery is insufficient, an alert and SNMP trap is issued to help you quickly detect and resolve the space allocation issue. 3 Click Confirm. You see a summary window with the new allocation. 4 Click Yes to confirm the new settings. Setting up a virtual network for Windows instant recovery Se tin g u p a v irtu a ln e two rk fo rWin d o ws in s ta n tre c o v e ry To run the virtual failover client (VFC) on a Recovery-Series appliance, you must set up a virtual network bridge and confirm or update the virtual network before setting up the VFC itself. (For more information, see "Creating a virtual failover client" on page 467.) Note: This is an appliance-specific setup and not client specific. If a virtual network has already been setup for a previous VFC, you do not need to repeat this step for a new VFC. This network bridge allows you to access the VFC in audit or live mode. When the VFC is in live mode, it uses this bridge to access the local area network of the appliance. It can then communicate with other clients on the network and access the Internet. A VFC in audit mode does not have network connectivity. To set up a virtual network for Windows instant recovery The virtual failover client (VFC) communicates with other network elements via the network bridge, which is associated with a physical Ethernet adapter (eth0, eth1, etc) on the Unitrends appliance. Setting up the virtual network is a two-part process that includes: • • "Setting up the network bridge" on page 466 "Setting up the virtual network" on page 467 Setting up the network bridge 1 Select Settings > Instant Recovery > Network Bridge. In the upper left part of the screen, you see the Ethernet adapters (and associated subnets) that the VFC uses to communicate with the other clients on the network. 2 Click to select an Ethernet adapter. • • This may be eth0, eth1, etc., or you may see only one. If you have more than one Ethernet adapter, use a secondary adapter for the network bridge (the one that is NOT being used for backups or replication). Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 467 3 After you click on the Ethernet adapter, perform one of the following depending on the message that displays: • If a bridge has not been set up for this adapter, the message NO BRIDGE ATTACHED displays. Proceed to step 4 below. • If a bridge has already been set up for this adapter, a message displays in the upper right portion of the screen indicating that this adapter is attached to the bridge (such as “Network Bridge attached to Physical Adapter: eth0”). Skip to step 1 below. 4 Click Add to add the network bridge to the adapter. You see a message confirming that you are adding the bridge. 5 Click the I understand that I am adding a bridge to... checkbox. 6 Click Confirm. In the upper right part of the screen, you see a message that the network bridge is attached to the physical adapter and the physical Ethernet adapter you selected. Note: 7 You also see a Remove button you can use to remove this adapter, if necessary. Click Close. Continue to "Setting up the virtual network" on page 467. Setting up the virtual network 1 Select Settings > Instant Recovery > Virtual Network. In the upper left part of the screen, you see the default value of the virtual network. It may take a moment to load. 2 If the Virtual Network address conflicts with a subnet used in your environment, you can change this address as needed. Note: The DHCP Range is a pool of IP addresses from which IPs are assigned to the VFCs you create. For example, with a DHCP Range of 192.168.53.2 - 192.168.53.25, the address for the virtual network can be from 192.168.53.2 to 192.168.53.25, and you can change the last number to a number between 2 and 25 (as long as the number is not being used already). 3 Click Confirm to establish the virtual network. You see a message that the network address is successfully set. 4 Click Okay. Creating a virtual failover client Cre a tin g a v irtu a lfa ilo v e rc lie n t This section describes the procedures for setting up a virtual failover client (VFC). The steps are the same whether the VFC resides on a Recovery-Series appliance (backup system or replication target) or an external hypervisor. After setting up a VFC on a hypervisor, you must configure the network settings for the VFC. For instructions, see "Adding a virtual failover client to an external hypervisor and configuring network settings" on page 470. Before setting up a virtual failover client, it is recommended that you review "Steps for implementing Windows instant recovery" on page 456. Note: After setting up a VFC, you should not make any configuration changes to the original client (such as adding or removing a disk). Doing so causes the VFC to become Invalid for WIR. For details, see "Invalid virtual failover clients" on page 477. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 468 To create a virtual failover client 1 In the Navigation pane, select the backup system or replication target where the Windows client backups reside. 2 Go to Settings > Instant Recovery > Windows. You see any VFCs that are already set up. If you are on a Recovery-Series appliance, you may also see graphs of the allocation for processors, memory, and storage for any existing VFCs on the system. These graphs do not represent any VFCs on a hypervisor, since Unitrends system resources are not allocated to these VFCs. 3 Click Add in the bottom right of the screen. You see a list of all clients supported for WIR. Note: 4 If the client you want to add is not in this list, verify that client prerequisites have been met. See "Windows client requirements for Windows instant recovery" on page 461. Click on the name of the desired client. You see a message that the client configuration is being retrieved. This might take a moment as the system scans over the latest eligible backup or the client itself for system/disk configuration, and then uses this configuration to create the VFC. Note: If the appliance is unable to determine if your client is BIOS or UEFI-based, you see a message about UEFI requirements. If your client is UEFI-based, be sure these requirements have been met. For details, see "Firmware interface type and disk and volume configuration" on page 462. 5 Once the configuration is retrieved, you see the Add Virtual Failover Client window, which displays the configuration of the original client and boxes used to configure the VFC. 6 Select an icon for the VFC location. Icons representing possible VFC locations display. Select the icon for your desired location. The platform capabilities of your appliance determine which icons display, so an icon representing a hypervisor might display even if you have not added this hypervisor to the appliance. You must add the hypervisor to the appliance before a VFC can be created on the hypervisor. Note: 7 If the client you selected in Step 4 is UEFI-based, the Recovery-Series icon will not display as a possible location because a UEFI-based VFC cannot run on a RecoverySeries appliance. Assign processors to the VFC. You can assign the VFC fewer processors than the original client, as long as the number of processors is not less than one. In most cases, WIR is a temporary solution, so you might want to assign the VFC fewer processors to conserve resources on the appliance or hypervisor. 8 Assign memory to the VFC. This can be less than the amount of memory on the original client. In most cases, WIR is a temporary solution, so you might want to assign the VFC fewer processors to conserve resources on the appliance or hypervisor. For a VFC residing on a hypervisor, the memory must be at least 1024 MB. If it will reside on an ESX host, the memory must be a multiple of 4. For a Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 469 VFC residing on a Hyper-V server, the memory must be a multiple of 2. The appliance rounds the number you enter up or down to the nearest multiple of 4 or 2, depending on the hypervisor you have selected. 9 Check the E-mail the virtual failover client recovery verification report box to receive a daily email report with a screen shot of the VFC’s login screen in audit mode. This email verifies that the VFC boots successfully. The email verification report is not available for a VFC residing on an ESX host. For details, see "Automated audits for a virtual failover client" on page 471. 10 Select volumes from the original client that you want to restore to the VFC. Consider the following when selecting volumes: • All of the original client’s volumes display under “Volumes Available,” regardless of whether they have been backed up on the appliance. • All volumes are added to the VFC by default, and you can use the buttons in the volumes box to add or remove volumes. • Critical volumes are identified. System Reserved and Utility partitions are marked UnmountedVol:. • • If you remove critical volumes, the attempt to create the VFC fails. After creating a VFC, you cannot add or remove volumes. To add or remove volumes, you must delete the existing VFC and create a new one with the desired volumes selected. Note: If a SAN LUN is attached to the original client, it is recommended that the SAN volume be excluded from the VFC and reattached after it is booted in live mode. 11 If the client for which you are creating a VFC hosts Exchange or SQL applications, tabs for the applications display in the Add Virtual Failover Client window. Use these tabs to select databases to include in the VFC. Consider the following when selecting databases: • Only databases that have been backed up display. If you are using replicated backups to create the VFC, only databases for which replicated backups reside on the appliance display in the list of databases. • System databases (such as master, model, and msdb) do not display because they are automatically included in the VFC. • Hyper-V, Oracle, and Sharepoint applications do not display because they cannot be protected by WIR. 12 Click Confirm after you have configured all the settings in the Add Virtual Failover Client window. One of the following happens depending on the VFC location: • Recovery-Series appliance: The VFC is created, and the last backup group is restored to it. Information for the VFC displays in the list of Windows Instant Recovery Clients, which you can view by selecting Settings > Instant Recovery > Windows. For more details, see "Viewing virtual failover client details" on page 476. • External hypervisor: An Add Virtual Failover Client window displays. You must now configure the network settings for the VFC. Proceed to "Adding a virtual failover client to an external hypervisor and configuring network settings" on page 470. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 470 Setting up a virtual failover client on an external hypervisor Se tin g u p a v irtu a lfa ilo v e rc lie n to n a n e x te rn a lh y p e rv is o r Use the steps described below to set up a virtual failover client (VFC) on an ESX or Hyper-V server. Before setting up the VFC, It is recommended that you review "General requirements and considerations for Windows instant recovery" on page 457. Step 1: Verify that adequate resources are available on the hypervisor where the VFC will reside. Step 2: Add the hypervisor to the appliance that will manage the VFC. See one of the following: • • "Working with vCenter and ESX servers" on page 635 "Working with Hyper-V servers" on page 596 Step 3: Create the VFC. For instructions, see "Creating a virtual failover client" on page 467. Step 4: Add the VFC to the hypervisor and configure network settings. For instructions, see "Adding a virtual failover client to an external hypervisor and configuring network settings" on page 470. Adding a virtual failover client to an external hypervisor and configuring network settings Ad d in g a v irtu a lfa ilo v e rc lie n to a n e x te rn a lh y p e rv is o ra n d c o n fig u rin g n e two rk s e tin g s After setting up the virtual failover client (VFC), you must add it to the hypervisor and configure network settings. Use the instructions described below. To add a VFC to an external hypervisor and configure network settings 1 Create the VFC using the procedure described in . 2 A list of ESX or Hyper-V servers displays, depending on your selection in of . Note: 3 To create a VFC on a hypervisor, you must add the hypervisor as a client to the Unitrends appliance that will manage the VFC. If a hypervisor that has been added as a client does not display in the list of servers, verify that it meets the requirements for WIR. See "Requirements and considerations for running a virtual failover client on an external hypervisor" on page 459. Select the hypervisor where you want the VFC to reside. If you are creating the VFC on a Hyper-V server and you want the VFC to be a clustered VM, you must select a cluster. You cannot specify an owner node for the clustered VFC. If you select an individual node in the cluster, the VFC will not be clustered. 4 Select a datastore (ESX) or path (Hyper-V). 5 Enter a name for the VFC in the field Virtual Failover Client Name. This is the name that displays in the hypervisor. The actual name of the VFC is the name of the original client. Consider the following when entering a name: • • The default name is Unitrends_. • The following characters are supported: upper and lowercase letters, numbers, hyphens, and underscores. You can enter a different name. However, it is recommended that you assign the VFC a name that identifies it as a VM managed by the Unitrends appliance. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 471 6 Select a network for the VFC. If you are creating a VFC on a Hyper-V cluster, select the network switch common to all nodes on the cluster. If you select a different switch, a VFC in live mode that fails over to a different node will lose network connectivity. 7 Enter a unique IP address for the VFC. It must have the same subnet as the hypervisor on which it resides. Note: Virtual restores fail if you enter an IP address that is not valid. 8 Enter the netmask for the VFC. It must be the same as the netmask for the hypervisor. 9 Enter a gateway for the VFC. It must be the same as the gateway for the hypervisor. 10 Click Confirm. The VFC is created on the hypervisor, and the last backup group is restored to it. Information for the VFC displays in the list of Windows Instant Recovery Clients, which you can view by selecting Settings > Instant Recovery > Windows. For more details, see "Viewing virtual failover client details" on page 476. Auditing a virtual failover client After setting up a virtual failover client (VFC), audit it periodically to verify that it boots successfully. You can automate the audit process by enabling email verification reports or you can perform manual audits. At least one virtual restore must have completed before the VFC can boot in audit mode. No virtual restores are performed while the VFC is in audit mode, but they resume when you take the VFC out of audit mode. A VFC running in audit mode is booted with no network interface. Auditing the VFC with the original client still online does not result in network conflicts or impact the original client in any way. However, applications on the VFC requiring network access are not fully functional in audit mode. For instructions, see the following topics: • • "Automated audits for a virtual failover client" on page 471 "Manually auditing a virtual failover client" on page 472 Automated audits for a virtual failover client Au to ma te d a u d its fo ra v irtu a lfa ilo v e rc lie n t Note: Automated audits are supported only for virtual failover clients running on a RecoverySeries appliance (backup system or replication target) or Hyper-V server. VFCs running on an ESX server must be audited manually. See "Manually auditing a virtual failover client" on page 472. You can automate the audit process by enabling email verification reports for a virtual failover client (VFC). If the report is enabled, the appliance sends the VFC into audit mode after a restore is performed, takes a screenshot of the Windows screen after the VFC has had several minutes to boot, and sends it in an email to the addresses you entered when setting up reports for the appliance managing the VFC (See "About configuring notifications" on page 62.) The screenshot normally shows the Windows login screen but can also show Windows in other states of booting, including error conditions. You should always view the screenshot to make sure the VFC is booting correctly. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 472 The report is run once per day, but only after a restore is performed. If the interval between restores is greater than 24 hours, you will not receive a report every day. If the VFC cannot boot, you will receive an email report indicating that it cannot be verified. You can enable verification reports when creating a VFC or by modifying an existing VFC using the instructions described in "Modifying a virtual failover client" on page 478. Manually auditing a virtual failover client Ma n u a ly a u d itn g a v irtu a lfa ilo v e rc lie n t Manually auditing the VFC is a two part process that involves setting the VFC to go into audit mode and then accessing the VFC in audit mode to verify that it boots successfully. The procedures for accessing the VFC in audit mode vary depending on the location of the VFC. After you have finished auditing the VFC, you must take it out of audit mode, so virtual restores to the VFC can resume. See the following topics for instructions: • "To set the virtual failover client to go into audit mode" on page 472 • • "Accessing the virtual failover client in audit mode" on page 472 "To turn off audit mode for a virtual failover client" on page 473 To set the virtual failover client to go into audit mode Follow these steps to perform the audit process. 1 In the appliance managing the virtual failover client (VFC), select Settings > Instant Recovery > Windows. 2 Click on the VFC. 3 Check the box next to Set the virtual failover client to go into audit mode and click Confirm. • • You see a message that the client will enter audit mode. If there is a restore in progress, the client will not go into audit mode until the restore completes. 4 Click OK. 5 Click Refresh at the bottom of the screen. You see that the client is now in audit mode: the audit column is Yes, the State column is audit, and the Access field displays the port number (for a VFC residing on a Recovery-Series appliance) or IP address (for a VFC residing on an external hypervisor) that is used to connect to the client. 6 To connect to the client so you can verify that it is functioning as expected, proceed to "To turn off audit mode for a virtual failover client" on page 473. Note: Applications on the VFC requiring network access are not fully functional in audit mode. Accessing the virtual failover client in audit mode Procedures for accessing a virtual failover client (VFC) in audit mode vary depending on its location. See one of the following for instructions on accessing the VFC in audit mode: • • "To access a virtual failover client in audit mode on a Recovery-Series appliance" on page 473 "To access a virtual failover client in audit mode on an external hypervisor" on page 473 Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 473 To access a virtual failover client in audit mode on a Recovery-Series appliance Note: You must use a VNC viewer to access the VFC in audit mode on a Recovery-Series appliance. For details, see "Accessing a virtual failover client" on page 464. Instructions can vary depending on your VNC viewer. 1 Set the virtual failover client (VFC) to go into audit mode (see "To set the virtual failover client to go into audit mode" on page 472). 2 Open a VNC viewer. 3 Enter the IP address of the appliance in the Server field, followed by a colon and the VNC port number, such as: 192.168.101.19:5905. 4 Click Ok. You see the Windows login screen indicating that the VFC is available. 5 Enter the credentials for the Windows client and press Enter. 6 After verifying that the VFC is running with its restored data, turn off audit mode. For instructions, see "To turn off audit mode for a virtual failover client" on page 473. Note: Applications on the VFC requiring network access are not fully functional in audit mode. To access a virtual failover client in audit mode on an external hypervisor Use the instructions described in this section to access a virtual failover client (VFC) in audit mode on an external hypervisor. If you access the VFC before it has booted, you might see the first screen of the Windows Integrated Bare Metal Recovery Wizard. This screen displays because the instant recovery and integrated bare metal recovery features use the same ISO image to boot a recovered Windows machine. You should not attempt to complete the steps on the bare metal screen. After several seconds, the login screen for the original client displays. 1 Set the VFC to go into audit mode (see "To set the virtual failover client to go into audit mode" on page 472). 2 Connect to your hypervisor. 3 Locate the VFC in the list of virtual machines, and access it the same way you access all VMs on the hypervisor. 4 Enter the credentials for the Windows client and press Enter. 5 After verifying that the VFC is running with its restored data, turn off audit mode. For instructions, see "To turn off audit mode for a virtual failover client" on page 473. Note: Applications on the VFC requiring network access are not fully functional in audit mode. To turn off audit mode for a virtual failover client 1 On the Unitrends appliance managing the VFC, select Settings > Instant Recovery > Windows. 2 Select the VFC in the list of WIR clients. The modify a VFC window displays. 3 Uncheck the box next to Set the virtual failover client to go into audit modeand click Confirm. If backups completed for the original client while the VFC was in audit mode, it enters 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 474 the Restore state when audit mode is turned off. If there are no backups to restore, its state is Idle. Monitoring and managing virtual failover clients This section provides information for monitoring and managing a virtual failover client. See the following topics for details: • • • • • • "Reports and notifications for Windows instant recovery" on page 474 • • "Viewing the IP address for a virtual failover client on an external hypervisor" on page 480 "State and mode for virtual failover" on page 475 "Viewing virtual failover client details" on page 476 "Invalid virtual failover clients" on page 477 "Viewing restores for virtual failover clients" on page 477 "Modifying a virtual failover client" on page 478 "Deleting a virtual failover client" on page 480 Reports and notifications for Windows instant recovery You can receive several Windows instant recovery reports and notifications, either automatically based on system processing or by request: • If you checked the box next to E-Mail the virtual failover client recovery verification report on the Add Virtual Failover Client window when you set up your virtual failover client, you receive a daily report with a screen shot of the client’s login screen in audit mode. This is a test to verify that the virtual failover client (VFC) is ready if you need it. See "Automated audits for a virtual failover client" on page 471for more information. Note: Verification reports are supported only for virtual failover clients running on a Recovery-Series appliance (backup system or replication target) or Hyper-V server. VFCs running on an ESX server must be audited manually. See "Manually auditing a virtual failover client" on page 472. • You can configure email notifications in the Unitrends system to receive reports and notices generated by the system. See "About configuring notifications" on page 62 for more information. • Once a VFC is created, every backup that is performed to protect the original Windows client is restored to the VFC. Go to Reports > Windows Virtual Restores Report to see a report about the status of the restore jobs performed to the VFC. • If the VFC is running on a Recovery-Series appliance and has been in Audit mode or Live mode for more than 14 days, a daily email is sent to emphasize the importance of recovering the original Windows system at the earliest possible time. (For a VFC created on an external hypervisor, this is alert is not used because the VFC has no impact on appliance resources.) • If the original Windows client disk configuration changes, the VFC is disabled and an alert is generated. At this point, you should delete the VFC and create a new one with the updated disk configuration. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 475 State and mode for virtual failover You can monitor a virtual failover client (VFC) by viewing details about its state and mode in the Windows Instant Recovery Clients screen of the appliance that is managing the VFC. To access this screen, log in to the appliance that is managing the VFC and select Settings > Instant Recovery > Windows. This section explains the different states and modes. The State column of the Windows Instant Recovery Clients screen indicates the current state of the VFC, for example whether it is a newly created VM, whether a restore is occurring, or whether it is in audit mode (see the table below for descriptions of all the possible states). The state can change depending upon an action requested of the VFC. This action is referred to as a “mode.” The action can be requested by the user or by the appliance managing the VFC. The table below explains the different modes and states and the relationships between them. Mode State Description N/A New State of a VFC for which no virtual restores have been performed. The VFC remains in this state until a virtual restore has been performed. Restore Restore A backup has completed, and the appliance has requested that a restore be performed. The VFC is in the Restore state until the restore completes. N/A Idle Restore Halted At least one backup has been performed to the VFC, but currently no action is occurring. A backup has completed, and the appliance has requested that a restore be performed. The VFC goes into a Halted state if the restore cannot be performed. The following can occur when a VFC is in this state: • If the restore could not be performed because the appliance could not reach the VFC, it tries again after several minutes, and the state changes from Halted to Idle. After three failed attempts, the VFC’s status becomes Invalid, and it remains in Halted state until a user deletes it. For more details, see "The Unitrends appliance cannot communicate with the virtual failover client" on page 486. • If the restore could not be performed because a configuration change was made to the original client, the VFC’s status becomes Invalid, and it remains in Halted state until a user deletes it. For more details, see "Configuration changes have been made to the original client" on page 487. For details about Invalid VFCs, see "Invalid virtual failover clients" on page 477. For instructions on deleting a VFC, see "Deleting a virtual failover client" on page 480. Audit Audit 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com An audit has been requested by the user, and the VFC has been booted in Audit mode. For details about auditing a VFC, see "Auditing a virtual failover client" on page 471. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 476 Mode State Description N/A Verify The user has enabled verification reports. The appliance is taking a screenshot of the VFC’s login screen in Audit mode. This screenshot is sent to the user in an email report to verify the VFC. After the verification completes, the state of the VFC is Idle. For details about verification reports, see "Automated audits for a virtual failover client" on page 471. Live Live The user has requested for the VFC to boot and replace the original client. After the state of the VFC is Live, it is no longer managed by the appliance, and virtual restores are no longer performed. Its status is Invalid. (For details about status, see "Viewing virtual failover client details" on page 476.) Once the state of the VFC is Live, the only other state it can enter is Off. Live Off The user has taken the VFC out of Live mode. A VFC in the Off state can enter Live mode again, but its status is Invalid, and it is no longer eligible for virtual restores. Viewing virtual failover client details You can view details about the virtual failover client from the appliance that is managing it. These details include the location of the VFC, its state and status, and information for accessing it. Use the procedure described below to view details. To view virtual failover client details 1 In the Navigation pane, select the backup system or replication target managing the VFC. 2 Go to Settings > Instant Recovery > Windows to see the Windows Instant Recovery Client screen. This screen displays all VFCs and their associated states. You see the following information: Windows Instant Recovery Client details Field Description Status An icon that indicates either the current state of the virtual failover client (VFC) or whether it is Invalid. (To understand why the status would be Invalid, see "Invalid virtual failover clients" on page 477.) Hover over the icon for details. System The name of the Unitrends appliance managing the VFC. Client Name The original client name. Enabled Indicates whether virtual restores are enabled. Live Indicates whether (Yes or No) Live mode has been used. Audit Indicates whether (Yes or No) the VFC is in Audit mode. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 477 Field Description State The state of the VFC. For details, see "State and mode for virtual failover" on page 475. Location An icon that indicates where the VFC resides. Access Provides details for accessing the VFC. If the VFC resides on the appliance, a VNC Port number displays in this column. If it resides on an external hypervisor, details for accessing the hypervisor display in this column. Note: For instructions on viewing the IP address for a VFC on an external hypervisor, see "Viewing the IP address for a virtual failover client on an external hypervisor" on page 480. Invalid virtual failover clients An invalid virtual failover client (VFC) is no longer managed by a Unitrends appliance and virtual restores are no longer performed for the VFC. To determine whether a VFC is invalid, view its status using the instructions described in "Viewing virtual failover client details" on page 476. A VFC could become invalid for the following reasons: • You have booted it in Live mode. For details, see "Taking a virtual failover client live" on page 481. Although virtual restores are no longer performed for the VFC, you can set it to go in and out of Live mode. • The configuration of the original client has been changed (for example, a disk has been added or removed). After you change the configuration of the client, the next virtual restore to the VFC for the client fails, the status of the VFC becomes Invalid, and it remains in a Halted state until you delete it from the appliance. It cannot be set to go into Live mode. For details, see "Configuration changes have been made to the original client" on page 487. • Three attempts to perform a virtual restore have failed because the appliance could not communicate with the VFC. After the third attempt, the status of the VFC becomes Invalid, and it remains in a Halted state until you delete it from the appliance. It cannot be set to go into Live mode. For more details, see "The Unitrends appliance cannot communicate with the virtual failover client" on page 486. For instructions on deleting a VFC, see "Deleting a virtual failover client" on page 480. Viewing restores for virtual failover clients Virtual restores are continually performed to update the virtual failover client (VFC) with the latest backup data. (For details, see "Virtual restores for Windows instant recovery" on page 455.) You can view pending and recently completed restores using the procedure described below. To view older restores, log in to the appliance managing the VFC and select Reports > Windows Virtual Restores Report. To view restores for virtual failover clients 1 In the Navigation pane, select the backup system or replication target managing the virtual failover client (VFC). 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 478 2 Go to Settings > Instant Recovery > Windows. 3 Click Restores (to the left of the Add button) to see the Virtual Failover Client Restore Status window: • The top portion displays the Last Backups (the ones that have most recently been restored or applied to the VFC). • The bottom portion displays the Pending Restores (the completed backups that are in the queue to be restored to the selected VFC). The following table lists the details about the fields. These fields are the same for the last backups or the pending restores. Virtual Failover Client Restore Status fields Field Description Source System Appliance managing the VFC. This is the appliance from which the backups are restored. It can be a backup system or a replication target. Client The name of the original client. ID The unique ID assigned to the restore. Complete Indicates whether the restore was successful (check mark) or not (x). Instance Type of backup restored. For application backups, this field contains the instance name. For file-level backups, it contains file-level. Date The date of the WIR restore. Time The time of the WIR restore. Type The type of restore that was performed, such as full or incremental. Elapse The duration of the restore in seconds. Size (MB) The size of the restore in megabytes. Files The number of files that were restored. Modifying a virtual failover client After you set up the virtual failover client (VFC), you can modify some of the original settings, such disabling a VFC for restore, enabling or disabling verification reports, or changing the number of processors or amount of memory for the VFC. Use caution when modifying settings, as doing so can impact performance of the VFC and the appliance or hypervisor where it resides. To modify virtual failover client information 1 In the Navigation pane, select the backup system or replication target where the client backups Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 479 reside. 2 Go to Settings > Instant Recovery > Windows. 3 Click the line of the virtual failover client (VFC) you want to modify. You see the Modify a Virtual Failover Client window. 4 Follow these steps to modify the VFC: Action Description Changing volumes for a VFC Once created, the volumes protected by the VFC cannot be changed. You must delete and then re-create the VFC and select different volumes to protect. Adding or removing databases You can add or remove Microsoft Exchange or Microsoft SQL databases. If added, backups of these databases or storage groups are restored to the VFC, and if removed, they are no longer restored to the VFC. Note: Changing the amount of virtual memory When removing databases or storage groups from the list of selected items, files that were previously restored are not deleted from the VFC, but subsequent backups are not restored to the VFC. You can change the amount of virtual memory or the number of virtual processors assigned to the VFC after initial creation. Enable/disable To enable or disable restores to a VFC, select the client and check (to restores on a enable) or uncheck (to disable) the box next to Enable virtual restores to VFC the instant recovery client. Receiving a recovery verification report through email 5 If you want to periodically check on the VFC’s viability, select the box next to Email the virtual failover client recovery verification report to receive emails containing screenshots of automated Audit mode tests. For details, see "Automated audits for a virtual failover client" on page 471. Note: Verification reports are supported only for virtual failover clients running on a Recovery-Series appliance (backup system or replication target) or Hyper-V server. VFCs running on an ESX server must be audited manually. See "Manually auditing a virtual failover client" on page 472. Click Confirm after you complete the modifications. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 480 Viewing the IP address for a virtual failover client on an external hypervisor When setting up a virtual failover client (VFC) on an external hypervisor, you must assign it an IP address. You can view the IP address using the procedure described here. To view the IP address for a VFC located on an external hypervisor 1 Go to Settings > Instant Recovery > Windows to see the Windows Instant Recovery Client screen. 2 Click on the row containing the VFC. You see the Modify Virtual Failover Client window. On the left side of the window, you see the hypervisor name, the static IP address used for restores (that you entered when you set up the VFC), and the virtual machine name. Deleting a virtual failover client This section provides instructions for deleting a virtual failover client (VFC) that you no longer need. Because the VFC uses appliance resources, you should delete a live VFC from the appliance soon after recovering the original client to new physical hardware. For a VFC running on a hypervisor, you have the option to delete its information from the appliance and also delete the VFC itself from the hypervisor or to delete only the information from the appliance without removing the VFC from the hypervisor. When you delete a VFC, it is immediately removed from the list of VFCs in the Administrator Interface of the Unitrends appliance. However, it can take several minutes for all information about the VFC to be purged from the appliance. If you need to create a new VFC for the original client, you must wait for this information to be purged. If it has not been purged, the original client will not display in the list of clients for which you can create a VFC (see step 3 on page 468 of "To create a virtual failover client"). To delete a virtual failover client 1 In the Navigation pane, select the backup system or replication target managing the VFC. 2 Select Settings > Instant Recovery > Windows. 3 Click the line of the client you want to modify. You see the Modify Virtual Failover Client window. 4 Click Delete at the bottom of the window. One of the following occurs depending on the location of the VFC: • VFC residing on a Recovery-Series appliance: A box displays asking you to confirm that you want to delete the VFC. Check the box next to I understand that ... Then clickConfirm. • VFC residing on an external hypervisor: A box displays asking whether you want to delete the VFC from the hypervisor and the appliance or only from the hypervisor. Click Delete from hypervisor and appliance to delete the VFC from both the hypervisor and the appliance. Click Delete from applianceto delete the VFC from the appliance only. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 481 Taking a virtual failover client live If a Windows client that you are protecting with Windows instant recovery fails, you can temporarily replace it with the virtual failover client (VFC) by booting the VFC in live mode. Because virtual restores constantly update the VFC with the original client’s data, the VFC can immediately assume the role of the original client until you can recover it to new physical hardware. If the VFC resides on an external hypervisor, it can permanently replace the original client if the hypervisor has sufficient resources. Note: About failed clients for which you have not created VFCs - If eligible backups for a client reside on a Unitrends backup system or replication target, the Untirends appliance can use these backups to create a VFC even after a client has failed. For details, see "About retrieving configuration data for a virtual failover client" on page 455. The VFC in live mode is protected by the original client’s backup and archive schedules. However, it is no longer managed by the Unitrends appliance. Its status is Invalid, and virtual restores are no longer performed to the VFC. This section provides instructions for booting a VFC in live mode and recommendations for steps to take after the VFC is live. See the following topics for details: • • "Booting a virtual failover client in live mode" on page 481 • "Live mode recommendations for a virtual failover client running on an external hypervisor" on page 484 "Live mode recommendations for a virtual failover client running on a Recovery-Series appliance" on page 484 Booting a virtual failover client in live mode Use the instructions described here to boot the virtual failover client (VFC) in live mode. The original client should be shut down before you boot the VFC in live mode. To boot a virtual failover client in live mode 1 In the Navigation pane, select the backup system or replication target managing the VFC. 2 Select Settings > Instant Recovery > Windows. 3 Select the VFC you want to boot. You see the Modify Virtual Failover Client window. 4 Check the box next to Set the virtual failover client to go into live mode. 5 Click Confirm to initiate the operation. Note: 6 If a restore to the VFC is in progress, the VFC does not boot until the restore completes. Complete one of the following, depending on where your virtual failover client resides: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 482 VFC location RecoverySeries appliance (backup system or replication target) Steps Connect to the VFC using VNC, then log in. To connect using a VNC viewer, specify the IP address of the Unitrends appliance followed by a colon and the VNC Port.(Go to Settings > Instant Recovery > Windows, and the VNC port is on the Windows Instant Recovery Clients screen.) External Connect to the VFC using the hypervisor manager. hypervisor Note: If you access the VFC before it has booted, you might see the first screen of the Windows Integrated Bare Metal Recovery Wizard. This screen displays because the instant recovery and integrated bare metal recovery features use the same ISO image to boot a recovered Windows machine. You should not attempt to complete the steps on the bare metal screen. After several seconds, the login screen for the original client displays. 7 If you see a message about needing to reactivate Windows, you must activate the operating system using your product key. Click Activate Now and register the client. Perform the next few steps in this procedure to ensure that the hardware, disks, volumes, and network access are available. 8 Reboot the VFC, if prompted. On first boot, Windows automatically performs some driver updates. When this is complete, the system prompts you to reboot. 9 Check the disk configuration using Windows Disk Management. (These steps might be slightly different depending on the Windows version.) • • • • Press the Start button. • If the disk manager shows any disks in the Offline state, then right-click the disk icon and choose Online. • If it shows any dynamic disks as Foreign, right-click the disk icon and click Import. Right-click the Computer item. Choose Manage. Choose Storage > Disk Management. This application shows a graphical view of all disks and volumes. Note: After this is complete, all volumes should appear as they did on the original client. 10 Set the system clock. The client may be running with the system clock time that existed during the latest backup. This may cause the client to boot with a date/time in the past. 11 From the Windows Control Panel, update the network properties for the adapter (the TCP/IPv4 address). Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 483 Note: For a VFC residing on an external hypervisor. The network settings you configured when creating the VFC are used only for virtual restores. You must assign new network settings after booting the VFC in live mode. Perform one of the following depending on your environment: VFC running on a Recovery-Series appliance • If the original client has a static IP address, assign the live VFC the same network settings as the original client. This ensures that the VFC functions as the original client and that the original client’s scheduled backup and archive jobs continue for the VFC. • If you are using DHCP to assign IP addresses and you registered the original client to the backup system using only the client’s name, the backup system detects the live VFC after you connect it to your network. The backup system then treats the live VFC as if it is the original client. No additional network configurations are necessary to ensure that scheduled backup and archive jobs continue for the client. VFC running on an external hypervisor • If the original client has a static IP address, assign the live VFC the same network settings as the original client. This ensures that the VFC functions as the original client and that the original client’s scheduled backup and archive jobs continue for the VFC. • 1 If the original client has a static IP address and the hypervisor running the VFC does not have a network interface on the same subnet as the original client, assign the VFC new network setting using the same subnet as the hypervisor. You must then modify the settings for the original client in the Unitrends backup system and enter the new IP address. This enables the appliance to treat the VFC as if it is the original client. For instructions, see "To modify a client" on page 88. In the Unitrends backup system protecting the original client, perform the steps listed below. These steps are required to finish the preparation of the VFC and make the applications, like SQL, on the VFC available on the network. Note: • • • • If you have created and updated the VFC using replicated backups, be sure to perform these steps from the backup system to which you added the original client rather than from the replication target. Select Settings > Clients, Networking, and Notifications > Clients. Select the original Windows client. Click Okay. Once the client is saved, SQL databases and other applications may require a few minutes to become available. The VFC can now perform the role of the original Windows client. Note: 2 About restored Exchange servers. If you have trouble mounting the restored databases, they may be in a Dirty Shutdown state. See this Microsoft article to determine whether this is the problem: Exchange Database is in a Dirty Shutdown State. Proceed to one of the following topics depending on the location of the VFC: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 484 • "Live mode recommendations for a virtual failover client running on a Recovery-Series appliance" on page 484 • "Live mode recommendations for a virtual failover client running on an external hypervisor" on page 484 Live mode recommendations for a virtual failover client running on a Recovery-Series appliance Because it uses system resources such as processors, memory, and storage and impacts performance of backups, archiving, replication, deduplication and other functions, a virtual failover client (VFC) in live mode should run on a Recovery-Series appliance for only a short period of time. The appliance begins sending alerts after a live VFC has been running for 14 days. Recover the client to new hardware as soon as possible using Unitrends bare metal recovery, as described in "Windows Bare Metal Protection" on page 753. Data from the live VFC is protected by the backup schedule for the original client, and you will need to restore it after recovering the client to new hardware. For details, see "Restore Overview" on page 341. After restoring the VFC’s data to the recovered client, you should delete the VFC from the appliance to free the system resources used by the VFC. For instructions, see "Deleting a virtual failover client" on page 480. Live mode recommendations for a virtual failover client running on an external hypervisor A live virtual failover client (VFC) running on an external hypervisor does not use any of the appliance’s resources. Instead, it uses the hypervisor’s resources. The VFC can temporarily replace the original client, or if the hypervisor has sufficient resources, the VFC can permanently replace the original client. See the following topics for details: • "Using the live virtual failover client on a hypervisor as a temporary replacement for the original client" on page 484 • "Using the live virtual failover client on a hypervisor as a permanent replacement for the original client" on page 484 Using the live virtual failover client on a hypervisor as a temporary replacement for the original client If the virtual failover client (VFC) will replace the original client only temporarily, you should recover the client to new hardware as soon as possible using Unitrends bare metal recovery, as described in "Windows Bare Metal Protection" on page 753. Data from the live VFC is protected by the backup schedule for the original client, and you will need to restore it after recovering the client to new hardware. For details, see "Restore Overview" on page 341. After restoring the VFC’s data to the recovered client, you should delete the VFC from the appliance and the hypervisor. For instructions, see "Deleting a virtual failover client" on page 480. Using the live virtual failover client on a hypervisor as a permanent replacement for the original client If the virtual failover client (VFC) on a hypervisor will permanently replace the original client, you should determine whether you wish to continue protecting the VFC with the backup schedules for the original client or whether you prefer to run Hyper-V or VMware backups for the VM, depending on its location. For details about backups, see "Backups Overview" on page 141. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 485 Note: It could take several minutes for a live VFC on a hypervisor to show up in the list of VMs to protect with VMware/Hyper-V backups. The VFC is not automatically added to a VM backup schedule. You should then delete the VFC’s information from the appliance that was managing it. For instructions, see "Deleting a virtual failover client" on page 480. Be sure to delete the VFC from the appliance only, as you have the option to delete it from the hypervisor as well. Troubleshooting Windows instant recovery See the following for troubleshooting tips: • • • "Conflict with volume using D:\ and the CD device on the virtual failover client" on page 485 • "Exchange database will not mount when running VFC in Live mode" on page 487 "Hypervisors do not display when setting up a virtual failover client" on page 485 "Restores for the virtual failover client on an external hypervisor are not running" on page 486 Conflict with volume using D:\ and the CD device on the virtual failover client If the original client has multiple volumes and one is the D: drive, in Audit mode and Live mode, the CD device conflicts with the volume drive letter D:. Due to the volume conflict, the D: volume of the original client is mounted as a different drive letter or without a drive letter when the VFC is booted in Audit mode or Live mode. To rectify the conflict, perform the following steps: 1 Connect to the virtual failover client (VFC) using VNC viewer. 2 Open Disk Management by clicking Start, right-click on Computer, and select Manage. 3 Select the CD/DVD device shown, right click and select Change Drive Letters and Path. 4 Change the drive letter to an unused volume letter by clicking the Change button. 5 Repeat the volume renaming process of the previous step for the data volume formerly known as D:. Hypervisors do not display when setting up a virtual failover client If the expected hypervisors do not display in the Add Virtual Failover Client window, you should verify the following: • The hypervisors have been added to the Unitrends appliance from which you are attempting to create a virtual failover client (VFC). • The hypervisors meet the requirements described in "Requirements and considerations for running a virtual failover client on an external hypervisor" on page 459 . 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 486 Restores for the virtual failover client on an external hypervisor are not running If restores for a virtual failover client (VFC) residing on an external hypervisor are not running, this problem could be caused by one of the following: • Virtual restores are not enabled for the VFC. For details, see "Virtual restores are not enabled for the virtual failover client" on page 486. • The Unitrends appliance cannot communicate with the VFC. For details, see "The Unitrends appliance cannot communicate with the virtual failover client" on page 486. • Configuration changes have been made to the original client. For details, see "Configuration changes have been made to the original client" on page 487. • The VFC has been booted in live mode. For details, see "The virtual failover client has been booted in live mode" on page 487. Virtual restores are not enabled for the virtual failover client To determine whether virtual restores are enabled, view the virtual failover client (VFC) details in the managing Unitrends appliance by selecting Settings > Instant Recovery > Windows. If restores are enabled, a yellow light bulb displays in the Enabled column. If the light bulb is dark, restores are not enabled. You can enable restores using the procedure described below: To enable virtual restores for a virtual failover client 1 Log in the Unitrends appliance managing the VFC, and select Settings > Instant Recovery > Windows. 2 Click the line of the VFC you want to modify. You see the Modify Virtual Failover Client window. 3 Check the box next to Enable virtual restores to the failover client. 4 Click Confirm. Backups that completed while restores were disabled are now restored to the VFC. The Unitrends appliance cannot communicate with the virtual failover client The appliance cannot perform virtual restores if it cannot communicate with the virtual failover client. After the first failed attempt to perform a restore, the appliance places the VFC in a Halted state. After several minutes, it attempts the restore again. After three failed attempts, the status of the VFC becomes Invalid, and it remains in a halted state until you delete it. The most likely reason the appliance cannot communicate with the VFC is that there is a problem with the network settings. To resolve this problem, you must delete the VFC (see "Deleting a virtual failover client" on page 480) and create a new one with valid network settings (see "Setting up a virtual failover client" on page 464). When assigning network settings to the new VFC, consider the following: • • The IP address must be unique. The IP address must have the same subnet as the hypervisor on which the VFC resides. Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 487 • You must assign the VFC the same gateway as the hypervisor on which the VFC resides. Configuration changes have been made to the original client Restores to the virtual failover client (VFC) fail if the configuration of the original client has been changed (for example, a disk has been added or removed). After the client’s configuration has changed, the next virtual restore to the VFC for the client fails, the status of the VFC becomes Invalid, and it remains in a Halted state until you delete it from the appliance. To resolve this problem, you must delete the VFC (see "Deleting a virtual failover client" on page 480) and create a new one (see "Setting up a virtual failover client" on page 464). The virtual failover client has been booted in live mode After a virtual failover client has been booted in live mode, its status is Invalid, it is no longer manged by the appliance, and virtual restores are no longer performed. For details, see "Taking a virtual failover client live" on page 481. If you no longer need the VFC to run in live mode, and you would like to create a new VFC for the client, you should first delete the existing VFC (see "Deleting a virtual failover client" on page 480) and then create a new one (see "Setting up a virtual failover client" on page 464). Exchange database will not mount when running VFC in Live mode The Exchange database must be in a Clean Shutdown state to mount the databases after going into Live mode. Restores to the VFC are successful regardless of whether the databases are in a Clean Shutdown state, but you cannot access Exchange databases if they are in a Dirty Shutdown state. If you cannot mount Exchange databases after going into Live mode, see this Microsoft article to determine whether the databases are in a Dirty Shutdown state: Exchange Database is in a Dirty Shutdown State. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 488 Legacy Recovery-Series and UEB Administrator's Guide Chapter 21: Windows Instant Recovery 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 489 Chapter 22: Microsoft SQL Protection This chapter describes procedures used to protect your Microsoft SQL environments with agentbased backups. If your SQL server is a VMware virtual machine, you can either run vProtect application-aware backups as described in the "VMware Protection" chapter, or install the Windows agent and implement protection as described here. For a comparison of each strategy, see "Best practices for protecting VMware virtual machines" on page 629. If you’re using SQL 2000, see "Legacy SQL Server agent" on page 859. See the following topics for details: • "About Microsoft SQL protection" on page 489 • • • • • • "Requirements for protecting SQL " on page 490 "About SQL backups" on page 496 "Executing SQL backups" on page 499 "SQL Server backups status" on page 503 "Restoring SQL backups" on page 504 "SQL restore from the replication target" on page 509 About Microsoft SQL protection The Windows agent extends the Unitrends solution to protect Microsoft SQL Server databases and database objects by enabling a SQL-aware system. This means that the Windows agent can detect the presence of SQL on a server and will display an icon representing the SQL application in the Navigation pane when adding a client. When performing SQL backups, only the SQL databases are backed up. No operating system or file-level data is protected. Likewise, when performing operating system or file-level backups, no SQL database files are backed up. To protect the Windows operating system and file system, see "Windows Bare Metal Protection" on page 753 and "Windows Protection" on page 425. For a complete list of supported SQL versions, see the Unitrends Compatibility and Interoperability Matrix. Supported SQL features Unitrends supports protection of the following SQL features: • • • "Databases on Windows SQL Server" on page 490 "SQL clusters" on page 490 "Databases with disk storage on SMB 3.0 shares" on page 490 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 490 Databases on Windows SQL Server Da ta b a s e s o n Win d o ws SQL Se rv e r If you wish to protect databases on a Windows SQL server, the only requirements are the Windows agent and operating system requirements described in "Requirements for protecting SQL " on page 490. Note: SQL 2016 can be protected for the same functionality as SQL 2014. New features introduced in SQL 2016 are not supported. (Note that the current UI supports protection of SQL 2016 Always Encrypted and Stretch databases. Consider switching to the new UI to protect these SQL 2016 databases.) When you register a Windows SQL Server to the backup system, the SQL icon displays in the Navigation pane beneath the Windows client with which it is associated. If you do not see the SQL icon, click the reload arrows at the bottom to refresh the view. Note that if you added SQL to a Windows server after the server is registered to the backup appliance, the agent software must rescan the client to detect and display the newly added SQL application. To rescan, select the SQL Server in the Navigation pan and go to Settings > Clients, Networking and Notifications > Clients. On the Clients page, click Save. SQL clusters SQL c lu s te rs Unitrends supports protection of a variety of SQL cluster configurations, including cluster volumes, clustered shared volumes, AlwaysOn clusters, and failover clusters. See "Requirements for protecting SQL " on page 490 for Windows agent and operating system requirements, and " SQL cluster requirements and considerations" on page 492 for additional cluster-specific requirements. Databases with disk storage on SMB 3.0 shares Da ta b a s e s with d is k s to ra g e o n SMB3 .0 s h a re s Unitrends supports protection of SQL databases with disk storage on SMB 3.0 shares. See "Requirements for protecting SQL " on page 490 for Windows agent and operating system requirements, and "Requirements for SQL databases located on SMB 3.0 shares" on page 495 for additional requirements. Requirements for protecting SQL The requirements for protecting your SQL databases vary based on the configuration of your SQL servers and the SQL Server features used in your environment. The agent and system requirements described below apply to all SQL protection. If you are protecting SQL clusters or data on SMB 3.0 shares, additional requirements apply. See the following topics for details: • • • • "Agent prerequisites for Microsoft SQL" on page 490 "SQL system requirements" on page 491 " SQL cluster requirements and considerations" on page 492 "Requirements for SQL databases located on SMB 3.0 shares" on page 495 Agent prerequisites for Microsoft SQL Ag e n tp re re q u is ite s fo rMic ro s o ftS QL The Unitrends Windows agent is needed to protect hosted SQL databases. Before you install the agent, the following must be installed on the SQL server: • The SQL Server VSS Writer, SQL Server Browser, and BP Agent services must be installed and running to perform backup and restore operations. If the SQL Server VSS Writer or SQL Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 491 Server Browser services are not started when you install the Windows agent, the agent cannot detect the SQL instance. – – – The SQL Server VSS Writer must be started and set to automatic startup. The SQL Server Browser must be started and set to automatic startup. The BP Agent service is installed when the Windows agent is installed on the SQL server. • The Volume Shadow Copy service must be installed and can be set to manual or automatic startup. • The NT AUTHORITY\SYSTEM account must be configured as sysadmin. This account is used to perform SQL backup and recovery jobs. Note: Beginning in SQL Server 2012, SQL does not grant NT AUTHORITY\SYSTEM sysadmin privileges by default. For SQL Server 2012 and later versions, you must manually add NT AUTHORITY\SYSTEM as a system administrator. For details, see the Microsoft Knowledge Base. It is best practice to run the latest Unitrends appliance and agent software versions to protect your SQL environment. Older versions do not support all current Unitrends features: • To protect SQL Server 2016, the appliance and Windows agent must be running release 9.0.013 or later. Note: SQL 2016 can be protected for the same functionality as SQL 2014. New features introduced in SQL 2016 are not supported. (Note that the current UI supports protection of SQL 2016 Always Encrypted and Stretch databases. Consider switching to the new UI to protect these SQL 2016 databases.) • To protect SQL Server 2014, the appliance and Windows agent must be running release 8.0.0-4 or later. • Additional agent version requirements apply to specific SQL features. For details, see the feature requirements sections. SQL system requirements SQL s y s te mre q u ire me n ts In addition to the agent requirements: • The SQL application must be a supported version listed in the Unitrends Compatibility and Interoperability Matrix. • The SQL server must be running a supported Windows operating system listed in the Unitrends Compatibility and Interoperability Matrix. • The SQL application and server must be set up in a supported Microsoft deployment configuration. Additional system requirements for SQL clusters and SMB 3.0 Ad d ito n a ls y s te mre q u ire me n ts fo rS QL c lu s te rs a n d SMB3 .0 In addition to the agent and system requirements, the following are required to protect SQL clusters or data residing on SMB 3.0 shares: • • The Unitrends appliance must be running release 8.1 or higher. For clusters, all nodes in the SQL cluster must be running Windows agent release 8.1 or higher. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 492 • For the applicable clustered or SMB 3.0 setup, SQL and Windows versions must also meet the requirements in the following table: Configuration SQL Windows Cluster Volume 2005 2003 SP1, 2008, 2008 R2, 2012, 2012 R2 2008 2008, 2008 R2, 2012, 2012 R2 2012 2012, 2012 R2 2014 2012, 2012 R2 2016 2012, 2012 R2 2012 2012, 2012 R2 2014 2012, 2012 R2 2016 2012, 2012 R2 2012 2012, 2012 R2 2014 2012, 2012 R2 2016 2012, 2012 R2 2012 2012, 2012 R2 2014 2012, 2012 R2 2016 2012, 2012 R2 2014 2012, 2012 R2 2016 2012, 2012 R2 Clustered Shared Volume AlwaysOn Clusters SMB 3.0 SQL Failover Clusters SQL cluster requirements and considerations Consider the following before executing backups for databases hosted on servers configured in a cluster: • You must add the cluster and each node in the cluster to the backup appliance, each as a separate client. See "Adding SQL cluster clients" on page 493 for details. • To protect databases residing on cluster shared volumes (CSVs), you must select the cluster in the Navigation pane before executing backups. You cannot protect these databases by selecting the owner node. Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 493 • To protect databases that are hosted on a cluster node but that do not reside on CSVs, you must create a backup schedule for the node that hosts those databases. You cannot protect them in the same schedule as the clustered databases. • A Microsoft limitation prevents the Unitrends appliance from running concurrent backups of databases on CSVs hosted on Windows Server 2008 R2. You can work around this limitation by creating aliases for the cluster and then creating a separate schedule for each database on each CSV. For instructions, see "Creating an alias for a SQL cluster" on page 494. • • • • When backing up SQL nodes, include all local volumes, and exclude the system state. • AlwaysOn Availability Groups will be supported in a future Unitrends release. Windows instant recovery is not supported for SQL cluster environments. Integrated bare metal recovery is not supported for SQL cluster environments. Additional considerations apply to SQL AlwaysOn Failover Cluster Instances. See "Considerations for SQL AlwaysOn Failover Cluster Instances (FCI)" on page 493 for details. Adding SQL cluster clients To protect SQL clusters and the servers hosting the databases, it is important to add clients for every node in the cluster plus a client for the virtual SQL cluster itself. To add the cluster client, use the IP address of the clustered SQL Server instance. This is the virtual IP address that clients use to connect to the SQL Server. There should only be one cluster IP address configured for each clustered SQL instance. Once the clients are added, backups of the SQL databases should be configured for the cluster clients, and file-level or bare metal backups should be configured for the cluster node clients. Follow these steps to add a cluster: Step 1: Install the agent on each cluster node. (You can skip this step if agent push is supported for the version of Windows running on the cluster nodes.) For details, see "Manually installing the Windows agents" on page 428. Step 2: Add each node to the Unitrends appliance using the instructions described in "About adding clients" on page 69. Step 3: Add the cluster using the instructions described in "About adding clients" on page 69. Considerations for SQL AlwaysOn Failover Cluster Instances (FCI) SQL Failover Clustering is a High Availability (HA) and Disaster Recovery solution. High Availability means that if one of the nodes in a SQL failover cluster fails, the secondary node is automatically promoted to the primary (active) node. There are some circumstances where a manual restart of the new primary database is required. See the following SQL documentation for details: Failover Policy for Failover Cluster Instances. Unitrends provides a seamless protection of your SQL environments in the event of a failover. Because the Unitrends backup schedule is attached to the cluster and not the individual nodes, the schedule can continue as planned, providing uninterrupted backups of your SQL instance. For details about the SQL side of failover, see AlwaysOn Failover Cluster Instances (FCI). If your Unitrends backups begin failing after a failover, see the following SQL documentation, Failover Cluster Troubleshooting. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 494 When utilizing SQL failover clusters, the databases are protected at the SQL instance level, where one set of database files is saved on a shared storage device. The failover process takes as long as necessary to write all dirty pages in the cache to disk. For information on cutting down your SQL failover time, see the following SQL documentation, Indirect Checkpoints. For SQL recommendations, see the Recommendations section of AlwaysOn Failover Cluster Instances (FCI). Creating an alias for a SQL cluster To work around the Microsoft limitation that prevents the Unitrends appliance from running simultaneous backups of clustered databases hosted on a server running Windows 2008 R2, you can create a client alias for each cluster shared volume (CSV) using the procedure described below. After adding each client alias to the appliance, create a backup schedule for each cluster instance. To create a client alias for a SQL cluster 1 Log in to the appliance to which the cluster is added. 2 Select Settings > Clients, Networking, and Notifications > Networks > Hosts. 3 Click on the client name in the table. 4 Type a name in the Alias Name field. It is recommended that you include the CSV number in the name to help you remember which CSV you would like to associate with each alias. Note: 5 Do not enter spaces in the name. You are limited to 15 characters. It is recommended that you write down the alias name, so you can enter the exact name when you add it as a new client. Click Add. You see the alias name in the Alias List area. Note: To remove an alias name from the Alias List area, click on the alias name and click Remove. To remove all alias names from the Alias List area, click Remove All. 6 Repeat to add more alias names, if necessary. 7 Click Confirm. To add the alias name as a client 8 Go to Settings > Clients, Networking, and Notifications > Clients. 9 Click Add Client. You see the Add Client Screen. 10 Select Windows from the Computer Type drop-down list. 11 Uncheck the Establish trust box in the Authentication area. 12 Uncheck Automatically create a backup schedule for this computer and apply it immediately in the Options area. 13 Enter one of your new alias names in the Computer Name field. Note: There is no need to add an IP address, since this field defaults to information from the host page. Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 495 14 Click Setup.You see a processing message, then a Reload Navigation window indicating that you need to refresh the system. 15 Click Yes, reload the System or No, reload the system later. 16 After you reload the system, the new alias name displays in the Navigation pane in the list of clients protected by the system. 17 Repeat as needed to add additional client aliases. 18 See "To execute a 1-time SQL backup" on page 500 or "To create a SQL backup schedule" on page 500 to run backups for the clustered databases. When scheduling backups, create a separate schedule for each alias. Requirements for SQL databases located on SMB 3.0 shares SQL Server 2012 and higher can host SQL instances with disk storage located on SMB 3.0 shares. For details, see the following topics: • "Prerequisites and considerations for protecting SQL databases located on SMB 3.0 shares" on page 495 • "Granting the Windows agent read/write access to remote SMB 3.0 shares" on page 495 Prerequisites and considerations for protecting SQL databases located on SMB 3.0 shares • The Unitrends appliance software and Windows agent must be release 8.1 or higher. • The File Server and the File Server VSS Agent Service roles must be installed on the server hosting the shares. For instructions on installing these roles, see KB 1334. • The Windows agent installed on the SQL Server must be granted read/write access to remote SMB 3.0 shares. For instructions on granting this access, see "Granting the Windows agent read/write access to remote SMB 3.0 shares" on page 495. • The SQL Server hosting the databases and the server hosting the SMB shares must belong to the same Windows domain. • The database can contain one or more files located on SMB 3.0 shares. All files can reside on the same SMB 3.0 share or on different shares hosted by one or more servers in the same domain. All servers participating in the database backup must belong to the same domain. • For files located on remote SMB 3.0 shares, the Windows agent creates a VSS snapshot on the remote server and then exposes it to the SQL Server through the SMB share pathing. The agent then backs up the database files from the remote snapshot location. When the backup completes, all VSS snapshots created for the backup are removed from the server hosting the SMB share. Granting the Windows agent read/write access to remote SMB 3.0 shares The Windows agent installed on the SQL Server must be granted read/write access to remote SMB 3.0 shares. You can grant this access using one of the following methods: • On the SQL Server, change the login account for the Unitrends Windows agent service "bpagent" to the domain administrator account. Using these credentials provides all necessary access to the SMB shares. This is the most secure option for SMB access. Note, however, that file-level backups of the SQL Server may encounter files whose permissions do not allow 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 496 domain administrator access. If successful file-level backups for the SQL Server cannot be created and SMB share security is less of an issue, then the method below is recommended. • Run the agent as local system account on the SQL Server and grant it read/write permission for the SMB shares. For instructions, see KB 1335. Once you have satisfied the SMB 3.0 prerequisites and have granted the Windows agent access to the SMB 3.0 shares, run backups and restores using these procedures: "Executing SQL backups" on page 499 and "Restoring SQL backups" on page 504. About SQL backups The Windows agent supports full, differential, and transaction log backups for Microsoft SQL. Full and differential backups are performed using Volume Shadow Copy Service (VSS) snapshots. Transaction log backups are performed using the Virtual Device Interface (VDI). When determining the best way to protect your SQL databases, there are several factors to consider, such as the recovery model of your SQL databases and the types of SQL system databases you wish to protect. For more information, see the following topics: • • • • • • "Upgrading from a pre-8.0 version" on page 496 "SQL Server recovery model considerations " on page 497 "SQL System databases" on page 497 "SQL backup strategies and recommendations" on page 498 "Display of SQL Server in the backup system" on page 499 "Automatic exclusion of SQL data during file-level backups" on page 499 Upgrading from a pre-8.0 version SQL differential performance enhancements were introduced in Unitrends version 8.0. Starting with Unitrends version 8.0, SQL differential backups use VSS snapshots, as opposed to pre-8.0 versions which use VDI. With VSS snapshots, general performance is greatly enhanced, and features such as deduplication and replication are improved. If you are upgrading from a pre-8.0 version, the following requirements must be met to utilize these performance enhancements: • • Unitrends system must be running version 8.0 or higher. Windows agent on your SQL client must be version 8.0 or higher (8.0.0-4 or higher for SQL Server 2014 protection). Note: After upgrading from a pre-8.0 Unitrends version, the next differential is automatically promoted to a full backup. If your backup schedule only consists of full and transaction log backups, your schedule is not affected. The following are considerations for upgrading from a pre-8.0 Unitrends version: • If agent push is used to update the agent, the next differential is automatically updated to a full with no additional action required. • If you manually update the agent, you must re-save the client. Do this by going to Settings > Clients, Networking, and Notifications > Clients. Select the upgraded client and then Save. Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 497 This forces the system to recognize the update to the client, and causes the next differential to be promoted to a full. SQL Server recovery model considerations The recovery model of your SQL databases determines what type of Unitrends backups are supported. See the table below for descriptions of the SQL recovery models that are supported by Unitrends. See the Microsoft article Recovery Models (SQL) for additional information on recovery models and how to choose the best recovery model for your environment. Recovery Model Backups Supported Simple • • Full • Full • • Differential • • Full Full BulkLogged Considerations No SQL logs created. Differential Schedule weekly transaction log backups to truncate logs. See "SQL backup strategies and recommendations" on page 498 for details. Transaction log Differential Run a transaction log backup before switching from the full recovery model to the bulk-logged recovery model. See "SQL backup strategies and recommendations" on page 498 for details. SQL System databases The following table provides brief descriptions of the SQL system databases and how they can be protected with Unitrends. Database Description Compatible recovery model and strategy master Stores all system-level information, such as logon accounts, configuration settings, and metadata. Only uses the simple recovery model and must be protected with full backups. Before restoring this database, all other databases must be stopped. msdb Used to schedule alerts, jobs, and Uses the simple recovery model by default, broker services for database mail. but can be configured to use the full recovery Records backup and restore history. model. (Recommended only if msdb history is used when restoring backups.) model Acts as a template for any new databases that are created. Content of the model is copied to each new database. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com By default it is configured to use the full recovery model, and new databases inherit this setting. It is only backed up when settings are changed. Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 498 Database Description Compatible recovery model and strategy resource Contains internal system objects. (Read-only) This database cannot be backed up or restored. tempdb A temporary workspace used by any session connected to the SQL Server instance and is used to hold intermediate or temporary data. Every time SQL Server starts, this database is re-created. There is no reason to preserve this database by backing up or restoring. For example, temporary tables, cursors, and data for sorting. distribution Stores metadata and history data in support of SQL Server replication. Present only if replication is configured. SQL backup strategies and recommendations This section provides example strategies and recommendations for protecting your SQL databases with Unitrends software. Database Backup Strategy System databases Weekly full backups User databases using the full recovery model Weekly full, daily differential, and hourly transaction logs User databases using the simple recovery model Bi-weekly full backups with daily differentials When using the SQL full recovery model, transaction log backups must be performed to truncate log files. If not truncated, log files continue to grow until the space on your disk is full, resulting in system failure. To prevent runaway transaction log files, make sure that you create a schedule with frequent transaction log backups. Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 499 Database Backup Strategy User databases using the bulk-logged recovery model The SQL bulk-logged recovery model is used as a temporary recovery model to enhance performance when running bulk jobs. Unitrends does not support log backups while a database is in the bulk-logged recovery model because they are unnecessarily large. For compliance with Unitrends best practices, perform the following steps: 1 Run a log backup while the database is still in full recovery model. 2 Switch to the bulk-logged model. 3 Perform the bulk operation. (For example, importing new labels, copying data from one table to another, or creating an index.) 4 Switch back to the full recovery model. Display of SQL Server in the backup system Once you register the SQL Server to the backup system, the SQL icon displays in the Navigation pane beneath the client name with which it is associated. If you do not see the SQL icon, click the reload arrows at the bottom to refresh the view. For details on registering the SQL Server, see "About adding clients" on page 69. If you have added SQL to a Windows server after the server has been registered to the backup system, the agent software must rescan to detect and display the newly added SQL application. To rescan, highlight the SQL Server in the Navigation pane and select Settings > Clients, Networking, and Notifications > Clients. On the Clients page, click Save. Automatic exclusion of SQL data during file-level backups During file-level backups of a Windows client hosting a SQL server, certain SQL data is excluded from backup: • The following extensions are excluded from SQL user databases if the SQL VSS component is running on the Windows client, .mdf, .ldf, and .ndf. Note: • If the VSS component is not running, these files are included. SQL files for system databases (such as master, model, and msdb) are always included to support the Windows instant recovery feature. Files in SQL database/log directories are excluded. To protect SQL databases, use the procedures described in "Executing SQL backups" on page 499. Executing SQL backups Just like file-level backups, SQL backups can either be executed immediately or scheduled at a desired frequency. Scheduled backups are more typical because you create a calendar-based schedule which specifies when SQL backups will occur. Scheduled backups form the foundation of continuous data protection. The following backup procedures are available: • "To execute a 1-time SQL backup" on page 500 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 500 • • • • "To create a SQL backup schedule" on page 500 "To view or modify a SQL backup schedule" on page 502 "To delete a SQL backup schedule" on page 502 "To enable or disable a SQL backup schedule" on page 503 To execute a 1-time SQL backup 1 Select a SQL icon in the Navigation pane and click Backup. 2 Select the 1-Time Backup tab. This retrieves a list of databases available for backup. If nothing displays, click the reload arrows at the bottom to refresh the list. If there is still nothing in the list, verify that the "Agent prerequisites for Microsoft SQL" on page 490 are met. 3 In the Databases to Protectarea, check boxes to select the databases to backup. Databases that are offline cannot be selected for backup. Hover over the database name to see the database recovery model. 4 Choose the type of backup by selecting Full, Differential, or Transaction Log. If a restore operation was performed since the last backup, or if a full backup has not been performed for the selected database(s), be sure to select the Full backup option. If either condition is true and the Differential or Transaction Log backup option is chosen, the system will not queue the request. 5 Select an available device in the Available Devices area. By default, backups are stored on the default device. 6 If desired, check the Verify Backup box to perform a data transfer integrity check for each backup. For SQL, inline verifies are done during the backup. This method decreases the amount of time required for verification. When the backup completes, the agent compares its checksum with the system’s checksum. If they differ, the backup fails. 7 Click Backup at the bottom of the screen to initiate the backup process. A separate backup is created for each database selected. Backups in the schedule execute simultaneously, up to the number of concurrent operations configured for the system. 8 To view the status of the active backup operations, select Settings > System Monitoring > Jobs. For more information, see "Monitoring running backup jobs" on page 147. To view the status of completed backup jobs, see "Viewing backups" on page 148. To create a SQL backup schedule 1 Select the SQL icon in the Navigation pane, and click Backup. 2 Select the Schedule Backup tab. This retrieves a list of databases available for backup. If nothing displays, click the reload arrows at the bottom to refresh the list. If there is still nothing in the list, verify that the "Agent Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 501 prerequisites for Microsoft SQL" on page 490 are met. 3 Enter a unique Schedule Name. 4 If desired, enter a Schedule Description. 5 In the Databases to Protect area, check boxes to select the databases to backup in the schedule. Databases that are offline cannot be selected for backup. A database may exist in only one schedule at a time. Attempting to add a single database to multiple schedules results in failure to save the subsequent schedules. Hover over the database name to see the database recovery model. A separate backup is created for each database selected. Backups in the schedule execute simultaneously, up to the number of concurrent operations configured for the system. 6 If you would like to add new databases to this schedule automatically, check the Auto-include new databases box. This option can be enabled in only one schedule for each SQL server that the system is protecting. If selected, newly detected databases are added to the schedule automatically. 7 In the Schedule area, select a backup strategy from the list. • • Choose Full with Differentials, Full with Transaction Logs, or Custom. The schedule for the selected strategy displays below. IMPORTANT! Select a backup strategy appropriate for the recovery models of your databases. It may be necessary to create more than one backup schedule to account for different databases having different recovery models. For more detailed information, see "SQL Server recovery model considerations " on page 497. If you are using the full recovery model, be sure to use a custom schedule with a weekly transaction log backup. See "SQL backup strategies and recommendations" on page 498 for more information. 8 Do one of the following: For a non-custom strategy, define the frequency at which backups of each type will run using the fields below each backup. For a custom strategy, click the Calendar icon to define the frequency at which backups of each type will run. Do the following for each backup instance: • • 9 Drag a backup icon onto the calendar. Drag onto today’s date or later. In the Add Backup window, define the backup type, start date, start time, recurrence, and description (optional), then click Confirm. If desired, modify the minimum and maximum retention and legal hold settings. These settings apply to all selected databases. To set different values for each database, do not enter settings here. Instead, first finish creating your backup schedule, then go to Settings > Storage and Retention > Backup Retention. For additional information, see "About retention control" on page 121. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 502 Modifying retention settings here also updates values displayed on the Backup Retention page. Once you modify this setting in the schedule, you cannot change it again from the schedule itself. Instead, make changes from the Backup Retention page as described in "About retention control" on page 121. 10 Click Advanced Settings and specify optional settings as desired. • • • Check the Verify Backup option to perform a data transfer integrity check for each backup. • Uncheck the Email Failure Report option to disable sending an email notification upon failure of any backup job on the schedule. This is checked by default. • Click Confirm to save Advanced Settings. Select the backup device to which backups will be written. Uncheck the Email Schedule Reportoption if you do not want to receive information about this schedule in the daily system and schedule summary reports. This is checked by default. Reports are delivered to email recipients specified in the report field in Settings > Clients, Networking, and Notifications > Email Recipients. The system and schedule summary reports are sent at 8 AM by default. To change the time of day the report is sent, see "Configuring email for reporting" on page 357. 11 Click Save to create the schedule. To view or modify a SQL backup schedule 1 Select a SQL icon in the Navigation pane and click Backup. 2 Select the Schedule Backup tab. 3 In the Schedule Name field, select the desired schedule from the drop-down menu. 4 Modify settings as desired and click Save. For a description of each setting, see "To create a SQL backup schedule" on page 500. When editing a schedule, only the items being protected are marked in the Databases to protect area. The objects displayed are dependent upon the SQL Server instances and databases that are installed and running. If an instance is not available, all databases included in the schedule are marked as unavailable. To delete a SQL backup schedule Note: You can also delete SQL schedules from the Enterprise Backup subsystem. See "To delete an Enterprise backup schedule" on page 197 for details. You need to use this method if the SQL icon is no longer available in the Navigation pane. 1 Select a SQL icon in the Navigation pane and click Backup. 2 Select the Schedule Backup tab. 3 In the Schedule Name field, select the desired schedule from the drop-down menu. 4 Click Delete Schedule. Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 503 To enable or disable a SQL backup schedule Note: You can also enable and disable SQL schedules from the Enterprise Backup subsystem. See "To enable or disable an Enterprise backup schedule" on page 197 for details. 1 Select a SQL icon in the Navigation pane and click Backup. 2 Select the Schedule Backup tab. 3 In the Schedule Name field, select the desired schedule from the drop-down menu. 4 Do one of the following: • • 5 To enable the schedule, check the Schedule Enabled box. To disable the schedule, uncheck the Schedule Enabled box. Click Save. SQL Server backups status Using the Unitrends interface, you can view your backup history for a given period of time. View the status of completed Microsoft SQL backup jobs using one of the following procedures: • "To view backups completed in the last 7 days or current month" on page 503 • "To view the Backups report for a SQL Server" on page 503 To view backups completed in the last 7 days or current month 1 Select a SQL icon in the Navigation pane and click Status. 2 Select the Past (Historical Status) blind. 3 The System Status page displays a snapshot of backups over the last 7 days. Failures are red, warnings yellow, and successes green. Hover over any square in the Backup: 7 Day Snapshot calendar for a backup summary of a given day. 4 Select the Backup: Last 7 Days tab below for a list of backup jobs from the previous seven days. Click any column head to change the sort order. 5 Select the Backup: Month tab below for a list of backup jobs from the current month. Click any column head to change the sort order. 6 Click a backup to view additional details on the Backup Information page. See "Backup Information page" on page 152 for more information. To view the Backups report for a SQL Server 1 Select a SQL icon in the Navigation pane and click Reports. 2 Select the Backups report. 3 In the Date Range drop-down menu at the bottom of the screen, select a preferred date range. The default date range is Today. 4 Click any column head to change the sort order. 5 Add or remove columns by clicking the Enable and disable report columns button. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 504 6 Print or export the report with the Print this report and Save all available data buttons. For more information on the column headings, see "Backups Report" on page 369. For more information on working with reports, see "User-generated reports" on page 360. Restoring SQL backups The Windows agent supports restore of full, differential, and transaction log backups of SQL databases. When performing a restore, all previous backups in the group are also restored. This means that when you restore a transaction log backup, the master, the latest differential (if any), and all prior transaction log backups are restored as well. Each backup being restored will be its own restore job, and all restore jobs for a group are queued automatically. Considerations for restoring SQL backups Consider the following when restoring SQL backups: • • • • • • • The entire database is restored in a live state with each restore operation. • If restoring to an alternate location, only full backups can be recovered. Unitrends does not support granular restore of Microsoft SQL Server database records. User databases must be restored to the same versions of Microsoft SQL or later. Databases cannot be restored to a prior version of SQL. Restore procedures vary depending on what type of backup and database is being restored. If restoring a SQL cluster backup, the cluster node must be selected. If restoring a clustered database instance to an alternate location, you must select a path that is on a shared volume that is associated with that SQL instance. The following restore procedures are available: • • • • • • "Restoring the master database" on page 504 "Restoring the model and msdb databases" on page 505 "Restoring SQL full backups" on page 506 "Restoring SQL differential and transaction backups" on page 507 "Restoring multiple SQL databases" on page 508 "Restoring a backup when the SQL icon does not display" on page 508 Restoring the master database Consider the following when restoring the master database: • The master database can only be restored to its original server, SQL instance, and name, thus overwriting the database. • • The SQL instance must be stopped before you initiate the restore. The master database must be restored as an individual restore job. Therefore, the master database cannot be restored using the multiple SQL restore feature. Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 505 To restore the master database 1 Stop the SQL server instance that the master database you’re restoring belongs to. See the Microsoft TechNet article How to Stop an Instance of SQL Server. 2 Select the SQL icon in the Navigation pane and click Restore. 3 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 4 Select a backup of the master database from the Recovery Point Times list. 5 Click Next (Select Options). Note: 6 System databases must be restored individually. The multiple SQL restore feature is not supported for the master database. (Optional) Check the Specify Target Pathname? check box and supply an alternate path. By default, databases are restored to their original location. Note: Specifying an alternate pathname does not prevent your database from being overwritten. 7 (Optional) Specify pre- and post-backup commands by clicking the Show Advanced Execution Options icon. For details see "Backup options New and View/Modify buttons" on page 189. 8 Click Restore. The Restore Confirmation dialog box displays informing you that restoring the database without changing the name will overwrite the existing database. It is not possible to change the name of the master database. Check the check-box and click Confirm. 9 Click Okay on the Restore Status dialog box. You can view the status of your restore by navigating to Settings > System Monitoring > Jobs. For details, see "Monitoring running restore jobs" on page 355. Restoring the model and msdb databases Restoring the model and msdb databases is similar to restoring the master database in that they can only be restored back to their original server and SQL instance and that they must be restored individually. However, unlike restoring the master database, the SQL instance can be running at the time of the restore. To restore the model or msdb database 1 Select a SQL icon in the Navigation pane and click Restore. 2 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 3 Select a backup of the model or msdb database from the Recovery Point Times list. 4 Click Next (Select Options). Note: System databases must be restored individually. The multiple SQL restore feature is not supported for model and msdb databases. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 506 5 (Optional) Check the Specify Target Pathname? box and supply an alternate path. By default, databases are restored to their original location. Note: Specifying an alternate pathname does not prevent your database from being overwritten. 6 (Optional) Specify pre- and post-backup commands by clicking the Show Advanced Execution Options icon. For details see "Backup options New and View/Modify buttons" on page 189. 7 Click Restore. The Restore Confirmation dialog box displays informing you that restoring the database without changing the name will overwrite the existing database. It is not possible to change the name of the model or msdb database. Check the check-box and click Confirm. 8 Click Okay on the Restore Status dialog box. You can view the status of your restore by navigating to Settings > System Monitoring > Jobs. For details, see "Monitoring running restore jobs" on page 355. Restoring SQL full backups A SQL full backup of a user database may be restored to any available SQL server that has been added as a client to the Unitrends system. The database may also be renamed and restored to a specified alternate path if desired. Note: This procedure is for full backups of user databases only. If you would like to restore a system database, see "Restoring the master database" on page 504 or "Restoring the model and msdb databases" on page 505. To restore a SQL full backup 1 Select a SQL icon in the Navigation pane and click Restore. 2 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 3 Select a full backup of a user database from the Recovery Point Times list. Hover your mouse over the names of the databases to see the backup type. 4 Select one of the following: • • Click Next (Select Options) if you wish to restore the single database selected. Click Select Multiple Databases if you wish to restore more than one database. Check boxes to select the desired databases, then click Confirm. 5 From Available SQL Servers, select the SQL server you want to restore to. 6 From Select SQL Instance, select an available SQL instance. Available SQL instances are denoted with a green check mark. 7 (Optional) Type a new name for the database under Database Name. If you leave the database name the same, the restore operation overwrites the existing data. Changing the database name creates a new database on the SQL instance. 8 (Optional) Check the Specify Target Pathname? box and supply an alternate path. • If restoring to an alternate SQL instance on the same SQL server and no alternate target Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 507 pathname is specified, the files are restored to the default path of :\UnitrendsRestore, where is the volume on the client with the most free space. • 9 If restoring to an alternate SQL server, you must specify a pathname. (Optional) Specify pre- and post-backup commands by clicking the Show Advanced Execution Options icon. For details see "Backup options New and View/Modify buttons" on page 189. 10 Click Restore. If you’re restoring to the original SQL server and did not specify a new database name, the Restore Confirmation dialog box displays informing you that restoring the database without changing the name will overwrite the existing database. Check the check-box and click Confirm. 11 Click Okay on the Restore Status dialog box. You can view the status of your restore by navigating to Settings > System Monitoring > Jobs. For details, see "Monitoring running restore jobs" on page 355. Restoring SQL differential and transaction backups SQL differential and transaction backups must be restored to the original server and instance. When restoring a SQL differential or transaction backup, all previous backups in the group are restored sequentially. This means that when restoring a transaction backup, all previous transaction backups, the latest differential (if any), and the parent master are also restored. Each backup will be restored separately, and these backup jobs are queued automatically. This procedure is for differential and transaction backups of user databases only. If you would like to restore a system database, see "Restoring the master database" on page 504 or "Restoring the model and msdb databases" on page 505. To restore a SQL differential or transaction backup IMPORTANT! If you are protecting your SQL client with Unitrends release 8.0 or higher, your differential backups must be restored to a server with an agent version of 8.0 or higher. 1 Select a SQL icon in the Navigation pane and click Restore. 2 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 3 Select a differential or transaction backup of a user database from the Recovery Point Times list. Hover your mouse over the names of the databases to see the backup type. 4 Select one of the following: • • 5 Click Next (Select Options) if you wish to restore the single database selected. Click Select Multiple Databases if you wish to restore more than one database. Check boxes to select the desired databases, then click Confirm. (Optional) If restoring a transaction backup and you wish to restore to a point-in-time shortly before the time of the backup, check the Restore To Point-In-Time box. Read the alert, and click Okay. Click the arrow on the slider and drag it to the desired time. This feature is not available for differential backups. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 508 6 (Optional) Type a new name for the database under Database Name. WARNING! If you leave the database name the same, the restore overwrites the existing data. Change the database name to create a new database on the SQL instance. 7 (Optional) Check the Specify Target Pathname? box and supply an alternate path. • If restoring to an alternate SQL instance on the same SQL server and no alternate target pathname is specified, the files are restored to the default path of :\UnitrendsRestore, where is the volume on the client with the most free space. • If restoring to an alternate SQL server, you must specify a pathname. 8 (Optional) Specify pre- and post-backup commands by clicking the Show Advanced Execution Options icon. For details, see "Backup options New and View/Modify buttons" on page 189. 9 Click Restore. If you did not specify a new database name, the Restore Confirmation dialog box displays informing you that restoring the database without changing the name will overwrite the existing database. Check the check-box and click Confirm. 10 Click Okay on the Restore Status dialog box. You can view the status of your restore by navigating to Settings > System Monitoring > Jobs. For details, see "Monitoring running restore jobs" on page 355. Restoring multiple SQL databases For SQL restore, you can select and restore multiple user databases simultaneously. (The SQL master, model, and msdb system databases must be restored individually.) Each database is restored separately, but all databases you select are queued for restore upon submitting a single request. Due to a Windows limitation, only six SQL database restores can run simultaneously. Additional restores are queued and run as jobs complete. For details, see "Restoring SQL full backups" on page 506 and "Restoring SQL differential and transaction backups" on page 507. The following requirements must be met to initiate multiple SQL restores: • • • Unitrends system must be running version 7.5 or higher. Windows agent must be version 7.5 or higher. Databases must be restored to the original SQL instance and name. Restoring a backup when the SQL icon does not display If you added a client with SQL installed, ran backups of the SQL databases, and later uninstalled the SQL instance from the client, the SQL icon may not display in the Navigation pane of the Unitrends interface. The backups taken of the SQL databases are still on the Unitrends system and available for restore. To restore an application backup when its icon does not display 1 In the Navigation pane, select the client that once held the application. 2 Select Status from the top menu. Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 509 3 From the Calendarized Backup Information pane in the middle of the screen, browse through backups by clicking the left and right arrows. You can hover your mouse over a date on the calendar to receive information on what types of backups were completed on that date. Click on a date you want to restore a backup from. 4 Any backups completed on the selected date are displayed below in the Recovery Point Times list. Click on a backup you want to restore, then click the Restore button. 5 Continue this procedure with step 5 on page 347 of "Executing a restore from the Status tab". SQL restore from the replication target Use this procedure if you are unable to restore from the backup system. This procedure requires that you perform a bare metal restore of the SQL client to a new client that is directly attached to the replication target. Once the client has been restored, you restore the SQL database. Replicated SQL restore requirements The following are required to restore from the replication target: • • • A replicated bare metal backup of the source client is required. • The name of the SQL instance on the new, target-side SQL client must match that of the original SQL instance. A replicated SQL database backup is required. The SQL client on the target must be running a Microsoft SQL version equal to or higher than that of the original SQL client. To perform a replicated SQL database restore at the target site Use this procedure to restore replicated SQL backups from an off-site target system. For illustration purposes, the steps in this procedure utilize the following terms for backup systems, targets, and clients: • • • RepTarget refers to the target that has received replicated SQL backups from SourceBK. • SourceBK refers to the source backup system that protected the original SQL client (SQLBK in this example). Its backups have been replicated to the target system. SQLBK refers to the original SQL client, which was registered and backedup by SourceBK. SQLRep refers to the new SQL client registered to RepTarget, to which replicated backups will now be restored. 1 Perform a bare metal restore of the SQL client form the replication target as described in "Bare metal recovery from a replication target" on page 320. 2 On the replication target, display Replication View. See "Viewing replicated backups" on page 309 for details. The Navigation pane contains the following: • • • Brown RepTarget vault icon Blue RepTarget.dpu backup system icon Blue SourceBK backup system icon 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 510 • Blue backup icons for any other systems that are replicating to RepTarget. 3 Click the blue SourceBK backup icon, then select the SQL database under SQLRep. 4 Click Restore. 5 Select a Recovery Point Day from which the replicated backup will be restored by clicking on the calendar. Available days display in bold. 6 Select a restore time and click Next (Select Options). Select from available times in the Recovery Point Times tables or by clicking a wedge of time on the 24-hour circle. The database instance to restore displays in the Database column. 7 In the Available SQL Servers list, select the new SQL client (SQLRep). 8 In the Select SQL Instance list, select the instance to restore. This instance name must exactly match the one on the original SQL client (SQLBK). 9 If desired, modify the Database Name. Any database with this name on SQLRep is overwritten during the restore. 10 If desired, specify a path where the database will be restored. Click Open File Browser to browse directories on the SQL client (SQLRep). 11 If desired, specify commands to run before and/or after the restore by clicking Show Advanced Execution Options. For details, see "About backup options" on page 187. 12 Click Restore. 13 To monitor the restore job, exit Replication View, select the replication system (RepTarget) in the Navigation pane, click Status and select the Present (Concurrently Executing Backups) blind. Legacy Recovery-Series and UEB Administrator's Guide Chapter 22: Microsoft SQL Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 511 Chapter 23: Microsoft Exchange Protection This chapter describes procedures used to protect Microsoft Exchange Server environments with the Unitrends Windows agent. If your Exchange server is a VMware virtual machine, you can either run vProtect application-aware backups as described in the "VMware Protection" chapter, or install the Windows agent and implement protection as described here. For a comparison of each strategy, see "Best practices for protecting VMware virtual machines" on page 629. See the following topics for details: • • • "About Exchange protection" on page 511 "Executing Exchange backups" on page 516 "Microsoft Exchange recovery" on page 524 About Exchange protection Unitrends offers all-in-one backup, archiving, and disaster recovery for Microsoft Exchange Server in an integrated fashion from our Administrator Interface. Procedures in this chapter are for the later Windows agents that utilize snapshot technology. The term ‘streaming’ or ‘legacy’ refers to the older version of Exchange protection used with the Windows 2000 agent. The legacy Exchange agent must be used for Exchange 2000. For protection of legacy systems, see "Legacy Exchange agent" on page 866. For later Exchange releases, be sure to install the latest Windows agent. The Unitrends Windows agent includes an Exchange agent component that provides the following protection features: • Protection for Exchange 2016, 2013, 2010, 2007, and 2003 using snapshot technology. For a complete list of supported Exchange environments, see the Unitrends Compatibility and Interoperability Matrix. • • • Protection for Exchange 2000 using streaming technology. • Electronic replication of Exchange via D2D2C (Disk-to-Disk-to-Cloud), using either singletenant private cloud replication or multiple-tenant public cloud replication. • • • The ability to select individual or multiple storage groups for backup and restore. On-premise network-based backups of Exchange. Archiving Exchange backups via D2D2D (Disk-to-Disk-to-Disk) or D2D2T (Disk-to-Disk-toTape) The ability to protect Exchange clusters and DAGs (Database Availability Groups.) The ability to restore individual items from backups with third-party Kroll and Lucid 8 granular restore technology. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 512 Requirements for using Exchange Server protection The Exchange server must be running the latest service packs prior to installing the Unitrends protection software. The following components must also be installed and running on the Exchange server. If the Exchange VSS Writer is not installed or is not running, an error message displays. The Exchange VSS Writer must be running to continue the backup operation. • • Microsoft Exchange VSS Writer Microsoft VSS Service Unitrends protects all supported Microsoft configurations of locally deployed Exchange databases. Unitrends does not protect remotely deployed databases, such as Office 365 or hybrid configurations. For a complete list of supported Exchange environments, see the Unitrends Compatibility and Interoperability Matrix. For Microsoft requirements, see these Microsoft articles: • • • • • Exchange 2003 system requirements Exchange 2007 system requirements Exchange 2010 system requirements Exchange 2013 system requirements Exchange 2016 planning and deployment Note: The legacy Exchange Server agent is still used to protect Exchange Server 2000. The legacy agent is automatically installed along with the standard Windows agent and does not support backup and restore operations for any other Exchange Server versions. See "Legacy Exchange agent" on page 866 for more information. Installing Exchange protection Unitrends uses a lightweight agent that is installed on the system hosting the Exchange server to enable highly efficient communication with the data protection system. The Exchange agent must be installed for the backup system to recognize and protect the Exchange server. The Windows agent and the Exchange agent are bundled together. Simply install the appropriate Windows agent and you’re all set. For details see "Manually installing the Windows agents" on page 428. After installing the Exchange agent and refreshing the Administrator Interface, the Microsoft Exchange Server client displays in the Navigation pane. The Exchange icon displays beneath the Exchange Server client with which it is associated. Expand or collapse the client view to display or hide data.Upon upgrading the protection software, Exchange Server clients that are currently registered on the system must be reconfirmed to display in the Navigation pane. To do this, highlight the system in the Navigation pane, then select Settings > Clients, Networking, and Notifications > Clients. Choose the desired client to modify and select Confirm. Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 513 Recommended configurations for Exchange The following are recommendations for configuring Exchange for optimal protection and recovery: Recommendation Description Disable circular logging This allows you to run differential or incremental backups of Exchange. If you do not disable circular logging, only full backups are supported. See "About the circular logging setting for Exchange" on page 515 for more information. Do not allow the physical or virtual machine hosting the Exchange server to be a domain controller This allows much simpler and faster Exchange restores since you will not first have to restore Active Directory on the same server. Make sure that the physical or virtual machine hosting the Exchange server is a member of a domain that has at least two domain controllers This allows faster recovery. Active Directory information is replicated if there is more than one domain controller, which means that if one domain controller fails the other can be used to recover missing transactions after the failed domain controller is restored. Separate transaction log files from the Exchange server database Exchange performs much more efficiently if the Exchange database and transaction logs are placed on different physical storage devices. In addition, by separating these two important components, recovery of failed storage is eased. Disable the write cache This prevents data corruption by ensuring that any Exchange write on any hard drive or operation is committed to secondary storage (i.e., disk) correctly. RAID adapters being used in the system that is hosting the Exchange server Data protection strategies for Exchange Unitrends allows a wide variety of data protection strategies for Exchange. One of the most important decisions an Exchange administrator has to make is deciding the specific data protection strategy to be employed. Unitrends uses technology that enables Exchange protection without requiring that Exchange be taken offline. We protect all Exchange data, including individual databases, storage groups, mailboxes, and the public folder, with full and differential backups or full and incremental backups (version 7.5 and higher). 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 514 Exchange incremental backup Beginning in release 7.5, Exchange protection includes support for incremental backups. Exchange incrementals offer the following benefits: • Incrementals can run more quickly and frequently than differentials since they include only the changes since the last successful full or incremental backup. This enables you to meet more aggressive RPOs than with differentials, which contain all changes since the last full backup. • Upon completion of a successful incremental, unneeded transaction log files are automatically truncated, freeing space on the Exchange server. Automatic log truncation does not occur with Exchange differentials. Consider the following when determining the optimal data protection strategy for your environment: Primary factor Strategy Your tolerance of data loss is measured in a day or more Use a weekly Exchange full backup with either daily differential or daily incremental backups. Your tolerance of data loss is measured in minutes or hours If your tolerance for data loss is 8 hours or more, then use a weekly Exchange full backup with several differential or incremental backups each day. If your tolerance for data loss is 8 hours or less, then use a weekly Exchange full backup with more frequent differential or incremental backups. See the following for details on implementing incrementals for Exchange: • • "Requirements for Exchange incrementals" on page 514 "Migrating from full with differentials to full with incrementals" on page 514 Requirements for Exchange incrementals The following requirements must be met for Exchange incrementals: • • • Unitrends appliance must be running version 7.5 or higher. • • Differentials and incrementals cannot be in the same schedule. Windows agent must be version 7.5 or higher. Exchange version must be 2007 or higher. For a complete list of supported versions, see the Unitrends Compatibility and Interoperability Matrix. A full backup must be in the schedule. The incremental forever strategy is not supported. Migrating from full with differentials to full with incrementals To incorporate log truncation in your backup schedules, you can migrate from full with differentials to full with incrementals. You can keep all existing schedule settings while changing from differentials to incrementals. Once you have migrated your schedule, your next backup is automatically promoted to a full backup. Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 515 To migrate from full with differentials to full with incrementals 1 In the left Navigation pane, expand the desired Exchange server by clicking the arrow to its left. 2 Select the Exchange instance mail icon, then click Backup. 3 Select the Schedule Backup tab. 4 In the Schedule Name field, select the desired schedule from the drop-down list. 5 Select the calendar icon. This displays a calendar view of your schedule. 6 Select the differential. This displays the Modify Backup window. 7 In the drop-down list, change the type from Exchange Differential to Exchange Incremental. 8 Select Confirm. This takes you back to the calendar view. 9 Select Confirm. This takes you back to the schedule screen. 10 Select Save. Automatic exclusion of Exchange data during file-level backups When performing file-level protection of the Windows system which hosts the Exchange server, certain Exchange-related files are automatically excluded. For example, all transaction log files (i.e., .LOG files), the Exchange database (i.e., .EDB files), and streaming content files (i.e., .STM files) are excluded. To protect these files, use the procedures described in "Executing Exchange backups" on page 516. About the circular logging setting for Exchange Circular logging is an Exchange feature that allows the overwriting of transaction log files. Unitrends recommends disabling circular logging. You must disable circular logging to run differential or incremental backups. If you enable circular logging, then the only type of backup that you can perform is a full. If circular logging is disabled, the transaction logs are used to perform differential or incremental backups. • With differential backups, these transaction logs accumulate until a successful full backup is performed. • With incremental backups, unneeded logs are removed after each successful backup. The removal of unneeded truncation logs is typically termed transaction log truncation. Transaction log truncation removes unneeded logs but does not reclaim space. Reclaiming space is a separate operation that must be performed periodically by the Exchange system administrator. Snapshot and streaming backups for Exchange Unitrends protects Exchange Server using a snapshot feature of Microsoft that is available only on Windows Server 2003 and later and Exchange Server 2003 and later. Unitrends also supports legacy Exchange Server protection using an agent that supports streaming (for more information, see "Legacy Exchange agent" on page 866.) Our protection of Exchange with the snapshots does not support the following: • Any type of NAS configuration (SAN configurations are supported). 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 516 • • The Exchange 2003 Recovery Storage Group feature. Any combination of snapshot and non-snapshot (streaming) backups. Executing Exchange backups Exchange backups may either be executed immediately or scheduled. Scheduled backups are more typical—you create a calendar-based schedule which specifies when Exchange backups will occur. Scheduled backups form the foundation of on-going protection for your Exchange Server data. Immediate backups are basically just scheduled backups that occur only one time and are executed as soon as possible. This feature is useful for creating a single one-time backup, and is not the recommended approach for continued protection of applications. For additional considerations about your Exchange environment, see "About Exchange 2016, 2013, and 2010 backup" on page 520, "About Exchange 2007/2003 backup" on page 520, "About protecting clustered Exchange environments" on page 520, or "About Exchange 2000 backup" on page 523 before running Exchange backups. The following procedures are used to protect Exchange environments: • • • • • "To execute an immediate Exchange backup" on page 516 "To create an Exchange backup schedule" on page 517 "To view or modify an Exchange backup schedule" on page 519 "To delete an Exchange backup schedule" on page 519 "To enable or disable an Exchange backup schedule" on page 519 To execute an immediate Exchange backup 1 In the left Navigation pane, expand the desired Exchange server by clicking the arrow to its left. 2 Select the Exchange instance mail icon, then click Backup. 3 Select the 1-Time Backup tab. This retrieves a list of storage groups or databases available for backup. Click the reload arrows at the bottom to refresh the list of databases discovered in the environment. If there is nothing in the list: 4 • Verify that the Exchange server has been started and that the Exchange Server database is online. • • Verify that groups or databases are mounted properly on the Exchange sever. For clustered environments, verify that the Exchange Replication Service is running. Unitrends cannot detect databases on passive nodes if the service is not running. In the databases to Protect area, check boxes to select the databases or storage groups to backup. Hover over the database name for more information. 5 Choose the type of backup by selecting one of the following: • • Full Differential Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 517 • Incremental (version 7.5 or higher. For benefits and requirements, see "Exchange incremental backup" on page 514.) Select a full backup if either of the following is true: • • A restore has been performed since the last backup. A full backup has not been performed for the selected storage groups or databases. If either condition is true and a differential or incremental backup is chosen, the backup operation does not occur and you receive an error. 6 By default, backups are stored on the default device. To backup to a different device, select one in the Available Devices area. 7 Check the Verify Backup box to perform a data transfer integrity check for each backup. CAUTION! Failure to check this box can lead to undesirable results when attempting to restore from the backup. For Exchange, inline verifies are done during the backup. This method decreases the amount of time required for verification. When the backup completes, the agent compares its checksum with the system’s checksum. If they differ, the backup fails. This information can be seen by viewing the backup details on the Status screen when completed. 8 Click Backup at the bottom of the screen to initiate the backup process. A separate backup is created for each database or storage group selected. To view the status of the active backup operations, select Settings > System Monitoring > Jobs. To see the status of completed backup jobs, select Reports > Backups. To create an Exchange backup schedule 1 In the left Navigation pane, expand the desired Exchange server by clicking the arrow to its left. 2 Select the Exchange instance mail icon, then click Backup. 3 Select the Schedule Backup tab. This retrieves a list of storage groups or databases available for backup. Click the reload arrows at the bottom to refresh the list of databases discovered in the environment. If there is nothing in the list: • Verify that the Exchange server has been started and that the Exchange Server database is online. • • Verify that groups or databases are mounted properly on the Exchange sever. For clustered environments, verify that the Exchange Replication Service is running. Unitrends cannot detect databases on passive nodes if the service is not running. 4 Enter a unique Schedule Name. 5 If desired, enter a Schedule Description. 6 In the databases to Protect area, check boxes to select the databases or storage groups to include in the schedule. A separate backup is run sequentially for each storage group or database selected. Hover over 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 518 a name for more information. A storage group or database may be included in only one schedule. Adding a storage group or a database to multiple schedules will result in an error upon attempting to save the subsequent schedule. 7 8 In the Schedule area, select a backup strategy from the list. • Full with Differentials • Full with Incrementals (Version 7.5 or higher. For benefits and requirements, see "Exchange incremental backup" on page 514.) • Custom For a non-custom strategy, define the frequency at which backups of each type will run using the fields below each backup. For a custom strategy, click the Calendar icon to define the frequency at which backups of each type runs. Do the following for each backup instance: • Drag a backup icon onto the calendar. Drag onto today’s date or later. Each schedule is required to contain full backups. • In the Add Backup window, define the backup type, start date, start time, recurrence, and description (optional), then click Confirm. Note: 9 Incrementals (version 7.5 and higher) and differentials cannot be on the same schedule. If desired, modify the minimum and maximum retention settings. These settings apply to all selected databases or storage groups. To set different values for each, do not enter settings here. Instead, go to Settings > Storage and Retention > Backup Retention. For details see "About retention control" on page 121. Modifying retention settings here also updates the values displayed on the Backup Retention page. Once you modify this setting in the schedule, you cannot change it again from the schedule itself. Instead, make changes from the Backup Retention page as described in "About retention control" on page 121. 10 If you would like to add new databases to this schedule automatically, check the Auto-include new database box. This option can be enabled in only one schedule for each Exchange instance that the system is protecting. Automatic inclusion of new databases into an existing schedule is achieved through a nightly process that detects application server changes. Alternatively, the following manual process can be performed to add databases to the schedule immediately. Perform the following steps after the database has been added: • Click 1-Time Backup and wait to see that the new database shows up in the databases to Protect list (it must be mounted). • In the Navigation pane, select the client node associated with this Exchange server, then select the Exchange server node. This forces the schedules to be updated. Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 519 • View the schedule that has the Auto-include new database option set. The new database should display. The new database should also be checked to indicate that it is included in the schedule. 11 Click Advanced Settings and specify these settings: • Check the Verify Backup option to perform a data transfer integrity check for each backup. CAUTION! Failure to check this box can lead to undesirable results when attempting to restore from the backup. • • (Optional) Select the backup device to which backups will be written. • (Optional) Check the Email Failure Report option to receive email notification upon failure of any backup job on the schedule. You also have the option to receive a PDF attachment of the report in the email. • Click Confirm to save Advanced Settings. (Optional) Check the Email Schedule Report option to receive email notification upon completion of the scheduled backup jobs. You also have the option to receive a PDF attachment of the report in the email. 12 Click Save to create the schedule. To view or modify an Exchange backup schedule 1 In the left Navigation pane, expand the desired Exchange server by clicking the arrow to its left. 2 Select the Exchange instance mail icon, then click Backup. 3 Select the Schedule Backup tab. 4 In the Schedule Name field, select the desired schedule from the drop-down list. 5 Modify settings as desired and click Save. For details, see "To create an Exchange backup schedule" on page 517. To delete an Exchange backup schedule You can also delete Exchange schedules from the Enterprise Backup subsystem. See "To delete an Enterprise backup schedule" on page 197 for details. You will need to use this method if the Exchange icon is not available in the Navigation pane. 1 In the left Navigation pane, expand the desired Exchange server by clicking the arrow to its left. 2 Select the Exchange instance mail icon, then click Backup. 3 Select the Schedule Backup tab. 4 In the Schedule Name field, select the desired schedule from the list. 5 Click Delete Schedule. To enable or disable an Exchange backup schedule You can also enable and disable Exchange schedules from the Enterprise Backup subsystem. See "To enable or disable an Enterprise backup schedule" on page 197 for details. 1 In the left Navigation pane, expand the desired Exchange server by clicking the arrow to its left. 2 Select the Exchange instance mail icon, then click Backup. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 520 3 Select the Schedule Backup tab. 4 In the Schedule Name field, select the desired schedule from the list. 5 Do one of the following: • • 6 To enable the schedule, check the Schedule Enabled box. To disable the schedule, uncheck the Schedule Enabled box. Click Save. About Exchange 2016, 2013, and 2010 backup Unitrends data protection for Exchange 2016, 2013, and 2010 enables you to backup multiple databases or a single database. The database must be deployed locally. Unitrends does not protect remotely deployed databases, such as Office 365 or hybrid configurations. There are no storage groups in Exchange 2016, 2013, or 2010, so of course there is no concept of storage group protection. About Exchange 2007/2003 backup Unitrends data protection for Exchange 2007 and 2003 enables you to backup multiple storage groups or an individual storage group. Unitrends does not allow the selection for protection of individual databases within a storage group. The reason for this is the transaction logs for the entire storage group are backed up for each database selected. Thus a full backup must be run on every database in a storage group in order for the transaction logs to be properly handled for full/differential backups. About protecting clustered Exchange environments Pre-6.4.1 Windows agent versions do not support backup of passive cluster nodes or passive databases. To protect a clustered Exchange environment, upgrade to agent version 6.4.1 or later. Unitrends Windows agent versions 6.4.1 and later include protection for the following clustered Exchange environments: • • • • • "Requirements for protecting Exchange clusters" on page 520 "Exchange 2007 CCR or SCR configurations" on page 521 "Exchange 2016, 2013, and 2010 DAG configurations" on page 522 "Best practices for protecting Exchange clusters" on page 523 "Restore considerations for Exchange clusters" on page 523 Requirements for protecting Exchange clusters In addition to "Requirements for using Exchange Server protection" on page 512, verify that these requirements have been met to protect your clustered Exchange environment. Although this feature is supported on older releases, it is best to upgrade to the latest release to take advantage of significant enhancements. Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 521 Item Description Unitrends system version The system must be running release 6.4.1 or higher. Unitrends Windows agent version The Windows agent must be release 6.4.1 or higher. Exchange cluster environment Unitrends supports the protection of the following: Exchange Replication Service • • "Exchange 2007 CCR or SCR configurations" on page 521 "Exchange 2016, 2013, and 2010 DAG configurations" on page 522 The Microsoft Exchange Replication Service must be installed and running. If this service is not running, the Unitrends appliance cannot see databases on passive nodes. Exchange 2007 CCR or SCR configurations Exchange 2007 servers in a CCR or SCR configuration are protected from data loss by mailbox replication. Selected storage groups have their mailbox databases continuously replicated onto another identically configured Exchange 2007 server. The storage groups on the originating server are active and are in-use by the Exchange user population. The storage groups on the replicated server are passive and not used until activated either manually or automatically because of an unexpected failure of the active server. Exchange CCR or SCR allows two Exchange servers to be clustered together to create the active and passive nodes. An example of how the databases may be protected in a CCR configuration is shown below. The database names shown in red are the active copies. Here, Exchange_South hosts all the passive database copies. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 522 Exchange 2016, 2013, and 2010 DAG configurations Exchange 2016, 2013, and 2010 servers participating in a Database Availability Group (DAG) also use mailbox replication to prevent data loss. The active and passive node concept is the same as for Exchange 2007 CCR configurations, but DAG configurations permit two or more Exchange servers to be clustered together. In DAG configurations, an Exchange server’s active mailboxes are continuously replicated to passive mailboxes on one or more Exchange servers. DAG configurations allow a single Exchange server to host the entire set of active mailboxes and all other Exchange servers in the DAG host a copy of the passive mailboxes. Or, each server in the DAG can host active and passive mailboxes simultaneously. As an example, assume a DAG has three Exchange server members: • • • Exchange_North Exchange_South Exchange_East The DAG also has the following Exchange databases in operation: • • • DB_North DB_South DB_East An example of how the databases may be protected by the DAG is shown below. The database names shown in red are the active copies. All others are the passive copies that are the replication targets. Each database is active on one Exchange server and replicated to all other Exchange servers. Microsoft recommends backing up the passive copies of databases to reduce the workload on the server hosting the active copies. One way to facilitate this backup strategy is to host all active copies on a single server and replicate them to one or more DAG members, as shown in the figure below. All active databases are located on the server Exchange_North, while Exchange_South and Exchange_East host multiple passive copies. The Unitrends agent is then used to backup the databases on Exchange_South and Exchange_East at regular intervals. Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 523 Exchange 2016, 2013, 2010, and 2007 provide two VSS writers that are used for backup. The Exchange Info Store writer manages the backup of active databases. The Exchange Replication writer manages the backup of passive (or replicated) databases. The Unitrends agent can backup using either writer. When a database backup starts, the agent determines if it is the active or passive copy, then uses the appropriate Exchange writer for the operation. In replicated configurations, you can schedule backups of all databases on any of the servers. A database failover condition won’t affect the next backup since the agent will backup databases in either state. Best practices for protecting Exchange clusters Use the following guidelines when protecting clustered Exchange environments: • Add each Exchange server node you wish to protect to the Unitrends system using its native server IP address. Do not use the cluster hostname/IP address used to access the active Exchange server. For details, see "About adding clients" on page 69. • • Do not add the cluster hostname/IP as a separate client. • • Backup only passive copies to reduce workload on the active server(s). Do not backup multiple copies of the same database simultaneously. Each full backup of an active or passive database results in database log truncation. The truncation of logs is replicated to the other members of the cluster where that database exists. If the same database is undergoing a full backup on two nodes, the log truncation of each could interfere with the other. To avoid this, schedule backup of replicated databases at staggered times across the cluster. Once an Exchange node is added, you can also run file-level backups as described in the "Filelevel Backups" chapter. Restore considerations for Exchange clusters The Unitrends agent supports the restore of backups from active and passive databases. In both cases, the database can only be restored to the server currently hosting the active copy of that database. For example, if the database to restore is currently active on server Exchange_North, then that is the only location to which it can be restored. For alternate restore, the passive copy can be restored to any non-Exchange location as described in "Restoring to an alternate location" on page 528. About Exchange 2000 backup Exchange Server 2000 is supported only via the legacy Exchange (streaming) agent. For more information concerning this, see "Legacy Exchange agent" on page 866. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 524 Exchange Archiving Archiving of Exchange Server backups is supported via Unitrends’ disk- and tape-based archiving system. For more information, see the "Archiving Overview" on page 201 chapter. Exchange Replication Electronic replication, of Exchange Server backups is supported via Unitrends’ replication or legacy vaulting features. For more information, see the "Replication" and "Legacy Vaulting " chapters. Note: Legacy Exchange backups are run by the Windows 2000 agent to protect Exchange 2000 environments. (For details, see "Legacy Exchange agent" on page 866.) Replication is not supported for legacy Exchange backups. Replication of file-level backups for legacy Exchange clients is supported. Legacy vaulting is supported for legacy Exchange backups. Microsoft Exchange recovery Use the restore feature to recover an entire database, storage group, or selected items from Exchange backups. These procedures can be run from the local backup system or from a target to which Exchange backups have replicated. See the following topics for details: • • "Restoring an Exchange database or storage group" on page 524 "Restoring Exchange items " on page 530 Restoring an Exchange database or storage group Use the procedures in this section to restore an Exchange database or storage group to the desired target. Prior to restoring, verify the restore target is set up as required and that any restrictions have been met. Choose from the following restore targets: • • • "Restoring to the original Exchange server" on page 525 "Restoring to a recovery area" on page 526 "Restoring to an alternate location" on page 528 Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 525 Restoring to the original Exchange server Restore to Exchange Server is the default restore type. All database and transaction log files are restored directly to the original location. The following conditions must be met in order to perform a successful restore to the original Exchange server: Condition Explanation Database name and file name must remain unchanged from the time the backup was performed The database name is the symbolic or displayable name of the database. For example, Mailbox Database or Mailbox1. The actual database file name, for example Mailbox1.edb, must also be unchanged since the backup was run. Databases must be dismounted • For Exchange 2016, 2013, and 2010, only the database being restored must be dismounted. • For Exchange 2003 and 2007, all databases contained in the storage group must be dismounted. Note that the location of the database files and transaction log files may be changed after the backup has been performed, if needed. If the log files or database files must be moved to another volume or disk, the actual names of the database files must be preserved. Database must be in a Clean Shutdown state If the database is in a Dirty Shutdown state, you can restore the backup but need to bring the database into a Clean Shutdown state to mount the database. After restoring, if you cannot mount the database, see this Microsoft article to determine whether this is the problem: Exchange Database Is in a Dirty Shutdown State. Databases must be marked as overwrite allowed on restore All databases must have the overwrite allowed on restore flag set. This task can be performed using the Exchange Server administrative console or the appropriate Exchange Server command line utility. If this is not the case then the restore will fail. Remove all existing database and transaction log files It is recommended that all database and transaction log files be removed from the restore location. Restoring a differential, incremental, or a full backup restores the server to a specific point-in-time. To ensure that the storage group or database can be remounted without integrity errors, any existing database and transaction log files should be removed before performing the restore. To restore a database or storage group to the original Exchange server 1 Verify all prerequisites described above have been met. 2 Select the Exchange client in the Navigation pane and click Restore. 3 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 4 Specify a Recovery Point Time by selecting a backup in the list, then click Next (Select Options). 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 526 • To locate the desired database or storage group, hover over the backups in the list. When you hover, the database or storage group displays. • Restoring a backup restores the database or storage group to a specific point-in-time state. So selecting a differential or incremental backup also restores the associated full backup. Restore Items performs an individual item restore directly from the Exchange backup and not a complete Exchange restore. For more information concerning restoring individual items, see "Restoring Exchange items " on page 530. 5 On the Restore from Backup of Client page, verify the backup and database/storage group displayed are the ones you wish to restore. If not, click Cancel and choose another backup. 6 Select Restore to Exchange Server and the desired Exchange server from the Available Exchange Servers list. For Exchange 2016, 2013, 2010, and 2007, you may select any server running the same Exchange version as the original. For Exchange 2003, only restores to the original server are supported. 7 If desired, run pre- or post- restore commands by selecting Show Advanced Execution Options. Specify the client-side commands to run by entering any system command or user script in the Client Pre-Restore Commands or Client Post-Restore Commands fields. For details, see "About backup options" on page 187. 8 Click Restore. All database and transaction log files are restored directly to the original location. 9 Re-mount any databases you dismounted for the restore. Restoring to a recovery area Restore to recovery area is restricted to Exchange 2016/2013/2010 (a recovery database) and Exchange 2007 (an RSG, or recovery storage group). It is not supported for Exchange 2003 or earlier versions. In addition, it is only available if there is a recovery database or recovery storage group available in the backup. See the following topics for details on restoring to a recovery area: • • "Requirements for restoring to a recovery area" on page 526 "To restore a database or storage group to a recovery area" on page 527 Requirements for restoring to a recovery area The following conditions must be met in order to perform a successful restore to recovery database or recovery storage group: Condition Explanation Exchange 2016/2013/2010 recovery database or Exchange 2007 RSG Exchange 2003 or earlier versions are not supported. Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 527 Condition Explanation Databases must be dismounted For Exchange 2007, this includes all databases contained in the storage group. For Exchange 2016, 2013, and 2010, the recovery databases must be dismounted. Database must be in a Clean Shutdown state If the database is in a Dirty Shutdown state, you can restore the backup but need to bring the database into a Clean Shutdown state to mount the database. After restoring, if you cannot mount the database, see this Microsoft article to determine whether this is the problem: Exchange Database Is in a Dirty Shutdown State. Databases must be marked as overwrite allowed on restore All databases must have the overwrite allowed on restore flag set. This task can be performed using the Exchange Server administrative console or the appropriate Exchange Server command line utility. If this is not the case, the restore will fail. Remove all existing database and transaction log files It is recommended that all database and transaction log files be removed from the restore location. Restoring a differential, incremental, or a full backup restores the server to a specific point-intime state. To ensure that the storage group or database can be remounted without integrity errors, any existing database and transaction log files should be removed before performing the restore. [Exchange 2007 only] The RSG must contain the same number of mailbox databases and public folder databases as the original storage group Each database filename (e.g., mailbox1.edb, publicfolder.edb) created in the recovery storage group must match the corresponding database file name in the original storage group that is being restored. Creating recovery storage groups using the Exchange 2007 Administrative Console enforces this rule. To restore a database or storage group to a recovery area 1 Verify all prerequisites have been met, as described in "Requirements for restoring to a recovery area" on page 526. 2 Select the Exchange client in the Navigation pane and click Restore. 3 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 4 Specify a Recovery Point Time by selecting a backup in the list, then click Next (Select Options). • To locate the desired database or storage group, hover over the backups in the list. When you hover, the database or storage group displays. • Restoring a backup restores the database or storage group to a specific point-in-time state. So selecting a differential or incremental backup also restores the associated full backup. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 528 Restore Items performs an individual item restore directly from the Exchange backup and not a complete Exchange restore. For more information concerning restoring individual items, see "Restoring Exchange items " on page 530. 5 On the Restore from Backup of Client page, verify the backup and database/storage group displayed are the ones you wish to restore. If not, click Cancel and choose another backup. 6 Select Restore to Recovery Area and the desired Exchange server from the Available Exchange Servers list. 7 If desired, run pre- or post- restore commands by selecting Show Advanced Execution Options. Specify the client-side commands to run by entering any system command or user script in the Client Pre-Restore Commands or Client Post-Restore Commands fields. For details, see "About backup options" on page 187. 8 Click Restore. All database and transaction log files are restored to the recovery area. 9 Re-mount any databases you dismounted for the restore. Restoring to an alternate location See the following for details on restoring to an alternate location: • • • "Requirements for restoring to an alternate location" on page 528 "Backup type details for restore to an alternate location" on page 528 "To restore a database or storage group to an alternate location" on page 529 Requirements for restoring to an alternate location Restore to Alternate Location allows the Exchange information store to be restored to a location other than the original location where it resided when the backup occurred. The alternate location can be either to the same Exchange Server host, a different Windows protected client, the network share of your Unitrends backup system, or any CIFS/NFS network storage. To restore to CIFS/NFS network storage, you must first add the storage to the Unitrends appliance as a client. For details, see "Adding CIFS/NFS clients" on page 579. Backup type details for restore to an alternate location The following specifies the difference between a full, differential, and incremental restore to an alternate location: Backup type Explanation Full Restore All of data associated with the Exchange information store is restored to the specified location. Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 529 Backup type Explanation Differential Restore Only the data contained in the differential backup is restored to the named location; the associated full backup is not restored. A differential restore should be used only if certain files within the backup are required or a third-party tool is used for individual mailbox or item restore, e.g. Kroll On-Track. This type of restore can be performed to any Windows-based protected client and the server is not required to have Microsoft Exchange Server installed. This type of restore may also be done to the backup system itself. Incremental Restore (version 7.5 and higher) Incremental backup chains can become very lengthy, creating a large restore. To simplify the restore process, the appliance creates a single restore job on the restore point chosen. For details, see "Point-in-time restore" on page 342. This is not a synthetic backup, it is simply a concentration of the available backups, sent in backed-up order. To restore a database or storage group to an alternate location 1 Verify all prerequisites have been met, as described in "Requirements for restoring to an alternate location" on page 528. 2 Select the Exchange client in the Navigation pane and click Restore. 3 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 4 Specify a Recovery Point Time by selecting a backup in the list, then click Next (Select Options). • To locate the desired database or storage group, hover over the backups in the list. When you hover, the database or storage group displays. • Restoring a backup restores the database or storage group to a specific point-in-time state. So selecting a differential or incremental backup also restores the associated full backup. Restore Items performs an individual item restore directly from the Exchange backup and not a complete Exchange restore. For more information concerning restoring individual items, see "Restoring Exchange items " on page 530. 5 On the Restore from Backup of Client page, verify the backup and database/storage group displayed are the ones you wish to restore. If not, click Cancel and choose another backup. 6 Select Restore to Alternate Location. 7 Select a restore target from the Client To Which To Restore list. • • 8 The list contains all protected clients and the backup system itself. To restore to CIFS or NFS-configured NAS storage, you must first add the storage to the Unitrends appliance as a client. For details, see "Adding CIFS/NFS clients" on page 579. Enter a target directory. This is the directory on the target client to which Exchange data will be restored. If you have selected the backup system as the restore target, data is restored to the system’s network 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 530 share: /backups/samba. 9 If desired, modify these options: • Check the Preserve Directory Structure box if the directory hierarchy information in the backup must be restored. For example, if you specify the Target Directory as /tmp, all files restored from the backup will be placed into that single directory. • If the option Overwrite existing Files is selected, existing files will be overwritten during the restore. • Restore Newer Files Only restores a file only if its date is newer than the existing file on the client. If the file does not exist on the client, the file is restored. • Set File Dates to Today sets the last modification date of the file to the date and time of the restore. • The option Unix Text Conversion will not convert new lines to CR-LF when restoring UNIX text files to MS-DOS systems. 10 If desired, run pre- or post- restore commands by selecting Show Advanced Execution Options. Specify the client-side commands to run by entering any system command or user script in the Client Pre-Restore Commands or Client Post-Restore Commands fields. For details, see "About backup options" on page 187. 11 Click Restore. All database and transaction log files are restored to the target directory. Restoring Exchange items In addition to giving you the ability to restore an entire Exchange database or selected Exchange storage groups, Unitrends provides EQR (Exchange Quantum Recovery) which allows granular items, down to the individual mail item, to be restored. Unitrends offers and supports Kroll Ontrack Powercontrols to restore individual items from an Exchange backup. Kroll can be used with 32-bit versions of Outlook only. 64-bit Outlook versions are not supported. For a complete overview of Kroll Ontrack PowerControls for Exchange, including procedures and limitations, see Kroll’s Exchange user guide available at http://www.krollontrack.com/support/user-guide-and-manuals/. There are two fundamental ways that this tool may be used: Restore from Explanation Directly from the Exchange backup Unitrends allows its customers to perform all of the functions associated with KOP directly from the Exchange backup without having to first perform the restore of an Exchange backup. A previously restored Exchange backup After an Exchange backup has been restored (see "Restoring an Exchange database or storage group" on page 524), KOP or a third-party tool (e.g., Lucid8) may be used to search and recover individual Exchange items. Note that unlike KOP, third-party tools are certified and supported by third parties and not Unitrends. Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 531 Restoring Exchange items directly from a backup Unitrends offers an optional feature that allows individual Exchange items to be restored directly from the Exchange backup. This means that you may recover individual Exchange items without first having to perform the restore of an Exchange backup. This option allows the fastest recovery time possible. To restore individual Exchange items directly from the Exchange backup 1 Log in to the Unitrends system. 2 Verify that the Samba service is enabled on your Unitrends appliance. Select Settings > System, Updates, and Licensing > Support Toolbox [Advanced]. Then click Samba On/Off to determine whether the service is enabled. 3 Select the Exchange application in the Navigation pane and click Restore. 4 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 5 Select a restore time and click Next. Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. 6 Click Restore Items below. 7 If a mounted backup image does not exist, you need to create one by clicking Create. You will see a screen of instructions. You are directed to go to your Windows-based system on which KOP (Kroll Ontrack Powercontrols) is installed, log in, map the network share drive presented by the Unitrends system, and then start KOP. 8 Use KOP to recover Exchange items. See "Restoring items with Kroll Ontrack PowerControls for Exchange" on page 532 for details. Note: 9 Creating the recovery object can take some time. If you do not see any available items, check back later. Disconnect the network drive that you mapped on your KOP system. 10 On the backup system, tear down the image of the mounted backup using one of the following procedures: • If the Restore from Backup Screen is still open in the backup system, select the image in the Images available for recovery area, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is removed from the share. • If you have closed the Restore from the Backup screen, follow the instructions described in "About the Exchange restore session" on page 531. The reason that you perform the tear down is to allow your Unitrends system to reclaim the storage space for use for more backups and other operations. About the Exchange restore session After files have been restored, the session remains until you tear it down. Because system resources are used to maintain the session, it is important to tear it down to ensure optimal performance. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 532 To view or tear down Exchange restore images 1 Select the Exchange application in the Navigation pane. 2 Select Settings > System Monitoring > Restore Disk Images. 3 Select Restore Images. A list of restore images displays. 4 Click Refresh to ensure that the list is current. 5 If desired, tear down a restore image. • Make sure you have disconnected from the network drive that you mounted on your KOP system. • • Select an image in the Images available for recovery area, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is removed from the share. Restoring Exchange items from a previously restored backup If the option of restoring an individual Exchange item directly from the Exchange backup is not available, then the restore may be performed from a previously restored Exchange backup. After an Exchange backup has been restored, KOP or a third-party tool (e.g., Lucid8) may be used to search and recover individual Exchange items. Note that unlike KOP, third-party tools are certified and supported by third parties and not Unitrends. There are two classes of restore targets in this situation: the restore of the Exchange backup may be performed to the Unitrends system or the restore of the Exchange backup may be performed to a customer’s Windows system. The advantage to restoring the Exchange backup to the Unitrends system is that typically the restore will be faster because there is no network bandwidth overhead that must be incurred. Restoring items with Kroll Ontrack PowerControls for Exchange After completing step 1 on the previous page through step 7 on the previous page in "To restore individual Exchange items directly from the Exchange backup" on page 531, use the following procedure to restore individual items. Note that to copy to a mailbox other than the one you logged in under, Full Mailbox Access must be set to Allow. For more on this, see the About Restoring Messages to a Microsoft Exchange Server section of the Ontrack Power Controls User Guide. To restore items using Kroll Ontrack PowerControls for Exchange Note: Creating the recovery object can take some time. If you do not see any available items, check back later. 1 Log in to your Windows machine with Kroll installed. Run Kroll Ontrack PowerControls for Exchange. 2 On the Welcome screen, click Next. 3 Next to the Source File field, click Browse. Browse to the exchange_restore share on your Unitrends system and double click your Exchange .edb file. If restoring from a full backup, the .edb file should be located in the backup0 folder. If restoring from a differential or incremental backup, the .edb file should be in the merged folder. Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 533 Back on the Source Path Selection screen, click Next. 4 Choose to restore to a PST file or directly back to a live Exchange environment. If restoring back to a live Exchange environment, supply administrative credentials to any mailbox you want to restore to. Click Next. If creating a PST file, click Next and make a selection on the compatibility of the file. 5 To restore items, do one of the following: • To restore items to a PST file or live Exchange environment, navigate to the items you want to restore in the Source pane on top, select them, and drag and drop them to the node you want to restore them to in the Target pane on bottom. • To restore items to a network location, navigate to the items you want to restore in the Source pane on top, select them, right click and select Export, select a message format and restore location, and click Export. 6 After restoring all the items you want to restore, close Kroll Ontrack PowerControls for Exchange. 7 Continue with step 9 on page 531 in "Restoring Exchange items directly from a backup" on page 531. About restoring Exchange 2016, 2013, or 2010 from a backup Exchange 2016, 2013, and 2010 use recovery databases. Each server has a recovery database and there can’t be more than one mounted recovery database at a time. Once the recovery database has been created, you first restore the backup to it and then use the Microsoft Exchange Management Shell to extract mailbox data from the information store into the local mail.pst file. You may also opt to merge the extracted data back into the currently active information store. Recovery databases are fundamentally different than the RSG (Recovery Storage Group) mechanism used in Exchange 2007 and 2003. About restoring Exchange 2007 from a backup Exchange 2007 uses the RSG (Recovery Storage Group) mechanism. RSG allows the user to mount a second copy of an Exchange information store on any Exchange Server that is a member of the same Exchange Administrative Group as the original while concurrently the original information store is still active. This allows the user to recover data from the backup copy of the information store without interfering with the on-going operation of the Exchange Server. Once the RSG has been created the user first restores the backup to it and then uses the Microsoft Exchange Management Shell in Exchange 2007 to extract mailbox data from the information store into the local mail .pst file. The user may also optionally merge the extracted data back into the currently active information store as well. RSG is fundamentally different than the recovery database mechanism used in Exchange 2016, 2013, and 2010. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 534 About restoring Exchange 2003 from a backup Direct restores to the RSG is not permitted for Exchange 2003 backups. Instead only restores to the original location or an alternative location are supported. About restoring Exchange 2000 from a backup Exchange Server 2000 is supported only via the legacy Exchange (streaming) agent. For more information concerning this, please see "Legacy Exchange agent" on page 866. Restoring Exchange from archives Please see the "Archiving Overview" chapter. Restoring Exchange from a legacy vault Please see the "Legacy Vaulting " chapter. Restoring a backup when the Exchange icon does not display If you add a client with Exchange installed, run backups on the Exchange databases, and later uninstall the Exchange instance from the client, the Exchange icon may not display in the Navigation pane of the Unitrends interface. The backups taken of the Exchange databases are still on the Unitrends system and are still available for restore, but without the option to first select the Exchange icon when performing a restore, another method of selecting a backup for restore must be used. To restore an application backup when its icon does not display 1 In the Navigation pane, select the client that once held the application. 2 Select Status from the top menu. 3 From the Calendarized Backup Information pane in the middle of the screen, navigate through backups by clicking the left and right arrows to browse a month’s worth of backups at a time. You can hover your mouse over a date on the calendar to receive information on what types of backups were completed on that date. Click on a date you want to restore a backup from. 4 Any backups completed on the selected date are highlighted below. Click on a backup you want to restore. 5 Click the Restore button. 6 Follow standard procedures for restoring the type of backup you selected. Legacy Recovery-Series and UEB Administrator's Guide Chapter 23: Microsoft Exchange Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 535 Chapter 24: Microsoft SharePoint Protection This chapter describes procedures used to protect Microsoft SharePoint environments. Unitrends leverages native SharePoint data protection to provide all-in-one backup, archiving, replication, and recovery of SharePoint farms. Unitrends protects the following SharePoint environments: • Deployments where the SharePoint installation type is single server, and all SharePoint data and components reside on one server. • Deployments where the SharePoint installation type is full farm, and the SharePoint data and components reside on one or multiple servers. Note: If your SharePoint farm is a single server deployment and the SharePoint server is a VMware virtual machine, you can either run vProtect application-aware backups as described in the "VMware Protection" chapter, or install the Windows agent and implement protection as described here. For a comparison of each strategy, see "Best practices for protecting VMware virtual machines" on page 629. For multi-node farms, you must install the Windows agent; vProtect backup is not supported for multi-node farms. See the following topics for details: • • • • "About SharePoint protection" on page 535 "Executing SharePoint backups" on page 541 "Viewing SharePoint backups" on page 543 "Restoring SharePoint backups" on page 543 About SharePoint protection The SharePoint agent provides protection of services and resources in a Microsoft standalone or multi-server SharePoint farm. The SharePoint agent is a component of the Windows core agent. It is fully integrated into the backup system, from which all configuration and management tasks are performed. In a SharePoint deployment, the primary node installs SharePoint services on other member servers and initiates administrative commands to manage the farm. The Central Administration service runs on the primary node to perform farm management. All nodes directly access the SharePoint central configuration database for configuration of services, features, database connections, and the like. The central configuration database resides either on the primary node or on a stand-alone SQL server. Unitrends protects the farm from the primary node, where administrative commands are run to coordinate the backup of data across other nodes in the farm. The agent leverages SharePoint’s STSADM and PowerShell (SharePoint 2013 and higher) tools to perform backup and recovery operations to ensure application consistency. The agent invokes 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 536 commands on the SharePoint primary node and supplies STSADM or PowerShell with a local share target (/backups/rae//) so that jobs run on the backup system itself. The agent works with STSADM or PowerShell to backup the SharePoint-specific data and files on each node in the farm. STSADM or PowerShell discovers the online nodes and performs backup operations to the local backup system share. If a node is not available, the backup continues without error. The resulting backup does not include any nodes that were unavailable when the backup ran. Notes: • SharePoint protection includes SharePoint data only. To protect an entire node in the farm, register the node to the backup system as a separate client and run file-level backups. • Protecting SharePoint farms. Full catastrophic farm recovery can only be performed for deployments where the installation type is single server. To check your installation type, see "To determine the SharePoint installation type" on page 538. SharePoint agent requirements The following requirements must be met to enable Unitrends SharePoint protection: • SharePoint version must be supported by Unitrends. See the Unitrends Compatibility and Interoperability Matrix for details. • To protect SharePoint 2007 or 2010, the Unitrends system and Windows agent can be running 7.0 or higher. However, upgrading to the latest agent is recommended. • To protect SharePoint 2013, both the Unitrends system and Windows agent must be running version 7.1 or higher. • The SharePoint farm configuration must adhere to Microsoft best practice standards. An SPFarmBackup domain account that is a member of the local administrators group must be configured on each node in the farm. • • SharePoint administration and timer services must be running on the primary node. • Prerequisite configuration steps must be performed on the primary node, as described in "SharePoint configuration prerequisites" on page 537. • For full farm installations only, trust credentials are needed for the Unitrends system to back up the SharePoint farm database. These credentials must be set at the database instance level as described in "To create a new credential for a SharePoint database" on page 537. To ensure sufficient privilege, it is recommended that the credential user be a member of the administrators group on the local computer for each member of the farm, and a member of the farm administrator’s SharePoint group. Additionally, you may wish to define client-level trust credentials to enable push install of the Unitrends agent. These client-level trust credentials are not used to back up the SharePoint instance. You must define instance-level credentials for backups to run successfully. For more on trust credentials, see "Client trust credentials" on page 91. The SharePoint administration and timer services must have local administrator privileges. Be sure the service is a member of the necessary Windows security groups or SharePoint groups. If you experience backup errors using new credentials, see the following KnowledgeBase Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 537 articles for more information: KB 3061, KB 3067, KB 3066, KB 3058, KB 1147, and KB 3076. • For single server installations, do not define trust credentials. If trust credentials are defined for a single server installation, Unitrends cannot back up the database. To create a new credential for a SharePoint database This procedure is for full farm installations only. Do not create a credential for a single server installation that has credentials defined.) To determine your installation type, see "To determine the SharePoint installation type" on page 538. 1 Select the SharePoint farm instance in the Navigation pane and click Backup. 2 On the 1-Time Backup or Schedule Backup tab, databases display in the Select Items list. To refresh the list, click the Reload icon in the bottom right. 3 Click the Credential icon to the right of the farm database. 4 In the Set Credentials window for the listed Items, click New Credential and enter the following: Field Description Credential Name Name associated with the credential. (Optional) Administrative User must be a member of the administrators group on the local computer Username for each member of the farm, and a member of the farm administrator’s SharePoint group. 5 Password Password associated with the username you supplied. Confirm Password Enter the password again to confirm. Domain Name of the Windows domain associated with this credential. (Optional) Set as Default Check this box to set the credential as default for the system. (Optional) Click Create and Set Credential. The credential is created and applied to the selected database. SharePoint configuration prerequisites You must perform one of these procedures before you can begin protecting your SharePoint environment: • For deployments where the SharePoint installation type is single server and all SharePoint data and components reside on one server, see "To configure services on a standalone SharePoint server" on page 539. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 538 • For deployments where the SharePoint installation type is full farm and the SharePoint data and components reside on one or more servers, see "To configure a farm for Unitrends protection" on page 539. • If you are unsure of the installation type, see "To determine the SharePoint installation type" on page 538 or "To determine the SharePoint installation type in older versions" on page 538. To determine the SharePoint installation type 1 Select the SharePoint agent under the SharePoint client in the Navigation pane, and click Backup. 2 Select the 1-Time Backup tab. 3 In the Instance to Protect area, check the value in the Type column. • If the type is Farm, this installation is configured as a multi-server installation. Note that you must use the Untirends multi-farm procedures to protect this farm, even if there is only one physical server in the SharePoint installation. • • If the type is Single Server, this installation is configured as a single server. • If you see the Farm in the Instance to Protect area, but do not see the Type column, you are running an older Unitrends version. Use the procedure "To determine the SharePoint installation type in older versions" on page 538. If you do not see anything in the Instance to Protect area, click the reload arrows at the bottom to refresh the view. To determine the SharePoint installation type in older versions Use this procedure if you are running a pre-7.5 Unitrends version. For version 7.5 and higher, see "To determine the SharePoint installation type" on page 538. 1 From the SharePoint server, launch the Registry Editor (regedit.exe). 2 Check for the Server Role in one of the following locations: • For SharePoint 2013 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\15.0\WSS\ServerRole • For SharePoint 2010 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\WebServer Extensions\14.0\WSS\ServerRole • For SharePoint 2007 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\WSS\ServerRole 3 If the Server Role is: • SINGLESERVER, it was installed as a standalone SharePoint server. In this case, use the standalone procedures in this chapter. Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 539 • Note: APPLICATION or WFE, it was installed as a full farm. In this case, use the farm backup and restore procedures in this chapter, even if all SharePoint components reside on a single server in your environment. Microsoft does not support upgrading from the single server installation type to a full farm installation type. To configure services on a standalone SharePoint server Use this procedure for standalone SharePoint servers where the installation type is single server. For the farm installation type, see "To configure a farm for Unitrends protection" on page 539. To check your SharePoint installation type, see "To determine the SharePoint installation type" on page 538. 1 Add the server to the Unitrends backup system as described in "About adding clients" on page 69. This installs the Unitrends Windows agent. Be sure to setup administrative trust credentials during the registration process. 2 Log in to the SharePoint server. 3 Open Services and verify that the following services are running. If not, start them. • • 4 SharePoint 2010/2013 Timer or Windows SharePoint Services Timer SharePoint 2010/2013 Administrator or Windows SharePoint Services Administration For each of the above services, set the startup type to automatic. Once services are running and set to automatic, the server can be protected by the Unitrends system. See "Executing SharePoint backups" on page 541 to start protecting the server. To configure a farm for Unitrends protection Use this procedure to configure a farm deployment containing one to many servers. For single server installations, see "To configure services on a standalone SharePoint server" on page 539. To check your SharePoint installation type, see "To determine the SharePoint installation type" on page 538. This procedure assumes your SharePoint environment has been setup with a SPFarmBackup domain account that is a member of the local administrators group, in accordance with Microsoft best practices. If you have a non-standard configuration, see the KB 2814 article for additional requirements. 1 Install the Unitrends Windows agent on the primary node as described in "Manually installing the Windows agents" on page 428. The primary node is the one running the Central Administration service. To see services on each node, log in to any node in the farm, and select All Programs > Microsoft SharePoint Products > SharePoint Central Administration. On the Central Administration page, select System Settings > Manage servers in the farm. 2 Log in to the primary node, and open Services. 3 Verify that the following services are running. If not, start them. • SharePoint 2010/2013 Timer or Windows SharePoint Services Timer 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 540 • 4 SharePoint 2010/2013 Administrator or Windows SharePoint Services Administration For each of the above services, set the startup type to automatic. Note: 5 For Unitrends release 7.0 and Windows 7.0 agent only - You must also modify the BP Agent service. To do this, right-click the BP Agent service, and select Properties. On the Log On tab, change Local System Account to Domain\SPFarmBackup. Restart the BP Agent service by right-clicking and selecting Restart. This step is not needed for release 7.1 or higher. Add the primary node to the Unitrends backup system as described in "About adding clients" on page 69. Be sure to setup administrative trust credentials during the registration process. Once added, select the SharePoint server in the Navigation pane, and verify that you see the SharePoint application icon below. The farm is now configured, and you can begin protecting your SharePoint environment. See "Executing SharePoint backups" on page 541 for details. SharePoint backup considerations Consider the following when protecting SharePoint environments: • The SharePoint agent supports full and differential backups. Incrementals, including the incremental forever backup strategy, are not supported. • Free space equivalent to twice the size of the backup is required on the local share for backup processing. If adequate space is not available, the backup fails. • • Only one backup or restore operation per SharePoint farm can run at any given time. • For a given farm, any restores initiated while a backup is in progress will fail. Once the backup completes, restores can be run for the farm. • • For a given farm, any backups initiated while a backup is in progress will fail. For a given farm, any backups initiated while a restore is in progress will fail. Once the restore completes, backups can be run for the farm. Windows Instant Recovery is not supported for Windows SharePoint environments. Display of SharePoint agent in the backup system Once you register the primary SharePoint server to the backup system, the SharePoint agent displays in the Navigation pane beneath the client with which it is associated. The client view can be expanded or collapsed to display or hide data accordingly. If you do not see the SharePoint icon, click the reload arrows at the bottom to refresh the view. For details on registering the SharePoint server, see "About adding clients" on page 69. If you have added SharePoint to a Windows server after the server has been registered to the backup system, the agent must rescan to detect and display the newly added SharePoint application. To rescan, highlight the SharePoint server, and select Settings > Clients, Networking, and Notifications > Clients. On the Clients page, click Setup. Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 541 Executing SharePoint backups SharePoint backups can either be executed immediately or to execute at a desired frequency. Scheduled backups are a calendar-based schedule you create that specify when SharePoint backups will occur; these are more typical because scheduled backups form the foundation of continuous data protection. Immediate backups are scheduled backups that occur only one time and are executed as soon as possible. The Immediate backup feature is useful for creating a onetime backup, but is not recommended as the basis for continuous SharePoint protection. Use the following procedures to execute and schedule SharePoint backups: • • • • • "To execute an immediate SharePoint backup" on page 541 "To create a SharePoint backup schedule" on page 541 "To view or modify a SharePoint backup schedule" on page 542 "To delete a SharePoint backup schedule" on page 543 "To enable or disable a SharePoint backup schedule" on page 543 To execute an immediate SharePoint backup 1 Select a SharePoint application in the Navigation pane, and click Backup. 2 Select the 1-Time Backup tab. 3 In the Instance to Protect area, check the Farm box. • • 4 If you do not see the Farm, click the reload arrows at the bottom to refresh the view. The Type column indicates whether this farm is configured as a Single Server or Farm (multi-server) installation. Choose the type of backup by selecting Full or Differential. If differential backup is chosen and a successful full backup has never run, you are prompted to perform a full backup first. 5 By default, backups are stored on the default device. To store a backup to a different device, select one in the Available Devices area. 6 Click Backup at the bottom of the page to initiate the process. To view the status of the active backup operation, select Settings > System Monitoring > Jobs. See "Monitoring running backup jobs" on page 147 for details. To see the status of completed backup jobs, see "Viewing backups" on page 148. To create a SharePoint backup schedule 1 Select a SharePoint application in the Navigation pane, and click Backup. 2 Select the Schedule Backup tab. 3 Enter a unique Schedule Name. 4 If desired, enter a Schedule Description. 5 In the Instance to Protect area, check the Farm box. • If you do not see the Farm, click the reload arrows at the bottom to refresh the view. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 542 • 6 In the Schedule area, select a backup strategy from the list. • • 7 The Type column indicates whether this farm is configured as a Single Server or Farm (multi-server) installation. Choose Full with Differentials or Custom. Backups for the selected strategy display below. Do one of the following: For a non-custom strategy, define the frequency at which backups of each type will run using the fields below each backup. For a custom strategy, click the Calendar icon to define the frequency at which backups of each type will run. Do the following for each backup instance: • • 8 Drag a backup icon onto the calendar. Drag onto today’s date or later. In the Add Backup window, define the backup type, start date, start time, recurrence, and description (optional), then click Confirm. If desired, modify the minimum and maximum retention settings. Modifying retention settings here also updates values displayed on the Backup Retention page. Once you modify this setting in the schedule, you cannot change it again from the schedule itself. Instead, make changes from the Backup Retention page as described in "About retention control" on page 121. 9 Click Advanced Settings, and specify any optional settings as desired. • • Select the backup device to which backups will be written. • Check the Email Failure Report option to receive an email notification upon failure of any backup job on the schedule. You also have the option to receive a PDF attachment of the report in the email. • Click Confirm to save Advanced Settings. Check the Email Schedule Report option to receive an email notification upon completion of the scheduled backup jobs. You also have the option to receive a PDF attachment of the report in the email. Note: Reports are delivered to the email recipients specified in the report field in Settings > Clients, Networking, and Notifications > Email Recipients. To change the time of day the report is sent, modify the ReportHourMin parameter setting by selecting Settings > System, Updates, and Licensing > General Configuration > Alertman. 10 Click Save to create the schedule. To view or modify a SharePoint backup schedule 1 Select a SharePoint application in the Navigation pane, and click Backup. 2 Select the Schedule Backup tab. 3 In the Schedule Name field, select the desired schedule from the list. 4 Modify settings as desired, and click Save. Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 543 For a description of each setting, see "To create a SharePoint backup schedule" on page 541. To delete a SharePoint backup schedule Note: You can also delete SharePoint schedules from the Enterprise Backup subsystem. See "To delete an Enterprise backup schedule" on page 197 for details. Use this method if the SharePoint icon is not available in the Navigation pane. 1 Select a SharePoint agent under the SharePoint client in the Navigation pane, and click Backup. 2 Select the Schedule Backup tab. 3 In the Schedule Name field, select the desired schedule from the list. 4 Click Delete Schedule. To enable or disable a SharePoint backup schedule Note: You can also enable and disable SharePoint schedules from the Enterprise Backup subsystem. See "To enable or disable an Enterprise backup schedule" on page 197 for details. 1 Select a SharePoint application in the Navigation pane, and click Backup. 2 Select the Schedule Backup tab. 3 In the Schedule Name field, select the desired schedule from the list. 4 Do one of the following: • • 5 To enable the schedule, check the Schedule Enabled box. To disable the schedule, uncheck the Schedule Enabled box. Click Save. Viewing SharePoint backups To check the status of SharePoint backups, you can view running jobs as described in "Monitoring running backup jobs" on page 147, or view completed jobs as described in "Viewing backups" on page 148. Restoring SharePoint backups The SharePoint agent supports restore of full and differential backups. With SharePoint backups, the agent leverages STSADM or PowerShell (SharePoint 2013 and higher) to perform restore operations. Restores occur in two phases. In the first phase, backups are unfolded to a local backup system share (/backups/rae//). In the second phase, the agent invokes STSADM or PowerShell commands to restore back to the SharePoint clients. See these topics for details: • • • "SharePoint restore considerations" on page 544 "SharePoint restore procedures" on page 544 "Restoring items with Kroll" on page 547 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 544 • "Restoring a backup when the SharePoint icon does not display" on page 548 SharePoint restore considerations Consider the following when restoring SharePoint environments: • Free space equivalent to twice the size of the backup is required on the local share for restore processing. If adequate space is not available, the restore fails. • • Restores are performed to the original farm only. • Granular recovery of farm items is supported on both single-server and multi-server farms through the use of a Windows or another third-party tool. Granular recovery can be performed from full backups only. • For a restore to succeed, all nodes in the farm must be online and available. • • Only one restore or backup operation per farm can run at any given time. • For a given farm, any restores initiated while a backup is in progress will fail. Once the backup completes, restores can be run for the farm. • For granular, item-level restores, the backup is unfolded to a local system share. From here you can restore items using a Windows or third-party tool. When you are finished restoring, you must tear down the share. Subsequent backup or restore operations for the given farm will fail until the restore share has been torn down. Full catastrophic farm recovery can only be performed for deployments where the installation type is single server. To check your installation type, see "To determine the SharePoint installation type" on page 538. For a given farm, any backups initiated while a restore is in progress will fail. Once the restore completes, backups can be run for the farm. SharePoint restore procedures Use these procedures to restore from a SharePoint backup. Before you start, be sure to review the "SharePoint restore considerations" on page 544. • • • "To restore SharePoint items from backup" on page 544 "To restore the entire farm from backup" on page 545 "SharePoint share is unavailable" on page 546 To restore SharePoint items from backup 1 Select the desired SharePoint application in the Navigation pane, and click Restore. 2 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 3 Select a restore time, and click Next (Select Files/Items). Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. 4 On the Restore from Backup of Client page, if you see a file share is available, check the shares in the grid below to see if one exists for this farm instance. Check for -Farm in the Name column. Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 545 • • If no share exists for this instance, proceed to the next step in this procedure. If a share exists for this farm, it is either in use by another backup or restore process, or it has not been torn down after a prior item restore. You cannot perform the item restore until the share becomes available. If you are certain that no active job is using the share, tear it down by selecting it in the grid and clicking Tear Down. Be sure to disconnect any network drive mappings to this share before tearing down. For details on checking for active jobs, see "SharePoint share is unavailable" on page 546. 5 Click Create. The system creates a share for this farm instance and starts the restore. A row for this restore displays in the grid. 6 Click Refresh to display the full path of the share, \\\-Farm. Note or copy the Network Path supplied as you will need it to access items to restore. 7 On the workstation you will use to restore items, map a network drive to \\\-: • • 8 Launch Explorer; right-click Computer and select Map Network Drive. In the Folder field, enter the share displayed in the Network Path field, then click Finish. Restore the desired items using Windows or another third-party tool. For details on using Kroll, see "Restoring items with Kroll" on page 547. Note: 9 Creating the recovery object can take some time. If you do not see any available items, check back later. Disconnect the network share once items have been restored by right-clicking the share and selecting Disconnect. 10 On the source backup system, tear down the restore image using one of the following procedures: • If the restore from Backup screen is still open in the backup system, select the image in the Images available for recovery area, and click Tear Down. Click Yes to confirm that you would like to proceed. The share is removed. • If you have closed the Restore from the Backup screen, follow the instructions described in "About the SharePoint restore session" on page 547 to view the restore image. IMPORTANT! Tear down the share as soon as possible. Subsequent backups and restores cannot run for this farm until the share has been manually torn down. To restore the entire farm from backup WARNING! This procedure is for catastrophic farm recovery only. Restoring the entire farm removes the existing farm. Once a catastrophic farm restore is done, you must reconfigure all farm accounts and settings. Before performing catastrophic farm recovery, attempt to restore items using "To restore SharePoint items from backup" on page 544. This procedure is supported for single servers deployed with the single server installation type only. To check your installation type, see "To determine the SharePoint installation type" on page 538. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 546 1 Select the desired SharePoint application in the Navigation pane, and click Restore. 2 Select a Recovery Point Day from which the farm will be restored by clicking on the calendar. Available days display in bold. 3 Select a restore time and click Next (Select Options). Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. 4 In the Restore from Backup of Client pane, select Restore to Original SharePoint Server and click Restore. 5 To confirm you understand that the existing farm will be deleted and a new one created, check I understand... and click Confirm. The Restore Status page indicates whether the restore has been queued successfully. Click Okay to close. 6 To monitor the restore job, select Settings > System Monitoring > Jobs. • The restore job displays in the grid. In a successful restore, status will change from Queued to Active to Successful. • If you see a status of Cancelled and a job comment of Share is unavailable, the restore could not run because a share has already been created for this farm and is in use by another backup or restore job. See "SharePoint share is unavailable" on page 546 to determine what process is using the share and how to proceed. SharePoint share is unavailable If a SharePoint backup or restore operation fails with the Share is unavailable job comment, use this procedure to identify the process currently using the share and determine how to proceed. Only one restore or backup job per farm can run at any given time. 1 Select the desired SharePoint application in the Navigation pane. 2 Select Settings > System Monitoring > Restore Disk images. 3 Select Application Restore Images. A list of restore images displays. 4 Click Refresh to ensure that the list is current. 5 If you see backup in the Message column, a backup or full catastrophic restore is currently running for this farm. Once it completes, you can tear down the share and then perform the next backup or restore operation. 6 • Check running jobs on the Status > Present blind to see whether this is a backup or a full restore. See "Monitoring running backup jobs" on page 147 for details. • • If a backup is running, either wait for the backup to complete or terminate the backup. If a restore is running, you must wait for it to complete. Terminating a restore in process can leave the farm in an inconsistent state. If you see restore in the Message column, the share has not yet been torn down for a prior itemlevel restore. Disconnect any network drive mappings to the share, then tear it down by selecting it in the grid and clicking Tear Down. Once the share is torn down, the next backup or restore operation can be run. Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 547 About the SharePoint restore session After files have been restored, the session remains until you tear it down. Because system resources are used to maintain the session, it is important to tear it down to ensure optimal performance. To view or tear down SharePoint restore images 1 Select the desired SharePoint application in the Navigation pane. 2 Select Settings > System Monitoring >Restore Disk images. 3 Select Application Restore Images. A list of restore images displays. 4 Click Refresh to ensure that the list is current. 5 If desired, tear down a restore image. • Make sure you have disconnected any network drive mappings to this share before tearing it down. • • Select an image in the Images available for recovery area, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is then removed from the share. Restoring items with Kroll Using Kroll Ontrack PowerControls for SharePoint, you can restore individual items or a group of items from a Unitrends SharePoint full backup. (It is not possible to perform item-level restores from SharePoint differential backups. Restore from either a SharePoint full or a SQL backup instead.) Items can be restored to the same SharePoint instance, a different SharePoint instance, or a network location. Ontrack PowerControls for SharePoint and the PowerControls ExtractWizard must be installed on a workstation in your network, and a valid Kroll license must be applied. Talk to your Unitrends sales representative for information about obtaining a Kroll license. The following procedure walks you through a typical item-level restore. For a complete overview of Kroll Ontrack PowerControls for SharePoint, including procedures and limitations, see Kroll’s SharePoint user guide available at http://www.krollontrack.com/support/user-guide-and-manuals/. To restore items using Kroll Note: Creating the recovery obejct can take some time. If you do not see any available items, check back later. 1 Follow step 1 on page 544 - step 6 on page 545 in "To restore SharePoint items from backup". 2 From your Kroll workstation, run the Ontrack PowerControls ExtractWizard. On the Welcome screen, click Next. 3 Choose the Direct Method of extraction, and click Next. 4 Select Extract from Disk, and click Browse. Browse to the network path supplied by the Unitrends system. 5 Locate the file spbackup.xml. The location of this file may vary depending on your version of SharePoint. Select spbackup.xml, and click Open, then click Next. 6 Select Catalog SharePoint backup datasets only, and click Next. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 548 7 On this screen you can browse your content databases. Select the ones from which you want to restore data, and click Next. 8 From the Destination Folder, browse to or type a path to a convenient temporary working directory, such as a folder on your desktop. Click Next. 9 After the databases have been extracted, click Finish. 10 Open Ontrack PowerControls for SharePoint. 11 On the Welcome screen, click Next. 12 On the Source Path Selection screen, click Add. Browse to the folder you created in step 8 above. Locate the .mdf and .ldf files of the databases you want to restore from. Select them both, and click Open, then Next. 13 On the Target Server Selection screen, supply the URL and administrative credentials for the SharePoint site you want to restore to, and click Next. 14 The Source pane at the top of the screen represents your Unitrends backup. The Target pane at the bottom of the screen represents your live SharePoint environment. Do one of the following: • To restore items back to the SharePoint site, browse to items you want to restore in the Source pane. In the Target pane, drag and drop them into the node you want to restore them to. • To restore items to a local folder or network location, right click and select Export. Uncheck the Maintain message path box, browse to where you want to save the files and click Finish. 15 After restoring all desired items, continue with step 9 on page 545 in "To restore SharePoint items from backup". Restoring a backup when the SharePoint icon does not display If you add a client with SharePoint installed, run backups on the SharePoint farm; later, uninstall the SharePoint instance from the client. The SharePoint icon may not display in the Navigation pane of the Unitrends interface. Even so, the backups taken of the SharePoint farm are still on the Unitrends system and remain available for restore; but without the option to first select the SharePoint icon when performing a restore, another method of selecting a backup for restore must be used. To restore an application backup when its icon does not display 1 In the Navigation pane, select the client that once held the application. 2 Select Status from the top menu. 3 From the Calendarized Backup Information pane in the middle of the screen, navigate through backups by clicking the left and right arrows to browse a month’s worth of backups at a time. Hover your mouse over a date on the calendar to receive information on what types of backups were completed on that date. Click on a date you want to restore a backup from. 4 Any backups completed on the selected date are highlighted below. Click on a backup you want to restore, then click Restore. 5 Follow standard procedures for restoring the type of backup selected. Legacy Recovery-Series and UEB Administrator's Guide Chapter 24: Microsoft SharePoint Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 549 Chapter 25: Oracle Protection This chapter describes procedures used to protect Oracle Database 11g and 12c on Windows, Linux, and Solaris platforms, and Oracle 10g on Windows platforms. Unitrends leverages native Oracle data protection utilities to provide all-in-one backup, archiving, replication, and recovery of Oracle data. See the following topics for details: • • "About Oracle protection" on page 549 • • • • • • "Steps for implementing Oracle protection" on page 556 "Requirements for Oracle protection" on page 549 "Upgrading to newer Oracle versions" on page 558 "Executing Oracle backups" on page 558 "Viewing Oracle backups" on page 562 "Oracle restore from the backup system" on page 562 "Oracle for Windows restore from the replication target" on page 565 About Oracle protection The Unitrends agent for Oracle extends the Unitrends solution for the protection of Oracle on Windows, Linux, and Solaris databases and database objects. Unitrends Oracle agent is a component of the Windows, Linux, and Solaris core agents. It is fully integrated into the backup system, from which all configuration and management tasks are performed. The backup system automatically detects when the protection software has been installed on a Windows, Linux, or Solaris server running Oracle Database, and displays an Oracle icon under the server in the Navigation pane. The agent leverages Oracle’s Recovery Manager (RMAN) utility to perform backup and recovery operations to ensure a consistent database snapshot is captured, performing standard Oracle Database backup operations, such as saving redo logs and quiescing buffers. The agent invokes commands on the Oracle client and supplies RMAN a Samba share target (/backups/rae//) so that jobs save directly to the backup system storage. Note: A file-level backup of the Oracle client does capture the Oracle Database data, but the database structure is likely to be inconsistent since only data that has been flushed to disk is included. Complete an Oracle application backup to ensure database consistency. Requirements for Oracle protection Unitrends offers protection for Oracle Database 12c and 11g on Windows, Linux, and Solaris platforms, and Oracle Database 10g on Windows platforms. Requirements vary by platform and 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 550 Oracle Database version. See the following for details: • • • • • "Unitrends version requirements for Oracle protection" on page 550 "Oracle client and instance requirements" on page 550 "Oracle credential considerations" on page 552 "Oracle on Linux Automatic Storage Management requirements" on page 555 "Oracle backup requirements" on page 555 Unitrends version requirements for Oracle protection Both the Unitrends system and the agent installed on the Oracle client must be running the version indicated below: Unitrends System and Agent Versions Platform and Database Versions 7.0 or higher 7.2 or higher 7.4 or higher Oracle 12c on Windows X Oracle 12c on Linux X Oracle 12c on Solaris X Oracle 11g on Windows X Oracle 11g on Linux X Oracle 11g on Solaris X Oracle 10g on Windows X Oracle client and instance requirements To be protected by the Unitrends system, the following client and instance requirements must be met: Oracle Description Requirement Supported Platforms See the Unitrends Compatibility and Interoperability Matrix for a list of supported Windows, Linux, and Solaris platforms. Client Registration The Oracle server must be registered to the Unitrends System as described in "About adding clients" on page 69. Credentials To perform backups and restores, system (Windows, Linux, or Solaris) user credentials are required, and the system user must be a member of the ora_dba group. For details, see "Oracle credential considerations" on page 552. Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 551 Oracle Description Requirement Supported Instances Oracle on Windows • • Must be version 12c, 11g, or 10g. Must be online and in open status. Statuses such as MOUNTED, NOT MOUNTED, and SHUTDOWN are not supported. Oracle on Linux • • • Must be running and configured in ARCHIVELOG mode. • Oracle Database instances must be deployed using the File System storage type. Other configurations are not supported. • Oracle Database must be configured as single instances. Clustered configurations, such as Oracle single-server Real Application Clusters (RAC) and Oracle multi-server RACs, are not supported. • • Must be version 12c or 11g. • Must be online and in open status. Each Oracle SID on a client must be unique. A given Oracle database can be protected by one Unitrends system only and cannot be included in an Oracle Enterprise Manager schedule. A Samba client for Linux must be installed. See "Needed dependencies for Oracle" on page 712. Modes such as MOUNTED, NOT MOUNTED, and SHUTDOWN are not supported. • • • Must be running and configured in ARCHIVELOG mode. • Oracle Database instances must be deployed using the File System storage type. Other configurations are not supported. • Oracle Database must be configured as single instances. Clustered configurations, such as Oracle single-server Real Application Clusters (RAC) and Oracle multi-server RACs, are not supported. • For Automatic Storage Management (ASM) environments, additional requirements must be met. See "Oracle on Linux Automatic Storage Management requirements" on page 555 for details. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Each Oracle SID on a client must be unique. A given Oracle database can be protected by one Unitrends system only and cannot be included in an Oracle Enterprise Manager schedule. Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 552 Oracle Description Requirement Oracle on Solaris • • • Must be version 12c or 11g. • Must be online and in open status. A Samba client for Solaris must be enabled. See KB 1303 for details. Ensure the Solaris client has sufficient memory available. See KB 3169 for details. Modes such as MOUNTED, NOT MOUNTED, and SHUTDOWN are not supported. • • Must be running and configured in ARCHIVELOG mode. • • Each Oracle SID on a client must be unique. • Oracle Database instances must be deployed using the File System storage type. Other configurations are not supported. • Oracle Database must be configured as single instances. Clustered configurations, such as Oracle single-server Real Application Clusters (RAC) and Oracle multi-server RACs, are not supported. Full pathname to each Solaris object cannot exceed 1024 characters. For details, see KB 3348. A given Oracle database can be protected by one Unitrends system only and cannot be included in an Oracle Enterprise Manager schedule. Oracle credential considerations Credentials are required to perform Oracle backup and restore operations. In general, credentials can be set at the database level or client level in the Unitrends system: • Client-level credentials are set on the Add Client page. These credentials are optional for Windows clients, but are not used for Linux and Solaris. (See "Client trust credentials" on page 91 for details.) For Oracle on Windows, you can opt to set credentials at the client level. If you do not specify a user, the default user on Windows is NT AUTHORITY\SYSTEM. The clientlevel credentials user must be a member of the ora_dba group if these credentials are to be used for Oracle protection. Note: If the default Windows user, NT AUTHORITY\SYSTEM, is a member of the ora_dba group, credentials are not needed. • Database-level credentials are required to access certain application instances, including Oracle Database. For Oracle on Linux and Oracle on Solaris, you must set database-level credentials. • To ensure sufficient privileges, the Oracle credential user must be a member of the ora_dba group. • For Oracle on Windows, if both database-level and client-level credentials have been set, the system uses database-level credentials for Oracle backups and restores. If database-level Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 553 credentials are incorrect, the backup will fail without attempting to use any client-level credential. • If no credentials are available, or if credentials are incorrect, the backup fails with a TNS permission denied error. Use these procedures to create Oracle credentials: • • • • • • "Guidelines for creating Oracle credentials" on page 553 "To create a new credential for an Oracle database" on page 554 "To view credentials assigned to an Oracle database" on page 554 "To apply an existing credential to an Oracle database" on page 554 "To view or modify an Oracle database credential" on page 555 "To remove a database credential" on page 555 Guidelines for creating Oracle credentials Follow these guidelines when creating Oracle credentials: Oracle platform Guidelines and requirements Oracle on Linux Add database-level credentials for each database you will be protecting, as described in "To create a new credential for an Oracle database" on page 554. The credential user must be a member of the ora_dba group. Oracle on Solaris Add database-level credentials for each database you will be protecting, as described in "To create a new credential for an Oracle database" on page 554. The credential user must be a member of the ora_dba group. Oracle on Windows Choose one of the following strategies: • If the Windows NT AUTHORITY\SYSTEM user is a member of the ora_dba group, you do not need to add Oracle credentials. Oracle backups and restores are performed using the NT AUTHORITY\SYSTEM account. • If you will be using the push feature to install and update the Windows agent, you must set administrative credentials at the client level (on the Add Client page) to enable push installations. If this Windows credential user is a member of the ora_ dba group, the system can use this client-level credential for Oracle protection as well. If not, you must also add database-level credentials for each Oracle database you wish to protect. • If you are not using the Windows agent push feature, add database-level credentials for each Oracle database you wish to protect. The credential user must be a member of the ora_dba group. For details on adding database-level credentials, see "To create a new credential for an Oracle database" on page 554. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 554 To create a new credential for an Oracle database 1 Select the Oracle instance in the Navigation pane and click Backup. 2 On the 1-Time Backup or Schedule Backup tab, databases display in the Select Items list. To refresh the list, click the Reload icon in the bottom right. 3 Click the Credential icon to the right of the desired database. 4 In the Set Credentials for the listed Items window, click New Credential and enter the following: Field Description Credential Name (Optional) Name associated with the credential. Administrative User must be a member of the ora_dba- group for Windows clients. For Username Linux and Solaris clients, the user must be a member of the group that owns the Oracle Database instance. 5 Password Password associated with the username you supplied. Confirm Password Enter the password again to confirm. Domain (Optional) Name of the Windows domain associated with this credential. Set as Default (Optional) Check this box to set the credential as default for the system. Click Create and Set Credential. The credential is created and applied to the selected database. To view credentials assigned to an Oracle database 1 Select the Oracle instance in the Navigation pane and click Backup. 2 On the 1-Time Backup or Schedule Backup tab, databases display in the Select Items list. To refresh the list, click the Reload icon in the bottom right. 3 The Credential icon to the right of the each database indicates whether a credential has been set. • • If you see a red X on the credential icon, no credential has been set for the database. If you do not see a red X, a credential has been set for the database. To apply an existing credential to an Oracle database 1 Select the Oracle instance in the Navigation pane and click Backup. 2 On the 1-Time Backup or Schedule Backup tab, databases display in the Select Items list. To refresh the list, click the Reload icon in the bottom right. 3 Click the Credential icon to the right of the desired database. Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 555 4 In the Set Credentials for the listed Items window, select a credential from the drop-down list. 5 Click Set Credential. The credential is applied to the selected database. To view or modify an Oracle database credential 1 Select the Oracle instance in the Navigation pane and click Backup. 2 On the 1-Time Backup or Schedule Backup tab, databases display in the Select Items list. To refresh the list, click the Reload icon in the bottom right. 3 Click the Credential icon to the right of the desired database. 4 Click Edit Credential and modify settings as desired. For details, see "To create a new credential for an Oracle database" on page 554. 5 Click Save and Set Credential. To remove a database credential 1 Select the Oracle instance in the Navigation pane and click Backup. 2 On the 1-Time Backup or Schedule Backup tab, databases display in the Select Items list. To refresh the list, click the Reload icon in the bottom right. 3 Click the Credential icon to the right of the desired database. 4 Click Remove Credential. The credential is no longer associated with this database. To delete the credential from the system, see "To delete a credential" on page 99. Oracle on Linux Automatic Storage Management requirements The following additional requirements must be met to protect Oracle on Linuux ASM environments: • • • The Unitrends appliance must be running release 8.1 or higher. The Linux server must be running agent version 8.1 or higher. The Linux server must have the Linux Oracle dependency installed. For details on installing the agent and dependency, see "Installing the Linux agent" on page 708 and "Needed dependencies for Oracle" on page 712. For a complete list of supported Linux versions, see the Unitrends Compatability and Interoperability Matrix. Once these requirements have been met, run backups and restores using the procedures in "Executing Oracle backups" on page 558 and "Oracle restore from the backup system" on page 562. Oracle backup requirements Consider the following when protecting Oracle data: • For Oracle on Windows and Oracle on Solaris, Unitrends supports full backups and level 1 incremental backups. The incremental forever backup strategy is not supported. • For Oracle on Linux, Unitrends supports full backups, level 1 incremental backups, and the incremental forever backup strategy. Additional setup is required to use the incremental forever backup strategy. For details, see KB 3358. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 556 • Free space equivalent to twice the size of the backup is required on the remote share for backup processing. If adequate space is not available, the backup will fail. • A given Oracle database can be protected by one Unitrends system only, and it cannot be included in an Oracle Enterprise Manager schedule. • • Only one backup or restore operation per Oracle instance can run at any given time. • For a given database, any restores initiated while a backup is in progress will fail. Once the backup completes, restores can be run for the given database. • • • For a given database, any backups initiated while a backup is in progress will fail. • For Oracle on Solaris, the full pathname to each Solaris object cannot exceed 1024 characters. For details, see KB 3348. • For Oracle on Linux Automatic Storage Management (ASM) environments, there are additional requirements. See "Oracle on Linux Automatic Storage Management requirements" on page 555 for details. For a given database, any backups initiated while a restore is in progress will fail. Once the restore completes, backups can be run for the given database. Windows Instant Recovery is not supported for Oracle on Windows environments. Running the Oracle database in ARCHIVELOG mode enables archiving (backup) of the Oracle redo log which guarantees you can recover all committed transactions and also enables Unitrends to back up the database while it is open and in normal system use. Archived redo log files are deleted from Oracle each time a Unitrends full backup completes successfully. This keeps the logs from overrunning tablespace. Steps for implementing Oracle protection A high-level overview of the steps required to set up Oracle protection is given here. Proceed to the sections referenced in each step for detailed instructions. To implement Oracle protection Step 1: Ensure that all requirements have been met as described in "Requirements for Oracle protection" on page 549. Step 2: Install the required Unitrends Windows, Linux, or Solaris agent. For requirements, see "Unitrends version requirements for Oracle protection" on page 550. Notes: • For Oracle on Windows clients. If you will be using the agent push feature, skip this step. The Windows agent will be installed automatically when you add the Oracle client to the backup system. For agent push requirements, see "Push installing the Windows agents" on page 426. • For Oracle on Linux clients. The Linux agent requires the installation of a Samba client dependency. When installing the latest Linux agent, you will be prompted to install a Samba client if you wish to protect Oracle data. For more information, see "Needed dependencies for Oracle" on page 712 and "To install the Linux agent for CentOS, Oracle Linux, and Red Hat clients" on page 709. Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 557 Step 3: Add the Oracle client to the Unitrends backup system as described in "About adding clients" on page 69. Upon adding the client, it displays in the Navigation pane as described in "Display of Oracle application in the backup system" on page 557. IMPORTANT! Regarding the Establish Trust setting on the Add Client page, note the following: • To use the agent push feature for an Oracle on Windows client, check the Establish Trust box and enter Windows administrative trust credentials. If you have a Windows administrative account that is also a member of the ora_dba group, use this account so you will not need to enter Oracle instance-level credentials later. • For Oracle on Windows clients that will not be using the agent push feature, uncheck the Establish Trust box. Client-level credentials are not used. • For all Oracle on Linux and Oracle on Solaris clients, uncheck the Establish Trust box. Client-level credentials are not used. Step 4: Add instance-level credentials to each instance you wish to protect as described in "To create a new credential for an Oracle database" on page 554. Note: For Oracle on Windows clients. If the NT AUTHORITY\SYSTEM user is a member of the ora_dba group, or if you are using the agent push feature and have entered a Windows administrative credentials on the Add Client page and this user is a member of the ora_dba group, skip this step. In these cases, the system can use the NT AUTHORITY\SYSTEM or Windows administrative credentials for Oracle backups and restores. Step 5: Run backups as described in "Executing Oracle backups" on page 558. Before running backups, be sure requirements described in "Oracle backup requirements" on page 555 have been met. Step 6: Set up bare metal protection to prepare for disaster recovery, if ever needed. See one of the following for details: • • • • For Oracle on Windows, see "Windows Bare Metal Protection" on page 753. For Oracle on Linux, see "Bare Metal for Linux" on page 787. For Oracle on x86-based Solaris systems, see "Bare Metal for x86 Platforms" on page 795. For Oracle on Solaris SPARC systems, see "Bare metal for Solaris SPARC" on page 821. Display of Oracle application in the backup system Once you register the Oracle server to the backup system, the Oracle application displays in the Navigation pane beneath the host client. The client view can be expanded or collapsed to display or hide data accordingly. Multiple instances of the same Oracle database version display as a single application in the Navigation pane. If you have multiple instances on a given Oracle client (for example, both Oracle 11g and 12c), application icons for each display. If you do not see the Oracle icon, click the reload arrows at the bottom to refresh the view. For details on registering the Oracle server, see "About adding clients" on page 69. If you have added Oracle Database to a server after the server has been registered to the backup system, the agent software must rescan to detect and display the newly added Oracle application. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 558 To rescan, highlight the Oracle server in the Navigation pane and select Settings > Clients, Networking, and Notifications > Clients. On the Clients page, click Save. Upgrading to newer Oracle versions If you have upgraded an existing protected Oracle Database instance to a newer Oracle Database version, follow the procedures below to begin protecting your new instance: 1 Ensure all requirements are met for your new version of Oracle Database. See "Requirements for Oracle protection" on page 549. 2 Re-save the Oracle client to force the system to discover the new instance: • With the client selected in the Navigation pane, click Settings > Clients, Networking, and Notifications > Clients. • On the Client page, click the Save. • Both the previous version and the new version now display as applications under the Oracle client in the Navigation pane. For example, when you upgrade from 11g to 12c, both the 11g and 12c applications display under the Oracle client in the Navigation pane. 3 Schedule and begin running backups of your Oracle new databases. See "Executing Oracle backups" on page 558. 4 (Optional) If you no longer need to backup the older databases, disable or delete backup schedules for the older instance. See "To enable or disable an Oracle backup schedule" on page 562 or "To delete an Oracle backup schedule" on page 561. This is necessary because Oracle creates a new database instance when you upgrade, and does not remove or overwrite any older instances. Note: 5 The system will not purge the last successful backup group for the older databases (see "Backup groups" on page 145). If you no longer need any backups of the older databases, proceed to step 5 below to delete them manually. (Optional) Once you have gained the desired retention on your new instance, you can manually delete backups of the older instance. For details, see "To delete backups from a device" on page 156. CAUTION! Select the older instance in the Navigation pane to ensure that only backups of that instance display in the backup browser before you delete. Executing Oracle backups Oracle backups can either be executed immediately or scheduled at a desired frequency. Scheduled backups are more typical; you create a calendar-based schedule which specifies when Oracle backups will occur. Scheduled backups form the foundation of continuous data protection. Immediate backups occur only one time and are executed as soon as possible. This feature is useful for creating a one-time backup, but it is not recommended as the basis for continuous Oracle protection. Use the following procedures to execute and schedule Oracle backups: • "To execute an immediate Oracle backup" on page 559 Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 559 • • • • "To create an Oracle backup schedule" on page 559 "To view or modify an Oracle backup schedule" on page 561 "To delete an Oracle backup schedule" on page 561 "To enable or disable an Oracle backup schedule" on page 562 To execute an immediate Oracle backup 1 Select an Oracle instance under the Oracle client in the Navigation pane and click Backup. 2 Select the 1-Time Backup tab. • • This retrieves a list of databases available for backup. • If a database is not online or is not in ARCHIVELOG mode, it cannot be selected for protection. • Click the reload arrows at the bottom to refresh the list of discovered databases. If there is nothing in the Databases to Protect list, verify that the Oracle instance is online and in open status. Note: 3 In the Databases to Protect area, check boxes to select the databases to backup. Note: 4 If a Samba client is not installed, when the Oracle client is selected in the Navigation pane and the list of databases is refreshed, no databases will show as available for backup. You are notified that the Oracle Plugin package from the latest agent release must be installed to protect Oracle data. A separate backup is created for each database selected, even if they are within the same instance. Choose the type of backup by selecting Full or Incremental. If incremental backup is chosen and a successful full backup has never run, the system runs a full backup instead. Also, any failed backup will cause the next backup to be promoted to a full backup. 5 By default, backups are stored on the default device. To backup to a different device, select one in the Available Devices area. 6 Click Backup at the bottom of the screen to initiate the backup process. To view the status of the active backup operations, select Settings > System Monitoring > Jobs. See "Monitoring running backup jobs" on page 147 for details. To see the status of completed backup jobs, see "Viewing backups" on page 148. To create an Oracle backup schedule 1 Select an Oracle instance under the Oracle client in the Navigation pane, and click Backup. 2 Select the Schedule Backup tab. • • This retrieves a list of databases available for backup. • Click the reload arrows at the bottom to refresh the list of discovered databases. If there is nothing in the Databases to Protect list, verify that the Oracle instance is online and in open status. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 560 • If an instance is not online or not in ARCHIVELOG mode, it is unavailable for protection. Note: If a Samba client is not installed, when the Oracle client is selected in the Navigation pane and the list of databases is refreshed, no databases will show as available for backup. You are notified that the Oracle Plugin package from the latest agent release must be installed to protect Oracle data. 3 Enter a unique Schedule Name. 4 If desired, enter a Schedule Description. 5 In the Databases to Protect area, check boxes to select the databases to protect in the schedule. 6 7 • • Instances or databases that are offline cannot be selected in the list. • A separate backup is created for each database selected. Backups in the schedule execute sequentially. A database may exist in only one schedule at a time. Attempting to add a single database to multiple schedules will result in failure to save the subsequent schedules. If you would like to add new databases to this schedule automatically, check the Auto-include new Databases box. • This option can be enabled in only one schedule for each Oracle server that the system is protecting. • If selected, a process is enabled that detects modifications to the list of available databases on the Oracle instance. Newly detected databases are added to the schedule automatically. In the Schedule area, select a backup strategy from the list. • • Choose Full with Incrementals or Custom. Backups for the selected strategy display below. Note: 8 For Oracle on Linux - If you are running an incremental forever schedule, you must also exclude Oracle Database directories from journal tracking. See KB 3358 for details. Do one of the following: For a non-custom strategy, define the frequency at which backups of each type will run using the fields below each backup. For a custom strategy, click the Calendar icon to define the frequency at which backups of each type will run. Do the following for each backup: • • 9 Drag a backup icon onto the calendar. Drag onto today’s date or later. In the Add Backup window, define the backup type, start date, start time, recurrence, and description (optional), then click Confirm. If desired, modify the minimum and maximum retention settings. Retention settings in the schedule override client-level settings applied on the Backup Retention page. To use client-level settings instead, uncheck Enable Retention Settings Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 561 here. For details on setting client-level retention, see "About retention control" on page 121. Modifying retention settings here also updates values displayed on the Backup Retention page. Once you modify this setting in the schedule, you cannot change it again from the schedule itself. Instead, make changes from the Backup Retention page as described in "About retention control" on page 121. 10 Click Advanced Settings and specify optional settings as desired. • • Select the backup device to which backups will be written. • Check the Email Failure Report option to receive email notification upon failure of any backup job on the schedule. You also have the option to receive a PDF attachment of the report in the email. • Click Confirm to save Advanced Settings. Check the Email Schedule Report option to receive email notification upon completion of the scheduled backup jobs. You also have the option to receive a PDF attachment of the report in the email. Note: Reports are delivered to email recipients specified in the report field in Settings > Clients, Networking, and Notifications > Email Recipients. To change the time of day the report is sent, modify the ReportHourMin parameter setting by selecting Settings > System, Updates, and Licensing > General Configuration > Alertman. 11 Click Save to create the schedule. To view or modify an Oracle backup schedule 1 Select an Oracle instance under the Oracle client in the Navigation pane, and click Backup. 2 Select the Schedule Backup tab. 3 In the Schedule Name field, select the desired schedule from the list. 4 Modify settings as desired and click Save. For a description of each setting, see "To create an Oracle backup schedule" on page 559. When editing a schedule, only the items being protected are marked in the Databases to protect area. The objects displayed are dependent upon the Oracle instances that are installed and running. If an instance is not online, it is unavailable for protection. To delete an Oracle backup schedule 1 Select an Oracle instance under the Oracle client in the Navigation pane, and click Backup. 2 Select the Schedule Backup tab. 3 In the Schedule Name field, select the desired schedule from the list. 4 Click Delete Schedule. Note: You can also delete Oracle schedules from the Enterprise Backup subsystem. See "To delete an Enterprise backup schedule" on page 197 for details. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 562 To enable or disable an Oracle backup schedule 1 Select an Oracle instance under the Oracle client in the Navigation pane, and click Backup. 2 Select the Schedule Backup tab. 3 In the Schedule Name field, select the desired schedule from the list. 4 Do one of the following: • • 5 To enable the schedule, check the Schedule Enabled box. To disable the schedule, uncheck the Schedule Enabled box. Click Save. Note: You can also enable and disable Oracle schedules from the Enterprise Backup subsystem. See "To enable or disable an Enterprise backup schedule" on page 197 for details. Viewing Oracle backups To check the status of Oracle backups, you can view running jobs as described in "Monitoring running backup jobs" on page 147, or view completed jobs as described in "Viewing backups" on page 148 Oracle restore from the backup system The Oracle agent supports restore of full and incremental backups. As with Oracle backups, the agent leverages RMAN to perform restore operations. Oracle restores occur in two phases. First, the server extracts the backup to the server’s storage and exposes the data as a CIFS share (/backups/rae// ). In the second phase, the client accesses the exposed CIFS share, and the RMAN is invoked to restore back to the Oracle client. Oracle restore requirements and considerations Consider the following before restoring Oracle data from the backup system: • Free space equivalent to twice the size of the backup is required on the Unitrends appliance for restore processing. If adequate space is not available, the restore will fail. • Restores are performed to the original database only. If you are replicating and the original database is not available, you can restore from the target after performing a bare metal restore of the Oracle client. See "Oracle for Windows restore from the replication target" on page 565 for details. • • Only one restore or backup operation per database can run at any given time. • For a given database, any restores initiated while a backup is in progress will fail. Once the backup completes, restores can be run for the given database. • For item-level restores, the backup is unfolded to a Unitrends appliance. From here you can restore items using an Oracle or third-party tool. When you are finished restoring, you must tear For a given database, any backups initiated while a restore is in progress will fail. Once the restore completes, backups can be run for the given database. Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 563 down the share (See "About the Oracle restore session" on page 567). Subsequent backup or restore operations for the given instance will fail until the restore share has been torn down. • For Oracle on Windows, restore requires that the underlying filesystem has the same structure as when the database was initially backed up. For details, see KB 3354. Restoring Oracle backups Use these procedures to restore Oracle backups: • • • "To restore an Oracle backup" on page 563 "To restore items from an Oracle backup" on page 563 "Oracle share is unavailable" on page 564 To restore an Oracle backup Use this procedure to restore a database to the original location. Note that the existing database is deleted from the Oracle instance as part of the restore process. 1 Select an Oracle instance under the Oracle client in the Navigation pane and click Restore. 2 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 3 Select a restore time and click Next (Select Options). Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. The database instance to restore displays in the Type column. 4 In the Restore from Backup of Client pane, select Restore to Original Oracle Server, and click Restore. 5 To confirm you understand that the existing database will be deleted and a new one created on the target server, check the I understand... box, and click Confirm. The Restore Status page indicates whether the restore has been queued successfully. Click Okay to close. 6 To monitor the restore job, select Settings > System Monitoring > Jobs. • The restore job displays in the grid. In a successful restore, status changes from Queued to Active to Successful. • If you see a Cancelled status and a Share is unavailable job comment, the restore could not run because a share has already been created for this instance and is in use by another backup or restore job. See "Oracle share is unavailable" on page 564 to determine what process is using the share and how to proceed. To restore items from an Oracle backup Use this procedure to unfold the backup to a share on the source backup system. Once unfolded, use an Oracle or third-party tool to restore desired items. 1 Select the Oracle instance under the Oracle client in the Navigation pane, and click Restore. 2 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 564 3 Select a restore time and click Next (Select Files/Items). Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. The database instance to restore displays in the Database column. 4 On the Restore from Backup of Client page, if you see A file share is available, check the shares in the grid below to see if one exists for this database instance. Instance name displays at the end of the Network Path column. • • If no share exists for this instance, proceed to the next step in this procedure. If a share exists for this instance, it is either in use by another backup or restore process, or it has not been torn down after a prior item restore. You cannot perform the item restore until the share becomes available. If you are sure no active job is using the share, tear it down by selecting it in the grid and clicking Tear Down. Be sure to disconnect any network drive mappings to this share before tearing down. For details on checking for active jobs, see "Oracle share is unavailable" on page 564. 5 Click Create. The system creates a share for this database and starts the restore. A row for this restore displays in the grid. 6 Click Refresh to display the full path of the share, \\\. Note or copy the Network Path supplied as you will need it to access files to restore. 7 On the workstation you will use to restore files, map a network drive to \\\-. For example, on a Windows workstation: • • Launch Explorer, right-click Computer and select Map Network Drive. In the Folder field, enter the share displayed in the Network Path field in step 6 above, then click Finish. 8 Restore the desired items using an Oracle or third-party tool. 9 Disconnect the network share once files have been restored by right-clicking the share and selecting Disconnect. 10 On the source backup system, tear down the restore image using one of the following procedures: • If the Restore from Backup screen is still open in the backup system, select the image in the Images available for recoveryarea, and click Tear Down. Click Yes to confirm that you would like to proceed. The share is removed. • If you have closed the Restore from the Backup screen, follow the instructions described in "About the Oracle restore session" on page 567. IMPORTANT! Tear down the share as soon as possible. Subsequent backups and restores cannot run for this instance until the share has been manually torn down. Oracle share is unavailable If an Oracle backup or restore operation fails with the Share is unavailable message, use this procedure to identify the process using the share and determine how to proceed. Only one restore or backup job per instance can run at any given time. 1 Select the Oracle instance under the Oracle client in the Navigation pane. Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 565 2 Select Settings >System Monitoring > Restore Disk images. 3 Select Application Restore Images. A list of restore images displays. 4 Click Refresh to ensure that the list is current. 5 If you see In use for backup in the Message column, a backup or full database restore is currently running for this instance. Once it completes, you can tear down the share and then perform the next backup or restore operation. 6 • Check running jobs on the Status > Present blind to see whether this is a backup or full restore. See "Monitoring running backup jobs" on page 147 for details. • • If a backup is running, either wait for the backup to complete or terminate the backup. If a restore is running, you must wait for it to complete. Terminating a restore in process can leave the database in an inconsistent state. If you see restore in the Message column, the share has not yet been torn down from a prior item-level restore. Disconnect any network drive mappings to the share, then tear it down by selecting it in the grid, and clicking Tear Down. Once the share is torn down, you can run the next backup or restore operation. Oracle for Windows restore from the replication target Use this procedure if you are unable to restore from the backup system. Because Oracle restore to an alternate server is not supported, this procedure requires that you perform a disaster recovery (DR) of the Oracle client to a new client that is directly attached to the replication target. (See "Windows Bare Metal Protection" on page 753.) Once the client has been restored, you perform an Oracle granular restore. This operation is only supported on Oracle on Windows platforms running Oracle 10g, 11g or 12c. Replicated Oracle restore considerations and procedures Consider the following before restoring from the replication target: • Free space equivalent to twice the size of the backup is required on the local share for restore processing. If adequate space is not available, the restore will fail. • A replicated backup of the source client taken after the database was deployed is required. To perform DR using Windows integrated recovery, the replicated backup must have been run using version 7.3 or higher for BIOS-based clients, or version 7.4 or higher for UEFI-based clients. To perform DR using legacy Windows hot bare metal, the backup must be a bare metal backup. • • A replicated Oracle database backup is required. • The Oracle backup is unfolded to a remote share. When you are finished restoring, you must tear down the share. Subsequent backup or restore operations for the given instance will fail until the restore share has been torn down. Only one restore or backup operation per database can run at any given time. Any backup or restore initiated while another is in progress will fail. To restore a replicated Windows Oracle database at the target site 1 Perform disaster recovery (DR) of the Oracle client from the replication target as described in 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 566 "Bare metal recovery from a replication target" on page 320. 2 On the replication target, enter Replication View. See "Viewing replicated backups" on page 309 for details. 3 Select the Oracle instance under the Oracle client in the Navigation pane, and click Restore. 4 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 5 Select a restore time and click Next (Select Files/Items). Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. The database instance to restore displays in the Database column. 6 On the Restore from Backup of Client page, if you see A file share is available, check the shares in the grid below to see if one exists for this database instance. Instance name displays at the end of the Network Path column. • • If no share exists for this database, proceed to the next step in this procedure. If a share exists for this database, it is either in use by another backup or restore process, or it has not been torn down after a prior item restore. You cannot perform the item restore until the share becomes available. If you are certain no active job is using the share, tear it down by selecting it in the grid and clicking Tear Down. Be sure to disconnect any network drive mappings to this share before tearing down. For details on checking for active jobs, see "Oracle share is unavailable" on page 564. 7 Click Create. The system creates a share for this database and starts the restore. A row for this restore displays in the grid. 8 Click Refresh to display the full path of the share, \\\. Note or copy the Network Path supplied as you will need it to access files to restore. 9 Log in to the target client you created in step 1 on the previous page. 10 Open Explorer and navigate to the network path you noted in step 8 above. 11 Read the contents of the file unitrends-.env. Note the following values: • • • Oracle SID Oracle Home Backup # 12 Open a command prompt and run the following commands: set ORACLE_SID= set ORACLE_HOME= %ORACLE_HOME%\bin\rman target / shutdown immediate; startup nomount; restore controlfile from alter database mount; crosscheck backup; Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection '\unitrends-.ctf'; 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 567 catalog start with '\unitrends'; list backup tag 'unitrends-'; 13 Run the following commands: restore database; recover database; alter database open resetlogs; quit; 14 At this point your Oracle restore is complete. On the replication target, disconnect any network mapping to the share, then tear down the restore share using one of the following procedures: • If the restore from Backup screen is still open in the replication target system, select the image in the Images available for recovery area, and click Tear Down. Click Yes to confirm that you would like to proceed. The share is removed. • If you have closed the Restore from the Backup screen, follow the instructions described in "About the Oracle restore session" on page 567. Make sure to run this procedure from the replication target system. IMPORTANT! Tear down the share as soon as possible. Subsequent backups and restores cannot run for this instance until the share has been manually torn down. About the Oracle restore session After files have been restored, the session remains until you tear it down. Because system resources are used to maintain the session, it is important to tear it down to ensure optimal performance. To view or tear down Oracle restore images 1 Select the Oracle instance under the Oracle client in the Navigation pane. 2 Select Settings > System Monitoring > Restore Disk images. 3 Select Application Restore Images. A list of restore images displays. 4 Click Refresh to ensure that the list is current. 5 If desired, to tear down a restore image: • Make sure you have disconnected any network drive mappings to this share before tearing it down. • • Select an image in the Images available for recovery area, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is removed from the share. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 568 Legacy Recovery-Series and UEB Administrator's Guide Chapter 25: Oracle Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 569 Chapter 26: Protecting NAS Devices Unitrends provides protection for data stored on NAS devices using the following protocols: • • • Common Internet File System (CIFS) Network File System (NFS) Network Data Management Protocol (NDMP) Protection of NDMP NAS devices and protection for CIFS/NFS NAS devices are completely independent because of differences in the protocols. To protect CIFS/NFS devices, you add the device to the Unitrends appliance as NAS storage and then protect it using file-level backups. To protect an NDMP device, you add the NDMP device to the Unitrends appliance as you would any client, but protect each volume separately. Because of these differences, this chapter is comprised of two distinct sections. To determine which approach best suits your needs, see "Determining how to protect a NAS" on page 569. Then see the appropriate section for additional information and instructions: • • "NAS protection using NDMP" on page 570 "NAS protection using CIFS/NFS" on page 579 Determining how to protect a NAS There are benefits to both approaches Unitrends offers for protecting a NAS. The recommended approach for you depends on your business requirements. Use the following comparison to determine how to protect your NAS: Function NDMP CIFS and NFS Backup Application backups. Protected at the volume level. Captures Access Control Lists (ACL) and other file attributes. File-level backups. Protected at the NAS share level. Full, Differential, and Incremental backup types. Automatically promotes every 10th incremental to a differential. Full, differential, and selective backup types. Shorter backup windows, especially if protecting many small files. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 570 Function NDMP CIFS and NFS Restore Restore to NDMP devices of the same vendor. See vendor documentation for additional compatibility limitations. Restore to the same CIFS/NFS device. Point-in-time restores of the entire backup group are supported. Individual file restores from a backup selected on the Status page are supported for some filers. Replication Configure volumes on the NDMP device for replication. Point-in-time restores of the entire backup group or select files within the backup group are supported. Individual file restores from a backup selected on the Status page are supported. Configure the CIFS/NFS client for replication. Better deduplication and replication performance. Longer retention possible because of smaller backup footprints. Archive Archive at the client-level or by volumes. Archive at the client-level. NAS protection using NDMP Beginning with Unitrends release 8.0, you can protect NAS devices using NDMP. Unlike CIFS/NFS NAS devices, NDMP NAS devices can be added to the Unitrends appliance directly through the Add Client screen. Once added, NDMP devices can be protected at the volume level. NDMP backups can be replicated, archived, and restored as you would for any other client. Use the following topics when protecting NDMP clients: • • • • • "Prerequisites and considerations for NDMP" on page 570 • For more information about replicating NDMP backups, see "Replication" on page 277, and "To replicate application backups" on page 300. "Working with NDMP clients" on page 572 "About NDMP backups" on page 574 "Restoring NDMP backups" on page 577 For more information about archiving NDMP backups, see "Archiving Overview" on page 201 and the applicable archive media chapters. For instructions, see "Archiving Procedures" on page 253. Prerequisites and considerations for NDMP Consider the following when protecting NDMP devices: • The Unitrends appliance must be one of the following: – UEB running Unitrends software version 8.0 or higher Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 571 – A 64-bit, rackmount Recovery-Series model that is 1U or higher, running Unitrends software version 8.0 or higher • • Unitrends supports NDMP version 4.0. • Unitrends currently certifies devices from NetApp and EMC (Celerra, VNX, and VNXe). Devices from other vendors can be added as “Generic” NDMP NAS clients. Consider vendor specific limitations when protecting generic clients. • It is important to be familiar with your vendor’s documentation and limitations because they can affect Unitrends protection of your NDMP device. • Your NDMP NAS device must be configured with an MD5 password. Clear text passwords are not supported. • Unitrends dynamically assigns ports between 32768 - 61000 when protecting NDMP devices. If your environment is configured with a firewall, make sure the ports in this range are open. • Unitrends appliances use port 10000 when protecting NDMP. Port 10000 is open for the following security levels: No Security, Low Security, and Medium Security. You cannot protect NDMP devices if you set your Unitrends appliance to High Security. For more information, see "About security levels" on page 131. • Unitrends uses a single, customer-specified IP address when protecting an NDMP client. NDMP operations to and from multiple isolated IP networks are not supported. • Full, differential, and incremental backups are supported for NDMP clients. Selective backups are not supported. • Enterprise backup scheduling is not supported for NDMP clients. When you enter the Enterprise backup subsystem, all NDMP clients are disabled in the Navigation pane. • Because NDMP NAS devices normally have a limited number of NDMP connections, backup and restore jobs for NDMP clients are queued and run as NDMP connections become available. • • A recurring full backup must be in the schedule. • NDMP backups can only be restored to NDMP devices of the same vendor. For additional compatibility limitations see your vendor’s documentation. • When performing point-in-time restores for NDMP volumes, you cannot specify files to include or exclude. The volume is restored exactly as it was at the selected recovery point. • Selective restores are supported for some NDMP devices from the certified vendors. See the vendor documentation for compatibility limitations. For example, VNXe devices only support full volume-level restores to the same location. • Non-UTF-8 compatible characters cause backups to run more slowly. Selective restore of files containing non-UTF-8 compatible characters is not supported. Instead you must do a full The Unitrends appliance must be licensed for the NDMP feature. Check for NDMP=X, where X equals the number of NDMP licenses purchased, in the license string under Settings > System, Updates, and Licensing > License. NDMP only supports nine consecutive incremental backups between successful fulls and differentials. Schedules with more than nine consecutive incremental backups result in automatically promoted differential backups. See "Automatic promotions of NDMP Incremental backups" on page 574. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 572 restore of the backup. If your NAS share contains non-UTF-8 compatible characters, it is recommended to convert the NAS share to support UTF 8. This will allow selective restore and enable backups to run much faster. • To protect NetApp high availability C-mode clusters, additional requirements apply. See "Implementing NetApp cluster protection" on page 573 protection for details. Working with NDMP clients Like most client types, NDMP clients are added, modified, and deleted through the Settings > Clients, Networks, and Notification > Clients screen. In addition to the fields and options visible for all client types, NDMP clients have three additional NDMP Client Option fields: protocol, vendor, and port. For instructions on adding an NDMP client to the Unitrends appliance, see: • • "About adding clients" on page 69 "Adding a NAS NDMP client" on page 76 For instructions on modifying and deleting an NDMP client, see "About working with clients" on page 88. Advanced configuration settings for NDMP clients Because each NDMP vendor has different limitations, there are some advanced configuration settings that might be required to protect your NDMP device. To access the advanced configuration options, go to the Settings > System, Updates, and Licensing > General Configuration [Advanced] and click NDMP. The following advanced settings are available: Setting Description DAR DAR is on (DAR=1) by default. Unitrends uses Direct Access Recovery (DAR) to restore NDMP backups. Note: IPv4Address For NetApp devices, DAR only works with ONTAP version 8.0 and later. If using an earlier version of ONTAP, disable DAR by setting DAR=0. Blank by default. Unitrends automatically attempts to use the eth0 or seth0 IPv4Address. If your environment is configured with either of these IP addresses, it is retrieved and used. If you have neither eth0 nor seth0 configured in your environment, you must enter an IP address in this field and restart NDMP services as described below. (This is most common in the case of bonded NICs.) Entering an IP address in this field will override eth0 or seth0. Username The NDMP daemon username defaults to ndmp. If you change the username, NDMP services must be restarted as described below. Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 573 Setting Description Password The NDMP daemon password defaults to unitrendsndmp. If you change the password, NDMP services must be restarted as described below. Maximum Running NDMP Jobs The maximum number of running NDMP sessions per NAS NDMP client defaults to 2. This value is accessible only from terminal. For more information, see KB 1313. Protecting Clusters Additional configuration is required to protect NetApp clusters. See "Implementing NetApp cluster protection" on page 573 for details. To restart NDMP services NDMP services must be restarted on Unitrends appliances if the IPv4Address or NDMP daemon username or password is changed. 1 Using a terminal emulator, such as PuTTY, connect to the Unitrends appliance. 2 Log in using the administrative account. 3 Run the following command: service unitrends-ndmp restart Implementing NetApp cluster protection Beginning in release 8.1, you can easily protect NetApp nodes configured in high availability Cmode clusters. Once you have configured your clusters for the Unitrends protection, they can be backed up and restored using the standard Unitrends NDMP procedures. In addition to the requirements described in "Prerequisites and considerations for NDMP" on page 570, the following requirements must be met to protect NetApp clusters: Because each NDMP vendor has different limitations, there are some advanced configuration settings that might be required to protect your NDMP device. To access the advanced configuration options, go to the Settings > System, Updates, and Licensing > General Configuration [Advanced] and click NDMP. • • • The Unitrends appliance must be running version 8.1 or higher. • Volumes to protect must be exported through an LIF. We recommend assigning a unique IP address to each volume you wish to backup. NetApp ONTAP must be version 7.x or 8.x. NDMP must be enabled for both the cluster and the Vserver. See the NetApp configuration documentation and KB 3662 for details. In NetApp cluster environments, volumes may migrate over to a different node. If your NDMP schedule has the Auto-include new NDMP Volumes box checked, migrated volumes are automatically included in the backup schedule. Generally, adding a migrated volume to the schedule causes the next backup to run as a full backup, even though a full of this of this migrated volume may exist on the backup device. If desired, you can prevent a new full backup by migrating the volume back to the original node or by unchecking the Auto-include new NDMP Volumes box in the backup schedule. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 574 About NDMP backups NDMP devices are protected at the volume level. When running an on-demand backup or creating a backup schedule for an NDMP client, you must specify the volume(s) you wish to protect. Each volume is protected individually. The protocol limits the number of incremental backups between successful full backups to 9. If your backup schedule has more than 9 incrementals between each full backup, incrementals are automatically promoted to differentials as needed and then jobs resume as scheduled. For more information, see "Automatic promotions of NDMP Incremental backups" on page 574. Note: Enterprise backup scheduling is not supported for NDMP clients. Automatic promotions of NDMP Incremental backups NDMP limits the number of incrementals that can occur between fulls to 9. This limitation is enforced by assigning and tracking levels of each backup type. It does so in the following way: • • • Fulls are always counted as level ‘0.’ Differentials are always counted as level ‘1.’ Incrementals are counted by increasing the previous backup’s level by 1. These can be counted as levels 1-9, with nine being the maximum level allowed by the protocol. Automatic promotion for schedules For schedules, the NDMP level assignments described above means scheduled incremental backups are automatically promoted to differentials if there is already a level-9 backup in that volume’s current backup group. The promotion to a differential resets the level to one. After the automatic promotion, the schedule resumes running the jobs as expected. The graphic below demonstrates the automatic promotion behavior for schedules with more than 9 incrementals between each full backup. The schedule below has one full on the first of each month and daily incrementals in between. Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 575 As you see, the regularly scheduled full runs followed by 9 incrementals. Then a scheduled incremental is automatically promoted to a differential, resetting the level to 1, and resumes running as scheduled with automatic promotions each time the maximum level of 9 is reached. Note: Only 8 incrementals run between automatically promoted differentials because the count starts from 1 rather than 0 (as it does with full backups). One-time incremental backups and automatic promotion On-demand incremental backups also affect the backup level for the volume. If you attempt to run a one-time incremental backup and the backup level is less than 9, the job is queued and the backup level of the group is increased by one. However, if the volume’s backup level is already 9, the job is not queued. Instead you are notified that you have reached the maximum limit of consecutive incremental backups for this volume and a full must be run. The graphic below demonstrates how one-time incrementals can affect the automatic promotions within an existing schedule. In this case, the schedule is the same as example one, but an ondemand incremental backup is also run on the 6th day. Similar to the first example, the regularly scheduled full runs followed by 9 incrementals. However, on day 6 the level is increased by a total of 2: first by the regularly scheduled incremental and then by the on-demand incremental backup. This results in the automatic promotion to a differential occurring one day earlier than it did in the first example. The schedule then resumes running as scheduled with automatic promotions each time the maximum level of 9 is reached. Note: Only 8 incrementals run between automatically promoted differentials because the count starts from 1 rather than 0 (as it does with full backups). Differential backups and automatic promotion Because differential backups are always counted as level 1, they do not have the same limitations as incremental backups. Any number of differentials can be run between successful full backups of an NDMP volume. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 576 Backup groups for NAS NDMP clients As with other clients, NDMP backup groups can consist of full, differential, and incremental backups. The system creates a group when you run a new full backup. Each subsequent differential and incremental backup forms a link in the chain of backups that constitute the group associated with the full backup. Because NDMP backups are run separately for each volume, each volume has its own backup groups. For more information, see "Backup groups" on page 145. Selection lists for NDMP backups Inclusions are done by volume only. When initiating one-time backups or scheduling backups, you must select the volumes you wish to protect. Exclusions can be specified for some of the NDMP devices from the certified vendors. For more information, see KB 1315. Backing up NAS NDMP clients Throughout the Administrator Interface, backups of volumes on NDMP clients are displayed as NDMP Full, NDMP Differential, and NDMP Incremental. Support for NDMP backups varies by vendor. Read your vendor’s documentation for requirements and limitations. For procedures on backing up NDMP clients, see: • • "To run a one-time backup for an NDMP client" on page 576 "To create a backup schedule for a NAS NDMP client" on page 576 To run a one-time backup for an NDMP client 1 Select the NDMP client in the Navigation pane, and click Backup. 2 Click the 1-Time Backup tab, and choose backup type Full, Differential, or Incremental. See "Backup types" on page 142 for more information. 3 Check the desired boxes in the NDMP Volumes to Protect grid. 4 (Optional) Select the preferred backup storage from the Available Devices. 5 Click Backup. The Unitrends appliance queues a job for each volume selected and runs them as NDMP connections become available. Note: If there are already 9 incrementals since the last successful full backup of the volume and you selected Incremental, you will be notified that you have reached the maximum limit of consecutive incremental backups for this volume and a full must be run. To create a backup schedule for a NAS NDMP client 1 Select the NDMP client in the Navigation pane, and click Backup. 2 Select the Schedule Backup tab. 3 Enter the Schedule Name. 4 Enter a Schedule Description. Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 577 5 Choose the data to backup by checking the desired boxes in the NDMP Volumes to Protect grid. Each volume on an NDMP client can only be protected by a single schedule. If you do not see a volume you wish to protect, click the Refresh icon. 6 (Optional) Check the Auto-Include new NDMP Volumes box. Note: Because the Auto-Include new NDMP volumes check box automatically adds new volumes to a schedule, it can only be checked on one schedule for an NDMP client. 7 In the schedule area, select a backup strategy from the list. Choose from Full Backups, Full with Differentials, Full with Incrementals, or Custom. 8 Do one of the following: • For a non-custom strategy, define the frequency at which backups of each type will run using the fields below each backup. • For a custom strategy, click the Calendar icon to define the frequency at which backups of each type will run. Do the following for each backup instance: – – Drag a backup icon onto the calendar. Drag onto today’s date or later. In the Add Backup window, define the backup type, start date, start time, recurrence, and description (optional), then click Confirm. Notes: • • 9 About fulls - A full backup must be in the schedule. About automatic promotions to differentials - The NDMP protocol automatically promotes every 9th incremental between fulls to a differential. For more information, see "Automatic promotions of NDMP Incremental backups" on page 574. (Optional) Check Set Retention Settings and modify the minimum, maximum, and legal hold values. These values apply to all selected volumes in this schedule. To set different values for each selected item, do not enter settings here. Instead, go to Settings > Storage and Retention > Backup Retention. See "About retention control" on page 121 for details. 10 (Optional) Click Advanced Settings to select a backup storage device other than the default and change the mail options. Click Confirm to save your advanced settings. 11 Click Save. The Unitrends appliance queues a job for each volume selected and runs them according to the schedule when NDMP connections becomes available. Restoring NDMP backups You can perform point-in-time restores for an NDMP volume or, for most NDMP devices from the certified vendors, you can restore single backups and files from the Status tab. To restore specific files see "Executing a restore from the Status tab" on page 347. If you wish to restore an entire volume to the exact state it was in at a selected recovery point, use the point-in-time restore procedures below. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 578 Note: Selective restores of files containing non-UTF-8 compatible characters is not supported. Instead, perform a full restore of this data. For backups containing with files with non-UTF8 compatible characters and without non-UTF-8 compatible characters, selective restores of the files without these special characters is supported. Support for restoring NDMP backups varies by vendor. Read your vendor’s documentation for requirements and limitations. For example, backups of volumes on EMC VNXe devices can only be restored to the same volume path on the original VNXe device, and target directories cannot be specified. Additionally, selective restores are not supported for VNXe devices. These are limitations of the VNXe device. Point-in-time NDMP restores Point-in-time restores for NDMP clients are done by volume. If the selected backup is a differential or incremental, the entire chain of backups is restored to the specified target location. When performing point-in-time restores for NDMP volumes, you cannot specify files to include or exclude. The volume is restored exactly as it was at the selected recovery point. Additionally, when performing a point-in-time restore for an NDMP client, there is no default target location. You must specify the target device and volume. Optionally you can specify a target directory. To execute a point-in-time restore for an NDMP volume 1 Select the NDMP device in the Navigation pane. 2 Click Restore. 3 Select the desired Recovery Point Day in the calendar. 4 Click on one of the backups in the Recovery Point Times grid, or select a green recovery point on the wheel. 5 Click Next. Note: You cannot specify files to include or exclude for NDMP point-in-time restores. To restore specific files, see "Executing a restore from the Status tab" on page 347. 6 Select the desired target device in the Target to Which to Restore drop-down list. Only devices with the same vendor are displayed. Additional vendor compatibility limitations apply. 7 Select the desired target volume in the Target Volume field. Only directories on the selected device that are online and have enough space for the restore are visible. 8 (Optional) Enter the desired target directory in the Target Directory field. The target directory cannot exceed 255 characters. • • 9 If the directory entered does not exist, it is created within the selected volume. If this field is left blank, the backup is restored to the target volume. Click Restore. If you encounter a permissions error when accessing an NDMP backup restored to an environment with different permissions, unmount the target volume and remount it with the appropriate permissions. Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 579 NAS protection using CIFS/NFS To backup data stored on a CIFS or NSF device, you must create NAS storage in the backup system. Data is then backed up through the network connection, as if it were another internal directory or volume. Data is transferred more quickly than if the device is mounted on one of the Unitrends appliance’s clients. Once storage has been created, the CIFS and NFS devices are seen as regular clients of the backup system. Use the following topics when working with CIFS/NFS NAS clients: • • • • • "Prerequisites and considerations for CIFS/NFS clients" on page 579 • For more information about replicating NDMP backups, see "Replication" on page 277 and "To replicate file-level backups" on page 300. "Working with CIFS/NFS clients" on page 579 "Backing up CIFS/NFS clients" on page 582 "Restoring backups of CIFS/NFS clients" on page 583 For more information about archiving NDMP backups, see "Archiving Overview" on page 201 and the applicable archive media chapters. For instructions, see "Archiving Procedures" on page 253. Prerequisites and considerations for CIFS/NFS clients Consider the following when protecting CIFS/NFS NAS devices: • Full, differential, and selective backups are supported for CIFS/NFS clients. Incrementals are not supported. • Enterprise backups are not supported for CIFS/NFS clients. When you enter the Enterprise backup subsystem, all CIFS/NFS clients are disabled in the Navigation pane. • Backups start at the NAS mount point. Therefore, it is not necessary to apply exclusion lists to keep files in other system directories from being included in the NAS backup. • When you mount the CIFS/NFS NAS device to the backup system, open files do not get backup up. For this reason, backups of CIFS/NFS clients should be scheduled to run when file activity is at its lowest level. • Permissions of the files as seen when mapped to the system are not exactly the same as those on the CIFS/NFS NAS device. Working with CIFS/NFS clients CIFS/NFS clients are added as NAS storage. Once added, the clients are visible in the Navigation pane and can be protected like any other client. Use the Settings > Storage and Retention > Storage screen to add, modify, and delete CIFS/NFS clients. Adding CIFS/NFS clients CIFS/NFS NAS devices should be added to the Unitrends appliance as NAS storage. Upon adding NAS storage with the CIFS or NFS protocol, a client is created and displays in the Navigation pane. You can then schedule backups for the CIFS/NFS client as you would any other client. Notes: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 580 • If the NAS share is configured for authentication, you must supply credentials to access the specified mount point. If in your environment you only have credentials to access a parent directory, enter the full path to the parent directory and use a selection list to specify files and folders to protect. • CIFS/NFS clients cannot be added through the Settings > Clients, Networking, and Notifications > Clients > Add Clients page. See these procedures to add CIFS/NFS clients: • • "To add a CIFS/NFS client" on page 580 "To add multiple NAS mount points as separate CIFS/NFS clients" on page 580 To add a CIFS/NFS client 1 Select Settings > Storage and Retention > Storage. 2 Click Protect a NAS. 3 Enter a name for the storage being configured in the Storage Name field. 4 If the NAS share is configured for authentication, provide the credentials in the Username, Password, and Verify Password fields. (Skip this step is authentication is not used.) If domain credentials are being used, enter the user name as [email protected]. 5 Enter the IP address or hostname of the NAS share in the Host field. 6 Select the desired file system type from the Protocol list. The NAS share can be connected using the CIFS or NFS protocol. 7 The Port field contains the default for the protocol selected. If the protocol uses a custom port, enter that port number. 8 Enter the full directory pathname of the NAS share in the Share Name field. Do not use leading or ending slashes. Example pathname: parentShare/subDirectory1/subDirectory2. 9 • To protect only the subDirectory2 share and its subdirectories, enter parentShare/subDirectory1/subDirectory2. • To protect parentShare and all of its subdirectories, enter parentShare. Click Confirm. 10 Verify that the Online check box is checked for the NAS storage you added. This box must be checked to enable the CIFS/NFS client to be protected. 11 After the NAS storage is added, refresh the Navigation pane to see the new client. To add multiple NAS mount points as separate CIFS/NFS clients Use this procedure to protect all data under multiple mount points on a CIFS/NFS device. Each mount point is added as a separate client. You then protect each CIFS/NFS client separately so that distinct backup groups are created for each. Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 581 Note: If the NAS share is configured for authentication, you must supply credentials to access the specified mount point. If in your environment you only have credentials to access a parent directory, enter the full path to the parent directory and use a selection list to specify files and folders to protect. 1 Select Settings > Storage and Retention > Storage. 2 Click Protect a NAS. 3 Enter a name for the storage being configured in the Storage Name field. 4 If the NAS share is configured for authentication, provide the credentials in the Username, Password, and Verify Password fields. (Skip this step if authentication is not used.) If domain credentials are being used, enter the user name as [email protected]. 5 Enter the IP address or hostname of the NAS share in the Host field. 6 Select the desired file system type from the Protocol list. The NAS share can be connected using the CIFS or NFS protocol. 7 The Port field contains the default for the protocol selected. If the protocol uses a custom port, enter that port number. 8 Enter the full directory pathname of the NAS share in the Share Name field. Do not use leading or ending slashes. Example pathname: parentShare/subDirectory1/subDirectory2. 9 • To protect only the subDirectory2 share and its subdirectories, enter parentShare/subDirectory1/subDirectory2. • To protect parentShare and all of its subdirectories, enter parentShare. Click Confirm. 10 Verify that the Online check box is checked for the NAS storage you added. This box must be checked to enable the CIFS/NFS client to be protected. 11 After the NAS storage is added, refresh the Navigation pane to see the new CIFS/NFS client. 12 Repeat this procedure for each mount point you wish to add. Modifying and Deleting CIFS/NFS clients This section describes procedures for modifying and deleting CIFS/NFS clients. Because CIFS/NFS clients are added as NAS storage, they must be modified and deleted through the Settings > Storage and Retention > Storage screen as well. To modify a CIFS/NFS client 1 Select Settings > Storage and Retention > Storage. 2 Select the desired NAS storage in the grid. The Modify Protect Storage window displays. 3 Modify the following as desired: Username, Password/Verify Password, Host, Port, Protocol, and Share Name. 4 Click Save to save your changes. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 582 To delete a CIFS/NFS client Use this procedure to remove all of the following from the Unitrends appliance: the NAS mount point from the Storage screen, the CIFS/NFS client from the Navigation pane, and all backups of this CIFS/NFS client. WARNING! When a protected NAS is deleted, all associated backups of that client are also deleted. Use caution before deleting a protected CIFS/NFS NAS from the Storage screen. 1 Select Settings > Storage and Retention > Storage. 2 Select the desired NAS storage in the grid. The Modify Protect Storage window displays. 3 Click Delete. The Verification window displays. 4 Check the I understand... check box and click Confirm to continue. Note: If a message displays indicating that this client is scheduled for backup, you must remove the client from all schedules and then perform this procedure again. Backing up CIFS/NFS clients Once the CIFS/NFS client has been added to the Unitrends appliance, it can be protected with filelevel backups. You have the option of using full, differential, and selective file-level backups to protect CIFS/NFS clients. Incremental backups are not supported. Note: Enterprise backups are not supported for CIFS/NFS clients. When you enter the Enterprise backup subsystem, all CIFS/NFS clients are disabled in the Navigation pane. For instructions on backing up CIFS/NFS clients, see: • • • "Specifying data to include or exclude from CIFS/NFS backups" on page 582 "Backups Overview" on page 141 "File-level Backups" on page 159 Specifying data to include or exclude from CIFS/NFS backups NAS backups include all files under the specified mount point. If you do not wish to protect all files, use one of the following strategies: • Add the CIFS/NFS NAS mount point, then apply an exclusion list to omit specified files and folders from the backup. (Note that wildcards are not supported in CIFS/NFS exclusion lists.) Exclusion lists are supported with full and differential backups, so this approach enables you to run differentials that only capture changes since the last backup. • Add the CIFS/NFS NAS mount point, then apply an inclusion list to specify which files and folders to include in the backup. Inclusion lists are supported for the selective backup type only. If you use this approach, the entire selected file set is captured each time the backup runs. • Add multiple mount points for the given NAS. Give each mount point a unique name so the backup appliance treats each mount as a separate client. Only the files under the given mount point are included in the backup. For additional granularity, you can add an exclusion list or inclusion list. Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 583 Restoring backups of CIFS/NFS clients When restoring from a CIFS/NFS backup, you can restore to any CIFS or NFS NAS device that has been added to the Unitrends appliance. When restoring from a CIFS/NFS backup, the original location of the backup is the default restore target. If you wish to restore to a location on the NAS other than the original path, you can select another registered client. To restore a CIFS or NFS backup 1 In the Navigation pane, select the NAS client whose backup you will restore. 2 Select Restore from the Main Menu. A wheel representing a 24-hour time period displays. 3 Select a backup from the Recovery Point Times list on the left side of the Center Stage. If no backups are listed, click through the calendar until a date displays in bold, signifying an available backup. Note: In addition to appearing in the calendar, available backups appear as a green slice on the 24-hour time wheel. 4 Select Next (Select Files/Items) at the bottom right of the screen. 5 Select the volumes or files you wish to restore. Note: Use the Advanced file selection option if you have a large amount of volumes and want to quickly select all for restore. 6 (Optional) To exclude a subset of the files you selected in step 5 above, click Show File Exclusion Options. Then enter exclusion patterns to exclude files that you do not wish to restore. See "File exclusion options" on page 350 for details. 7 (Optional) To restore to another client or to a different location on the original client, select Show Advanced Execution Options and enter the following: • Client To Which To Restore - Client where data will be restored. The original client displays by default. To restore to a different client, select it in the list. If you do not see the desired client, add it as CIFS/NFS storage as described in "Adding CIFS/NFS clients" on page 579. • Target Directory - Enter the full path where the data will be restored. For example, if the original NAS backup was of this directory: /mnt/NAS/folder/subFolder1 and you wish to restore to: /mnt/NAS/folder/subFolder2 enter the full path in the Target Directory field under Restore Advanced Execution Options: /mnt/NAS/folder/subFolder2 Note: • If you enter /subFolder2 only, the restore is written to the root mount point on the backup appliance (/mnt in our example). This could fill the root mount point and crash the appliance. For details on other options, see "Advanced Execution Options for restore" on page 351. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 584 8 Click Restore on the bottom right of the screen to start the restore. 9 The restore progress bar displays. Progress can also be viewed by selecting Status > Present (Currently Executing Jobs). For details, see "Monitoring running restore jobs" on page 355. Legacy Recovery-Series and UEB Administrator's Guide Chapter 26: Protecting NAS Devices 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 585 Chapter 27: Hyper-V Protection This chapter describes procedures used to protect Hyper-V environments. See the following topics for details: • • • • • "About Hyper-V protection" on page 585 • "Instant recovery for Hyper-V" on page 618 "Working with Hyper-V servers" on page 596 "Grouping Hyper-V virtual machines" on page 598 "Executing Hyper-V backups" on page 599 "Restoring the Hyper-V virtual infrastructure" on page 606 About Hyper-V protection Unitrends offers all-in-one backup, replication, archiving, and disaster recovery for Hyper-V virtual infrastructure in an integrated fashion from the Administrator Interface. The Unitrends Hyper-V Host Operating System (HOS) agent leverages the Microsoft Volume Shadow Copy Service (VSS) to offer centralized and efficient protection of hosted virtual machines. The Unitrends appliance can protect VMs in online, offline, and saved states. You must install Hyper-V Integration Services on your VMs to protect them in an online state. When you add a Hyper-V host to the system, the HOS agent is automatically installed (pushed to the Hyper-V system) as part of the Windows agent. You can then protect all VMs under that host without having to add individual VMs to the Unitrends backup system. Before adding a host, see "Prerequisites for Hyper-V protection" on page 586 to be sure installation prerequisites have been met. In some instances, you might wish to protect VMs at the guest OS level by installing the appropriate agents, adding them to the appliance as you would add physical machines, and running the appropriate file-level and application backups. For example, if you are running applications such as SQL, Exchange, or Sharepoint on a Hyper-V VM, you will have more granular control of database backups and restores if you add these VMs to the appliance and run the relevant application backups. For more information, see "Protecting Hyper-V virtual machines at the guest OS level" on page 590. Note: You should not run Hyper-V backups for VMs that you are protecting at the guest OS level. Doing so can lead to undesirable results. To protect the file system and operating system of the Hyper-V host, you must run file-level backups and use Unitrends bare metal protection. For details, see "File-level Backups" on page 159 and "Windows Bare Metal Protection" on page 753. Any files belonging to the Hyper-V application are automatically excluded from file-level backups of the Hyper-V host. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 586 It is recommended that you read "Best practices for protecting Hyper-V virtual machines" on page 589 before you begin protecting your Hyper-V environment. Features of Unitrends Hyper-V protection • Protection for virtual machines running under Windows Server 2008 R2 and higher and Windows Hyper-V Server 2012 and higher. • Support for virtual machines residing in a High Availability setup using Cluster Shared Volumes (CSV). • • Support and tracking of virtual machines in live migration configuration. • • Full and incremental backups. • • • • • • File-level restore from backups. • Instant recovery of a corrupt or failed virtual machine. (Unitrends releases 8.0 and higher. For details, see "Instant recovery for Hyper-V" on page 618.) Support for VMs with disk storage located on SMB 3.0 shares. (Unitrends releases 8.0 and higher. For details, see "Protecting Hyper-V virtual machines with storage located on SMB 3.0 shares" on page 595.) Backup of virtual machines in online, offline, and saved states. Native provisioning for thin-provisioned disks. Change Block Tracking (CBT). Policy-based automatic inclusion of newly created virtual machines into backup schedules. AES-256 bit encryption of protected data. Archiving of Hyper-V backups via D2D2D (Disk-to-Disk-to-Disk) or D2D2T (Disk-to-Disk-toTape). For details about Unitrends Hyper-V protection, see the following topics: • • • • • "Prerequisites for Hyper-V protection" on page 586 "About Hyper-V backups" on page 587 "Best practices for protecting Hyper-V virtual machines" on page 589 "Protecting Hyper-V virtual machines at the guest OS level" on page 590 "Protecting Hyper-V virtual machines with storage located on SMB 3.0 shares" on page 595 Prerequisites for Hyper-V protection The prerequisites for protecting Hyper-V environments are listed below. Additional requirements must be met for agent push installations and updates. See "Push installing the Windows agents" on page 426 and "Updating the Windows agents" on page 435 for details. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 587 Item Description Hyper-V hosts supported For supported hosts, see the Unitrends Compatibility and Interoperability Matrix. Unitrends system version Release 6.2.0 and higher Unitrends Windows agent version The Hyper-V agent is included in the Unitrends Windows agent release 6.2.0 and higher. No additional installation packages or licenses are required for protecting virtual machines in a Hyper-V environment. Microsoft VSS Microsoft’s Volume Shadow Copy Service (VSS) and the Hyper-V VSS writer must be installed and running on the Hyper-V host. Virtual Hyper-V backups do not support VMs configured with pass-through disks. To machine protect a VM with pass-through disks, install the appropriate agent in the guest configuration operating system, add the VM to the backup system as you would add a physical machine, and protect it with the appropriate file-level and application backups. Protect the VM’s operating system using Untirends bare metal protection. For details, see "Backups Overview" on page 141. Online backups of a virtual machine To perform online backups of a virtual machine, you must install Integration Services in the guest operating system. Integration Services enable the virtual machine to create a child state snapshot. The host can then use this snapshot to perform an online backup of the virtual machine. To determine which guest operating systems support Integration Services and online backups, refer to the Microsoft document Hyper-V Overview. About Hyper-V backups The table below lists the backup types supported for Hyper-V environments. For more details about backup types, see "Backup types" on page 142. Backup method Full Description Protects the metadata (configuration files) and data for all the disks attached to the virtual machine. All disk blocks are captured in a full backup. Incremental Captures the changes to the metadata and the virtual machine hard disk blocks since the last successful full or incremental backup. For more details about Hyper-V backups, see the following topics: • "Hyper-V backup strategies" on page 588 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 588 • • • "Online backups" on page 589 "Backups for VMs on servers running Hyper-V versions 2012 and 2012 R2" on page 589 "Automatic exclusion of Hyper-V data during file-level backups" on page 589 Hyper-V backup strategies Data protection strategies are driven primarily by the following requirements: • • • Recovery Time Objectives (RTO) Recovery Point Objectives (RPO) Backup window Unitrends offers a wide variety of data protection strategies to enable you to meet these requirements for Hyper-V virtual environments. Unitrends recommends using an incremental forever strategy to protect Hyper-V environments. With this strategy, a master is run one time, followed by incrementals thereafter at the frequency that best suits your environment. The system then synthesizes masters locally from the incrementals to ensure quick restores. These synthetic backups are also used for archiving, as incremental backups do not archive directly. For more on synthetic backups, see "Synthetic backup" on page 144 and KB 3560. To use the incremental forever strategy, it is recommended that the backup system be on the latest release. Unitrends supports a variety of other strategy options, described here: Objective Strategy You need to ensure that a full backup completes within the desired window. Use an incremental forever strategy. Run a Hyper-V full backup one time, then incrementals each day or multiple times per day. Your tolerance for data loss is measured in a day or more. Use incremental forever or a weekly Hyper-V full backup with a daily incremental backup. Your tolerance for data loss is measured in a few hours. Use incremental forever or a weekly Hyper-V full backup with incremental backups performed with the frequency to meet your RPOs. Your backups need to complete within a few hours during the week but can run continuously on the weekend. Use incremental forever or a weekly Hyper-V full backup with daily incremental backups. You need to control when full backups run. If system resources are taxed and you would like to control when a full backup runs, use a weekly Hyper-V full backup with incremental backups. Keep in mind that synthetic backups are system-side only and do not impact the client. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 589 Online backups When the Unitrends system initiates a backup of a virtual machine in a Hyper-V environment, the Unitrends agent creates a VSS-based point-in-time consistent snapshot of the Hyper-V host, which triggers a snapshot of the virtual machines on the host. If Integration Services are enabled, the appliance runs an online backup, and there is no downtime associated with the snapshot and backup of the virtual machine. The latest version of Integration Services must be installed in the guest operating system to perform backups in an online state. For a list of guest operating systems for which Integration Services is supported, see the Microsoft document Hyper-V Overview. For the Unitrends appliance to successfully perform an online backup (child VM snapshot), the following conditions must be met on the protected VMs: • • The latest version of backup Integration Services must be installed and enabled. • All volumes in the child VM are basic disks and there are no dynamic disks. • All disks in the child VM must use a file system that supports snapshots (for example, NTFS). The VM’s VHD(x) files and snapshot file location must be set to the same volume in the host operating system. If an online backup cannot be performed, the virtual machine is temporarily put in a saved state. In saved state there is a brief downtime associated with the backup process. It is important to understand that if a VM does not have Integration Services installed, the backup job can cause the virtual machine to be inaccessible to connected users for a short period of time (less than a minute). Backups for VMs on servers running Hyper-V versions 2012 and 2012 R2 In Unitrends versions 8.1 and higher, the Unitrends Windows agent leverages a Hyper-V changedblock-tracking (CBT) driver that greatly increases performance for incremental backups of your virtual machines. The driver supports Hyper-V versions 2012 and 2012 R2. To benefit from the CBT driver's performance enhancements, simply install agent version 8.1.0-3 or higher on your Hyper-V hosts. The CBT driver is automatically installed with the Windows agent. Be sure to install the same version of the agent on all hosts in a cluster configuration. To verify that the agent is leveraging the CBT driver for your backups, you can view backups details from the status tab. For instructions, see "To view backup details" on page 149. When you view details, the Raw Output section of the Backup Information window contains the following statement for backups run with the CBT driver: CBT DRIVER ACTION IS ENABLED. If the driver has been uninstalled or corrupted, backups complete with a warning to indicate that the CBT driver was not used. Automatic exclusion of Hyper-V data during file-level backups To protect the server hosting the Hyper-V application, you must run file-level backups. For instructions, see "File-level Backups" on page 159. During file-level backups of a Windows server hosting a Hyper-V application, any files belonging to the Hyper-V application are automatically excluded. To protect your Hyper-V data, use the procedures described in "Executing Hyper-V backups" on page 599. Best practices for protecting Hyper-V virtual machines This section provides a list of best practices for protecting your Hyper-V virtual machines. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 590 • Follow Microsoft’s best practices for virtualization. For a list of Microsoft documents on virtualization, see Microsoft Virtualization: Hyper-V best practices. • Install the latest version of Integration Services on all supported operating systems to ensure that the Unitrends appliance can run online backups of your Hyper-V VMs. For more information, see "Online backups" on page 589. • After making any configuration changes to a VM in the Hyper-V manager, such as creating or deleting a snapshot, adding a new disk, or converting a disk from VHD to VHDX format, you must run a new full backup to ensure the integrity of the VM’s backup groups. After running a new full back up, you can continue protecting the VM with its existing schedule. • A cluster with a single cluster shared volume does not follow Microsoft’s best practices and may be unreliable. If you have VMs in a cluster with a single CSV, protect them as if they are physical machines. For details, see "Protecting Hyper-V virtual machines at the guest OS level" on page 590. • In some instances, it is recommended that you protect Hyper-V VMs at the guest OS level and protect them the same way you would protect physical machines. For details, see "Protecting Hyper-V virtual machines at the guest OS level" on page 590. • Do not run Hyper-V backups for VMs that you are protecting at the guest OS level. Doing so can compromise log truncation changes for applications and lead to other undesirable results. • For virtualized Active Directory servers, there are additional considerations. See "Protecting virtualized Active Directory servers" on page 590 for details. • For virtual machines in Distributed File System environments, there are additional considerations. See "Protecting virtual machines in Distributed File System environments" on page 590 for details. Protecting virtualized Active Directory servers To ensure database consistency, you must set up the virtualized Active Directory (AD) server in accordance with Microsoft best practices. If all Microsoft considerations are not addressed, backup and restore of the virtual machine may yield undesired results. If you prefer not to research these best practices, it is recommended to install the agent on the VM and protect it as you would as physical server (leveraging Microsoft’s VSS writers). Protecting virtual machines in Distributed File System environments Distributed File System (DFS) Namespaces and DFS Replication offer high-available access to geographically dispersed files. Because of the replication and syncing operations in DFS environments, you must set up the virtual machine in accordance with Microsoft best practices to ensure database consistency. If all Microsoft considerations are not addressed, backup and restore of the virtual machine may yield undesired results. If you prefer not to research these best practices, it is recommended to install the agent on the VM and protect it as you would a physical server (leveraging Microsoft’s VSS writers). Protecting Hyper-V virtual machines at the guest OS level In most cases it is recommended that you use Hyper-V backups to protect your Hyper-V virtual machines. However, in some instances, you might wish to protect your VMs at the guest OS level and protect them the same way you would protect physical machines. Hyper-V and guest-OS-level backups provide you with different options. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 591 For details, see the following topics: • • "Comparison between Hyper-V and guest-OS-level backups" on page 591 "Recommendations and considerations for protecting Hyper-V VMs at the guest OS level" on page 592 IMPORTANT! To protect a VM with both host-level and asset-level (agent-based) backups, be sure to adhere to the following: • Ensure that the VM's host-level and asset-level jobs do not overlap. Running both simultaneously may lead to undesirable results. • If protecting hosted SQL or Exchange databases with agent-based application backups, do not use application-aware protection for host-level backups. Doing so may compromise log truncation changes and lead to other undesirable results. Comparison between Hyper-V and guest-OS-level backups Hyper-V protection strategy Hyper-V (host-OSlevel) backups Guest-OSlevel backups Considerations • Quickest setup, do not need to add VMs individually or install agent on each VM. • • Automatically include new VMs in backup schedules. • Enable you to take advantage of the features described in "Features of Unitrends Hyper-V protection" on page 586. • • Backup system treats the VM like a physical client. • • Provide application and operating system consistent backup and restore. • Support all SQL database recovery models. Must run guest-OS-level backups for all recovery models other than simple. • • • Support backup of multi-node SharePoint farms. Rapid disaster recovery of a failed VM. (See "Instant recovery for Hyper-V" on page 618.) All backup options are supported, including selection lists, options to exclude at the volume, directory, or file level, and run pre- and post- backup commands. Recommended for VMs where more granular exclusion of data is required. For SQL, Exchange, Oracle, and SharePoint backups, perform application-level post backup processing, such as log truncation. Protect VMs configured with shared VHDXs. Support Windows instant recovery (WIR) to quickly spin up a virtual replica of a failed Windows client. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 592 Recommendations and considerations for protecting Hyper-V VMs at the guest OS level The table below describes specific instances when you might want to protect VMs at the guest OS level instead of running Hyper-V backups. To protect a VM at the guest level, you protect it the same way you would protect a physical machine. You must install the appropriate agent and add the VM to the Unitrends appliance using the instructions described in "About adding clients" on page 69. See "Backups Overview" on page 141 for details on running backups for VMs that you protect at the guest OS level. IMPORTANT! To protect a VM with both host-level and asset-level (agent-based) backups, be sure to adhere to the following: • Ensure that the VM's host-level and asset-level jobs do not overlap. Running both simultaneously may lead to undesirable results. • If protecting hosted SQL or Exchange databases with agent-based application backups, do not use application-aware protection for host-level backups. Doing so may compromise log truncation changes and lead to other undesirable results. VM configuration Protection considerations VMs configured with passthrough disks Hyper-V backups do not support VMs configured with pass-through disks. To protect a VM with pass-through disks, install the appropriate agent in the guest operating system, add the VM to the backup system as you would add a physical machine, and protect it with the appropriate file-level and application backups. Use bare metal protection for the VM’s operating system. For details, see "Backups Overview" on page 141. VMs configured with shared VHDXs Due to a Microsoft limitation, Hyper-V backups cannot protect VMs configured with shared VHDXs. To protect a VM with a shared VHDX, install the appropriate agent in the guest operating system, add the VM to the backup system as you would add a physical machine, and protect it with the appropriate file-level and application backups. Use bare metal protection for the VM’s operating system. For details, see "Backups Overview" on page 141. Virtualized Add these VMs to the appliance and protect them with the appropriate file-level Active and application backups. Use bare metal protection to protect the operating Directory (AD) systems. For details, see "Backups Overview" on page 141. servers for which you are not following Microsoft’s best practices Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 593 VM configuration Protection considerations VMs in Distributed File System environments for which you are not following Microsoft’s best practices Add these VMs to the appliance and protect them with the appropriate file-level and application backups. Use bare metal protection to protect the operating systems. For details, see "Backups Overview" on page 141. VMs hosting Oracle databases Add these VMs to the appliance and protect them with the appropriate file-level and application backups. Use bare metal protection for the operating systems. For details, see "Backups Overview" on page 141. VMs running operating systems that are not supported by Integration Services It is recommended that you add these VMs to the appliance and protect them with the appropriate file-level and application backups. Use bare metal protection for the operating systems. For details, see "Backups Overview" on page 141. VMs hosting applications or application versions that are not supported by Integration Services It is recommended that you add these VMs to the appliance and protect the databases using the appropriate application backups. Use file-level backups for the VMs’ file systems and bare metal protection for the operating systems. For details, see "Backups Overview" on page 141. VMs hosting SQL databases configured in full or bulklogged recovery models For SQL databases configured in full or bulk- logged recovery models, you must schedule regular transaction log backups to truncate the logs and prevent them from growing unchecked. For details, see KB 1295. To schedule transaction log backups for these VMs, you must protect them as if they are physical machines and run SQL backups. Use file-level backups for the VMs’ files systems and bare metal protection for the operating systems. For instructions, see "About Microsoft SQL protection" on page 489. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 594 VM configuration Protection considerations VMs in a cluster configuration with only one cluster shared volume It is recommended that you add these VMs to the appliance and protect them with the appropriate file-level and application backups. Use bare metal protection for the operating systems. For details, see "Backups Overview" on page 141. VMs with disk storage located on SMB 3.0 shares Unitrends releases 8.0 and higher support Hyper-V backups of VMs with disk storage located on SMB 3.0 shares. For earlier releases, you must install the appropriate agents and protect these VMs as if they are physical machines. For details, see "Backups Overview" on page 141. VMs for which you would like to exclude volumes or large numbers of files when running backups Protect these VMs as if they are physical machines using file-level backups and apply selection lists. For details, see "File-level Backups" on page 159. Use bare metal protection for the operating systems. For details, see "Bare Metal Protection Overview" on page 749. VMs functioning as large file servers for which you may need to perform a large number of restores Protecting these VMs as physical machines enables you to take advantage of the file search feature when performing restores (see "Searching for a file to restore" on page 349). Install the appropriate agent on each VM, add it to the backup system, and protect it using the appropriate file-level and application backups. Use bare metal protection for the operating system. For details, see "Backups Overview" on page 141. VMs hosting applications for which you need granular control of backups and restores Protect the VMs as if they are physical machines by installing the Windows agent, adding them to the backup system, and protecting the databases using the appropriate application backups. This will enable you to select individual databases to back up. Use file-level backups for the VMs’ file systems and bare metal protection for the operating systems. For details, see "Backups Overview" on page 141. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 595 VM configuration Windows VMs that you would like to protect with the Windows instant recovery (WIR) feature Protection considerations Install the Windows agent on the VMs, add them to the backup system, and protect them using the appropriate file-level and application backups. Use bare metal protection to protect the operating systems. For details, see "Backups Overview" on page 141. For details about WIR, see "Windows Instant Recovery" on page 451. Protecting Hyper-V virtual machines with storage located on SMB 3.0 shares Hyper-V servers 2012 and higher can host virtual machines with disk storage located on SMB 3.0 shares. Unitrends software releases 8.0 and higher can protect these VMs with Hyper-V backups. For details, see "Prerequisites and considerations" on page 595. For earlier releases, you must install the appropriate agents on these VMs and protect them at the guest OS level. For more information, see "Protecting Hyper-V virtual machines at the guest OS level" on page 590. Prerequisites and considerations • • The Unitrends appliance software and Windows agent must be release 8.0 or higher. • The Windows agent installed on the Hyper-V server must be granted read/write access to remote SMB 3.0 shares. For instructions on granting this access, see "Requirements for SQL databases located on SMB 3.0 shares" on page 495. • The Hyper-V server hosting the VMs and the server hosting the SMB shares must belong to the same Windows domain. • The VM can contain one or more disks located on SMB 3.0 shares. All disks can reside on the same SMB 3.0 share or different shares hosted by one or more servers in the same domain. All servers participating in the VM backup must belong to the same domain. • For disks located on remote SMB 3.0 shares, the Windows agent creates a VSS snapshot on the remote server and then exposes it to the Hyper-V server through the SMB share pathing. The agent then backs up the VM’s files from the remote snapshot location. When the backup completes, all VSS snapshots created for the backup are removed from the server hosting the SMB share. The File Server and the File Server VSS Agent Service roles must be installed on the server hosting the SMB shares. For instructions on installing these roles, see KB 1334. Granting the Windows agent read/write access to remote SMB 3.0 shares The Windows agent installed on the Hyper-V server must be granted read/write access to remote SMB 3.0 shares. You can grant this access using one of the following methods: • On the Hyper-V server, change the login account for the Unitrends Windows agent service “bpagent” to the domain administrator account. Using these credentials will provide all necessary access to the SMB shares. This is the most secure option for SMB access. Note, 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 596 however, that file-level backups of the Hyper-V server may encounter files whose permissions do not allow domain administrator access. If successful file-level backups for the Hyper-V server cannot be created and SMB share security is less of an issue, then the method below is recommended. • Run the agent as local system account on the Hyper-V server and grant it read/write permission for the SMB shares. For instructions, see KB 1335. Working with Hyper-V servers To begin protecting your Hyper-V virtual machines, you must add the servers hosting them to your Unitrends appliance. If the virtual machines you wish to protect reside on Cluster Shared Volumes (CSVs), you must add the cluster and each individual node (server). For most versions of Windows, when you add a Hyper-V server, the Hyper-V agent is automatically installed as part of the Windows agent. For Windows Server 2012 R2, you must install the Windows agent manually. For details about agent installation, see "Push installing the Windows agents" on page 426 and "Manually installing the Windows agents" on page 428. When the server is added to the appliance, the Hyper-V application displays under it in the Navigation pane. When a cluster is added, only the Hyper-V application displays. Servers belonging to a cluster do not display directly under the cluster in the Navigation pane. For easy navigation of Hyper-V clusters and their nodes, you can use the navigation grouping feature (Unitrends release 7.5 and higher) to create custom folders in which you group together clusters and their nodes (see "Navigation grouping" on page 45). See the figures below for examples of how Hyper-V servers and clusters display in the Navigation pane and of how to use custom folders to group together clusters and their nodes. Hyper-V server Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 597 Hyper-V cluster and cluster nodes Hyper-V clusters and nodes grouped together in custom folders For instructions on adding Hyper-V servers and clusters to the Unitrends appliance, see: • • • "Special considerations for adding Hyper-V clusters" on page 597 "About adding clients" on page 69 "Adding a Hyper-V client" on page 72 For instructions on modifying and deleting a Hyper-V server, see "About working with clients" on page 88. Special considerations for adding Hyper-V clusters The Unitrends appliance must be able to resolve the name and IP address of every node in a HyperV cluster. When adding a cluster node to a Unitrends appliance, you must enter the correct IP address and the exact name of the node. If you enter an incorrect IP address or a name that does not exactly match the name of the node, backups will fail because the appliance will be unable to 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 598 determine the owner of the VMs in the cluster configuration. Be sure to enter the correct hostname and IP address for every node in the cluster. Before adding a cluster to the Unitrends appliance, you must install the agent on each cluster node and add it to the appliance. Follow these steps to add a cluster: Step 1: Install the agent on each cluster node. (You can skip this step if agent push is supported for the version of Windows running on the cluster nodes. See "Push installing the Windows agents" on page 426.) Step 2: Add each node to the Unitrends appliance using the instructions described in "To add a client to the Unitrends appliance" on page 69. Step 3: Add the cluster using the instructions described in "To add a client to the Unitrends appliance" on page 69. Displaying Hyper-V virtual machines in the Navigation pane After adding a Hyper-V server to the Unitrends appliance, you can displays its virtual machines in the Navigation pane using the procedure described here. To display Hyper-V virtual machines in the Navigation pane 1 Click on the Gear icon in the lower right corner of the Navigation pane to display the System Preferences box. 2 Click the box next to Show Virtual Machines in Navigation Tree?. 3 Click Confirm. The appliance now displays the VMs in the Navigation pane. Grouping Hyper-V virtual machines Beginning in release 7.5, you can use the navigation grouping feature for increased ease of use when managing virtual machines. You can create groups of VMs and then manage them on the group level rather than having to manage each VM individually. You can also run Hyper-V backups for groups of VMs. See "Navigation grouping" on page 45 for a description of the feature, requirements, and setup procedures. To use this feature for VMs, you must display them in the Navigation pane. For details, see "Displaying Hyper-V virtual machines in the Navigation pane" on page 598. If using groups for clustered VMs, keep in mind that although clustered VMs display under their nodes in the Navigation pane, you must select the cluster to run backups for these VMs. (For details, see "Working with Hyper-V clusters in the Navigation pane" on page 600.) It is recommended that you do not include clustered and non-clustered VMs in the same group. To archive or run reports at the group level, follow the standard archiving and reporting procedures in these chapters: "Archiving Overview" on page 201 and "Reports, Alerts, and Monitoring" on page 357. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 599 Executing Hyper-V backups Backups for Hyper-V virtual machines can either be executed immediately or scheduled at a desired frequency. Immediate backups occur only one time and are executed as soon as possible. Scheduled backups are more typical – you create a calendar-based schedule which specifies when Hyper-V virtual machine backups occur. When scheduling backups, you must create a separate backup schedule for each server and each cluster. For instructions on executing backups, see the following topics: • • • • "Selecting Hyper-V VMs to protect" on page 599 "Special considerations for backing up Hyper-V clusters" on page 599 "Hyper-V backup procedures" on page 602 "Viewing the status of Hyper-V backups" on page 606 Selecting Hyper-V VMs to protect Review these guidelines and tips before executing Hyper-V backups. • • A separate backup is created for each VM you select. • Hover over the virtual machine name to see whether Integration Services are enabled on the VM. A message displays if they are not enabled. If they are enabled, hovering over the VM produces the VM name. (For VMs in a cluster setup, this may take a few minutes.) If Integration Services are not enabled, the VM is put in a saved state during the backup. See "Online backups" on page 589 for more information. • For VMs hosted on Windows Server versions later than 2008 R2, backups are executed simultaneously. The number of jobs that run simultaneously is determined by the Maximum Concurrent Backups setting (Settings > Storage and Retention > Backup Devices) and the resource load of the system. It is also important to monitor the resource utilization on the HyperV server to determine whether its backups should be staggered. • If multiple virtual machines in a clustered environment (CSV) are running on Windows Server 2008 R2, the system serializes the backups. Jobs are queued but run one at a time. This is a Windows limitation. To work around this limitation, see "Creating an alias for a Hyper-V cluster" on page 601. • Clustered VMs display when you select their host node. However, to protect them, you must select the cluster in the Navigation pane. For details, see "Clustered VMs in the Navigation pane" on page 600. • Non-clustered VMs hosted on a cluster node do not display when you select the cluster in the Navigation pane. To protect these VMs, you must select the host node. For details, see "Nonclustered VMs on a cluster node" on page 600. A virtual machine may be included in only one schedule. If you attempt to add a VM to a second schedule, you cannot save that schedule. Remove the VM from the first schedule before adding it to another. Special considerations for backing up Hyper-V clusters Consider the following before executing backups for VMs hosted on servers configured in a cluster: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 600 • To protect virtual machines residing on cluster shared volumes (CSVs), you must select the cluster in the Navigation pane before executing backups. You cannot protect these VMs by selecting the owner node. For details, see "Clustered VMs in the Navigation pane" on page 600. • To protect virtual machines that are hosted on a cluster node but that do not reside on CSVs, you must create a backup schedule for the node that hosts the VMs. You cannot protect them in the same schedule as the clustered VMs. For details, see "Non-clustered VMs on a cluster node" on page 600. • A Microsoft limitation prevents the Unitrends appliance from running concurrent backups of clustered VMs hosted on Windows Server 2008 R2. You can work around this limitation by creating aliases for the cluster and creating a separate schedule for each CSV. For instructions, see "Creating an alias for a Hyper-V cluster" on page 601. • For information on working with clusters, see "Working with Hyper-V clusters in the Navigation pane" on page 600. Working with Hyper-V clusters in the Navigation pane This section provides figures to help you locate virtual machines in a clustered setup when executing backups. See the following topics for details: • • "Clustered VMs in the Navigation pane" on page 600 "Non-clustered VMs on a cluster node" on page 600 Clustered VMs in the Navigation pane Clustered VMs display when you select their host node. However, to protect them, you must select the cluster in the Navigation pane. In the figure below, a cluster node is selected in the Navigation pane, and both clustered and non-clustered VMs display in the list of VMs to Protect. As the message in the figure indicates, you cannot run backups for the clustered VMs in this list from the host node. You must select the cluster. Non-clustered VMs on a cluster node Non-clustered VMs hosted on a cluster node do not display when you select the cluster in the Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 601 Navigation pane. To protect these non-clustered VMs, you must select the host node. In the screen shot below, the VMs EDC_Test, W2K3R264-VM1, and Win8_VM1 reside on the cluster node MDVH12, but they do not display under the cluster HV12-Clus-134-84. This is because the VMs are not clustered. To execute backups for them, you must select the Hyper-V application under the nodeMDVH12. Creating an alias for a Hyper-V cluster To work around a Microsoft limitation that prevents the Unitrends appliance from running simultaneous backups of clustered VMs hosted on a server running Windows 2008 R2, you can create a client alias for each cluster shared volume (CSV) using the procedure described below. After adding each client alias to the appliance, you can create a backup schedule for each CSV and backups of the clustered VMs can run concurrently. To create a client alias for a Hyper-V cluster 1 Log in to the appliance to which the cluster is added. 2 Select Settings > Clients, Networking, and Notifications > Networks > Hosts. 3 Click on the client name in the table. 4 Type a name in the Alias Name field. It is recommended that you include the CSV number in the name to help you remember which CSV you would like to associate with each alias. Note: 5 Do not enter spaces in the name. You are limited to 15 characters. It is recommended that you write down the alias name so you can enter the exact name when you add it as a new client. Click Add. You see the alias name in the Alias List area. Note: To remove an alias name from the Alias List area, click on the alias name and click 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 602 Remove . To remove all alias names from the Alias List area, click Remove All. 6 Repeat to add more alias names, if necessary. 7 Click Confirm. To add the alias name as a client 8 Go to Settings > Clients, Networking, and Notifications > Clients. 9 Click Add Client. You see the Add Client screen. 10 Select Hyper-V from the Computer Type drop-down list. 11 Uncheck Establish trust in the Authentication area. 12 Uncheck Automatically create a backup schedule for this computer and apply it immediately in the Options area. 13 Enter one of your new alias names in the Computer Name field. Note: There is no need to add an IP address, since this defaults to information from the host page. 14 Click Setup. You see a processing message, then a Reload Navigation window describing that you need to refresh the system. 15 Click Yes, reload the System or No, reload the System later. 16 After you reload the system, the new alias name displays in the Navigation pane in the list of clients protected by the system. 17 Repeat as needed to add additional client aliases. 18 See "Hyper-V backup procedures" on page 602 to run backups for the clustered VMs. When scheduling backups, create a separate schedule for each alias. Hyper-V backup procedures Use these procedures to run Hyper-V backups. For cluster considerations, see "Special considerations for backing up Hyper-V clusters" on page 599. • • • • • "To execute an immediate Hyper-V backup" on page 602 "To create a Hyper-V backup schedule" on page 603 "To view or modify a Hyper-V backup schedule" on page 605 "To delete a Hyper-V backup schedule" on page 605 "To enable or disable a Hyper-V backup schedule" on page 605 To execute an immediate Hyper-V backup Use the procedure described here to execute immediate backups of virtual machines. The procedure is the same for clustered and non-clustered VMs. To back up a clustered VM, you must select the cluster application in the Navigation pane. For non-clustered VMs hosted on a cluster node, you must select the host node. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 603 1 Review "Best practices for protecting Hyper-V virtual machines" on page 589 and "Selecting Hyper-V VMs to protect" on page 599 for tips and guidelines on selecting virtual machines for an immediate backup. 2 Select the applicable Hyper-V application or navigation group in the left Navigation pane and click Backup. The list of available VMs is determined by what you select in this step: • • 3 Select the Hyper-V application to display all VMs hosted on the application. Select the navigation group to display only its VMs. Select the 1-Time Backup tab. This retrieves a list of virtual machines available on the Hyper-V application. Click the reload arrows at the bottom to refresh the list of virtual machines discovered in the environment. 4 In the Select Virtual Machines area, check boxes to select the virtual machines to backup. To select or deselect all VMs in the list, click the gray box above the first VM’s checkbox. Hover over the VM name to see more information. For example, you may see a message indicating that the VM is offline or Integration Services are not installed. 5 Choose the type of backup by selecting Full or Incremental. You cannot run an incremental backup unless the appliance is currently storing a successful full backup for the VM. If the system does not have a successful full backup for the VM and you try to run an incremental backup, you are prompted to perform a full backup first. 6 Backups are stored on the default device unless you select a different device. To back up to a different device, select one in the Available Devices area. 7 Check the Verify Backup box to perform a data transfer integrity check for each backup. IMPORTANT! Failure to check this box can lead to undesirable results when attempting to restore from the backup. 8 Click Backup at the bottom of the screen to initiate the backup process. A separate backup is created for each virtual machine selected. To view the status of the active backup operations, select Settings > System Monitoring > Jobs. For details, see "Monitoring running backup jobs" on page 147. To see the status of completed backup jobs, select Reports > Backups. To create a Hyper-V backup schedule Use the procedure described here to create backup schedules for virtual machines. The procedure is the same for clustered and non-clustered VMs. To back up clustered VMs, you must select the cluster application in the Navigation pane. For non-clustered VMs hosted on a cluster node, you must select the host node. 1 Review "Best practices for protecting Hyper-V virtual machines" on page 589 and "Selecting Hyper-V VMs to protect" on page 599 for tips and guidelines on selecting virtual machines for inclusion in backup schedules. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 604 2 Select the applicable Hyper-V application or navigation group in the left Navigation pane and click Backup. The list of available VMs is determined by what you select in this step: • • Select the Hyper-V application to display all VMs hosted on the application. Select the navigation group to display only its VMs. 3 Select the Schedule Backup tab. 4 Enter a unique Schedule Name. 5 If desired, enter a Schedule Description. 6 Check the box next to Schedule enabled. If this box is not checked, the schedule will not run. 7 In the VMs to Protect area, check boxes to select all virtual machines that need to be protected by the schedule. To select or deselect all VMs in the list, click the gray box above the first VM’s checkbox. Hover over the VM name to see more information. For example, you may see a message indicating that the VM is offline or Integration Services are not installed. 8 In the Schedule area, select a backup strategy from the list. • Choose from Incremental Forever, Full with Incrementals, or Custom. See "Hyper-V backup strategies" on page 588 for more information. • Backups for the selected strategy display below. Note: 9 If the appliance is not currently storing a successful full backup for a VM included in a schedule, the appliance will run a full for this VM during the first scheduled backup even if you have not included a full backup in the schedule. An incremental backup cannot run for a particular VM until the appliance is storing a successful full backup for this VM. Do one of the following: • For a non-custom strategy, define the frequency at which backups of each type will run using the fields below each backup. • For a custom strategy, click the Calendar icon to define the frequency at which backups of each type will run. Do the following for each backup instance: – – Drag a backup icon onto the calendar. Drag onto today’s date or later. – Then click Confirm. In the Add Backup window, define the backup type, start date, start time, recurrence, and description (optional). 10 If desired, modify the minimum and maximum retention settings. These settings apply to all selected VMs. To set different values for each VM, do not enter settings here. Instead, go to Settings > Storage and Retention > Backup Retention. For details see "About retention control" on page 121. Modifying retention settings here also updates values displayed on the Backup Retention page. Once you modify this setting in the schedule, you cannot change it again from the schedule Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 605 itself. Instead, make changes from the Backup Retention page as described in "About retention control" on page 121. 11 If you would like to add new VMs to this schedule automatically, check the Auto-include new VMs box. This option can be enabled in only one schedule for each Hyper-V server that the system is protecting. 12 Click Advanced Settings and perform the following: • Check the Verify Backup option to perform a data transfer integrity check for each backup. IMPORTANT! Failure to check this box can result in undesirable results when attempting to restore from the backup. • • (Optional) Specify the following settings: – Select the backup device to which backups will be written. – Check the Email Schedule Report option to receive email notification upon completion of the scheduled backup jobs. You also have the option to receive a PDF attachment of the report in the email. – Check the Email Failure Report option to receive email notification upon failure of any backup job on the schedule. You also have the option to receive a PDF attachment of the report in the email. Click Confirm to save Advanced Settings. 13 Click Save to create the schedule. To view or modify a Hyper-V backup schedule 1 Select a Hyper-V application or navigation group in the left Navigation pane and click Backup. 2 Select the Schedule Backup tab. 3 In the Schedule Name field, select the desired schedule from the list. 4 Modify settings as desired and click Save. For a description of each setting, see "To create a Hyper-V backup schedule" on page 603. To delete a Hyper-V backup schedule Note: You can also delete Hyper-V schedules from the Enterprise Backup subsystem. See "To delete an Enterprise backup schedule" on page 197 for details. 1 Select a Hyper-V application or navigation group in the left Navigation pane and click Backup. 2 Select the Schedule Backup tab. 3 In the Schedule Name field, select the desired schedule from the list. 4 Click Delete Schedule. To enable or disable a Hyper-V backup schedule Note: You can also enable and disable Hyper-V schedules from the Enterprise Backup 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 606 subsystem. See "To enable or disable an Enterprise backup schedule" on page 197 for details. 1 Select a Hyper-V application or navigation group in the left Navigation pane and click Backup. 2 Select the Schedule Backup tab. 3 In the Schedule Name field, select the desired schedule from the list. 4 Do one of the following: • • 5 To enable the schedule, check the Schedule Enabled box. To disable the schedule, uncheck the Schedule Enabled box. Click Save. Viewing the status of Hyper-V backups To see a calendar-view illustration of the monthly transactions, select the Hyper-V application in the Navigation pane and select Status on the main menu. Use the arrows to view different months, and use the tabs in the lower pane to view details. For details, see "Viewing backups" on page 148. Restoring the Hyper-V virtual infrastructure After backing up a virtual machine, you can restore the virtual machine using the following methods: Restore method Description Entire virtual machine This method restores the entire virtual machine and associated metadata with the configured peripherals from any given Unitrends recovery point. The recovery point can be associated with a full, differential, or incremental backup. See "Restoring Hyper-V virtual machines" on page 606. File-level recovery This method allows file-level recovery from Hyper-V backups. Data is accessed using CIFS (Samba) and iSCSI protocols. Data can be recovered in a single pass from any recovery point associated with a full, differential, or incremental backup of the virtual machine. See "Restoring files from Hyper-V backups" on page 611. Instant Recovery This method provides instant availability of the virtual machine leveraging Live Storage Migration to transfer data while the virtual machine is up and running. See "Instant recovery for Hyper-V" on page 618. Restoring Hyper-V virtual machines The procedures described in this section are used for restoring an entire virtual machine. For instructions on restoring individual files from a Hyper-V backup, see "Restoring files from Hyper-V backups" on page 611. To restore from a replicated backup, you must restore to an alternate HyperV server or to an alternate location. For explanations of the different restore options, see "Supported Hyper-V virtual machine restore procedures " on page 607. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 607 Supported Hyper-V virtual machine restore procedures Restore procedure Description Restore a VM to the original server Restores the VM to the original Hyper-V server. A clustered VM is restored to the node that owns it. The restore process recreates the VM with the original name, and if the original VM still exists on the server, it is overwritten during the restore process. This option is not supported for replicated backups. For instructions, see "To restore a Hyper-V virtual machine to the original Hyper-V server" on page 607. Restore a VM to an alternate path on the original server Restores the VM to a different location on the original server. The restore process recreates the VM with the original name in the new location. This option is not supported for clustered VMs or for replicated backups. For instructions, see "To restore a Hyper-V VM to an alternate path on the original server" on page 608. Restore a VM to an alternate Hyper-V server. Restores the VM to an alternate Hyper-V server. The restore process recreates the VM with the original name on the alternate server. A clustered VM can be restored to an alternate node on the cluster only if the original VM no longer exists in the cluster database. The alternate server must be running the same Windows version as the original or a higher version. Supported for local and replicated backups. For instructions, see "To restore a Hyper-V VM to an alternate Hyper-V server" on page 609. Restore a VM to an alternate location Restores the VM disks and configuration files to a Windows machine, which does not have to be a Hyper-V server. This option does not recreate the VM but restores the VM data necessary for you to recreate it with a new configuration on an alternate server and to restore files from the VM. Supported for local and replicated backups. For instructions, see "To restore a Hyper-V VM to an alternate location" on page 610. To restore a Hyper-V virtual machine to the original Hyper-V server You can use the procedure described here to restore a VM to the original Hyper-V server. If you are restoring a clustered VM, it is restored to the owner node. The restore process recreates the original VM with the original name, and if the original VM still exists on the server, it is overwritten during the restore. Note: This option is not supported for replicated backups. 1 Log in to the appliance storing the backup you want to use for the restore. 2 Select a Hyper-V application, navigation group, or individual VM in the left Navigation pane and click Restore. 3 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 4 Select a restore time and click Next (Select Options). 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 608 Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. The recovery point time can be as associated with a full or incremental backup. 5 Under Restore Type, select Restore to Original Hyper-V Server. Note: The VM is restored with its original name, and if the VM still exists on the Hyper-V server, it is overwritten with the restored VM during the restore process. 6 Select the original server in the Hyper-V Server drop-down menu. 7 To execute a Pre- or Post- Restore command, click on theShow Advanced Execution Options box. For details, see "Advanced Execution Options for restore" on page 351. These options vary depending on the restore type you selected in step 5 above. 8 Click the Restore button at the bottom on the screen. You can monitor the restore job by selecting Settings > System Monitoring > Jobs. For details, see "Monitoring running restore jobs" on page 355. 9 The recovered VM is created in a powered off state. Go to the hypervisor to power on the virtual machine. To restore a Hyper-V VM to an alternate path on the original server This option restores a VM to a different location on the original Hyper-V server. If the original VM still exists in the original location, it is not impacted by the restore. Note: This option is not supported for replicated backups or for clustered VMs. 1 Log in to the appliance storing the backup you want to use for the restore. 2 Select a Hyper-V application, navigation group, or individual VM in the left Navigation pane and click Restore. 3 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 4 Select a restore time and click Next (Select Options). 5 Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. The recovery point time can be associated with a full or incremental backup. 6 Under Restore Type, select Restore to Alternate Path. 7 Select the original server in the Hyper-V Server drop-down menu. 8 Enter the path in the Target Path field or select a path using the Open File Browser box. 9 To execute a Pre- or Post- Restore command, click on the Show Advanced Execution Options box. For details, see "Advanced Execution Options for restore" on page 351. These options vary depending on the selected restore type in step 6 above. 10 Click the Restore button at the bottom on the screen. You can monitor the restore job by selecting Settings > System Monitoring > Jobs. For details, see "Monitoring running restore jobs" on page 355. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 609 11 The recovered VM is created in a powered off state. Go to the hypervisor to power on the virtual machine. To restore a Hyper-V VM to an alternate Hyper-V server This option restores a VM to a different Hyper-V server. You can use this option to restore local and replicated backups. Requirements and considerations • The alternate server must be running the same version of Windows as the original server or a later version. • • The server must be added to the appliance storing the backup that you will use for the restore. • If restoring a saved state backup to a dissimilar OS and/or hardware, the VM may not start properly. If this occurs, delete the saved state before starting the VM. 1 Log in to the appliance storing the backup you want to use for the restore. It can be a local backup system or a replication target. A clustered VM can be restored to an alternate cluster node only if the original VM no longer exists in the cluster database. A clustered VM can be restored to a server outside the cluster, but the VM created on the alternate server during the restore process will not be a clustered VM. To restore from a replicated backup, you must enable replication view on the target before creating the restore image. To enable replication view, select the Gear icon at the bottom of the Navigation pane, check Show Replication view, and click Confirm. 2 Select a Hyper-V application, navigation group, or individual VM in the left Navigation pane and click Restore. 3 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 4 Select a restore time and click Next (Select Options). 5 Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. The recovery point time can be associated with a full or incremental backup. 6 Under Restore Type, select Restore to Alternate Hyper-V Server. 7 Select the alternate server in the Hyper-V Server drop-down menu. 8 Enter the path in the Target Path field or select a path using the Open File Browser box. Note: 9 If you do not enter a path, the VM is restored to the default location for Hyper-V disks on the server. To execute a Pre- or Post- Restore command, click on the Show Advanced Execution Options box. For details, see "Advanced Execution Options for restore" on page 351. These options vary depending on the restore type you select in step 6 above. 10 Click the Restore button at the bottom on the screen. You can monitor the restore job by selecting Settings > System Monitoring > Jobs. For details, see "Monitoring running restore jobs" on page 355. After the restore completes, refresh the server in Hyper-V manager to view the restored VM. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 610 11 The recovered VM is created in a powered off state. Go to the hypervisor to power on the virtual machine. To restore a Hyper-V VM to an alternate location This option restores the VM disks and configuration files to a Windows machine, which does not have to be a Hyper-V server. You can use this option to restore local and replicated backups. This option does not recreate the VM. It restores the data necessary for you to recreate the VM with a new configuration on the alternate server or recover files from the VM disks (see "To recover files and folders from a restored Hyper-V disk" on page 610). 1 Log in to the appliance storing the backup you want to use for the restore. It can be a local backup system or a replication target. To restore from a replicated backup, you must enable replication view on the replication target before creating the restore image. To enable replication view, select the Gear icon at the bottom of the Navigation pane, check Show Replication view, and click Confirm. 2 Select a Hyper-V application, navigation group, or individual VM in the left Navigation pane and click Restore. 3 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 4 Select a restore time and click Next (Select Options). 5 Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. The recovery point time can be associated with a full or incremental backup. 6 Under Restore Type, select Restore to Alternate Location. 7 Select the alternate machine in the Client to Which to Restore drop-down menu. 8 Enter the path in the Target Path field or select a path using the Open File Browser box. 9 To execute a Pre- or Post- Restore command and select other restore options, click on the Show Advanced Execution Options box. For details, see "Advanced Execution Options for restore" on page 351. 10 Click the Restore button at the bottom on the screen. You can monitor the restore job by selecting Settings > System Monitoring > Jobs. For details, see "Monitoring running restore jobs" on page 355. After the restore completes, you can attach the restored VHD and recover files using the procedure described in "To recover files and folders from a restored Hyper-V disk" on page 610. 11 The recovered VM is created in a powered off state. Go to the hypervisor to power on the virtual machine. To recover files and folders from a restored Hyper-V disk 1 Restore the VHD using the procedure described in "To restore a Hyper-V VM to an alternate location" on page 610. 2 Open the start menu on the Windows machine to which you have restored the disk. 3 Right click on Computer and select Manage. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 611 4 In the left pane, click the arrow next to Storage to display the menu options. 5 Click Disk Management. 6 Click Action in the top right corner of the Computer Management window. 7 Click Attach VHD, and then browse to locate the restored the VHD. 8 Click OK. Once the disk is attached, you can copy files and folders to the desired locations. Restoring files from Hyper-V backups Use the Hyper-V file-level recovery (FLR) feature to restore individual files from a Windows or Linux VM to the original VM or to another machine running the same operating system as the original. The restore target machine can be a physical or virtual machine and does not need to be a protected client of the backup system. You can perform file-level recovery using local and replicated backups. File-level recovery procedures are the same for clustered and non-clustered VMs. You may simultaneously run one file-level recovery session for each protected VM. When you create a recovery image for a Windows VM, the virtual machine hard drives are exposed as both a CIFS (Samba) share and an iSCSI LUN. You then choose to map the share or LUN to the restore target machine so data can be copied to the desired location. For a Linux VM, the VM hard drives are exposed as an iSCSI LUN. You must use iSCSI LUN mapping for the following: • • • To recover access control information on files and folders for Windows systems. To recover NTFS encrypted files. To perform file-level recovery for Linux VMs. Note: For the restore process, iSCSI disks are writable and a 1 GB write limit is enforced. If the restore process requires more than 1 GB, you will see OS errors on the restore target machine. If this happens, restore the VM rather than individual files. See "Restoring Hyper-V virtual machines" on page 606 for details. For Windows machines, you can recover files using the procedure described in "To restore a Hyper-V VM to an alternate location" on page 610. Steps for performing Hyper-V file-level recovery Follow the steps listed below to perform file-level recovery. The recovery can be performed from a local or replicated back up. The procedures are the same for clustered and non-clustered VMs. Step 1: Review the "Prerequisites for performing Hyper-V file-level recovery" on page 611. Step 2: Create a disk image. For instructions, see "To create a disk image for Hyper-V file-level recovery" on page 612. Step 3: Perform the recovery. For instructions, see "Performing Hyper-V file-level recovery" on page 613. Step 4: Tear down the disk image. For instructions, see "About the Hyper-V restore session" on page 617. Prerequisites for performing Hyper-V file-level recovery Pre re q u is ite s fo rp e rfo rmin g Hy p e r-V file -le v e lre c o v e ry 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 612 For Linux machines, file-level recovery is performed with iSCSI. The only prerequisite is that the package iSCSI initiator utils must be installed on the recovery target. For Windows machines, the following prerequisites must be met: • CIFS (Samba) access - Ensure that the Samba service is enabled in the Unitrends appliance. Turn on the Samba service by selecting Settings > System, Updates, and Licensing > Support Toolbox > Samba On/Off. • iSCSI access for Windows 2003 - To connect to the iSCSI LUN exposed by the Unitrends system, an iSCSI initiator must be used. For Windows 2003, the initiator package must be downloaded and installed on the restore target machine. Download the installation file from: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18986 • Disk configuration - – Hyper-V FLR is supported on Windows systems configured with basic or GPT disks. All disks must have unique names. FLR is supported for dynamic disks with the following limitations: – FLR on dynamic disks can be performed only with iSCSI. FLR on dynamic disks using a CIFS share is not supported. – If the dynamic volumes in the backup are still in use on the original server, then the disks exported by FLR must be attached to a different server for the recovery. To create a disk image for Hyper-V file-level recovery 1 Review the "Prerequisites for performing Hyper-V file-level recovery" on page 611. 2 Log in to the appliance storing the backup you want to use for the restore. It can be a local backup system or a replication target. To restore from a replicated backup, you must enable replication view on the replication target before creating the restore image. To enable replication view, select the Gear icon at the bottom of the Navigation pane, check Show Replication view, and click Confirm. 3 Select a Hyper-V application, navigation group, or individual VM in the left Navigation pane and click Restore. 4 Select a day in the calendar and the desired backup below to define the recovery point time. 5 Click Next (Select Files/Items) at the bottom of the screen. 6 On the Restore from Backup screen, you see one of the following: • No disk image exists; select ‘Create’ to build one. or • An image is available for recovery. All images on the backup system display in the grid below. 7 Click Create to create a disk image for the VM from which you are restoring. Note: If a previous disk image was created and is still mounted for this VM, you must tear down this image before the system will allow you to create a new share. An image is created and displays in the grid in the bottom part of the screen. The VM disk’s Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 613 files are exposed as a CIFS (Samba) share and/or an iSCSI target. The iSCSI column indicates whether an iSCSI target is available. If a CIFS target is available, the path displays in the Network Path column. If you receive an error message on a UEB appliance while attempting to create the image, increase the memory allocated to the UEB VM using the hypervisor that manages it. Then try again to create the restore image. 8 Proceed to "Performing Hyper-V file-level recovery" on page 613. Performing Hyper-V file-level recovery Pe rfo rmin g Hy p e r-V file -le v e lre c o v e ry You can restore files to the original VM or to an alternate machine (virtual or physical) running the same operating system as the original VM. You can use the procedures in this section to restore from local and replicated backups. The procedures are the same for clustered and nonclustered VMs. For a description of the different options, see "Restoring files from Hyper-V backups" on page 611. See the following topics for instructions: • "To use a CIFS share to restore files from a Hyper-V backup to a Windows target" on page 613 • "To use iSCSI to restore files from a Hyper-V backup to a Windows 2003 target" on page 614 • "To use iSCSI to restore files from a Hyper-V backup to a Windows 2012 or 2008 target" on page 615 • "To restore files from a Hyper-V backup to a Linux target" on page 616 To use a CIFS share to restore files from a Hyper-V backup to a Windows target 1 Create a disk image. See "To create a disk image for Hyper-V file-level recovery" on page 612 for details. 2 Log in to the Windows machine to which files will be restored. This can be the VM from which files are to be restored or any other Windows machine. It cannot be a VM with dynamic disks. 3 Mount the share to the Windows machine by mapping a network drive to the path displayed in the recovery images area of the Restore from Backup screen. For example: \\\flr where n is a number. 4 Browse the mapped share to locate the files to restore. Each partition in the flr share is named volume n, where n is a number. 5 Copy files to restore them to the desired location. 6 Disconnect the network share once files have been restored by right clicking the share and clicking Disconnect. 7 On the appliance, tear down the restore image using one of the following procedures: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 614 • If the Restore from Backup screen is still open in the backup system, select the image in the recovery imagesarea, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is removed from the share. • If you have closed the Restore from the Backup screen, follow the instructions described in "To view or tear down Hyper-V restore images" on page 617. Note: Because system resources are used to maintain the image, it is important to tear it down immediately after performing the restore to ensure optimal performance of your appliance. When an image has been available for three days, the appliance sends an alert reminding you to tear it down. To use iSCSI to restore files from a Hyper-V backup to a Windows 2003 target 1 Create a disk image. See "To create a disk image for Hyper-V file-level recovery" on page 612 for details. 2 Log in to the Windows 2003 machine to which files will be restored. This can be the VM from which files are to be restored, or any other Windows machine. For dynamic disks, if the dynamic volumes in the backup are still in use on the original server, then the disks exported by FLR must be attached to a different server for the recovery. 3 Launch the iSCSI Initiator from the Windows Control Panel > Administrative Tools. 4 From the Initiator, enter the backup system IP address as a target portal. The exposed targets are automatically discovered. 5 Select the desired iSCSI target. The last part of the iSCSI identifier contains the VM name. For example, if the VM name is Ubuntu on NFS, the ID looks like: iqn.1995-11.com.unitrends.dpu:flr.89fb.ubuntuonnfs 6 Log in to expose targets as local disks. 7 Use Windows Disk Management tools to assign drive letters and retrieve files. The Windows file explorer has a setting to hide protected/system files from view. Be sure this setting is turned off so you can access all files. 8 Copy files/folders from the iSCSI drives to the desired location. 9 When finished, Log Off using the iSCSI Initiator. This terminates the machine’s connection to the iSCSI target. 10 On the backup system, tear down the restore image using one of the following procedures: WARNING! Proceeding with the tear-down while the restore target is still connected causes undesired results and errors on the target machine. • If the Restore from Backup screen is still open in the backup system, select the image in the recovery images area, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is removed from the share. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 615 • If you have closed the Restore from the Backup screen, follow the instructions described in "To view or tear down Hyper-V restore images" on page 617. Note: Because system resources are used to maintain the image, it is important to tear it down immediately after performing the restore to ensure optimal performance of your appliance. When an image has been available for three days, the appliance sends an alert reminding you to tear it down. To use iSCSI to restore files from a Hyper-V backup to a Windows 2012 or 2008 target 1 Create a disk image. See "To create a disk image for Hyper-V file-level recovery" on page 612 for details. 2 Log in to the Windows machine to which files will be restored. This can be the VM from which files are to be restored, or any other Windows machine. For dynamic disks, if the dynamic volumes in the backup are still in use on the original server, then the disks exported by FLR must be attached to a different server for the recovery. 3 Launch the iSCSI Initiator from the Windows Control Panel > Administrative Tools. 4 From the Initiator, enter the backup system IP address as a target and choose Quick Connect. A list of iSCSI target LUNs display. 5 Select the desired iSCSI target from the list and click Done. The last part of the iSCSI identifier contains the VM name. For example, if the VM name is Ubuntu on NFS, the ID looks like: iqn.1995-11.com.unitrends.dpu:flr.89fb.ubuntuonnfs 6 Use Windows Disk Management tools to assign drive letters and retrieve files. The Windows file explorer has a setting to hide protected/system files from view. Be sure this setting is turned off so you can access all files. 7 Copy files/folders from the iSCSI drives to the desired location. 8 When finished, Disconnect from the LUNs using the iSCSI Initiator. 9 On the backup system, tear down the restore image using one of the following procedures: WARNING! Proceeding with the tear-down while the restore target is still connected causes undesired results and errors on the target machine. • If the Restore from Backup screen is still open in the backup system, select the image in the recovery images area, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is removed from the share. • If you have closed the Restore from the Backup screen, follow the instructions described in "To view or tear down Hyper-V restore images" on page 617. Note: Because system resources are used to maintain the image, it is important to tear it down immediately after performing the restore to ensure optimal performance of 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 616 your appliance. When an image has been available for three days, the appliance sends an alert reminding you to tear it down. To restore files from a Hyper-V backup to a Linux target To perform this procedure, you must install the package iSCSI initiator utils. Note: This procedure is not supported for software RAID (mdraid) configurations. To recover files from a VM with these configurations, you must restore the entire VM. See "Restoring Hyper-V virtual machines" on page 606. 1 Create a disk image. See "To create a disk image for Hyper-V file-level recovery" on page 612 for details. 2 Log in to the Linux machine to which files will be restored. This can be the VM from which files are to be restored, or any other Linux machine. 3 Open the terminal and log in as root user. 4 Change to the /tmp directory: cd /tmp 5 Run the following command to copy the iscsi_flr script from the backup system: wget http:///iscsi_flr 6 Once the script is downloaded, add execute permission: chmod +x iscsi_flr 7 Run the script as follows: ./iscsi_flr mount 8 Enter information at the system prompts. An example for a VM called linux whose backup system IP is 192.168.237.230 is given here: Unitrends Hyper-V File-Level Recovery <…intro text…> ------------------------Enter address of the Unitrends backup appliance: 192.168.237.230 Enter mount point directory: /tmp// Performing iSCSI target discovery from 192.168.237.230. 1: 192.168.237.230:3260,1 iqn.199511.com.unitrends.dpu:flr.4cdf.linux 2. 192.168.237.230:3260,1 iqn.199511.com.unitrends.dpu:flr.aecb.linux2 Choose a session to restore from: 1 Logging in to iSCSI target iqn.199511.com.unitrends.dpu:flr.4cdf.linux at 192.168.237.230:3260,1 <…etc…> 9 Use Linux tools, such as cp, to copy the files/folders to the desired location. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 617 10 Once data has been restored, it is important to disconnect the share by running this command from the /tmp directory: ./iscsi_flr unmount 11 On the backup system, tear down the restore image using one of the following procedures: WARNING! Proceeding with the tear-down while the restore target is still connected causes undesired results and errors on the target machine. • If the recovery image screen is still open in the backup system, select the image in the recovery images area, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is removed from the share. • If you have closed the recovery image screen, follow the instructions described in "To view or tear down Hyper-V restore images" on page 617. Note: Because system resources are used to maintain the image, it is important to tear it down immediately after performing the restore to ensure optimal performance of your appliance. When an image has been available for three days, the appliance sends an alert reminding you to tear it down. About the Hyper-V restore session T e a rin g d o wn th e d is k ima g e After files have been restored, the restore image remains available until you tear it down. Because system resources are used to maintain the image, it is important to tear it down immediately after performing the restore to ensure optimal performance of your appliance. When an image has been available for three days, the appliance sends an alert reminding you to tear it down. To view or tear down Hyper-V restore images 1 Select the Hyper-V application in the Navigation pane. 2 Select Settings > System Monitoring > Restore Disk images. 3 Select Restore Images. A list of restore images displays. 4 Click Refresh to ensure that the list is current. 5 If desired, tear down a restore image. • For iSCSI restores, verify that the machine you restored to is no longer connected to the mounted iSCSI target. WARNING! Proceeding with the tear-down while the restore target is still connected causes undesired results and errors on the target machine. • • Select an image in the list of Restore Images, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is removed from the share. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 618 Instant recovery for Hyper-V Instant recovery for Hyper-V enables you to restore a failed or corrupt virtual machine and access it almost immediately (Unitrends version 8.0 or higher). For an explanation of the feature and procedures, see: • • • • • • "How Hyper-V instant recovery works" on page 618 "Steps for implementing Hyper-V instant recovery" on page 620 "Prerequisites and considerations for Hyper-V instant recovery" on page 621 "Configuring port security for Hyper-V instant recovery" on page 623 "Performing the audit process for Hyper-V instant recovery" on page 623 "Performing Hyper-V instant recovery" on page 625 Note: For instant recovery of Windows virtual machines that you are protecting at the guest OS level, see "Windows Instant Recovery" on page 451. How Hyper-V instant recovery works To perform Hyper-V instant recovery, you select a recovery point associated with a full or incremental backup and the Unitrends appliance creates a new virtual machine from the recovery point. The new virtual machine can then assume the role of the original and is available for use immediately. While the virtual machine is operational, Unitrends leverages Microsoft’s Storage Live Migration to copy data from a disk image on the appliance to the Hyper-V server hosting the new virtual machine. You can perform Hyper-V instant recovery in two modes: audit mode and instant recovery mode. Audit mode is used for verifying recovery points and instant recovery mode is used to replace a corrupt or failed virtual machine. See the following topics for details: • • "Audit mode" on page 618 "Instant recovery mode" on page 619 Audit mode Performing Hyper-V instant recovery in audit mode enables you to verify that a virtual machine can be created from a recovery point. The diagram below illustrates how audit mode works. When you select a recovery point to audit, the appliance uses data from the recovery point to create a disk image on the appliance and a new virtual machine on the Hyper-V server. Although the virtual machine resides on the Hyper-V server, it runs from the disk image created on the appliance. All other resources, such as the processors and memory, reside on the Hyper-V server. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 619 A virtual machine in audit mode is not intended for production use. It does not have network connectivity and changes made to the virtual machine in audit mode are not backed up on the Unitrends appliance. Applications on the virtual machine requiring network access are not fully functional in audit mode. After verifying that the virtual machine has booted and its data is accessible, you should delete it from the Hyper-V server and tear down the disk image from the appliance to free the system resources used to run the virtual machine in audit mode. To perform Hyper-V instant recovery in audit mode, see "Performing the audit process for Hyper-V instant recovery" on page 623. For information on recovery points, see "Types of restores" on page 342. Instant recovery mode Performing Hyper-V instant recovery enables you to replace a corrupt or failed virtual machine. When you select a recovery point, the appliance uses data from the recovery point to create a disk image on the appliance and a new virtual machine on the Hyper-V server. As soon as the new virtual machine is created, it is available for use. The Unitrends appliance utilizes Storage Live Migration to copy the data from the disk image on the Unitrends appliance to the target Hyper-V server. Once the migration is complete, the disk image is no longer needed on the Unitrends appliance and it can be torn down. For details, see "Performing Hyper-V instant recovery" on page 625. For information on recovery points, see "Point-in-time restore" on page 342. The diagram below illustrates the instant recovery process: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 620 Steps for implementing Hyper-V instant recovery Instant recovery for Hyper-V can be performed before or after your virtual machine fails, as long as there is a valid recovery point for the virtual machine on your Unitrends appliance. For best results, it is recommended that you plan your strategy for instant recovery before a virtual machine fails. This Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 621 section provides an overview of the steps you must complete before and after a failure to implement Hyper-V instant recovery. To use Hyper-V instant recovery, you must protect your virtual machines with Hyper-V backups. For Windows clients protected at the guest-OS level, you can use Windows instant recovery as a temporary solution (see "Windows Instant Recovery" on page 451) and bare metal recovery as a more permanent solution (see "Bare Metal Protection Overview" on page 749). Perform the following before a virtual machine fails Step 1: Review the "Prerequisites and considerations for Hyper-V instant recovery" on page 621. Step 2: Run Hyper-V backups for the clients you wish to protect with instant recovery. See "Executing Hyper-V backups" on page 599. Step 3: Allocate storage for instant recovery on your Unitrends appliance. See "Allocating storage for Hyper-V instant recovery" on page 622. Step 4: Configure port security to no security. See "Configuring port security for Hyper-V instant recovery" on page 623. Step 5: Verify that you have enough space for the recovery on your Hyper-V server. Step 6: Perform the audit process to verify that a recovery point can be used to create a new virtual machine. Repeat this step as needed to test new recovery points. For instructions, see "Performing the audit process for Hyper-V instant recovery" on page 623. Perform the following after a virtual machine fails Step 7: Perform the instant recovery process. See "Performing Hyper-V instant recovery" on page 625. Prerequisites and considerations for Hyper-V instant recovery Consider the following as you plan for disaster recovery of your Hyper-V virtual machines. Unitrends software considerations and requirements • The Unitrends appliance must be running release 8.0 or higher. • Unitrends Windows agent release 8.0 or higher must be installed on the Hyper-V server hosting the VMs and on the Hyper-V server used as the restore target. • After installing the 8.0 agent on the Hyper-V server hosting your VMs, it is recommended that you reload the list of VMs in the Unitrends backup window. (Select the Hyper-V application in the Navigation pane, click Backup , then click the reload icon in the lower right corner of the VMs to Protect list.) • Backups taken with a pre-8.0 agent can be used as long as agent release 8.0 or higher has been installed on the server hosting the VMs. This agent is required for the appliance to retrieve generation information for the VMs. Hyper-V and Windows Server considerations and requirements • The restore target must be: – Windows Server 2012 or higher with the Hyper-V role enabled – Hyper-V Server 2012 or higher 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 622 Note: Backups from older versions of Hyper-V can be used for Hyper-V instant recovery as long as the target server is 2012 or higher, and the Unitrends appliance and Windows agent on the Hyper-V host are running version 8.0 or higher. • For the restore target, you must use a Hyper-V server that is the same version or higher, as the Hyper-V server hosting the original virtual machine. It is recommended that you restore to a Hyper-V server whose version matches that of the original, where possible. • You can perform instant recovery using local or replicated backups. The restore target can be the original Hyper-V server or an alternate Hyper-V server. The target server must be registered to the Unitrends appliance from which you are performing the instant recovery. General virtual machine considerations and requirements • All disks created on the Hyper-V virtual machine must have unique names. • Since Unitrends does not create clones, the restored virtual machine is configured with the latest hardware version that is supported by the target Hyper-V server. • For Generation 2 virtual machines, the restore target must be Windows/ Hyper-V Server 2012 R2 or higher. • Disks excluded during backup, including independent and physical RDM disks, are not restored with instant recovery for Hyper-V. • Hyper-V Instant Recovery is not supported for Host component (AzMan Security Database for Hyper-V) backups of the original virtual machine. These are not bootable backups. Clustered virtual machine considerations and requirements • Hyper-V instant recovery supports clustered and non-clustered virtual machines. • The target Hyper-V server determines the cluster status of the new virtual machine. To create a clustered VM for instant recovery, you must select a cluster as the target Hyper-V server. If you select an individual member node, the resulting VM is not clustered. • When creating a clustered VM for instant recovery, you must select the network switch common to all nodes in the cluster. If you do not select this switch, the new VM will lose network connectivity if it fails over to another cluster node. Allocating storage for Hyper-V instant recovery Because the disk for a recovered virtual machine resides on the Unitrends appliance until the storage migration is complete (see "How Hyper-V instant recovery works" on page 618), you must allocate storage for instant recovery. It is recommended that you allocate storage before a virtual machine fails to ensure the space is available when you need it. You must allocate at least twenty percent of the used space on the original virtual disk. Storage allocation can be distributed among backups/replication, vaulting, and instant recovery, depending on the identity of your Unitrends appliance. When you allocate storage for one function, it cannot be used for other functions. Note: You can perform the recovery from a backup system or replication target, so make sure to allocate instant recovery storage for all the Unitrends appliances that you will use for instant recovery. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 623 To allocate storage for Hyper-V instant recovery 1 On the Unitrends appliance, select Settings > Storage and Retention > Storage Allocation. 2 Slide the storage distribution for instant recovery or enter the desired size in the field below the pie chart. 3 Click Confirm. This takes you back to the Storage and Retention screen. 4 Continue setting up your Unitrends appliance by "Configuring port security for Hyper-V instant recovery" on page 623. Configuring port security for Hyper-V instant recovery To perform an instant recovery, you must configure port security to No Security (Open All). If you prefer, you can change to a higher security setting after completing the recovery. To configure port security for Hyper-V instant recovery 1 Log in to the Unitrends appliance that you will use for instant recovery. 2 Select Settings > Clients, Networking, and Notifications > Ports. 3 At the bottom of the screen, select No Security (Open All). 4 Enter the root password, and click Confirm. Performing the audit process for Hyper-V instant recovery The audit process allows you to quickly boot a virtual machine from a selected recovery point and ensure that the data is intact. It is recommended that you perform the audit process periodically to test new recovery points. The virtual machine created in audit mode is not connected to a network or intended for production use. After verifying that the virtual machine is operational, you must exit audit mode and tear down the recovery image to allow the Unitrends system to reset the state of the virtual machine image. Before performing the audit process, it is recommended that you read "Steps for implementing Hyper-V instant recovery" on page 620. See the following topics for instructions: • • "To perform the audit process for Hyper-V instant recovery" on page 623 "To exit audit mode for Hyper-V instant recovery" on page 624 To perform the audit process for Hyper-V instant recovery Any changes made to the virtual machine while in audit mode are lost once audit mode is exited. 1 Log in to the Unitrends appliance storing the backup that you will use for the recovery. 2 In the Navigation pane, select the original virtual machine. Note: If you want to audit a replicated backup, you must first enable replication view. For details, see "Viewing replicated backups" on page 309. 3 Select the Restore button from the Main menu. 4 Select a highlighted day in the calendar and then select a recovery point. The recovery point can be associated with a full or incremental backup. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 624 5 Click the Next (Select Options) button at the bottom of the screen. 6 Select Instant Recovery from the Restore Type list. 7 Select a Hyper-V server from the Available Hyper-V Servers window. You can select the original Hyper-V server or an alternate Hyper-V server. The Hyper-V servers that display here may change based on the virtual machine selected for instant recovery. Only servers supported for the selected VM display in the list. For details, see "Prerequisites and considerations for Hyper-V instant recovery" on page 621. 8 Select a volume or folder with sufficient space for the restore. 9 Enter a name for the restored virtual machine in the Virtual Machine Name field or accept the default name. Every restore creates a new virtual machine. If the original virtual machine still resides on the target Hyper-V server, it is not overwritten. 10 Check the Audit Mode box. Note: This removes the option to specify a network switch. In audit mode, the restored virtual machine does not have network access. 11 In the IP Address drop-down list, select the network adapter and associated IP address that you wish to use for instant recovery. 12 Click Audit to initiate the process. 13 A new virtual machine is created on the Hyper-V server you selected in step 7 above. 14 To view the status of restore jobs, click on Settings > Instant Recovery > Hyper-V. Once the Job Detail indicates VM is available for use, you can access the virtual machine to ensure that it is operational, which verifies the virtual machine can be recovered in the event of a disaster. Applications on the virtual machine requiring network access are not fully functional in audit mode. Note: About Windows server VMs - In rare instances, after a restore is performed for a Windows server VM, a disk may be inaccessible because it has been placed in an offline state. To bring your disks into an online state, login to the VM, go to Disk Management, right-click on the offline disk, and select Online from the drop-down menu. 15 Once the virtual machine is operational, exit audit mode. For instructions, see "To exit audit mode for Hyper-V instant recovery" on page 624. If audit mode is left running for 3 days, you receive an e-mail alert notifying you to exit audit mode. To exit audit mode for Hyper-V instant recovery Any changes made to the virtual machine while in audit mode are lost once audit mode is exited. 1 In the Unitrends appliance storing the backup you used for the recovery, select Settings > Instant Recovery > Hyper-V. 2 Click on the job for the selected virtual machine. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 625 3 Click Tear Down to remove the audit mode session from both the Hyper-V server and the Unitrends appliance. Performing Hyper-V instant recovery Use the procedure described here to recover a failed virtual machine from a local or replicated backup. Before performing the recovery, it is recommended that you read "Steps for implementing Hyper-V instant recovery" on page 620. If you have recently upgraded the Hyper-V Server to Unitrends agent version 8.0, reload your VM list before performing instant recovery. To reload your VM list, select the Hyper-V server > Backup and click the reload icon in the lower right corner of the VMs to Protect list. To perform Hyper-V instant recovery Instant recovery is supported for clustered and non-clustered virtual machines. For details, see "Prerequisites and considerations for Hyper-V instant recovery" on page 621. 1 Log in to the Unitrends appliance storing the backup that you will use for instant recovery. If you want to use a replicated backup for the recovery process, you must first enable replication view. For details, see "Viewing replicated backups" on page 309. 2 In the Navigation pane, select the original virtual machine. Note: To display virtual machines, select the gear icon at the bottom of the Navigation pane and select the option to display virtual machines in the Navigation tree. 3 Select the Restore button from the Main menu. 4 Select the highlighted day in the calendar and then select a recovery point. The recovery point can be associated with a full or incremental backup. 5 Click the Next (Select Options) button at the bottom of the screen. 6 Select Instant Recovery from the Restore Type list. 7 Select a Hyper-V server from the Available Hyper-V Servers window. You can select the original Hyper-V server, an alternate Hyper-V server, or a cluster. Select a cluster to create a clustered VM. If you select a cluster node, the virtual machine created for the instant recovery is not clustered. Note: 8 The Hyper-V servers that display here may change based on the virtual machine selected for instant recovery. Only servers supported for the selected VM display in the list. For details, see "Prerequisites and considerations for Hyper-V instant recovery" on page 621. Select a volume with sufficient space for the recovery. The virtual machine and all the virtual hard drives will be recovered to the selected volume. When selecting your restore path, you cannot choose a location with Unitrends_IR in the pathname. IR will fail if you choose a location in or under the Unitrends_IR folder. 9 Enter a name for the restored virtual machine in the Virtual Machine Name field or accept the default name. Every restore creates a new virtual machine. If the original virtual machine still resides on the Hyper-V host you select for the restore, it is not overwritten. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 626 10 Select the switch from the Network Switch drop-down list for a connection to the new virtual machine. This drop-down list contains all network switches on the Hyper-V server. For a clustered VM, you must select the network switch common to all nodes in the cluster. 11 In the IP Address drop-down list, select the network adapter and associated IP address that you wish to use for instant recovery. 12 Click Restore to initiate the process. 13 A new virtual machine is created on the Hyper-V server you selected in step 7 on the previous page. 14 To view the status of restore jobs, select Settings > Instant Recovery > Hyper-V. Once the Job Detail field indicates Move Disks, the virtual machine is operational. You can use the new virtual machine while data is being migrated. To avoid data loss and the need to restart the instant recovery process, do not reboot or power down the Unitrends appliance. For more information about the instant recovery process, see "How Hyper-V instant recovery works" on page 618. Once the Job Detail field indicates VM is available for use, the data migration to the volume is complete. Notes: • About Windows server VMs - In rare instances, after a restore is performed for a Windows server VM, a disk may be inaccessible because it has been placed in an offline state. To bring your disks into an online state, login to the VM, go to Disk Management, right-click on the offline disk, and select Online from the drop-down menu. • About Debian VMs - In some instances, Gnome might not start after a Debian VM is recovered. You can resolve this issue by rebooting the VM or restarting Gnome from the console. To access the console, enter Clt+Alt+F1 and log in as root. Then run startx. 15 To complete the recovery process, do the following: • Tear down the recovery image. For instructions, see "To tear down the instant recovery image" on page 626. • Add the new virtual machine to a backup schedule as described in "To view or modify a Hyper-V backup schedule" on page 605. • If you are using replication, you will need to configure the new virtual machine for replication. For instructions, see "To replicate application backups" on page 300. To tear down the instant recovery image Tear down the recovery image to allow the Unitrends appliance to reset the state of the virtual machine image and free the resources used to run the image. Tearing down the recovery image after data migration is complete has no impact on the new virtual machine created on your Hyper-V host through the instant recovery process. Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 627 IMPORTANT! Do not perform this procedure until the Job Detail field indicates VM is available for use. If you tear down the recovery image before data migration is complete, you will have to restart the process to recover your virtual machine. 1 In the Unitrends appliance storing the backup you used for the recovery, select Settings > Instant Recovery > Hyper-V. 2 Click on the job for the selected virtual machine. 3 Click Tear Down to reset the state of the virtual machine image on the appliance. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 628 Legacy Recovery-Series and UEB Administrator's Guide Chapter 27: Hyper-V Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 629 Chapter 28: VMware Protection This chapter describes additional considerations and procedures specific to protecting VMware infrastructure. See the following topics for details: • • • • • "Best practices for protecting VMware virtual machines" on page 629 • • • • • • • • • "Setting VM credentials for application-aware protection" on page 637 "About the Virtualization Protector" on page 632 "Virtualization Protector requirements" on page 633 "Working with vCenter and ESX servers" on page 635 "Upgrading the ESX(i) host" on page 637 "Deleting vCenter and ESX servers" on page 641 "Grouping VMware virtual machines" on page 641 "About VMware backups" on page 641 "Executing VMware backups" on page 652 "Restoring the VMware virtual infrastructure" on page 656 "Instant recovery for VMware" on page 663 "Protecting VMware templates" on page 672 "Troubleshooting" on page 678 Best practices for protecting VMware virtual machines Unitrends scalable agent/agentless architecture offers several options for protecting your VMware virtual machines. Typically, the Unitrends Virtualization Protector is used to backup and restore VMs, but there are cases where installing the agent is recommended. Factors in your environment, such as the type of data you need to protect, recovery time objectives, storage capacity, retention requirements, and backup window should all be considered to determine the best strategy. You can use either of the strategies described here, in any combination, to tailor protection to best suit your needs. When you register the vCenter or ESX server, all VMs are discovered and available for backup using the Virtualization Protector (vProtect). To back up using the agent, register the VM to the backup system as you would a physical client (see "About adding clients" on page 69 for details) and follow the instructions in the applicable chapters to run backups. If you will be protecting some VMs with the agent and others using vProtect, it is best to protect each VM using one method only. This way you won’t needlessly back up the same data twice. Example recommendations are given here: • To protect SQL or Exchange application data, either method provides application-aware protection leveraging the applicable Microsoft VSS writers. vProtect is the recommended method unless you need to have more granular control of which data is included in the backup or 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 630 have SQL databases that do not use the simple recovery model. For application data, it is important that only one backup method is used, as running both agent-based and vProtect backups can cause issues with application log truncation and other undesirable results. • If recovery time objectives are very important, instant recovery is the fastest way to spin up a failed VM. Run vProtect backups to use this feature. • vProtect backups can exclude data at the virtual hard drive level only. If you have a requirement to exclude data at the directory or file level, or if you don’t have space in your VMFS datastores for snapshots of your VMs, consider using agent-based backups. • For Recovery-Series systems protecting ESX hosts whose datastores are located on an external SAN, consider implementing SAN-direct VMware backups. These backups run more quickly since network bandwidth is not a hit to performance. See "VMware SAN-direct backups" on page 650 for details. • For UEB on VMware systems protecting ESX hosts whose datastores are located on an external SAN, consider implementing HotAdd VMware backups. These backups run more quickly since network bandwidth is not a hit to performance. See "VMware HotAdd backups" on page 647 for details. (HotAdd backups are not supported for UEB on Hyper-V systems.) • For virtualized Active Directory servers, there are additional considerations when determining whether to use vProtect or agent-based backups. See "Protecting virtualized Active Directory servers" on page 635 for details. • For virtual machines in Distributed File System environments, there are additional considerations when determining whether to use vProtect or agent-based backups. See "Protecting virtual machines in Distributed File System environments" on page 635 for details. • If you are registering an ESX or vCenter server to multiple Unitrends appliances, you should back up each VM on only one appliance. Backing up the same VM on multiple appliances causes problems with the Change Block Tracking information used for incremental and differential backups. To avoid backing up a VM on more than one appliance, you can use the navigation grouping feature to create groups of VMs associated with particular appliances. For details, see "Grouping VMware virtual machines" on page 641. See the table below for a comparison of vProtect versus agent-based backups. IMPORTANT! To protect a VM with both host-level and asset-level (agent-based) backups, be sure to adhere to the following: • Ensure that the VM's host-level and asset-level jobs do not overlap. Running both simultaneously may lead to undesirable results. • If protecting hosted SQL or Exchange databases with agent-based application backups, do not use application-aware protection for host-level backups. Doing so may compromise log truncation changes and lead to other undesirable results. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 631 VMware protection strategy Virtualization Protector backup Considerations • • • Quickest setup. You do not need to register VMs individually. • For SQL simple recovery mode databases, provide guest-level credentials for application-aware protection. The application database is quiesced to ensure a consistent state in your VMware backup. • For other database recovery models, use agent backup or use applicationaware backup along with separate transaction log backups to truncate SQL logs. (You can schedule transaction log backups using SQL Maintenance Plan. Be sure that you do not use a SQL Maintenance Plan with agent-based backups.) • Do not use for single-node or multi-node SharePoint farms. Use agent backup instead. • For Exchange, provide guest-level credentials to ensure application consistency and to perform application-level post backup processing, such as log truncation. • For Unitrends Recovery-Series systems, supports SAN-direct backup to reduce backup window and off-load network bandwidth utilization. • For UEB on VMware systems, supports HotAdd backup to reduce backup window and off-load network bandwidth utilization. HotAdd backup is not supported on UEB on Hyper-V systems. • • Supports VMware instant recovery to quickly spin up a failed VM. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Features auto-detection of new VMs. Excludes at the disk level. No exclusions of individual directories or files. Leverages VMware’s VADP framework to perform application and operating system consistent backup and restore. Supports backup of VMware templates. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 632 VMware protection strategy Considerations Agent backup • • Backup system treats the VM like a physical client. • For SQL, Exchange, Oracle, and SharePoint backups, provides application and operating system consistent backup and restore. • Supports all SQL database recovery models. Must use agent for all recovery models other than simple. • Supports backup of single- and multi-node SharePoint farms. • • Does not support SAN-direct or HotAdd backup. • Does not support backup of VMware templates. All backup options are supported, including selection lists, options to exclude at the volume, directory, or file level, and run pre- and post- backup commands. Recommended for VMs where more granular exclusion of data is required. Supports Windows instant recovery (WIR) to quickly spin up a virtual replica of a failed Windows client. About the Virtualization Protector Unitrends offers all-in-one backup, archiving, and disaster recovery for VMware in an integrated fashion from our Administrator Interface (AI). The Virtualization Protector leverages the vStorage API for Data Protection (VADP) infrastructure to offer centralized and efficient protection of virtual machines. The Virtualization Protector is a pull-based architecture in which the ESX servers (via vCenter or directly) respond to requests sent from the Unitrends system. There is no client-side backup software on the ESX servers, the vCenter server, or the virtual machines. Once you add the Virtualization Protector to the backup system, you protect all associated VMs without registering them individually. The Virtualization Protector supports the following features: • Protection for select licensed VMware environments. See the Unitrends Compatibility and Interoperability Matrix for details. • • • • • • • Full, differential, and incremental backups Application-aware protection leveraging Microsoft VSS writers Native provisioning for thin-provisioned disks Changed Block Tracking (CBT) Policy-based automatic inclusion of newly created virtual machines into backup schedules Byte-level deduplication of protected virtual machine data AES-256 bit encryption of protected data Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 633 • Archiving VMware backups via D2D2D (Disk-to-Disk-to-Disk) or D2D2T (Disk-to-Disk-toTape) • Electronic replication of VMware backups via D2D2C (Disk-to-Disk-to-Cloud) via either singletenant private cloud replication or multiple tenant public cloud replication • Restore of a virtual machine or template to the original ESX/ESXi server or to an alternate ESX/ESXi server. For templates, the ESX server must be in a vCenter setup. Note: VMs can be restored to the original ESXi server or to another ESXi server running the same or higher ESXi version. • Restore of a template backup as a new virtual machine to the original ESX/ESXi server or to an alternate ESX/ESXi server • • Instant recovery of a VMware virtual machine • • Automatic exclusion of independent and physical RDM disks Granular file-level restore from VADP-based virtual machine backups Optional exclusion of any other disks Virtualization Protector requirements The following requirements must be met to protect VMware environments: Item Description Hypervisor The ESX or ESXi server must be a licensed version listed in the Unitrends Compatibility and Interoperability Matrix. Notes: • Host-level backups of ESX 4.x environments are no longer supported. For details, see KB 3703. • Host-level snapshots are not supported with free versions of ESXi. To protect VMs in a free ESXi environment, run backups with the Unitrends agent. • About restores. VMs can be restored to the original ESXi server or to another ESXi server running the same or higher ESXi version. vCenter Must be a licensed version listed in the Unitrends Compatibility and Interoperability Matrix. vCenter or ESX(i) account privileges An account with full administrative privileges is required. The user or group must have the role administrator. You supply these credentials when adding the vCenter or ESX server to the backup system. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 634 Item Description Virtual machine configuration Verify the following VM configuration settings: • VM hardware versions 4, 7, 8, 9,10, and 11 are supported. Notes: Unitrends system requirements • On vSphere 6. Additional restrictions apply to vSphere environments. See "vSphere 6 requirements and limitations" on page 635 for details. • On vSphere 5.5 and older Unitrends versions. VMware introduced new SATA Virtual Hardware Controllers with vSphere 5.5 and VM Hardware Version 10. You must be running Unitrends version 7.4 or higher to protect these. Older Unitrends versions do not recognize these controllers. See KB 1102 for details on selecting the correct controller when creating new VMs in version 5.5. • To protect VMware clustered environments, make sure the vCenter is registered to your Unitrends appliance. See "To create a VMware backup schedule" on page 654. • • VMs configured in a cluster setup with a fault tolerant disk are not supported. • Independent and pass-through disks are not supported and will be automatically excluded from any vProtect backups. If data on these disks needs to be protected, install the agent in the guest operating system and add the VM to the backup system as you would a physical machine. • Virtual-mode raw device mapped disks can be protected. See "Raw device mapped disk limitations" for details. • VMware tools must be installed in the guest operating system to ensure file system and application consistency. • Sparse disks are not supported and may cause backup errors. This can happen when converting virtual hard drives from VHD to VMDK format. See KB 3057 for details and resolution. Dynamic MAC addresses are not supported. Verify that MAC addresses are not set to dynamic. The instant recovery feature for VMware is only supported on 64-bit CentOS 5 or later Unitrends systems running version 6.2.0 or newer. See About > System Information for the current version. Raw device mapped disk limitations Raw device mapping (RDM) is a feature of ESX that allows a virtual disk in a VM to be created on a remote iSCSI LUN rather than on a datastore local to the ESX server. Virtual machines with virtualmode raw device mapped disks are supported with the following limitations: • Physical-mode RDM disks are automatically excluded from vProtect backups. Use agentbased backup to backup this data. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 635 • • Protection with full, differential, and incremental backups are supported. • Upon restore, any RDM disks are restored as standard virtual disks. The size of the full backup is equal to the entire allocated VM disk size, rather than the used size, since change tracking is not used for RDM backups. vSphere 6 requirements and limitations To protect hosted VMs in vCenter 6 or ESXi 6 environments, these additional requirements and limitations apply: • To protect vSphere 6 environments, the Unitrends appliance must be running release 8.2 or higher. (Unitrends version 8.1 supports basic vSphere 6 functionality only. To use features introduced in vSphere 6, and to use the SAN-direct and HotAdd transport modes, you must be running 8.2 or higher). • If a vCenter 6 VM migrates to a different vCenter, that VM is no longer protected on the original Unitrends schedule. You must manually add it to a new schedule to resume protection. Protecting virtualized Active Directory servers To ensure database consistency, you must set up the virtualized Active Directory (AD) server in accordance with Microsoft best practices. If all Microsoft considerations are not addressed, backup and restore of the virtual machine may yield undesired results. If you prefer to not research these best practices, it is recommended that you install the agent on the VM and protect it as you would a physical server (leveraging Microsoft’s VSS writers). Protecting virtual machines in Distributed File System environments Distributed File System (DFS) Namespaces and DFS Replication offer high-available access to geographically dispersed files. Because of the replication and syncing operations in DFS environments, you must set up the virtual machine in accordance with Microsoft best practices to ensure database consistency. If all Microsoft considerations are not addressed, backup and restore of the virtual machine may yield undesired results. If you prefer to not research these best practices, it is recommended that you install the agent on the VM and protect it as you would a physical server (leveraging Microsoft’s VSS writers). Working with vCenter and ESX servers The following VMware virtual entities can be registered to the Unitrends appliance to protect hosted virtual machines. You will need an account with full administrative privileges to add the vCenter or ESX server. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 636 Item Description vCenter only If the ESX servers are accessible through a vCenter, registering the vCenter to the Unitrends appliance automatically detects all of the associated ESX servers and their hosted virtual machines. This also allows the Unitrends Virtualization Protector to be compatible with vMotion, a process through which VMs can migrate amongst the vCenter’s ESX servers. In this case, the system detects when virtual machines move between ESX servers in a cluster and contacts the appropriate server to perform backups. Note: The Unitrends appliance cannot detect VM migration between vCenters (a feature of vCenter 6 only). If a vCenter 6 VM migrates to a different vCenter, that VM is no longer protected on the original Unitrends schedule. You must manually add it to a new schedule to resume protection. ESX server only If ESX servers are not accessible through a vCenter, or if only a subset of the VMs hosted on the vCenter’s ESX servers are to be protected, then individual ESX servers can be registered. In this case, the system contacts the ESX servers directly for backup and restore operations. vCenter and associated ESX servers If ESX servers are registered to a vCenter and both are accessible on the network, it is recommended that you register both the vCenter and its ESX servers. This allows the Unitrends Virtualization Protector to contact the vCenter for management operations (including vMotion support) and to directly contact the ESX servers for backup and restore operations, potentially improving performance by reducing network traffic around the vCenter server. For instructions on adding vCenter and ESX servers to the Unitrends appliance, see: • • "About adding clients" on page 69 "Adding a VMware client" on page 74 For instructions on modifying and deleting a VMware vCenter and ESX servers, see "About working with clients" on page 88. Displaying VMware virtual machines in the Navigation pane After registering a VMware server to the Unitrends appliance, you can display its virtual machines in the Navigation pane using the procedure described here. To display VMware virtual machines in the Navigation pane 1 Click on the Gear icon in the lower right corner of the Navigation pane to display the System Preferences box. 2 Click the box next to Show Virtual Machines in Navigation Tree? 3 Click Confirm. The appliance now displays the VMs in the Navigation pane. To refresh the list of virtual machines in the Navigation pane If the structure of your virtual environment ever changes (e.g., you add a new virtual machine, you reorganize virtual machines under new resource pools, etc.), refresh the list of virtual machines in Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 637 the Navigation pane. 1 Select the vCenter icon in the Navigation pane. 2 Click Backup. 3 Click the refresh icon at the bottom of the list of VMs. 4 Refresh the entire interface by clicking the refresh icon at the bottom of the Navigation pane. Upgrading the ESX(i) host To ensure protection of VMs continues seamlessly, follow these steps when upgrading an ESX(i) host: 1 Upgrade the ESX(i) host using VMware’s recommended procedures. 2 In the Unitrends system, select the ESX(i) host in the Navigation pane. 3 Select Backup. 4 On the Schedule Backup tab, click the refresh button at the bottom of the Select Items grid: This reloads the list of VMs, ensuring your schedules will continue without interruption. Setting VM credentials for application-aware protection To provide application-aware protection of Windows VMs, vProtect requires local administrator credentials to interface with the VM’s application-specific VSS writers. Once credentials have been established, vProtect discovers any hosted SQL or Exchange applications, and leverages VSS writers to quiesce data and perform any necessary post-backup processing. To protect Windows VMs hosting Exchange or SQL simple recovery model applications, it is recommended that you set credentials to ensure an application consistent backup. Log file truncation is handled by VMware application-aware backups as described here: Application Log file truncation with VMware application-aware backup Exchange Logs truncated with VMware full and incremental backup. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 638 Application Log file truncation with VMware application-aware backup SQL Logs not truncated with VMware application-aware backup. Do the following: Note: • Simple recovery model - No logs created. Use VMware application-aware backups. • Full recovery model - Use agent backups or use VMware application-aware backups with separate transaction log backups to truncate logs. (Schedule periodic transaction log backups using a SQL Maintenance Plan. Do not use SQL Maintenance Plan with agent backups.) • Bulk-logged recovery model - Use agent. See "SQL backup strategies and recommendations" on page 498 for details. Application-aware backups cannot be used to protect VMware templates or VMs on nonWindows operating systems. Once you have configured and enabled credentials for a Windows VM, application-aware backups are run. If vProtect cannot gain access using these credentials, the backup fails. To check whether application-aware protection succeeded, click the backup in the Status window or on the Backups report to view associated details. Look for the following in the Raw Output: • • • appaware YES indicates the VM is configured for application-aware backups. appaware NO indicates the VM is not configured for application-aware backups. Failed to connect to host for guest vss operations indicates vProtect attempted application-aware backup, but could not gain access. Check the credentials for errors. If credentials have not been enabled for the Windows VM, vProtect does not attempt applicationaware backup. Application data is included in the backup, and the completed backup is in green/success status (if no other warnings/failures occur). Working with VM credentials Use the following procedures to apply credentials at the VM-level. Credentials are used to perform application-aware backups of Windows VMs, which is the recommended approach for VMs hosting Microsoft Exchange and SQL simple recovery model applications. For centralized credential procedures, see "About credential management" on page 97. Note: • • • • • • Application-aware backups cannot be used to protect VMware templates or VMs on nonWindows operating systems. "To view credentials assigned to VMs" on page 639 "To create a new credential for a VM" on page 639 "To apply an existing credential to a VM" on page 640 "To view or modify a VM credential" on page 640 "To enable or disable a VM credential" on page 640 "To remove a VM credential" on page 640 Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 639 To view credentials assigned to VMs 1 Select the ESX server in the Navigation pane and click Backup. 2 On the 1-Time Backup or Schedule Backup tab, VMs display in the Select Items list. To refresh the list, click the Reload icon in the bottom right. 3 The Credential icon to the right of the each VM indicates whether a credential has been set. • • 4 If you see a red X on the credential icon, no credential has been set for the VM. If you do not see a red X, a credential has been set for the VM. The light bulb icon to the right of each VM indicates whether its credential is enabled for backup and restore. • • • Light gray indicates no credential has been set for the VM. Dark gray indicates a credential has been set but is not enabled. Yellow indicates a credential has been set and is enabled. Application-aware backup and restore will be used for the VM. To create a new credential for a VM 1 Select the ESX server in the Navigation pane and click Backup. 2 On the 1-Time Backup or Schedule Backup tab, VMs display in the Select Items list. To refresh the list, click the Reload icon in the bottom right. 3 Click the Credential icon to the right of the desired VM. 4 In the Set Credentials for the listed Items window, click New Credential and enter the following: 5 • • Credential Name – Name associated with the credential. This is optional. • • • • Password – Password associated with the username you supplied. • Application-aware VM image processing – Check this box to enable application-aware backups. Recommended for VMs hosting Exchange and SQL simple recovery model applications. Administrative Username – User must have local system administrator privileges or domain administrator privileges. Confirm Password – Enter the password again to confirm. Domain – Name of the Windows domain associated with this credential. This is optional. Set as Default – Check this box to set the credential as default for the system. This is optional. Click Create and Set Credential. The credential is created and applied to the selected VM. • If you checked Application-aware VM image processing, a yellow light bulb displays and the credential will be used for backups and restores. • If you did not check Application-aware VM image processing, a dark gray light bulb displays, indicating the credential has not been enabled for backups and restores. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 640 To apply an existing credential to a VM 1 Select the ESX server in the Navigation pane and click Backup. 2 On the 1-Time Backup or Schedule Backup tab, VMs display in the Select Items list. To refresh the list, click the Reload icon in the bottom right. 3 Click the Credential icon to the right of the desired VM. 4 In the Set Credentials for the listed Items window, select a credential from the drop-down list. 5 Check the Application-aware VM image processing box to use this credential for backup and restore operations. 6 Click Set Credential. The credential is applied to the selected VM. • If you checked Application-aware VM image processing, a yellow light bulb displays and the credential will be used for backups and restores. • If you did not check Application-aware VM image processing, a dark gray light bulb displays, indicating the credential has not been enabled for backups and restores. To view or modify a VM credential 1 Select the ESX server in the Navigation pane and click Backup. 2 On the 1-Time Backup or Schedule Backup tab, VMs display in the Select Items list. To refresh the list, click the Reload icon in the bottom right. 3 Click the Credential icon to the right of the desired VM. 4 Click Edit Credential and modify settings as desired. For details, see "To create a new credential for a VM" on page 639. 5 Click Save and Set Credential. To enable or disable a VM credential 1 Select the ESX server in the Navigation pane and click Backup. 2 On the 1-Time Backup or Schedule Backup tab, VMs display in the Select Items list. To refresh the list, click the Reload icon in the bottom right. 3 Click the light bulb icon to the right of the desired VM to enable or disable the credential. • Dark gray indicates the credential has been disabled and will not be used for backups and restores. • Yellow indicates the credential has been enabled. Application-aware backup and restore will be used for the VM. To remove a VM credential 1 Select the ESX server in the Navigation pane and click Backup. 2 On the 1-Time Backup or Schedule Backup tab, VMs display in the Select Items list. To refresh the list, click the Reload icon in the bottom right. 3 Click the Credential icon to the right of the desired VM. 4 Click Remove Credential. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 641 The credential is no longer associated with this VM. To delete the credential from the system, see "To delete a credential" on page 99. Deleting vCenter and ESX servers You can use the procedure described here to delete a vCenter or ESX server from the Unitrends appliance. When you delete a vCenter or ESX server, all backups for its VMs are also deleted from the appliance. However, if you have registered a vCenter server and the ESX hosts it is managing, the VM backups are not deleted from the appliance if you delete only the vCenter server. The backups are not deleted unless you also delete the ESX servers hosting them. To delete a vCenter or ESX server Note: To delete the vCenter-RRC client itself, all associated vCenter and ESX servers must first be deleted. 1 Select Settings > Clients, Networking, and Notifications > Clients. 2 Select the desired ESX or vCenter server. 3 Click Delete this Computer. CAUTION! Backups for all the virtual machines hosted in the vCenter or ESX environment are deleted upon deleting the server. 4 Check the I understand... box and click Confirm. Grouping VMware virtual machines Beginning in release 7.5, you can use the navigation grouping feature for increased ease of use when managing virtual machines. You can create groups of VMs and then manage them on the group level rather than having to manage each VM individually. You can also run VMware backups for groups of VMs. To group virtual machines, you must be able to view VMs in the Navigation pane. If you do not see VMs, click the Gear icon at the bottom of the Navigation pane, check Show Virtual Machines in Navigation Tree, and click Confirm. See "Navigation grouping" on page 45 for a description of the feature, requirements, and setup procedures. To archive or run reports at the group level, follow the standard archiving and reporting procedures in these chapters: "Archiving Overview" on page 201 and "Reports, Alerts, and Monitoring" on page 357. About VMware backups The Unitrends Virtualization Protector protects all virtual machines in an ESX or vCenter setup. VMware virtual machines can be protected with either one-time backups or backup schedules. When creating schedules you can manually add virtual machines for protection or you can create filters. This section provides information about the requirements and considerations for successful protection of virtual machines. See the following topics for details: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 642 • • • • • • "Requirements and considerations for VMware backups" on page 642 "VMware backup strategies" on page 643 "Dynamic VMware protection" on page 644 "VMware HotAdd backups" on page 647 "VMware SAN-direct backups" on page 650 "VMware disk exclusions" on page 652 Requirements and considerations for VMware backups Virtual machine requirements and considerations: • Virtual machines configured with hardware version 4, 7, 8, 9, 10, and 11 can be protected with Unitrends virtualization protector. • VMware introduced new SATA Virtual Hardware Controllers with vSphere 5.5 and VM Hardware Version 10. To protect these controllers, you must be running Unitrends release 7.3 or higher. • Physical Raw Disk Mapping (RDM) disks are automatically excluded from backups. Use agent-based backups to protect this data. • Independent or fault tolerant disks are automatically excluded from backups. Use agent-based backups to protect this data. • • Free ESXi cannot be protected with vProtect backup. Use agent-based backup instead. Ensure VMware Tools is installed in the guest operating system. Supported backup methods See the following table for backup methods that are supported to protect virtual machines. Backup method Full Description and requirements Protects the metadata and data for all disks attached to the virtual machine. All disk blocks are captured in a full backup. Note: For virtual disks hosted on an NFS datastore, the complete disk (virtual disk size) will be backed up when a full backup is run. The full backup enables Change Block Tracking (CBT) on the disks for subsequent differential and incremental backups. Requirements: • To enable CBT, all snapshots on the VM must be deleted prior to running the full backup. For more information on enabling CBT, see KB 2414. • VMware tools must be installed and running. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 643 Backup method Differential Description and requirements Captures changes to the metadata and VM hard disk blocks since the last successful full backup. Requirements: • Differential backups are only supported on virtual machines configured with hardware version 7 or higher on ESXi 5.x or higher. VMware tools must be installed and running. For a complete list of supported ESX versions, see the Unitrends Compatibility and Interoperability Matrix. • For virtual disks hosted on an NFS datastore, the backup system must be running version 6.3 or higher. Differential backups are not supported for previous releases. • For virtual-mode raw device mapped disks, the backup system must be running version 6.4 or higher. Differential backups are not supported for previous releases. Incremental This method captures the changes to the metadata and the virtual machine hard disk blocks since the previous successful full, differential, or incremental backup. Requirements: • Incremental backups are only supported on virtual machines configured with hardware version 7 or higher on ESXi 5.x or higher. VMware tools must be installed and running. For a complete list of supported ESX versions, see the Unitrends Compatibility and Interoperability Matrix. • For virtual disks hosted on an NFS datastore, the backup system must be running version 6.3 or later. Incremental backups are not supported for older releases. • For virtual-mode raw device mapped disks, the backup system must be running version 6.4 or later. Incremental backups are not supported for older releases. VMware backup strategies Unitrends allows a wide variety of data protection strategies for VMware virtual infrastructure. Data protection strategies are primarily driven by the following requirements: • • • Recovery time objectives Recovery point objectives Backup window Unitrends recommends using an incremental forever strategy to protect VMware environments. With this strategy, a full is run one time, followed by incrementals thereafter at the frequency that best suits your environment. The system then synthesizes fulls and differentials locally from the incrementals to ensure quick restores. These synthetic backups are also used for archiving and legacy vaulting, as incremental backups do not archive or vault directly. For more on synthetic backups, see KB 3560. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 644 To use the incremental forever strategy, it is recommended that the backup system be on the latest release. Incremental forever is the default and recommended backup strategy for VMware protection. See the table below for example backup strategies: Objective Strategy Your tolerance for data loss is measured in a day or more Use incremental forever or a weekly VMware full backup with a daily differential. Your tolerance for data loss is measured in minutes or hours Use incremental forever or a weekly VMware full backup with a daily differential and hourly incrementals. Your backups need to complete within a few hours during the week but can run continuously on the weekend Use incremental forever or a weekly VMware full backup with daily differentials. You need to control when full backups run If system resources are taxed and you would like to control when a full backup runs, use a weekly VM full backup with a daily differential and/or incremental backups. Keep in mind that synthetic backups are system-side only and do not impact the client. Dynamic VMware protection Beginning in Unitrends version 8.0, you can create your VMware backup schedules with regular expression filters. If you have a large virtual environment, creating filters for your backup schedules greatly reduces the manual aspect of adding virtual machines to the schedule. In addition, if you are regularly adding and removing virtual machines, filtered schedules allow for a more dynamic scheduling experience by automatically adjusting to protect virtual machines that are created or deleted in your VMware environment. Once a virtual machine is deleted from the hypervisor, it is automatically removed from the schedule. Any virtual machine created in the future that matches the filter criteria is automatically protected. Filters are based on containers, actions, and filter strings. Consider the following when working with filters: • Filters are supported only for VMware backup schedules. Filters cannot be used for one-time backups. • • Filter combinations must be unique to a single schedule. Filters are logical “and” statements; “or” statements are not supported. See the figure below for a description of each field used to create regular expression filters. To access the Filter Creation window, go to Backup > Schedule Backup, check the Advanced Settings box, then check Enable filter creation. (For details, see "To create a VMware backup schedule" on page 654.) Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 645 Supported containers are on your VMware hypervisor, such as clusters, ESX host, datacenters, severs, resource pools, vApps, and folders. The action field links the filter string to the container. See the table below for a description of the supported actions. Action Description Equal Container name exactly matches the filter string. Not Equal Container name does not exactly match the filter string. Contains Container name contains the filter string. Not Contains Container name does not include the filter string. Starts with Container name starts with the filter string. For examples, see "Example of a basic filter" on page 645 and "Example of an advanced filter" on page 646. Example of a basic filter A schedule created with the filter shown below, protects all containers whose name contains 2014. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 646 Example of an advanced filter If you have a large installation of virtual machines, you may need to create multiple filter strings to ensure your schedule backs up the desired virtual machines. See below for an example of an advanced filter. This schedule would protect virtual machines within: • • • • ESX Server whose name contains Shoe Department Datacenters whose names are Columbia Any cluster with prod-Q1 in the name VMs that do not contain mens in their display name Transitioning to filtered VMware schedules For the most seamless transition, it is recommended to disable all existing schedules and create new schedules based on filters. However, you can mix filtered and non-filtered backup schedules if you prefer. If you are applying filters to an existing schedule, make sure that any virtual machines already being protected do not meet the filter criteria. If any virtual machines meeting the filter criteria are already protected, you must do one of the following before saving your schedule: • • Remove the virtual machines from their previous schedule. Create a new filter string excluding the virtual machines already protected. For example, in the schedule Christmas 2014, you have the following virtual machines: • • • December 2014_1 December 2014_2 December 2014_3 If you plan to create and protect more December 2014 virtual machines, you have two options: Option 1 You could create a new schedule for all December 2014 virtual machines, by removing December 2014_1, December 2014_2, and December 2014_3 from Christmas 2014 (the current schedule). For Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 647 instructions on removing VMs from a schedule, see "To view or modify a VMware backup schedule" on page 655. This option allows you to create a schedule using the following filter: Container: VM display name Action: Contains Filter String: December 2014 The schedule protects all virtual machines with December 2014 in their name, including December 2014_1, December 2014_2, and December 2014_3 and all VMs created in the future with December 2014 in the name. Option 2 You could leave December 2014_1, December 2014_2, and December 2014_3 in Christmas 2014, but they must be excluded from the new schedule. If not excluded, saving the schedule returns an error that the virtual machine is already being protected. To exclude them from the schedule, use the following filters: Container: VM display name Action: Contains Filter String: December 2014 Container: VM display name Action: Not Contains Filter String: December 2014_1 Container: VM display name Action: Not Contains Filter String: December 2014_2 Container: VM display name Action: Not Contains Filter String: December 2014_3 These filters allow you to protect all VMs created in the future with December 2014 in the name with a new schedule, while allowing December 2014_1, December 2014_2, and December 2014_3 to be protected by their existing schedule, Christmas 2014. VMware HotAdd backups For UEB on VMware systems, it is recommended that you configure backups to use the HotAdd transport mode for ESX hosts whose datastores are located on an external SAN. This configuration enables vProtect to move data directly from the external SAN to the backup system during the backup. This direct connection increases backup performance and decreases network bandwidth utilization, affording greater scheduling flexibility as the production network is not used during the backup. See the following topics to set up HotAdd backups: • • • "VMware HotAdd requirements" on page 647 "To configure a UEB on VMware system for HotAdd backups" on page 648 "To verify the HotAdd transport method was used" on page 649 VMware HotAdd requirements VMwa re Ho tA d d re q u ire me n ts In addition to the "Virtualization Protector requirements" on page 633, these requirements must be met to run VMware backups using the HotAdd transport mode: • The Unitrends appliance must be a UEB on VMware appliance running Unitrends version 7.1 or higher. (For Recovery-Series appliances, use the SAN-direct feature instead. See "VMware SAN-direct backups" on page 650 for details.) • Both the UEB VM and the VMs to protect must be running on a licensed VMware 5.0, 5.1, 5.5, or 6.0 ESXi environment with the following storage configurations: – SAN storage mounted on the ESX server as a VMFS data store. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 648 – SAN storage mounted directly by the ESX guest as a virtual RDM disk. Note: ESXi 5.0 is no longer supported for new UEB deployments. • Both the UEB system and the VM to back up must be added through a vCenter. Directly adding the UEB or guest VM to the ESX host is not supported. • The VMware vSphere version must either be version 5.1, 5.5, 6.0, or 5.0 with an advanced license that supports the HotAdd feature. (See VMware documentation for details.) Additional HotAdd considerations Consider the following before running backups using the HotAdd transport mode: • • • The HotAdd transport mode can be used for all guest operating system versions. The HotAdd transport mode cannot be used to protect VMware templates. For optimal performance, it is recommended to use VAAI-compatible storage arrays with the HotAdd feature. For non-VAAI storage arrays, the ESX host may perform certain operations on the datastore while the HotAdd backup is running, causing a SCSI reservation conflict. In this case, the backup will continue over the network instead of the SAN, which increases both backup time and network traffic on the LAN. To reduce the probability of reservation conflicts, follow VMware’s recommendations in the article Frequently Asked Questions for vStorage APIs for Array Integration (1021976). To configure a UEB on VMware system for HotAdd backups Note: For UEB on VMware systems, no configuration of the Unitrends storage subsystem is required. All configuration is done in the VMware and SAN environments. 1 Verify that the "VMware HotAdd requirements" on page 647 have been met. 2 Configure the ESX server(s) to access the datastore(s) on the SAN LUNS. • In clustered environments, all ESX servers in the cluster must be configured to access the datastores. • The following figure gives an exmple of how datastores should be configured for access by the UEB on VMware system. In this example, the system can run a HotAdd backup of both VM1 and VM2 because the UEB hypervisor is configured to access their datastores. However, VM3 cannot use the HotAdd method because the UEB hypervisor cannot access its datastore. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 649 3 Physically connect the ESX host machine to the SAN using an iSCSI or Fibre Channel cable. 4 Run backups for the desired guest VMs as described in "Executing VMware backups" on page 652. • vProtect detects the SAN storage configuration and uses the SAN-direct transport method during backup. • Note that when restoring SAN-direct backups, VMware determines the most efficient transport method. Data is usually restored directly to the ESX server as the VMFS data store must be utilized. IMPORTANT! If vProtect cannot directly access the SAN, the backup runs using the network connection, moving the guest’s data from the external SAN through the ESX file system to the backup system. If using network bandwidth is a problem during certain hours, schedule your backups accordingly. 5 To check whether SAN-direct was used for a given backup, see "To verify the HotAdd transport method was used" on page 649. To verify the HotAdd transport method was used If vProtect is unable to access the SAN directly, the backup runs using the regular network connection. Upon configuring the HotAdd feature and running the first backup, it is recommended that you verify that the HotAdd transport method was used. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 650 To check whether the backup ran using the HotAdd transport method, double-click the backup in the Status window or on the Backups report to view associated details. Look for the following in the Raw Output in the vProtect Messages section: • using transport method hotadd indicates the SAN connection was used for the backup. • using transport method nbd or nsdssl the regular network connection was used for the backup. Check your physical cable connection and the iSCSI or FC configuration for issues. VMware SAN-direct backups For Unitrends Recovery-Series (physical) appliances, it is recommended that you configure SANdirect backups for ESX hosts whose datastores are located on an external SAN. This configuration enables vProtect to move data directly from the external SAN to the backup appliance during the backup. This direct connection increases backup performance and decreases network bandwidth utilization, affording greater scheduling flexibility as the production network is not used during the backup. See the following topics to set up SAN-direct backups: • • • • "VMware SAN-direct requirements" on page 650 "SAN-direct considerations" on page 650 "To configure a Recovery-Series appliance for SAN-direct backups" on page 651 "To verify the SAN-direct method was used" on page 651 VMware SAN-direct requirements In addition to the "Virtualization Protector requirements" on page 633, these requirements must be met to run VMware backups using the SAN transport mode: For Recovery-Series appliances, SAN-direct backups run using the SAN transport mode. These requirements apply: • The Unitrends appliance must be a Recovery-Series appliance running Unitrends version 7.0 or higher (8.2 or higher for ESXi 6.0). Note: • For UEB on VMware appliances, use the HotAdd transport mode instead. See "VMware HotAdd backups" on page 647 for details. VMs to protect must be running on a licensed VMware 5.0, 5.1, 5.5, or 6.0 ESX/ESXi environment with the following storage configurations: – – SAN storage mounted on the ESX server as a VMFS data store. SAN storage mounted directly by the ESX guest as a virtual RDM disk. SAN-direct considerations Consider the following before running SAN-direct backups: • • SAN-direct backup can be used for all guest operating system versions. SAN-direct backup cannot be used to protect VMware templates. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 651 • For optimal performance, it is recommended to use VAAI-compatible storage arrays with the SAN-direct feature. For non-VAAI storage arrays, the ESX host may perform certain operations on the datastore while the SAN-direct backup is running, causing a SCSI reservation conflict. In this case, the backup will continue over the network instead of the SAN, which increases both backup time and network traffic on the LAN. To reduce the probability of reservation conflicts, follow VMware’s recommendations in the article Frequently Asked Questions for vStorage APIs for Array Integration (1021976). To configure a Recovery-Series appliance for SAN-direct backups 1 Verify that the "VMware SAN-direct requirements" on page 650 have been met. 2 Physically connect the Unitrends Recovery-Series appliance to the SAN using an iSCSI or Fibre Channel cable. 3 Log in to the backup system and select Settings > Storage and Retention > Storage. 4 Click Protect VMs on a SAN. 5 Enter a Storage Name, select a connection Type, and proceed to "Configuring storage" on page 110 to configure iSCSI or FC storage. 6 Once storage has been configured, run backups for the desired guest VMs as described in "Executing VMware backups" on page 652. • vProtect detects the SAN storage configuration and uses the SAN-direct transport method during backup. • Note that when restoring SAN-direct backups, VMware determines the most efficient transport method. Data is usually restored directly to the ESX server as the VMFS data store must be utilized. IMPORTANT! If vProtect cannot directly access the SAN, the backup runs using the network connection, moving the guest’s data from the external SAN through the ESX file system to the backup system. If using network bandwidth is a problem during certain hours, schedule your backups accordingly. 7 To check whether SAN-direct was used for a given backup, see "To verify the SAN-direct method was used" on page 651. To verify the SAN-direct method was used If vProtect is unable to access the SAN directly, the backup runs using the regular network connection. Upon configuring SAN-direct and running the first backup, it is recommended that you verify that the SAN-direct method was used. To check whether the backup ran using the SAN-direct method, double-click the backup in the Status window or on the Backups report to view associated details. Look for the following in the Raw Output in the vProtect Messages section: • using transport method san indicates the SAN-direct connection was used for the backup. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 652 • using transport method nbd or nbdssl indicates the regular network connection was used for the backup. Check your physical cable connection and the iSCSI or FC configuration for issues. VMware disk exclusions With Unitrends you have the option to exclude a subset of a virtual machine’s drives from backup. Exclusions are done on a per-virtual machine basis. Any subsequent backups for that virtual machine do not include the excluded disks’ data blocks, but metadata is still backed up. This remains in effect until the disk is removed from the exclusions. Any independent or physical RDM disks are automatically excluded from vProtect backups. If disks are changed from independent to dependent after the client has been added and you want to back up the disk, you must manually remove the exclusion setting in the Disk Exclusion Settings dialog (described below). To exclude disks from backups 1 Select the vCenter, stand-alone ESX server, or navigation group from the navigation pane and navigate to Settings > Clients, Networking, and Notifications > Clients. In the middle of the screen, a list of your virtual machines displays. The list of available VMs is determined by what you select in this step: • • Select a navigation group to display only its VMs. Select a vCenter or ESX server to display all VMs. 2 Click the disk icon in the Disk column for the virtual machine you want to exclude disks for. The Disk Exclusion Settings dialog displays. 3 Uncheck the disks you want to exclude. A warning displays near the bottom of the dialog box letting you know that changing disk exclusion settings will force the next backup to be a full backup. Click Confirm to save your changes. Note: If you attempt to exclude the first disk listed, you receive a warning that the first disk is usually the system/OS disk. Click Confirm again to verify that you want to exclude the first disk. If you attempt to exclude all disks from backup, an error displays asking you to include at least one disk. Executing VMware backups VMware backups can either be executed immediately or scheduled. Scheduled backups are more typical – you create a calendar-based schedule which specifies when VMware virtual machine backups occur. In contrast to scheduled backups, immediate backups occur only once and are executed as soon as possible. Disk exclusions are in effect no matter how backups are run. In the Unitrends system, vApps are used for navigational purposes only. Unitrends does not support back up of vApps. For details, see the following topics: • • "To execute an immediate VMware backup" on page 653 "Creating VMware backup schedules" on page 653 Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 653 To execute an immediate VMware backup If you do not see resource pools, vApps, virtual machines, or navigation groups in the Navigation pane, click the Gear icon at the bottom of the Navigation pane, check Show Virtual Machines in Navigation Tree , and click Confirm. Note: Use this procedure only for virtual machines. To backup templates, see "Protecting VMware templates" on page 672. 1 Review the considerations and prerequisites in "About VMware backups" on page 641. 2 Select the vCenter, stand-alone ESX server, resource pool, vApp, navigation group, or virtual machine in the Navigation pane. 3 Click Backup from the main menu, then select the Schedule Backup tab. Click the reload arrows at the bottom to refresh the list of virtual machines. 4 Use the check boxes to select the virtual machines to backup. 5 If necessary, assign credentials. See "Setting VM credentials for application-aware protection" on page 637 for details. 6 Choose the type of backup by selecting Full, Differential, or Incremental. 7 By default, backups are stored on the default device. To backup to a different device, select the device in the Available Devices area. 8 Click Backup at the bottom of the screen to initiate the backup process. A separate backup is created for each virtual machine selected. 9 To view the status of the active backup operations, select Settings > System Monitoring > Jobs. To see the status of completed backup jobs, select Reports > Backups. Creating VMware backup schedules Cre a tin g VMwa re b a c k u p s c h e d u le s You can protect multiple virtual machines in a single schedule. To ensure data consistency, each virtual machine should be protected by only one backup schedule. When creating backup schedules, you can utilize the filtering feature for automatic addition of future virtual machines. Before you begin the procedures below, if you do not see resource pools, vApps, or virtual machines in the Navigation pane, click the at the bottom of the Navigation pane, check Show Virtual Machines in Navigation Tree, and click Confirm. See the following topics regarding virtual machine backup schedules: Note: • • • • These procedures are for VMware virtual machines only. To protect VMware templates, see "Protecting VMware templates" on page 672. "To create a VMware backup schedule" on page 654 "To view or modify a VMware backup schedule" on page 655 "To delete a VMware backup schedule" on page 655 "To enable or disable a VMware backup schedule" on page 655 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 654 To create a VMware backup schedule 1 Review the considerations and prerequisites in "Requirements and considerations for VMware backups" on page 642. 2 Do one of the following: • If you plan to use filters in your schedule, select the vCenter or stand-alone ESX server from the Navigation pane. Filters are used to dynamically add and remove VMs from the schedule. For details see "Dynamic VMware protection" on page 644. • If you are not using filters, you can select the vCenter, stand-alone ESX server, resource pool, vApp, navigation group, or virtual machine from the Navigation pane. 3 Select Backup > Schedule Backup and then enter a unique schedule name and description. 4 In the Schedule area, select a backup strategy from the list. Choose from Incremental Forever (recommended), Full with Incrementals, Full with Differentials, or Custom. For custom backup strategy, select the calendar icon to drag and drop the backup type icons onto the desired days. Select Confirm to save changes or Cancel to exit without saving. 5 Define the frequency at which backups of each type will run using the fields below each backup type. 6 (Optional) Set retention settings as desired. These settings apply to all selected VMs. To set different values for each VM, do not enter settings here. Instead, finish creating your backup schedule, then go to Settings > Storage and Retention > Backup Retention. For details see "About retention control" on page 121. Modifying retention settings here also updates values displayed on the Backup Retention page. Once you modify this setting in the schedule, you cannot change it again from the schedule itself. Instead, make changes from the Backup Retention page as described in "About retention control" on page 121. 7 Do one of the following: • • If you want to use filters, proceed to step 8 below. If you do not want to use filters, skip to step 14 on the facing page. Creating filters 8 Click Advanced Settings then check the box to Enable filter creation. This displays the Filter Creation window. 9 Select the desired container from the Select Container drop-down list. The containers refer to your VMware hypervisor, not containers created in the Unitrends interface. 10 Select the action for this filter from the Select Action drop-down list. 11 Enter the filter string to be associated with the container and action fields. For details see "Dynamic VMware protection" on page 644. Note: The use of colon, semi-colons, and backslashes is not supported for filter strings. Filter strings are not case-sensitive. 12 Click Add. Repeat step 9 above - step 12 above as needed, to add up to 10 filters per schedule. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 655 13 Click Apply to display the virtual machines caught by the filters. If all desired VMs display in the VM list, proceed to step step 14 below. If the displayed list of VMs does not meet your schedule requirements, edit the filters by selecting Edit filters. Select the red x to the right of the filter string to remove the filter. Once the filters have been updated, click Apply to display the virtual machines to be included in the schedule. Once the displayed virtual machines meet your requirements, proceed to step 14 below. Completing the schedule 14 Select the virtual machines you wish to protect with this schedule. If you want to add new virtual machines to this schedule, select Auto-include new VMs. 15 If necessary, assign credentials. See "Setting VM credentials for application-aware protection" on page 637 for details. 16 Click Save to create and enable the schedule. To view or modify a VMware backup schedule 1 Review the considerations and prerequisites in "About VMware backups" on page 641. 2 Select the vCenter, stand-alone ESX server, resource pool, vApp, navigation group, or virtual machine from the Navigation pane. 3 Click Backup from the main menu, then select the Schedule Backup tab. 4 In the Schedule Name field, select the desired schedule from the list. 5 Modify settings as desired and click Save. For a description of each setting, see "To create a VMware backup schedule" on page 654. To delete a VMware backup schedule 1 Review the considerations and prerequisites in "About VMware backups" on page 641. 2 Select the vCenter, stand-alone ESX server, resource pool, vApp, navigation group, or virtual machine from the Navigation pane. 3 Click Backup from the main menu, then select the Schedule Backup tab. 4 In the Schedule Name field, select the desired schedule from the list. 5 Click Delete Schedule. To enable or disable a VMware backup schedule 1 Review the considerations and prerequisites in "About VMware backups" on page 641. 2 Select the vCenter, stand-alone ESX server, resource pool, vApp, navigation group, or virtual machine from the Navigation pane. 3 Click Backup from the main menu, then select the Schedule Backup tab. 4 In the Schedule Name field, select the desired schedule from the list. 5 Do one of the following: • • To enable the schedule, check the Schedule Enabled box. To disable the schedule, uncheck the Schedule Enabled box. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 656 6 Click Save. Restoring the VMware virtual infrastructure The Unitrends virtualization protector supports the following restore methods: Restore method Description Entire virtual machine This method restores the entire virtual machine and associated metadata with the configured peripherals from any Unitrends recovery point. The recovery point can be associated with a full, differential, or incremental backup. See "Restoring the entire VMware virtual machine" on page 656. File-level recovery This method allows item (file/folder) level recovery from the VADP-based virtual machine backups. Data is accessed using CIFS (Samba) and iSCSI protocols. Data can be recovered in a single pass from any recovery point associated with a full, differential, or incremental backup of the virtual machine. See "Restoring files from VMware backups" on page 657. Instant Recovery This method provides instant availability of the virtual machine leveraging Storage vMotion to transfer data while the virtual machine is up and running. See "Instant recovery for VMware" on page 663. Restoring the entire VMware virtual machine Use the procedure described here to restore the entire virtual machine. During the restore process, you select a recovery point or backup and the Unitrends backup system uses the backed up data to create a new VM on the ESX host you select. Note: VMs can be restored to the original ESXi server or to another ESXi server running the same or higher ESXi version. To restore a virtual machine 1 Select the vCenter, stand-alone ESX server, resource pool, vApp, navigation group, or virtual machine in the left Navigation pane and click Restore. The list of available backups that display in the next step is filtered by the selection you make here. Note: If you do not see resource pools, vApps, virtual machines, or navigation groups in the Navigation pane, click the Gear icon at the bottom of the Navigation pane, check Show Virtual Machines in Navigation Tree, and click Confirm. 2 Select a recovery point by selecting the highlighted day in the calendar and then select the associated recovery point time. The recovery point time can be as associated with a full, differential, or incremental backup. 3 Click Next (Select Options) at the bottom on the screen. A list of ESX servers displays. The selected virtual machine can be restored to the original ESX server or to any other ESX server Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 657 that is registered or is part of a vCenter server that is registered. Note that the target ESX server must be the same version or newer than the original ESX server that hosted the virtual machine. It is highly recommended to perform recovery of the virtual machines to an ESX server version that matches the original ESX server. 4 Optionally select a resource pool or vApp to restore to. If no resource pool or vApp is selected, the VM is restored to the root of the ESX host. 5 Select the Datastore on the target ESX server. 6 All disks’ metadata is restored by default, including metadata for excluded disks. Uncheck Restore Excluded Disks Meta Data? to prevent excluded disks’ metadata from being restored. If you choose to restore all metadata, it is important to note that the virtual machine and all the virtual hard drives will be recovered to the selected datastore. Ensure enough space is available on the datastore for all the virtual hard drives (including excluded drives) to be recovered. 7 Enter a name for the restored VM in the Virtual Machine Name field or accept the default name. Every restore creates a new virtual machine. If the original VM still resides on the ESX host you select for the restore, it is not overwritten. 8 Click Restore to initiate the restore. Every restore initiates two jobs: the first restores the configuration files or metadata for the virtual machine being restored, the second restores the data. 9 To view the status of the restore jobs click on Settings > System Monitoring > Jobs. 10 The recovered VM is created in a powered off state. Go to the hypervisor to power on the virtual machine. Special considerations for RHEL/CentOS6.x virtual machines If you have restored a RHEL 6.x or CentOS 6.x virtual machine and receive a network error similar to: eth0: unknown interface: No such device follow the steps in VMware’s article Networking does not work in a cloned Linux virtual machine. Restoring files from VMware backups Use the VMware file-level recovery (FLR) feature to restore individual files from a Windows or Linux VM to the original VM, or to another machine running the same OS as the original. The restore target machine can be a physical or virtual machine and does not need to be a protected client of the backup system. You may simultaneously run one file-level recovery session for each protected VM. Note: FLR is supported on Windows and Linux VMs only. FLR is not supported on other operating systems, such as OES, SCO, and Novell. For these operating systems, you can restore the VM. For details, see "Restoring the entire VMware virtual machine" on page 656. To recover files and folders, the virtual machine hard drives are exposed as both a CIFS (Samba) share and an iSCSI LUN. You then choose to map the share or LUN to the restore target machine so that data can be copied to the desired location. You must use iSCSI LUN mapping for the following: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 658 • • To recover access control information on files and folders for Windows systems To recover NTFS encrypted files Note: For the restore process, iSCSI disks are writable and a 1 GB write limit is enforced. If the restore process requires more than 1 GB, you will see OS errors on the restore target machine. If this happens, restore the VM rather than individual files. See "Restoring the entire VMware virtual machine" on page 656 for details. Windows prerequisites The following prerequisites must be met to perform an item level recovery for Windows clients. Windows prerequisite Description CIFS (Samba) access Ensure that the Samba service is enabled. Turn on the Samba service by selecting Settings > System, Updates, and Licensing > Support Toolbox > Samba On/Off. iSCSI access for Windows 2003 To connect to the iSCSI LUN exposed by the Unitrends system, an iSCSI initiator must be used. For Windows 2003, the initiator package must be downloaded and installed on the restore target machine. Download the installation file from: Disk configuration VMware FLR is supported on Windows systems configured with MBR partitions only. GPT partitions are not supported. FLR can be performed for dynamic disks with the following limitations: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18986 FLR on dynamic disks can be performed only with iSCSI. FLR on dynamic disks using a CIFS share is not supported. If the dynamic volumes in the backup are still in use on the original server, then the disks exported by FLR must be attached to a different server for the recovery. To perform VMware file-level recovery 1 Select the vCenter, stand-alone ESX server, or navigation group in the Navigation pane. The list of available backups that display in the next step is filtered by the selection you make here. Note: If you do not see resource pools, vApps, virtual machines, or navigation groups in the Navigation pane, click the Gear icon at the bottom of the Navigation pane, check Show Virtual Machines in Navigation Tree, and click Confirm. 2 Select Restore from the Main menu. 3 Select a day in the calendar and the desired backup below to define the recovery point time. 4 Click Next (Select Files/Items) at the bottom of the screen. 5 On the Restore from Backup screen, you see one of the following: • No disk image exists; select ‘Create’ to build one. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 659 or • 6 An image is available for recovery. All images on the backup system display in the grid below. Click Create to create a disk image for the VM from which you are restoring. Note: If a previous disk image was created and is still mounted for this VM, you must tear down this image before the system will allow you to create a new share. An image is created and displays in the Images available for recovery area. The VM disk’s files are exposed as a CIFS (Samba) share and/or an iSCSI target. The Targets column indicates whether Samba (smb), iSCSI, or both targets are available. If you receive an error while attempting to create the image, increase the memory allocated to the Unitrends system and try again. 7 Proceed to one of the following to select files to restore: • "To use a CIFS share to restore files from a VMware backup to a Windows target" on page 659 • "To use iSCSI to restore files from a VMware backup to a Windows 2003 target" on page 660 • "To use iSCSI to restore files from a VMware backup to a Windows 2012 or 2008 target" on page 660 • "To restore files from a VMware backup to a Linux target" on page 661 To use a CIFS share to restore files from a VMware backup to a Windows target 1 Create a disk image. See "To perform VMware file-level recovery" on page 658 for details. 2 Log in to the Windows machine to which files will be restored. This can be the VM from which files are to be restored, or any other Windows machine. It cannot be a VM with dynamic disks. 3 Mount the share to the Windows machine by mapping a network drive to the path displayed in the Images available for recovery area of the Restore from Backup screen. For example: \\\flr where n is a number. 4 Browse the mapped share to locate the files to restore. Each partition in the flr share is named volume n, where n is a number. 5 Copy files to restore them to the desired location. 6 Disconnect the network share once files have been restored by right-clicking the share and selecting Disconnect. 7 On the backup system, tear down the restore image using one of the following procedures: • If the Restore from Backup screen is still open in the backup system, select the image in the Images available for recovery area, and click Tear Down. Click Yes to confirm 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 660 that you would like to proceed. The image is removed from the share. • If you have closed the Restore from the Backup screen, follow the instructions described in "About the VMware restore session" on page 662. To use iSCSI to restore files from a VMware backup to a Windows 2003 target 1 Create a disk image. See "To perform VMware file-level recovery" on page 658 for details. 2 Log in to the Windows 2003 machine to which files will be restored. This can be the VM from which files are to be restored, or any other Windows machine. For dynamic disks, if the dynamic volumes in the backup are still in use on the original server, then the disks exported by FLR must be attached to a different server for the recovery. 3 Launch the iSCSI Initiator from the Windows Control Panel > Administrative Tools. 4 From the Initiator, enter the backup system IP address as a target portal. The exposed targets are automatically discovered. 5 Select the desired iSCSI target. The last part of the iSCSI identifier contains the VM name. For example, if the VM name is Ubuntu on NFS, the ID looks like: iqn.1995-11.com.unitrends.dpu:flr.89fb.ubuntuonnfs 6 Log in to expose targets as local disks. 7 Use Windows Disk Management tools to assign drive letters and retrieve files. The Windows file explorer has a setting to hide protected/system files from view. Be sure this setting is turned off so you can access all files. 8 Copy files/folders from the iSCSI drives to the desired location. 9 When finished, Log Off using the iSCSI Initiator. This terminates the machine’s connection to the iSCSI target. 10 On the backup system, tear down the restore image using one of the following procedures: WARNING! Proceeding with the tear-down while the restore target is still connected causes undesired results and errors on the target machine. • If the Restore from Backup screen is still open in the backup system, select the image in the Images available for recovery area, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is removed from the share. • If you have closed the Restore from the Backup screen, follow the instructions described in "About the VMware restore session" on page 662. To use iSCSI to restore files from a VMware backup to a Windows 2012 or 2008 target 1 Create a disk image. See "To perform VMware file-level recovery" on page 658 for details. 2 Log in to the Windows machine to which files will be restored. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 661 This can be the VM from which files are to be restored, or any other Windows machine. For dynamic disks, if the dynamic volumes in the backup are still in use on the original server, then the disks exported by FLR must be attached to a different server for the recovery. 3 Launch the iSCSI Initiator from the Windows Control Panel > Administrative Tools. 4 From the Initiator, enter the backup system IP address as a target and choose Quick Connect. A list of iSCSI target LUNs display. 5 Select the desired iSCSI target from the list and click Done. The last part of the iSCSI identifier contains the VM name. For example, if the VM name is Ubuntu on NFS, the ID looks like: iqn.1995-11.com.unitrends.dpu:flr.89fb.ubuntuonnfs 6 Use Windows Disk Management tools to assign drive letters and retrieve files. The Windows file explorer has a setting to hide protected/system files from view. Be sure this setting is turned off so you can access all files. 7 Copy files/folders from the iSCSI drives to the desired location. 8 When finished, Disconnect from the LUNS using the iSCSI Initiator. 9 On the backup system, tear down the restore image using one of the following procedures: WARNING! Proceeding with the tear-down while the restore target is still connected causes undesired results and errors on the target machine. • If the Restore from Backup screen is still open in the backup system, select the image in the Images available for recovery area, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is removed from the share. • If you have closed the Restore from the Backup screen, follow the instructions described in "About the VMware restore session" on page 662. To restore files from a VMware backup to a Linux target Note: This procedure is not supported for software RAID (mdraid) configurations. Instead, restore the VM. See "Restoring the entire VMware virtual machine" on page 656. 1 Create a disk image. See "To perform VMware file-level recovery" on page 658 for details. 2 Log in to the Linux machine to which files will be restored. This can be the VM from which files are to be restored, or any other Linux machine. 3 Change to the /tmp directory: cd /tmp 4 Run the following command to copy the iscsi_flr script from the backup system: wget http:///iscsi_flr 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 662 5 Once the script is downloaded, add execute permission: chmod +x iscsi_flr 6 Run the script as follows: ./iscsi_flr mount 7 Enter information at the system prompts. An example for a VM called linux whose backup system IP is 192.168.237.230 is given here: Unitrends VM File-Level Recovery <…intro text…> ------------------------Enter address of the Unitrends backup appliance: 192.168.237.230 Enter mount point directory: /tmp// Performing iSCSI target discovery from 192.168.237.230. 1: 192.168.237.230:3260,1 iqn.199511.com.unitrends.dpu:flr.4cdf.linux 2. 192.168.237.230:3260,1 iqn.199511.com.unitrends.dpu:flr.aecb.linux2 Choose a session to restore from: 1 Logging in to iSCSI target iqn.199511.com.unitrends.dpu:flr.4cdf.linux at 192.168.237.230:3260,1 <…etc…> 8 Use Linux tools, such as cp, to copy the files/folders to the desired location. 9 Once data has been restored, it is important to disconnect the share by running this command from the /tmp directory: ./iscsi_flr unmount 10 On the backup system, tear down the restore image using one of the following procedures: WARNING! Proceeding with the tear-down while the restore target is still connected causes undesired results and errors on the target machine. • If the Restore from Backup screen is still open in the backup system, select the image in the Images available for recovery area, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is removed from the share. • If you have closed the Restore from the Backup screen, follow the instructions described in "About the VMware restore session" on page 662. About the VMware restore session After files have been restored, the session remains until you tear it down. Because system resources are used to maintain the session, it is important to tear it down to ensure optimal performance. To view or tear down VMware restore images 1 Select the vCenter, stand-alone ESX server, or navigation group in the Navigation pane. 2 Select Settings > System Monitoring > Restore Disk images. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 663 3 Select Restore Images. A list of restore images displays. 4 Click Refresh to ensure that the list is current. 5 If desired, tear down a restore image. • For iSCSI restores, verify that the machine you restored to is no longer connected to the mounted iSCSI target. WARNING! Proceeding with the tear-down while the restore target is still connected causes undesired results and errors on the target machine. • • Select an image in the list of Restore Images, and click Tear Down. Click Yes to confirm that you would like to proceed. The image is removed from the share. Instant recovery for VMware Instant recovery for VMware enables you to restore a failed or corrupt virtual machine and access it almost immediately See the following topics for details: • • • • • • • "How instant recovery for VMware works" on page 663 "Steps for implementing VMware instant recovery" on page 665 "Prerequisites for implementing VMware instant recovery" on page 666 "Allocating storage for VMware instant recovery" on page 667 "Configuring port security for VMware instant recovery " on page 668 "Performing the audit process for VMware instant recovery" on page 668 "Performing VMware instant recovery" on page 670 Note: For instant recovery of Windows virtual machines that you are protecting with agent-based backups, see "Windows Instant Recovery" on page 451. How instant recovery for VMware works To perform VMware instant recovery, you select a recovery point associated with a full, incremental, or differential backup and the Unitrends appliance creates a new virtual machine from the recovery point. The new virtual machine can then assume the role of the original and is available for use immediately. While the virtual machine is operational, Unitrends leverages Storage vMotion to copy data from a disk image on the appliance to the ESX server hosting the new virtual machine. You can perform VMware instant recovery in two modes: audit mode and instant recovery mode. Audit mode is used for verifying recovery points and instant recover mode is used to replace a corrupt or failed virtual machine. See the following topics for details: • • "Audit mode" on page 664 "Instant recovery mode" on page 664 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 664 Audit mode Performing VMware instant recovery in audit mode enables you to verify that a virtual machine can be created from a recovery point. The diagram below illustrates how audit mode works. When you select a recovery point to audit, the appliance uses data from the recovery point to create a disk image on the appliance and a new virtual machine on the selected ESX server. Although the virtual machine resides on the ESX server, it runs from the disk image created on the appliance. All other resources, such as the processors and memory, reside on the ESX server. A virtual machine in audit mode is not intended for production use. It does not have network connectivity and changes made to the virtual machine in audit mode are not backed up on the Unitrends appliance. Applications on the virtual machine requiring network access are not fully functional in audit mode. After verifying that the virtual machine has booted and its data is accessible, you should delete it from the ESX server and tear down the disk image from the appliance to free the system resources used to run the virtual machine in audit mode. To perform VMware instant recovery in audit mode, see "Performing the audit process for VMware instant recovery" on page 668. For information on recovery points, see "Types of restores" on page 342. Instant recovery mode Performing VMware instant recovery enables you to replace a corrupt or failed virtual machine. When you select a recovery point, the appliance uses data from the recovery point to create a disk image on the appliance and a new virtual machine on the datastore of the ESX server. As soon as the virtual machine is created, it is available for use. The Unitrends appliance utilizes Storage vMotion to copy the data from the disk image on the Unitrends appliance to the target ESX server. Once the migration is complete, the disk image is no longer needed on the Unitrends appliance and it can be torn down. For details, see "Performing VMware instant recovery" on page 670. For information on recovery points, see "Types of restores" on page 342. The diagram below illustrates the instant recovery process: Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 665 Steps for implementing VMware instant recovery For best results, it is recommended that you plan your strategy for disaster recovery before a client fails. This section provides a high-level overview of the steps you must complete to implement VMware instant recovery. It identifies steps to complete before and after a client fails. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 666 To use VMware instant recovery, you must protect your virtual machines with VMware backups. For Windows clients protected with agent-based backups, you can use Windows instant recovery as a temporary solution (see "Windows Instant Recovery" on page 451) and bare metal recovery as a more permanent solution (see "Bare Metal Protection Overview" on page 749). Perform the following before a client fails Step 1: Review the "Prerequisites for implementing VMware instant recovery" on page 666. Step 2: Run VMware backups for the clients you wish to protect with instant recovery. See "Executing VMware backups" on page 652. Step 3: Allocate storage for instant recovery on your Unitrends appliance. See "Allocating storage for VMware instant recovery" on page 667. Step 4: Configure port security to no security. See "Configuring port security for VMware instant recovery " on page 668. Step 5: Verify that you have enough space for the recovery on your ESX host. Step 6: Perform the audit process to verify that a recovery point can be used to create a new VM. Repeat this step as needed to test new recovery points. For instructions, see "Performing the audit process for VMware instant recovery" on page 668. Perform the following after a client fails Step 7: Perform the instant recovery process. See "Performing VMware instant recovery" on page 670. Prerequisites for implementing VMware instant recovery Consider the following prerequisites and considerations as you plan for disaster recovery of your VMware virtual machines: Prerequisite or consideration Description vCenter version and license To perform instant recovery (in live mode), the ESXi server used as the instant recovery target must be managed by a vCenter that meets the following requirements: • • • Must be running vCenter version 5, 5.1, 5.5, or 6, or vCSA 5. Must have a license that supports Storage vMotion. Must be registered to the Unitrends appliance from which you are performing the instant recovery. Note: You can perform the audit process using a stand-alone ESXi server, but instant recovery in live mode is not supported. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 667 Prerequisite or consideration ESXi server Backup Description The ESXi server used as the instant recovery target must meet the following requirements: • Must be managed by a vCenter that meets the version and license criteria above. • • Must be running ESXi version 5, 5.1, 5.5, or 6. • Must be running the same version or higher as the original ESXi server hosting the virtual machine. It is highly recommended that you restore to an ESXi version that matches the original. • Must have sufficient space for the new VM. Must be registered to the Unitrends appliance from which you are performing the instant recovery. You must have a backup to recover a virtual machine. The backup used for the instant recovery must be: VM hardware version • A successful VMware backup of a virtual machine. (To run a backup, see "Executing VMware backups" on page 652.). • A local or replicated backup. Since Unitrends does not create clones, the restored virtual machine is configured with the latest hardware version that is supported by the target hypervisor. For example, if a hardware version 8 VM is restored to an ESXi 5.5 server, the restored VM is hardware version 10. Allocating storage for VMware instant recovery Because the disk for a recovered VM resides on the Unitrends appliance until the storage migration is complete (see "How instant recovery for VMware works" on page 663), you must allocate storage for instant recovery. It is recommended that you allocate storage before a VM fails to ensure that the space is available when you need it. You must allocate at least twenty percent of the used space on the original virtual disk for instant recovery. Storage allocation can be distributed among backups/replication, vaulting, and instant recovery, depending on the identity of your Unitrends appliance. When you allocate storage for one function, it cannot be used for other functions. Note: You can perform the recovery from a backup system or replication target, so make sure to allocate instant recovery storage for all the Unitrends appliances that you will use for instant recovery. To allocate storage for VMware instant recovery 1 On the Unitrends system, select Settings > Storage and Retention > Storage Allocation. You see the storage allocation chart which lists the storage used on the system. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 668 2 Slide the storage distribution for Instant Recovery or enter the desired size in the field below the pie chart. 3 Click Confirm. You see a summary window with the new allocation. 4 Click Yes to confirm the new settings. Configuring port security for VMware instant recovery To perform an instant recovery, you must configure port security to No Security (Open All). If you prefer, you can change to a higher security setting after completing the recovery. To configure port security for VMware instant recovery 1 Log in to the Unitrends appliance that you will use for the recovery. 2 Select Settings > Clients, Networking, and Notifications > Ports. 3 At the bottom of the screen, select No Security (Open All). 4 Enter the root password, and click Confirm. Performing the audit process for VMware instant recovery The audit process allows you to quickly boot a virtual machine from a selected recovery point and ensure that the data is intact. It is recommended that you perform the audit process periodically to test new recovery points. The virtual machine created in audit mode is not connected to a network or intended for production use. After verifying that the virtual machine is operational, you must exit audit mode and tear down the recovery image to allow the Unitrends system to reset the state of the virtual machine. Before performing the audit process, it is recommended that you read "Steps for implementing VMware instant recovery" on page 665. Note: You can perform the audit process using a stand-alone ESX server. However, to perform the instant recovery, you must use a vCenter server that supports Storage vMotion. See the following topics for instructions: • • "To perform the audit process for VMware instant recovery" on page 668 "To exit audit mode for VMware instant recovery" on page 669 To perform the audit process for VMware instant recovery 1 Log in to the Unitrends appliance storing the backup that you will use for the recovery. 2 In the Navigation pane, select the original VM. Note: If you want to use a replicated backup for the recovery process, you must first enable replication view. For details, see "Viewing replicated backups" on page 309. The list of available backups that display in the next step is filtered by the selection you make here. 3 Select the Restore button from the Main menu. 4 Select a highlighted day in the calendar and then select a recovery point. The recovery point time can be associated with a full, differential, or incremental backup. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 669 5 Click the Next (Select Options) button at the bottom of the screen. 6 Select an ESX server from the list that displays in the Available ESX Servers window. The list includes registered ESX servers and ESX hosts that are managed by registered vCenter servers. You can select the original ESX server or an alternate ESX server. Note: If you are using a replicated backup for the audit process, you must restore to an ESX server that is registered to the target or managed by a vCenter server that is registered to the target. 7 You have the option to select a resource pool or vApp. If you do not select a resource pool or vApp, the VM is restored to the root of the host. 8 Select a datastore with sufficient space for the restore. 9 Enter a name for the restored VM in the Virtual Machine Name field or accept the default name. Every restore creates a new virtual machine. If the original VM still resides on the ESX host you select for the restore, it is not overwritten. 10 Check the Instant Recovery? box. You cannot restore excluded disk metadata during instant recovery. 11 Check the Audit Mode box. 12 In the IP Address drop-down list, select the network adapter and associated IP address that you wish to use for instant recovery. 13 Click Audit to initiate the process. 14 A new virtual machine is created on the ESX server you selected in step 6 above. 15 To view the status of the restore jobs click on Settings > Instant Recovery > VMware. Once the Job Detail indicates VM is available for use, you can access the virtual machine to ensure that it is operational. Audit mode is used to verify that the virtual machine can be recovered in the event of a disaster. Note: Applications on the virtual machine requiring network access are not fully functional in audit mode. 16 Once the virtual machine operation is confirmed, you should exit audit mode. For instructions, see "To exit audit mode for VMware instant recovery" on page 669. To exit audit mode for VMware instant recovery Any changes made to the virtual machine while in audit mode are lost once audit mode is exited. 1 Shut down the virtual machine from the vSphere client interface. 2 Delete the virtual machine using the vSphere client interface. 3 In the Unitrends appliance storing the backup you used for the recovery, select Settings > Instant Recovery > VMware. 4 Click on the job for the selected virtual machine. 5 Click Tear Down to reset the state of the virtual machine image. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 670 If you have not deleted your audit session from your Hyper-V server, select Delete from ESX host and appliance. If you have already deleted your session from the ESX host, select Delete from appliance. Performing VMware instant recovery Use the procedure described here to recover a failed virtual machine from a local or replicated backup. Before performing the recovery, it is recommended that you read "Steps for implementing VMware instant recovery" on page 665. To perform VMware instant recovery You can perform instant recovery in audit mode using a stand-alone ESX server. However, to restore in Instant Recovery mode, you must use a vCenter server that supports Storage vMotion. 1 Log in to the Unitrends appliance storing the backup that you will use for the recovery. Note: 2 If you want to use a replicated backup for the recovery, you must first enable replication view. For details, see "Viewing replicated backups" on page 309. In the Navigation pane, select the original VM. Note: To display virtual machines, select the gear icon at the bottom of the Navigation pane and select the option to display virtual machines in the Navigation tree. The list of available backups that display in the next step is filtered by the selection you make here. The failed VM that you recover can be hosted on a stand-alone ESX server or an ESX host managed through a vCenter server. However, the recovery destination must be an ESX host that is managed through a vCenter server. 3 Select the Restore button from the Main menu. 4 Select the highlighted day in the calendar and then select a recovery point. The recovery point time can be associated with a full, differential, or incremental backup. 5 Click Next (Select Options) at the bottom on the screen. 6 In the Available ESX Servers window, select an ESX server managed by a vCenter server that is registered to the appliance. This can be the original ESX server or an alternate server. All ESX servers registered to the appliance display. However, you must select an ESX server managed by a registered vCenter server. Note: If you are using a replicated backup for the recovery process, you must restore to an ESX server that is registered to the target and managed by a vCenter server that is also registered to the target. 7 You have the option to select a resource pool or vApp. If you do not select a resource pool or vApp, the VM is restored to the root of the host. 8 Select a datastore with sufficient space for the recovery. The virtual machine and all the virtual hard drives will be recovered to the selected datastore. It is important to ensure enough space is available on the datastore for all the virtual hard drives (including Logical RDM devices) to be recovered. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 671 9 Enter a name for the restored VM in the Virtual Machine Name field or accept the default name. Every restore creates a new virtual machine. If the original VM still resides on the ESX host you select for the restore, it is not overwritten. 10 Check the Instant Recovery? box. Note: You cannot restore excluded disk metadata during instant recovery. 11 In the IP Address drop-down list, select the network adapter and associated IP address that you wish to use for instant recovery. 12 Click Restore to initiate the process. 13 A new virtual machine is created on the ESX server you selected in step 6 on the previous page. 14 To view the status of the restore jobs, select Settings > Instant Recovery > VMware. Once the Job Detail field indicates Relocating VM, the VM is operational. The system initiates a Storage vMotion operation to transfer the data of the virtual hard drives from the Unitrends system to the selected datastore. While data is being migrated to the ESX server datastore, it is critical that the backup system is not rebooted or powered down. The process will have to be restarted and any changes made to the virtual machine will be lost if the Storage vMotion operation is canceled. 15 Once the Job Detail field indicates VM is available for use, the data migration to the datastore is complete. 16 To complete the recovery process, do the following: • Tear down the recovery image. For instructions, see "To tear down the instant recovery image" on page 671. • Add the new VM to a backup schedule as described in "To view or modify a VMware backup schedule" on page 655. If you checked the Auto-include new VMs box when creating a backup schedule for the vCenter managing the ESX server hosting the new VM, it will automatically be added to this schedule. • If you are using replication, you will need to configure the new VM for replication. For instructions, see "To replicate application backups" on page 300. To tear down the instant recovery image Tear down the recovery image to allow the Unitrends appliance to reset the state of the VM image. Tearing down the recovery image after data migration is complete has no impact on the new VM created on your ESX host through the instant recovery process. IMPORTANT! Do not perform this procedure until the Job Detail field indicates VM is available for use. If you tear down the recovery image before data migration is complete, you will have to restart the process to recover your VM. 1 In the Unitrends appliance storing the backup you used for the recovery, select Settings > Instant Recovery > VMware. 2 Click on the job for the selected virtual machine. 3 Click Tear Down to reset the state of the virtual machine image. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 672 Recovering peripheral devices When a VM is restored, a CDROM device that was configured to use an ISO image on the ESX server is restored as a client device. Reconfigure this device to use an ISO image after the restore has completed, if necessary. Protecting VMware templates With VMware’s vSphere client and other tools you can create templates of virtual machines for situations when it is necessary to deploy VMs frequently. (See VMware’s documentation Working with Templates and Clones for details.) Unitrends releases 7.3 and higher support protection of VMware templates. Consider the following when using this feature of the Unitrends system: • You must use the Unitrends Virtualization Protector for templates. Agent-based protection of templates is not available. • With VMware’s tools, you can create a template by cloning or converting a VM. In both cases, the template copies the VM, operating system, and any data saved to this VM. After the template is created, it exists independently of the original VM, so changes made to the template do not affect the VM, and vice-versa. • If you want to back up a virtual machine and its template, you must perform backups for both. If you clone a VM as a template and then backup only the template and not the original VM, you could lose data. • As explained in VMware’s documentation, you must be connected to vCenter server to create a template. To protect your templates, you must register your vCenter Server as a client to the Unitrends backup system. If you register the ESX server directly, your templates will not display in the Navigation pane. • Only full backups of templates can be executed. Because data in a template cannot be altered, there are no changes to capture in an incremental or differential backup. • When restoring a backup of a template, you can choose to restore the template or deploy it as a new VM. • Templates display in the Navigation pane in a Templates folder under the vCenter server. Different icons are used for VMs and templates, so you can easily distinguish between the two. However, it is recommended that when creating a template you use a file name that clearly identifies it as a template. The Backup Information page and backup reports indicate whether a backup is for a template. For details, see "Backup Information page" on page 152 and "Backups Report" on page 369. • SAN-direct backups, HotAdd backups, application-aware backups, and instant recovery are not supported for templates. For details about protecting templates, see the following topics: • • "Executing backups of VMware templates" on page 672 "Restoring VMware templates" on page 676 Executing backups of VMware templates Templates can be backed up immediately or scheduled for periodic backup. Scheduled backups are more typical – you create a calendar-based schedule which specifies when VMware template Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 673 backups will occur. Immediate backups are basically just scheduled backups that occur only one time and are executed as soon as possible. Before performing a backup of a template, you must verify that the template is listed in the Navigation pane. Expand the Templates folder to view its contents, and then perform one of the following: • If you do not see a Templates folder or if the template you want to backup is not displayed among the folder’s contents, see "To add the Templates folder or individual templates to the Navigation pane" on page 673. • If the template you would like to backup displays, you are ready to execute a backup. To continue see "To execute an immediate backup of a VMware template" on page 673 or "Creating a backup schedule for VMware templates" on page 673. To add the Templates folder or individual templates to the Navigation pane Recently created templates might not appear in the Navigation Pane. If all of your templates are recent, you might not see a Templates folder. Follow this procedure to add the Templates folder or individual templates to the Navigation Pane. 1 In the Navigation Pane, select the vCenter server that hosts your templates. Click Backup. 2 Click either the 1-Time Backup or Schedule Backup tab. A list of the VMs and templates hosted on the vCenter server displays. Click the Reload VMs button at the bottom of the screen. This reloads your system data, and the process may take a few minutes. 3 When your recently created templates display in the Navigation pane, see "To execute an immediate backup of a VMware template" on page 673 or "Creating a backup schedule for VMware templates" on page 673 to continue the backup process. To execute an immediate backup of a VMware template 1 Select the Templates folder in the Navigation pane. Click Backup. 2 Select the 1-Time Backup tab to see the list of templates in the folder. 3 Select the templates you would like to back up. Click the gray box above the list to select all templates. AppAware is not available for templates, so the icon is disabled. 4 Select Full as the backup type. (Differential and incremental backups cannot be performed for templates. If you select Differential or Incremental for the backup type, the backup fails.) Backups are stored on the default device. To back up to a different device, select it in the Available Devices area. 5 Click Backup at the bottom of the screen to initiate the backup process. A separate backup is created for each template selected. To view the status of the backup, select Settings >System Monitoring > Jobs. To view details for completed backup jobs, select Reports > Backups. Creating a backup schedule for VMware templates Creating a backup schedule for VMware templates Because incremental and differential backups cannot be performed for templates, it is recommended that you use one of the following schedule strategies: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 674 • Daily full backups for templates and small VMs that do not require incremental or differential backups, described in "To create a backup schedule for templates and VMs" on page 674. • Daily full backups for templates only, described in "To create a backup schedule that includes only templates" on page 675. To create a backup schedule for templates and VMs Use this procedure to create a full backup schedule for templates and small virtual machines that do not require incremental or differential backups. For VMs that do require incremental or differential backups, see "To create a VMware backup schedule" on page 654. 1 Select the vCenter server or navigation group in the Navigation Pane. Click Backup. 2 Select the Schedule Backup tab to see the list of templates and VMs hosted on the server. 3 Enter a unique Schedule Name. 4 If desired, enter a Schedule Description. 5 Select all templates and VMs to be protected by the schedule. 6 • A list of available templates and VMs displays in the VMs to Protect section. Click the gray box above the list to select all templates and VMs. • Backups included within the schedule will execute sequentially. A template or VM may be included in only one schedule. If you try to add a template or VM to additional schedules, you will see an error message upon attempting to save subsequent schedules. In the Schedule area, select Custom from the list. Note: 7 For the custom strategy, click the Calendar icon to define the frequency at which backups of each type will run. Do the following for each backup instance: • • 8 You can select another strategy from the list, but this is not recommended. If you include templates in a backup schedule with virtual machines for which incremental and differential backups are performed, these backups will not be queued for the templates. They will run as scheduled for the virtual machines. Drag a backup icon onto the calendar. Drag onto today’s date or later. In the Add Backup window, define the backup type, start date, start time, and recurrence. Then click Confirm. If desired, modify the minimum and maximum retention settings. These settings apply to all selected templates and VMs. To set different values for each template or VM, do not enter settings here. Instead, go to Settings > Storage and Retention > Backup Retention. For details see "About retention control" on page 121. Modifying retention settings here also updates values displayed on the Backup Retention page. Once you modify this setting in the schedule, you cannot change it again from the schedule itself. Instead, make changes from the Backup Retention page as described in "About retention control" on page 121. 9 If you would like to add new templates and VMs to this schedule automatically, check the Auto-include new VMs box. This option can be enabled for only one schedule for each vCenter or ESX server that the Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 675 system is protecting. If you are using vMotion but have not registered the vCenter that manages the ESX servers, enabling this option adds migrated VMs to schedules on the associated ESX servers. If the vCenter server has been registered, your schedules continue to run seamlessly, even if this box has not been checked. 10 Click Advanced Settings and specify options as desired. • • Select the backup device to which backups will be written. • Check the Email Failure Report option to receive an email notification upon failure of any backup job on the schedule. • Click Confirm to save Advanced Settings. Check the Email Schedule Report option to receive email notification upon the completion of the scheduled backup jobs. 11 Check the Schedule enabled box under Schedule Name. Then click Save to create the schedule To create a backup schedule that includes only templates Use this procedure to create a custom full backup schedule for templates. 1 Select the Templates folder in the Navigation pane. Click Backup. 2 Select the Schedule Backup tab to see the list of templates in the folder. 3 Enter a unique Schedule Name. 4 If desired, enter a Schedule Description. 5 Select all templates to be protected by the schedule. 6 • A list of available templates displays in the VMs to Protect section. Click the gray box above the first template to select all templates. • Backups included within the schedule will execute sequentially. A template may be included in only one schedule. If you try to add a template to additional schedules, you will see an error message upon attempting to save subsequent schedules. In the Schedule area, select Custom from the list. Note: 7 For the custom strategy, click the Calendar icon to define the frequency at which backups of each type will run. Do the following for each backup instance: • • 8 You can select another strategy from the list, but incremental and differential backups will not be queued for templates. Drag a backup icon onto the calendar. Drag onto today’s date or later. In the Add Backup window, define the backup type, start date, start time, and recurrence. Then click Confirm. Click Advanced Settings and specify options as desired. • • Select the backup device to which backups will be written. Check the Email Schedule Report option to receive email notification upon the completion of the scheduled backup jobs. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 676 9 • Check the Email Failure Report option to receive an email notification upon failure of any backup job on the schedule. • Click Confirm to save Advanced Settings. If desired, modify the minimum and maximum retention settings. These settings apply to all selected templates. To set different values for each template, do not enter settings here. Instead, go to Settings > Storage and Retention > Backup Retention. For details, see "About retention control" on page 121. Modifying retention settings here also updates values displayed on the Backup Retention page. Once you modify this setting in the schedule, you cannot change it again from the schedule itself. Instead make changes from the Backup Retention page as described in "About retention control" on page 121. 10 Check the Schedule enabled box under Schedule Name. Then click Save to create the schedule. Restoring VMware templates Once a template has been backed up, it can be restored as a template or as a new virtual machine. If you restore a template backup as a virtual machine, Unitrends creates a new virtual machine from the template and restores it to the ESX server that you select during the restore process. For details, see these topics: • • "To restore a template" on page 676 "To restore a template as a virtual machine" on page 677 To restore a template 1 Select the template in the Navigation pane, and click Restore. 2 Select a recovery point by selecting the highlighted day in the calendar. Then select the associated recovery point time. 3 Click Next (Select Options). [Next (Select Files/Items) is disabled because file-level restores cannot be performed for templates.] 4 The Restore from Backup of Client step displays. Enter a unique name for the template or accept the default name that displays in the Virtual Machine Name box. If the name is not unique, the restore fails. Check Restore as Template? Note: Instant Recovery? is disabled because it is not supported for templates. 5 All disks’ metadata is restored by default, including metadata for excluded disks. Uncheck Restore Excluded Disks Meta Data? to prevent excluded disks’ metadata from being restored. If you choose to restore all metadata, it is important to note that the template and all the virtual hard drives will be recovered to the selected datastore. Ensure enough space is available on the datastore for all the virtual hard drives (including excluded drives) to be recovered. 6 Select an ESX server from the Available ESX Servers list. The selected template can be restored to the original ESX server or to any other ESX server that is part of a registered vCenter server. Note that the target ESX server must be the same version as or newer than the Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 677 original ESX server that hosted the template. It is highly recommended to perform recovery of the virtual machines to an ESX server version that matches the original ESX server. Note: You cannot restore a template to an ESX server that is not managed through vCenter. If you select a standalone ESX server, Restore as Template? is disabled. 7 Select a Datastore on the ESX server to which the template will restore. (A list of resource pools does not display because templates do not belong to resource pools as they do not require resources.) 8 Click Restore to initiate the restore. Every restore initiates two jobs: the first restores the configuration files or metadata for the template being restored; the second restores the data. 9 To view the status of the restore jobs click on Settings > System Monitoring > Jobs. To restore a template as a virtual machine 1 Select the template in the Navigation pane, and click Restore. 2 Select a recovery point by selecting the highlighted day in the calendar. Then select the associated recovery point time. 3 Click Next (Select Options). [Next (Select Files/Items) is disabled because file-level backups and restores cannot be performed for templates.] 4 The Restore from Backup of Client step displays. Enter a unique name for the new virtual machine or accept the default name that displays in the Virtual Machine Name box. If the name is not unique, the restore fails. Uncheck Restore as Template? 5 All disks’ metadata is restored by default, including metadata for excluded disks. Uncheck Restore Excluded Disks Meta Data? to prevent excluded disks’ metadata from being restored. If you choose to restore all metadata, it is important to note that the new virtual machine and all the virtual hard drives will be recovered to the selected datastore. Ensure enough space is available on the datastore for all the virtual hard drives (including excluded drives) to be recovered. 6 Select an ESX server from the Available ESX Servers list. The selected template can be restored as a new VM to the original ESX server or to any other ESX server that is registered or part of a registered vCenter server. Unlike templates, new VMs created from templates can be restored to a standalone ESX server. Note that the target ESX server must be the same version as or newer than the original ESX server that hosted the template. It is highly recommended to perform recovery of the virtual machines to an ESX server version that matches the original ESX server. 7 Optionally, select a resource pool or vApp to restore to. If no resource pool or vApp is selected, the new VM is restored to the root of the ESX host. 8 Select the Datastore on the target ESX server. 9 Click Restore to initiate the restore. Every restore initiates two jobs: the first restores the configuration files or metadata for the virtual machine being restored; the second restores the data. 10 To view the status of the restore jobs click on Settings > System Monitoring > Jobs. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 678 Troubleshooting How do I ensure that I do not break the transaction log chain for my applications if I am using the Virtualization Protector for HOS based backups and the Unitrends Windows agent for GOS-based protection? If the virtual machine is protected with VMware HOS-level protection and the Unitrends Windows agent is also installed in the guest operating system (GOS), there could be a conflict causing the transaction log backups in the GOS to fail. This can be overcome by performing the following steps in the guest: Edit the vmbackup.conf, file here: %ALLUSERSPROFILE%\Application Data\VMware\VMware Tools\ If the file does not exist, create it. Place the name of the VSS writer you want to disable on a separate line. If you want to disable more than one VSS writer, ensure that you place each VSS writer name on a separate line. For example: NTDS SqlServerWriter Restart the VMware tools service. For more information, see VMware’s article, Disabling specific VSS writers with VMware Tools. Legacy Recovery-Series and UEB Administrator's Guide Chapter 28: VMware Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 679 Chapter 29: Cisco UCS Protection Unitrends provides all-in-one backup, archiving, replication, and recovery of the following in your Cisco Unified Computing System (Cisco UCS) environment: • Blade and rack-mount servers. Use your Unitrends solution to protect and restore the server’s file system and hosted applications, and to perform disaster recovery of the entire server. • Service profiles and other configuration objects, including templates, pools, and policies. Protecting these objects enables quick restore without reconfiguring your network and servers. UCS server protection and service profile protection are completely independent of each other. To protect service profiles, you add the UCS manager itself to the Unitrends appliance as a client. To protect a server hosted on the UCS, you add the server to the Unitrends appliance as you would any stand-alone server of that operating system or virtual machine type. You can protect servers without protecting service profiles and vice versa, although we strongly recommend that you set up both for complete Cisco UCS protection. Because the server and service profile operations are independent, this chapter is comprised of two distinct sections: • • "Working with UCS blade and rack-mount servers" on page 679 "Working with Cisco UCS service profiles" on page 685 Working with UCS blade and rack-mount servers Use the following topics when working with the blade and rack-mount servers in your Cisco UCS environment: • "Protecting UCS blade and rack-mount servers" on page 679 to set up bare metal, file-level, and application backups of your UCS servers. • "Restoring UCS client backups" on page 682 to restore data from file-level and application-level backups. • "Disaster recovery of UCS clients" on page 683 to restore the entire UCS server. Protecting UCS blade and rack-mount servers Once you have set up a UCS server and installed the desired hypervisor or operating system (OS), you can protect the server by registering it to your Unitrends backup system as a client and scheduling backups. To register the server, you must supply its IP address or, for Windows or Linux, you can opt to register by server name if DNS has been set up in your environment. The requirements and the approach you use vary depending on the hypervisor or OS type. If you are not running VMware or Hyper-V backups for a client, be sure to set up bare metal protection so you are able to perform disaster recovery of the client, if ever needed. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 680 Note: When adding the UCS server to the Unitrends appliance as a client, select the server’s operating system or hypervisor in the Computer Type list. Do NOT select Cisco UCS Manager in the Computer Type list. Cisco UCS Manager is used to protect service profiles only. See the following topics for details: Hypervisor or OS Topics VMware hypervisor or virtual machine See "VMware Protection" on page 629 to set up backups and other VMware considerations. Hyper-V hypervisor or virtual machine See "Hyper-V Protection" on page 585 to set up backups and other Hyper-V considerations. Linux See the following: Novell Netware Note: Note: If you opt to install the Unitrends agent on a guest VM, protection is based on the operating system of the virtual machine. Locate the OS in this table for the applicable procedures. If you opt to install the Unitrends agent on a guest VM, protection is based on the operating system of the virtual machine. Locate the OS in this table for the applicable procedures. For bare metal restores, see "Imagebased restore to a Hyper-V virtual machine" on page 779. • "Linux Protection" on page 707 to install the agent and other Linux-specific considerations. • • "File-level Backups" on page 159 to set up file-level backups. "Bare Metal for Linux" on page 787 to set up bare metal protection for disaster recovery. See the following: • "Novell NetWare Protection" on page 721 to install the agent and other Novellspecific considerations. • • "File-level Backups" on page 159 to set up file-level backups. "Bare Metal for x86 Platforms" on page 795 to set up bare metal protection for disaster recovery. Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 681 Hypervisor or OS OES on Linux Topics See the following: • "Novell OES Linux Protection" on page 729 to install the agent and other OESspecific considerations. • • "File-level Backups" on page 159 to set up file-level backups. "Bare Metal for x86 Platforms" on page 795 to set up bare metal protection for disaster recovery. SCO See the following: OpenServer • "SCO OpenServer Protection " on page 737 to install the agent and other SCOspecific considerations. Solaris (Intel) UnixWare • "File-level Backups" on page 159 to set up file-level backups. • "Bare Metal for x86 Platforms" on page 795 to set up bare metal protection for disaster recovery. See the following: • "Solaris Protection" on page 739 to install the agent and other Solaris-specific considerations. • • "File-level Backups" on page 159 to set up file-level backups. "Bare Metal for x86 Platforms" on page 795 to set up bare metal protection for disaster recovery. See the following: • "UnixWare Protection" on page 741 to install the agent and other UnixWarespecific considerations. • • "File-level Backups" on page 159 to set up file-level backups. "Bare metal for UnixWare" on page 812 to set up bare metal protection for disaster recovery. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 682 Hypervisor or OS Topics Windows See the following: Xen on OES 2 • "Windows Protection" on page 425 to install the Windows agent and other Windows-specific considerations. • • "File-level Backups" on page 159 to set up file-level backups. • • • • "Microsoft SQL Protection" on page 489 to protect SQL data. "Windows Bare Metal Protection" on page 753 to set up bare metal protection for disaster recovery. "Microsoft Exchange Protection" on page 511 to protect Exchange data. "Microsoft SharePoint Protection" on page 535 to protect SharePoint farms. "Oracle Protection" on page 549 to protect Oracle on Windows data. See the following: • "Xen on OES 2 Protection" on page 743 to install the agent and other UnixWare-specific considerations. • • "File-level Backups" on page 159 to set up file-level backups. "Bare metal for Xen on OES 2 virtual machines" on page 826 to set up bare metal protection for disaster recovery. Restoring UCS client backups Once you have run backups for a client, you can restore them from the Administrator Interface (AI). The procedures you use vary by backup type. See the following topics for details: Note: To restore the entire client machine, see "Disaster recovery of UCS clients" on page 683. Backup type Restore procedure File-level To restore backups of your client’s file system, use the procedures in the "Restore Overview" chapter. SQL To restore SQL backups, see "Restoring SQL backups" on page 504. Exchange To restore Exchange backups, see "Microsoft Exchange recovery" on page 524. SharePoint To restore SharePoint backups, see "Restoring SharePoint backups" on page 543. Oracle To restore Oracle backups, see "Oracle restore from the backup system" on page 562 or "Oracle for Windows restore from the replication target" on page 565. Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 683 Backup type Restore procedure Hyper-V To restore Hyper-V backups, see "Restoring Hyper-V virtual machines" on page 606. VMware To restore VMware backups, see "Restoring the VMware virtual infrastructure" on page 656. Disaster recovery of UCS clients If you are running VMware or Hyper-V backups for a client, you can restore the VM from any successful backup. If you are running file-level backups for the client, bare metal technology is used for disaster recovery (DR). For most clients, you will need to have set up bare metal protection and created bare metal boot media before performing DR. DR procedures vary by client type. Follow the steps below, then proceed to the applicable clientspecific procedure. To recover a UCS client 1 If necessary, restore the client’s service profile. See "Restoring UCS service profile backups" on page 692 for details. 2 Instantiate the client’s service profile and associate it with the desired blade, rack-mount server, or server in a server pool. 3 Configure a PXE server or map a bootable ISO image to the virtual-media CDROM drive to the applicable hypervisor or operating system. See the Cisco document Cisco UCS Manager Configuration Common Practices and Quick Start Guide for details. Proceed to one of the following to perform disaster recovery (DR) of the client: Hypervisor or OS VMware vCenter or ESX server DR procedure Do one of the following: • If the new hypervisor is identical to the original, verify that the Unitrends system can connect and see the guest VMs. Select the vCenter or ESX server in the Navigation pane, select Settings > Clients, Networking, and Notifications > Clients, and click Save at the bottom of the Client page. Refresh the list of VMs to be sure the backup system has discovered all VMs. If the Unitrends system cannot connect to the original hypervisor, add a new one as described in the next option. • If the new hypervisor is not identical to the original, add it to the Unitrends system as described in "Working with vCenter and ESX servers" on page 635. Do not remove the original hypervisor from the Unitrends system until you are comfortable with the amount of retained backups for the new hypervisor. Backups for the original hypervisor are deleted when you remove it from the Unitrends system. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 684 Hypervisor or OS DR procedure VMware virtual machine See "Restoring the entire VMware virtual machine" on page 656. Hyper-V hypervisor Do one of the following: Note: If you opted to install the Unitrends agent on the VM and did not run VMware backups, DR is based on the operating system of the virtual machine. Locate the OS in this table for the applicable procedures. • If the new hypervisor is identical to the original, verify that the Unitrends system can connect and see the guest VMs. Select the Hyper-V application in the Navigation pane, select Settings > Clients, Networking, and Notifications > Clients, and click Save at the bottom of the Client page. Next, click Backup and refresh the list of VMs to be sure the backup system has discovered them all. If the Unitrends system cannot connect to the original hypervisor, add a new one as described in the next option. • If the new hypervisor is not identical to the original, add it to the Unitrends system as described in "Working with Hyper-V servers" on page 596. Do not remove the original hypervisor from the Unitrends system until you are comfortable with the amount of retained backups for the new hypervisor. Backups for the original hypervisor are deleted when you remove it from the Unitrends system. Hyper-V virtual machine See "Restoring Hyper-V virtual machines" on page 606. Linux See "Linux bare metal restore procedure" on page 789. Novell Netware See "Using the bare metal crash recovery boot CD" on page 798. OES on Linux See "Using the bare metal crash recovery boot CD" on page 798. Note: If you opted to install the Unitrends agent on the VM and did not run Hyper-V backups, DR is based on the operating system of the virtual machine. Locate the OS in this table for the applicable procedures. For bare metal restores, see "Image-based restore to a Hyper-V virtual machine" on page 779 SCO See "Using the bare metal crash recovery boot CD" on page 798. OpenServer Solaris (Intel) See "Using the bare metal crash recovery boot CD" on page 798. Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 685 Hypervisor or OS DR procedure UnixWare See "Bare metal for UnixWare" on page 812. Windows See "Windows Bare Metal Protection" on page 753. Xen on OES 2 See "Bare metal for Xen on OES 2 virtual machines" on page 826. Working with Cisco UCS service profiles With Unitrends release 7.3 and higher, you can back up and restore Cisco UCS service profiles and related configuration objects. In the event of a disaster, you can use this feature to quickly restore your service profiles, greatly reducing the recovery time objective (RTO) of reconfiguring your network and servers. The Cisco UCS environment provides a “virtual chassis” that enables you to create and assign hardware profiles to individual logical servers. You can then bring up the logical server on dedicated hardware that you can easily migrate to another server in the case of hardware failure, or migrate between servers that do not require 24/7 uptime for efficient hardware reuse. For UCS B-Series blade servers and C-Series rack-mount servers, allocation of UCS resources and hardware is managed at the domain level by the Cisco UCS manager. Each server in the UCS is a “logical server” that utilizes various resources as defined in the server’s service profile, and there is a one-to-one relationship between a service profile and a physical server. The service profile references hardware requirements, such as hardware identifiers, firmware, state, configuration, connectivity and behavior, but is completely separate from the physical UCS environment. Once a service profile is instantiated and associated with a given blade, rack-mount server, or server in a server pool, you configure a PXE server or map a bootable ISO image to the virtual-media CDROM drive to install the desired hypervisor or operating system (OS). See the Cisco document Cisco UCS Manager Configuration Common Practices and Quick Start Guide for details. About protecting Cisco UCS service profiles A service profile may be associated with a template and various policies. A service profile template can be used to quickly create additional service profiles. Policies can be used to enforce rules to help ensure consistency. For example, a boot policy defines how a server boots, including boot devices, methods, and boot order. Because service profiles are essential to managing the servers in your Cisco UCS environment, it is important that you protect these configurations. Unitrends leverages native Cisco UCS data protection for profile backups and restores, utilizing the Cisco XML API. Unitrends UCS profile backups capture all supported profiles, templates, pools, and policies in your UCS environment. For a description of each supported object that may be included in the UCS profile backup, see "Identifying files in UCS service profile backups" on page 691. Once you have a UCS profile backup, you can easily restore these items to quickly spin up your Cisco UCS environment in the event of a disaster, greatly reducing RTO. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 686 Note: The following objects are not included in Unitrends UCS profile backups: BIOS defaults, IPMI access policies, management firmware policies (deprecated, replaced by host firmware packages), and iSCSI authentication profiles. Note that UCS profile backups capture only service profiles, templates, pools, and policies. To protect UCS servers themselves, add them as clients to the Unitrends system and schedule filelevel and bare metal backups as needed. See "Protecting UCS blade and rack-mount servers" on page 679 for details. Data protection strategy for Cisco UCS service profiles Unitrends recommends running weekly or daily full backups of your UCS profiles, templates, pools, and policies. Differential and incremental backups are not supported. If your profile data changes frequently, you can schedule fulls to run throughout each day at any desired frequency. If you schedule the backup every few minutes, be aware that if the last backup is still running, the next backup is added to the queue and will be started once the last run completes. To set up UCS service profile protection Proceed to the following topics to set up service profile protection: Step 1: "Cisco UCS service profile protection requirements" on page 686 for a description of prerequisites that must be met in your environment. Step 2: "Adding Cisco UCS Manager clients to the Unitrends appliance" on page 687 to register the UCS manager to the Unitrends system. Step 3: "Executing and scheduling UCS service profile backups" on page 688 to run UCS service profile backups. Step 4: (Optional) "Replicating UCS service profile backups" on page 690 to set up UCS service profile backups to replicate to a replication target system. After you run backups, use the following additional procedures as needed: • "Viewing UCS service profile backups" on page 690 to see backup status and contents of a given backup. • "Restoring UCS service profile backups" on page 692 for considerations and procedures for restoring from backups. Cisco UCS service profile protection requirements Note: For an overview of the entire setup process, see "To set up UCS service profile protection" on page 686. The following requirements must be met to protect Cisco UCS service profiles, templates, pools, and policies: • • The Unitrends system must be running version 7.3.0 or higher. • The Cisco UCSM firmware must be version 2.0 or higher. The UCS environment must utilize the Cisco UCS manager for resource and hardware allocation. Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 687 Note: • • UCS manager is used for B-Series and C-Series UCS servers. Profile backups of ESeries UCS servers is not supported, but you can protect the servers in your E-Series environment. See "Working with UCS blade and rack-mount servers" on page 679 for details. The Cisco UCS manager must be turned on. The Cisco UCS manager client must be registered to the backup system with administrative trust credentials. See "Adding Cisco UCS Manager clients to the Unitrends appliance" on page 687 for details. Adding Cisco UCS Manager clients to the Unitrends appliance For instructions on adding Cisco UCS Managers to the Unitrends appliance, see: • • "To add a client to the Unitrends appliance" on page 69 "Adding a Cisco UCS Manager client" on page 75 Note: These steps can be run as a standalone procedure or as part of a larger process. For an overview of the process, see "Data protection strategy for Cisco UCS service profiles" on page 686. To run UCS service profile backups, you must first register the Cisco UCS manager to the Unitrends system. Although you add the UCS manager as a client, only application-level backups of your service profiles and other configuration objects are supported, since the UCS manager is not a server. Your Cisco UCS may be configured as a stand-alone system, or as a cluster to support failover in the event of an outage. Which IP and client name you supply when registering the UCS manager varies depending on this configuration. • The stand-alone configuration consists of one physical UCS fabric interconnect that runs a single UCS manager. To register the UCS manager as a Unitrends client, you must either supply the IP address of this node or, if DNS is setup in your environment, you can add the client by node name only. • The cluster configuration is comprised of two physical Cisco UCS fabric interconnects, one active and one standby. A UCS manager runs on each. To register the UCS manager as a Unitrends client, you must either supply the cluster IP address or, if DNS is setup in your environment, you can add the client by cluster node name only. Be sure to add the client by cluster name or cluster IP. Do not use the IP or name of either fabric interconnect. With this approach, Unitrends can connect to the UCS manager regardless of which fabric interconnect is currently active. When registering the UCS, you must supply user credentials that support native backup and restore of UCS service profiles. To ensure sufficient privilege, the user must have Cisco UCS administrator privileges. For instructions on modifying and deleting a Cisco UCS Manger client, see "About working with clients" on page 88. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 688 Executing and scheduling UCS service profile backups The following procedures are used to protect UCS service profiles, templates, pools, and policies. These procedures can be run standalone or as part of a larger process. For an overview of the process, see "To set up UCS service profile protection" on page 686. • • • • • "To execute an immediate UCS profile backup" on page 688. "To create a UCS service profile backup schedule" on page 688 "To view or modify a UCS service profile backup schedule" on page 689 "To delete a UCS service profile backup schedule" on page 689 "To enable or disable a UCS service profile backup schedule" on page 690 To execute an immediate UCS profile backup 1 In the left Navigation pane, expand the desired Cisco UCS client by clicking the arrow to its left. 2 Select the UCS Service Profile icon, then click Backup. 3 Select the 1-Time Backup tab. 4 In the Service Profiles to Protect area, check the Profiles, Templates and Policies box. If you do not see this box, click the reload arrows at the bottom to refresh the view. 5 In the UCS Service Profile Backup Type area to the right, the Full backup is selected by default. Fulls are the only supported backup type for UCS profiles. 6 By default, backups are stored on the default device. To backup to a different device, select one in the Available Devices area. 7 Click Backup at the bottom of the screen to start the backup. A single backup runs, which captures all supported service profiles, templates, and policies on the UCS. (You may also choose to restore only specific items from this backup.) For a description of each supported object the backup may include, see "Identifying files in UCS service profile backups" on page 691. To view the status of the active backup operation, select Settings > System Monitoring > Jobs. To see the status of completed backup jobs, select Reports > Backups. To create a UCS service profile backup schedule 1 In the left Navigation pane, expand the desired Cisco UCS client by clicking the arrow to its left. 2 Select the UCS Service Profile icon, then click Backup. 3 Select the Schedule Backup tab. 4 Enter a unique Schedule Name. 5 Enter a Schedule Description. (This is optional.) 6 In the Select Items area, check the Profiles, Templates and Policies box. If you do not see this box, click the reload arrows at the bottom to refresh the view. A single backup runs, which captures all supported service profiles, templates, and policies on the UCS. (You may also choose to restore only specific items from this backup.) For a description of each supported object the backup may include, see "Identifying files in UCS Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 689 service profile backups" on page 691. 7 In the Schedule area, select a backup strategy from the list. Choose Full Backups or Custom. Both enable you to schedule full backups, but the Custom option provides more granular control, such as scheduling backups on Tuesdays and Thursdays only. 8 9 Do one of the following: • For the Full Backups strategy, define the frequency at which full backups will run using the fields below. • For the Custom strategy, click the Calendar icon to define the frequency at which full backups will run by dragging the Full backup icon onto the calendar. Drag it to today’s date or later. In the Add Backup window, define the start date, start time, recurrence, and description (optional), then click Confirm. If desired, modify the minimum, maximum, and legal hold retention settings for the full backup. For details, see "About retention control" on page 121. Note: Modifying retention settings here also updates values displayed on the Backup Retention page as described in "About retention control" on page 121. 10 Click Advanced Settings and specify optional settings as desired. • • Select the backup device to which backups will be written. • Check the Email Failure Report option to receive email notification upon failure of any backup job on the schedule. • Click Confirm to save Advanced Settings. Check the Email Schedule Report option to receive email notification upon completion of the scheduled backup jobs. 11 Click Save to create the schedule. To view or modify a UCS service profile backup schedule 1 In the left Navigation pane, expand the desired Cisco UCS client by clicking the arrow to its left. 2 Select the UCS Service Profile icon, then click Backup. 3 Select the Schedule Backup tab. 4 In the Schedule Name field, select the desired schedule from the list. 5 Modify settings as desired and click Save. For a description of each setting, see "To create a UCS service profile backup schedule" on page 688. To delete a UCS service profile backup schedule Note: 1 You can also delete UCS profile schedules from the Enterprise Backup subsystem. See "To delete an Enterprise backup schedule" on page 197 for details. You must use this method if the UCS Service Profile icon is not available in the Navigation pane. In the left Navigation pane, expand the desired Cisco UCS client by clicking the arrow to its left. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 690 2 Select the UCS Service Profile icon, then click Backup. 3 Select the Schedule Backup tab. 4 In the Schedule Name field, select the desired schedule from the list. 5 Click Delete Schedule. To enable or disable a UCS service profile backup schedule Note: You can also enable and disable UCS profile schedules from the Enterprise Backup subsystem. See "Enterprise backup procedures" on page 193 for details. 1 In the left Navigation pane, expand the desired Cisco UCS client by clicking the arrow to its left. 2 Select the UCS Service Profile icon, then click Backup. 3 Select the Schedule Backup tab. 4 In the Schedule Name field, select the desired schedule from the list. 5 Do one of the following: • • 6 To enable the schedule, check the Schedule Enabled box. To disable the schedule, uncheck the Schedule Enabled box. Click Save. Replicating UCS service profile backups If you are replicating backups to a replication target, set up UCS service profile backups to replicate as described in "To replicate application backups" on page 300. UCS profile backups can be set up to replicate as a standalone procedure at any time. For an overview of the entire setup process, see "To set up UCS service profile protection" on page 686. Viewing UCS service profile backups Once you have run UCS service profile backups, use the following procedures to monitor the status of completed and active backups, as well as to view the configuration objects contained in a given backup: • • • • • • "To view backups completed in the last 7 days" on page 149 "To view backups by month" on page 149 "To view backup details" on page 149 "To find files in backups" on page 150 "To view the contents of a UCS service profile backup" on page 690 "Identifying files in UCS service profile backups" on page 691 To view the contents of a UCS service profile backup Because restoring a profile, template, pool, or policy overwrites the original if it exists on the UCS, it is recommended that you view the contents of a backup before selecting items to restore. Files contained in the UCS profile backup adhere to standard naming conventions. For example, the filename for a service profile begins with the prefix -ls. See "Identifying files in UCS service profile Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 691 backups" on page 691 for a list of file naming conventions you can use to correctly identify items in the backup that you want to restore. 1 In the left Navigation pane, expand the desired Cisco UCS client by clicking the arrow to its left. 2 Select the UCS Service Profile icon. 3 Select Reports > Backups. 4 Locate the desired backup on the Backups Report. If necessary, select a new date range from the drop-down at the bottom of the page to display more backups. 5 Select the desired backup in the grid by clicking that row. 6 In the Report Entry window, click Details for a list of items contained in the backup. 7 Click Close to exit the Details window. Identifying files in UCS service profile backups Each UCS service profile backup contains all supported service profiles, templates, pools, and policies present on the UCS at the time the backup ran. When restoring a backup, it may be necessary to select specific items. Use the following naming conventions table to identify items in a UCS profile backup. Note: The following objects are not included in Unitrends UCS profile backups: BIOS defaults, IPMI access policies, management firmware policies (deprecated, replaced by host firmware packages), and iSCSI authentication profiles. Supported Cisco UCS objects File prefix naming convention Service profiles and templates ls-* Adapter policies eth-profile* or fc-profile* BIOS policies bios-prof-* Boot policies boot-policy-* Host firmware packages fw-host-pack-* Local disk configuration policies local-disk-config-* Maintenance policies maint-* Power control policies power-policy-* Scrub policies scrub-* Serial over LAN policies sol-* Server pool policies compute-pool-* 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 692 Supported Cisco UCS objects File prefix naming convention Server pool policy qualifications blade-qualifier-* Threshold policies thr-policy-* vNIC/vHBA placement policies vcon-profile-* Sub-organizations org-* Restoring UCS service profile backups Unitrends supports restore of UCS service profile backups to the original client or to an alternate UCS manager client. With UCS service profile backups, Unitrends leverages the native Cisco XML API to perform restore operations. See the following topics to restore service profiles: • "UCS service profile restore requirements and considerations" on page 692 for things you should know before initiating a restore. • • • • • "To restore the entire UCS service profile backup to the original UCS manager" on page 692 "To restore the entire UCS service profile backup to an alternate UCS manager" on page 693 "To restore items from a UCS service profile backup to the original UCS manager" on page 694 "To restore items from a UCS service profile backup to an alternate UCS manager" on page 695 "To restore a UCS service profile backup from the replication target" on page 696 UCS service profile restore requirements and considerations Consider the following before restoring UCS service profile backups: • Service profiles, templates, pools, and policies must be restored using the original name to prevent namespace collisions. • • Restoring a profile, template, pool, or policy overwrites the original if it exists on the UCS. • Restores are performed to the original client or to an alternate UCS manager client. If you are replicating, you can restore from replicated backups. See "To restore a UCS service profile backup from the replication target" on page 696 for details. • Only one restore or backup operation per UCS manager can run at any given time. Any subsequent jobs are queued and started once the last run completes. Restoring an active profile takes down that service profile. You must restart the service profile after the restore completes. To restore the entire UCS service profile backup to the original UCS manager Use this procedure to restore the entire backup to the original UCS manager client. The backup contains all supported service profiles, templates, pools, and policies present on the UCS at the time the backup ran. Note that the restore overwrites any existing objects on the UCS that are present in the backup. To view items contained in the backup, see "To view the contents of a UCS service profile backup" on page 690. If you do not wish to restore all items, use one of the following procedures: • "To restore items from a UCS service profile backup to the original UCS manager" on page 694 Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 693 • "To restore items from a UCS service profile backup to an alternate UCS manager" on page 695 IMPORTANT! Any active service profiles that are restored are taken down by the restore process and must be restarted after the restore completes. 1 In the left Navigation pane, expand the desired Cisco UCS client by clicking the arrow to its left. 2 Select the UCS Service Profile icon, then click Restore. 3 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 4 Select a restore time and click Next (Select Files/Items). Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. The backup to restore displays in the Type column. 5 In the Restore from Backup of Client pane, click Restore. 6 To confirm you understand that active profiles will be taken down, click Yes to continue. The Restore Status page indicates whether the restore has been queued successfully. Click Okay to close. 7 To monitor the restore job, select Settings > System Monitoring > Jobs. The restore job displays in the grid. In a successful restore, the status changes from Queued to Active to Successful. 8 Once the restore completes, use the UCS manager to restart any service profiles that have been restored. To restore the entire UCS service profile backup to an alternate UCS manager Use this procedure to restore the entire backup to an alternate UCS manager client. The alternate UCS manager must be added to the backup system as a client before it can be used as a restore target. The backup contains all supported service profiles, templates, pools, and policies present on the UCS at the time the backup ran. Note that the restore overwrites any existing objects on the alternate UCS that are present in the backup. To view items contained in the backup, see "To view the contents of a UCS service profile backup" on page 690. If you do not wish to restore all items, use one of the following procedures: • • "To restore items from a UCS service profile backup to the original UCS manager" on page 694 "To restore items from a UCS service profile backup to an alternate UCS manager" on page 695 IMPORTANT! Any active service profiles that are restored are taken down by the restore process and must be restarted after the restore completes. 1 Add the alternate UCS manager to the backup system if it has not already been added as a client. See "Adding Cisco UCS Manager clients to the Unitrends appliance" on page 687 and "About adding clients" on page 69 for details. 2 In the left Navigation pane, expand the original Cisco UCS client by clicking the arrow to its left. 3 Select the UCS Service Profile icon, then click Restore. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 694 4 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 5 Select a restore time and click Next (Select Files/Items). Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. The backup to restore displays in the Type column. 6 In the Restore from Backup of Client pane, click Show Advanced Execution Options at the bottom left and select the alternate UCS manager from the Client To Which To Restore list. 7 Click Restore. 8 To confirm you understand that active profiles will be taken down, click Yes to continue. The Restore Status page indicates whether the restore has been queued successfully. Click Okay to close. 9 To monitor the restore job, select Settings > System Monitoring > Jobs. The restore job displays in the grid. In a successful restore, the status changes from Queued to Active to Successful. 10 Once the restore completes, go to the alternate UCS and use the UCS manager to restart any service profiles that have been restored. To restore items from a UCS service profile backup to the original UCS manager Use this procedure to restore selected service profiles, templates, pools, and policies to the original UCS manager. Note that service profiles are often associated with dependent templates and policies. Be sure to restore all dependent items as needed. IMPORTANT! Any item restored overwrites the original if it is still present on the UCS. Any active service profiles that are restored are taken down by the restore process and must be restarted after the restore completes. 1 In the left Navigation pane, expand the original Cisco UCS client by clicking the arrow to its left. 2 Select the UCS Service Profile icon, then click Restore. 3 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 4 Select a restore time and click Next (Select Files/Items). Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. The backup to restore displays in the Type column. 5 6 On the Restore from Backup of Client page, do one of the following: • Browse the File Selection List for desired items. Check the box to the left of each item you wish to restore. To remove all selections, click to uncheck the box to the left of the top-level directory. • Click Show Advanced File Selection to select entire folders. Click Restore. Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 695 7 To confirm you understand that active profiles will be taken down and that dependencies will not automatically be restored, click Yes to continue. The Restore Status page indicates whether the restore has been queued successfully. Click Okay to close. 8 To monitor the restore job, select Settings > System Monitoring > Jobs. The restore job displays in the grid. In a successful restore, status changes from Queued to Active to Successful. 9 Once the restore completes, use the UCS manager to restart any service profiles that have been restored. To restore items from a UCS service profile backup to an alternate UCS manager Use this procedure to restore selected service profiles, templates, pools, and policies to an alternate UCS manager. Note that service profiles are often associated with dependent templates and policies. Be sure to restore all dependent items as needed. IMPORTANT! Any item restored overwrites the original if it is present on the alternate UCS. Any active service profiles that are restored are taken down by the restore process and must be restarted after the restore completes. 1 Add the alternate UCS manager to the backup system if it has not already been added as a client. See "Adding Cisco UCS Manager clients to the Unitrends appliance" on page 687 and "About adding clients" on page 69 for details. 2 In the left Navigation pane, expand the original Cisco UCS client by clicking the arrow to its left. 3 Select the UCS Service Profile icon, then click Restore. 4 Select a Recovery Point Day from which the backup will be restored by clicking on the calendar. Available days display in bold. 5 Select a restore time and click Next (Select Files/Items). Select from available times in the Recovery Point Times table or by clicking a wedge of time on the 24-hour circle. The backup to restore displays in the Type column. 6 On the Restore from Backup of Client page, do one of the following: • Browse the File Selection List for desired items. Check the box to the left of each item you wish to restore. To remove all selections, click to uncheck the box to the left of the top-level directory. • Click Show Advanced File Selection to select entire folders. 7 Click Show Advanced Execution Options at the bottom left and select the alternate UCS manager from the Client To Which To Restore list. 8 Click Restore. 9 To confirm you understand that active profiles will be taken down and that dependencies will not automatically be restored, click Yes to continue. The Restore Status page indicates whether the restore has been queued successfully. Click 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 696 Okay to close. 10 To monitor the restore job, select Settings > System Monitoring > Jobs. The restore job displays in the grid. In a successful restore, the status changes from Queued to Active to Successful. 11 Once the restore completes, go to the alternate UCS and use the UCS manager to restart any service profiles that have been restored. To restore a UCS service profile backup from the replication target 1 Add the UCS manager to the replication target system as a client. See "Adding Cisco UCS Manager clients to the Unitrends appliance" on page 687 and "About adding clients" on page 69 for details. You will use this UCS manager client as the restore target. 2 Log in to the replication target and switch to replication view by selecting the Gear icon at the bottom of the Navigation pane, checking Show Replication view, and clicking Confirm. 3 Proceed to one of the following to restore from the replicated backup: • "To restore the entire UCS service profile backup to an alternate UCS manager" on page 693 • "To restore items from a UCS service profile backup to an alternate UCS manager" on page 695 Legacy Recovery-Series and UEB Administrator's Guide Chapter 29: Cisco UCS Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 697 Chapter 30: AIX Protection This chapter describes additional considerations and procedures specific to AIX clients. See the following topics for details: • • • • • "AIX agent versions" on page 697 • "Uninstalling protection software on AIX client" on page 698 "AIX agent restrictions" on page 697 "Installing protection software for AIX" on page 697 "Working with AIX clients " on page 698 "AIX client backup and restore" on page 698 AIX agent versions The protection software for AIX clients allows you to backup, verify, and restore AIX server data. Before installing an AIX agent, make sure your AIX system is using a supported operating system version. For supported versions, see the Unitrends Compatibility and Interoperability Matrix. Download the applicable AIX agent from the Latest Agent Releases page on the Unitrends website. AIX agent restrictions Encrypted file systems are not supported. Installing protection software for AIX Log in to the AIX server(s) as root. Edit both the hosts file on the AIX server(s) and the system to add the name and IP address of the system into the hosts file on the AIX server(s), and to add the name and IP address of the AIX server(s) into the hosts file on the system. Download the AIX client from the appropriate location (see chart above) into the /tmp folder on the AIX client. Execute the following commands to begin the installation of the AIX client: chmod 755 /tmp/aix5_cnt /tmp/aix5_cnt The installation will take you through the steps necessary to install the package. You will be asked to specify the directory location where the software will be installed. If this is a reinstall, you will be asked if you wish to overwrite certain files. Type the interrupt character or press return to continue. The files will be moved to their permanent location. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 30: AIX Protection 698 When the configuration process finishes, you will be prompted to reboot the AIX server to complete the installation. Working with AIX clients Once you have installed the agent, you are ready to register your AIX client. For instructions on adding AIX servers to the Unitrends appliance, see "About adding clients" on page 69. For instructions on modifying and deleting an AIX client, see "About working with clients" on page 88. AIX client backup and restore The AIX client supports file-level backups and restores. To perform file-level backups and restores, use the Administrator Interface. For additional information, use the context-sensitive Help in the Administrator Interface: About > Help. A reboot is required after a restore which restores system files. Uninstalling protection software on AIX client To uninstall the protection software from an AIX system, run the following command: /usr/bp/uninstall Legacy Recovery-Series and UEB Administrator's Guide Chapter 30: AIX Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 699 Chapter 31: HP-UX Protection This chapter describes additional considerations and procedures specific to HP-UX clients. See the following topics for details: • • • • "Supported HP-UX operating systems" on page 699 • • "Backup and restore for HP-UX clients" on page 700 "HP-UX agent versions" on page 699 "Installing the HP-UX agent" on page 699 "Working with HP-UX clients" on page 700 "Uninstalling HP UNIX client protection software " on page 700 Supported HP-UX operating systems Protecting HP-UX with Unitrends allows you to backup, archive, and restore HP-UX server data. Before proceeding with HP-UX installation and configuration, make sure your HP-UX system is using a supported operating system version. For supported versions, see the Unitrends Compatibility and Interoperability Matrix. HP-UX agent versions For HP-UX installation, access is needed to the HP-UX client(s) on the same network as the backup system. Log in to the client machine as root and download the required software from the location above. Before starting the installation process, make sure that you have the system name in the local host table or the TCP/IP system setup to use a DNS with the backup system known to it. Have the client server in the host table on the system if not using DNS. Installing the HP-UX agent Download the applicable HP-UX agent from the Latest Agent Releases page on the Unitrends website. After downloading the agent from the Unitrends website, perform the following procedure. To install the HP-UX agent This section explains how to install the HP-UX agent. The 8.0 HP-UX agent includes performance enhancements and extends support to HP-UX 11. 1 Download the appropriate agent installer to the HP-UX machine that you want to add to the Unitrends system. (Go to the Latest Agent Releases page to download the installer.) 2 Log in to the HP-UX client as root user. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 31: HP-UX Protection 700 3 Change to the working directory where you have saved the agent installer, and run the command ls -l to view the installer file and determine whether you have execute permission. If necessary, add execute permission using the command: chmod +x 4 Begin the installation be executing the file: ./ 5 Press Enter to accept the default directory (/usr/bp). 6 Enter the hostname of the system. 7 If using a low, medium or high security setting on the system, enter y when asked if the client and the server (backup system) are separated by a firewall. This forces data communication between the system and the client to use port 1745. 8 When prompted, press Enter. Your agent installation is complete. Register the client to your Unitrends backup system to begin protecting it. Working with HP-UX clients Once you have installed the agent, you are ready to register your HP-UX client. For instructions on adding HP UNIX clients to the Unitrends appliance, see "About adding clients" on page 69. For instructions on modifying and deleting an HP UNIX client, see "About working with clients" on page 88. Backup and restore for HP-UX clients Note the following considerations for backing up HP-UX clients with Unitrends: • • Only file-level backups are supported. Bare metal backups are not supported. Incremental backups are not supported. For general information and instructions on backing up and restoring your HP-UX clients, see the following chapters: • • "File-level Backups" on page 159 "Restoring File-level Backups" on page 345 Uninstalling HP UNIX client protection software To uninstall the protection software from an HP-UX system, run the following command: /usr/bp/uninstall Legacy Recovery-Series and UEB Administrator's Guide Chapter 31: HP-UX Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 701 Chapter 32: iSeries Protection System software for the iSeries is a product designed to aid in the recovery of lost or corrupted files on this platform. This application can be used to backup many types of libraries and objects, including security and configuration files, user programs and the Integrated File System (IFS). This chapter describes additional considerations and procedures specific to iSeries clients. See the following topics for details: • • • "Getting started with iSeries protection" on page 701 • • • • • • • "The iSeries backup menu" on page 704 "iSeries master backup and restore considerations" on page 703 "iSeries backup operation" on page 704 "iSeries profile" on page 705 "iSeries backup now option" on page 705 "Schedule an iSeries backup" on page 705 "iSeries restore operation" on page 706 "iSeries disaster recovery" on page 706 "iSeries log files" on page 706 Getting started with iSeries protection Protection for the iSeries platform is agentless. This means that installation of protection software is not required. All backups are placed on the default disk device on the system. A default disk device must be set before initiating an iSeries backup. The iSeries software uses the FTP protocol in order to backup files from the iSeries to the system. Therefore, the FTP Server must be configured and running on the iSeries. Before protecting your iSeries client, be sure you are running a supported version. For supported versions, see the Unitrends Compatibility and Interoperability Matrix. Performance of iSeries protection is influenced heavily by the following: • • • • Commercial Processing Workload (CPW) of the iSeries server(s) Amount of library data Amount of Integrated File System (IFS) data Available network bandwidth For recommendations on performance enhancements for the iSeries FTP server, access the following link: http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzaiq/rzaiqsubsystem.htm 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 32: iSeries Protection 702 After configuring iSeries backups, the iSeries server name(s) can be seen in the Clients screen on the Administrator Interface. You cannot modify any client attributes using this interface, including enabling synchronization and/or encryption. All client settings are applied while creating the iSeries backup profile (described later in this chapter). iSeries OS versions supported are V5R3, V5R4, V6R1, and V7R1. Space requirements and maximum file size for successful backup There must be adequate disk space available on your iSeries client for a backup to complete successfully. When the backup runs, it backs up the library file system using one thread and the integrated file system (IFS) using a second thread. Normally, these threads run in parallel for increased performance. For each thread a SAVF file is created in QTEMP, which consumes disk space. You must have enough available disk space to create these SAVF files or the backup fails. Note: At a minimum, the following amount of space must be available for parallel processing is equal to the size of the largest library + size of the largest IFS file. If you do not have enough space for parallel processing, alternatively, you can use serial processing. For serial processing you need space equal to the size of the largest library or equal to the size of the largest IFS file, whichever is greater. See "To modify maximum file size and processing mode" on page 702 for details on switching to serial processing. If any IFS file exceeds 500MB, that file is backed up individually and will not be part of a directory archive. If you would like to prevent this, you can increase the MaxBlockSize setting so that larger directory archives can be created. Increase the MaxBlockSize setting to accommodate the largest IFS directory. To modify maximum file size and processing mode 1 From the Unitrends backup system, select Settings > System, Updates, and Licensing > General Configuration [Advanced]. 2 Select the iSeries Agent folder. 3 To modify the processing mode, click Threading to change this setting. Set to 1 for parallel or 0 for serial, then click Confirm to save. 4 To modify the maximum file size, Click MaxBlockSize and enter the desired size in bytes. Click Confirm to save. 5 • To avoid backing up files individually, set this value to accommodate the largest IFS directory. • • To use an unlimited MaxBlockSize, set this value to -1. To back up all files individually, set this value to 0. Click Close to exit. Legacy Recovery-Series and UEB Administrator's Guide Chapter 32: iSeries Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 703 iSeries master backup and restore considerations There are certain operational considerations that must be taken into account when performing a master backup and subsequent master restore. To begin, system software cannot backup all iSeries data, such as licensed internal code and certain system libraries. Therefore, the iSeries software is not intended to perform as a bare metal product and cannot recover a system to its original state in the event of hardware or software failure. To enable disaster recovery, it is recommended that a GO SAVE option 21 or option 22 system backup is also performed periodically e.g. monthly as a supplemental system backup to ensure current critical files are available. For more information on GO SAVE command options access IBM’s Infocenter site at: http://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/rzarm/rzaiurzaiu209.htm The iSeries software invokes the save-while-active option when performing backup operations. These operations require a brief lock in order to reach a stable checkpoint. An object with a prolonged conflicting lock may not be able to reach a valid checkpoint. When a library contains an object that fails to reach a checkpoint the default behavior is to skip the entire library. This behavior may be changed to backup the remainder of the library and skip only the objects that failed to reach a checkpoint. In this case it is logged that N files were not saved but the names of specific files skipped cannot be determined. This behavior can be changed by selecting Settings > System, Updates, and Licensing > General Configuration > Debugging and changing the iSeriesprecheck field from 1 (default) to 0. If an object is consistently skipped in this manner it may be a protected system object. In this case it can only be backed up in a restricted state. Be sure to carefully configure your iSeries exclude list to properly identify the operating system files that are active and therefore should not be included in the master or incremental backup. Active iSeries files which cannot reach a suitable checkpoint will be excluded from the backup. The backup and restore operations must run without conflict or interruption. There should be no other active jobs running during execution of a backup or restore job. Use the WRKACTJOB command to monitor all active jobs on the iSeries. With Unitrends version 7.1 and higher, iSeries backups can be restored to the original server or to an alternate iSeries server. For earlier Unitrends versions, only restores to the original iSeries server are supported. The following security guidelines should be adhered to prior to executing a master backup or restore. The user performing the master backup or restore should, at a minimum, have *SECADM privileges added to their profile. Files to be restored must have read-write attributes. This is accomplished on the OS400 operating system by granting object authority to the user performing the restore command. Following is an example of modifying security privileges in the QGPL and QUSRSYS libraries for user QSECOFR: GRTOBJAUT OBJ(QGPL/*ALL) OBJTYPE(*ALL) USER(QSECOFR) AUT(*ALL) GRTOBJAUT OBJ(QUSRSYS/*ALL) OBJTYPE(*ALL) USER(QSECOFR) AUT(*ALL) Finally it Is important to understand that iSeries backups are not encrypted on the system and backups are compressed post-transmission. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 32: iSeries Protection 704 iSeries backup operation There can only be one backup operation running at any given time. Therefore, before initiating a backup, either manually or from within a schedule, check to ensure that there are no active backup or restore jobs running. Before working with the iSeries backup feature, make sure a default D2D device is set using Settings > Storage and Retention > Backup Devices in the backup system. There are two pseudo objects in the iSeries backup: /Security Data – contains the save file from the SAVSECDTA command. It is implicitly included on backup and restore operations and must be explicitly excluded if you do not want to back it up or restore it. Unless excluded, it will always be the first object in the backup file. If it is restored (which is via the RSTUSRPRF command) then a RSTAUT command will be executed after everything else is restored. /System Configuration – contains the save file from the SAVCFG command. It is implicitly included on backup and restore operations and must be explicitly excluded if you do not want to back it up or restore it. Unless excluded, it will appear before any other objects, except /Security Data, in the backup file. It is restored using the RSTCFG command. Access the iSeries backup menu by clicking iSeries from within the system interface. Wildcard characters are supported in the following scenarios: • • • Backup Include List: Object Name Backup Exclude List: Path Name Backup Exclude List: Object Name Wildcards are not supported in the following scenarios: • • Backup Include List: Path Name Any restore Supported wildcards include: • • • • • • *: Zero or more characters ?: Exactly one character [abc]: Exactly one character from list [a-c]: Exactly one character from range [!abc]: Exactly one character not from list [!a-c]: Exactly one character not in the range The iSeries backup menu Using the iSeries backup menu you are able to create profiles, initiate an immediate backup, schedule backups, and perform restore operations. Legacy Recovery-Series and UEB Administrator's Guide Chapter 32: iSeries Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 705 iSeries profile Note: If a user changes credentials on a particular server while performing an on-demand backup, the original profile for that server becomes invalid and will therefore need to be recreated. Failure to recreate the profile in this case will cause operation failure. Select Create Profile to enter the Manage Profiles menu. To create or manage a profile, the iSeries system you wish to backup must already be configured on your network and accessible via DNS or be entered into the system’s hosts file. When entering the Manage Profiles menu, input the name of the iSeries client being backed up. A prompt for a user name and password is displayed. The system tests the connection to the iSeries system before continuing. Once the connection is verified, you are asked if you would like to sync the backup to a Data Protection Vault. If replicating your iSeries backups, answer yes, otherwise, no. You will be offered two options for backup, a Saturday master, daily incremental or a daily selective. Select the backup you wish to use in the profile you are creating. After selecting your backup type, you will need to provide a list of the objects to exclude (master/incremental/selective) from or include (selective) in your backup. Specify the complete pathname for each object and enter only one object per line. Note that object names are case sensitive and should be entered exactly as they appear on the iSeries. When you have completed your exclude or include list, type q to proceed. After entering your exclude or include list, you will be given the option to use the profile you are creating as the default iSeries profile for On-Demand backups from the Administrator Interface. iSeries backup now option To launch an immediate backup, select 1-Time Backup. This will present you with the option to select a pre-existing profile or create a temporary profile to execute. If you choose not to use a preexisting profile you may reference the iSeries Profile section to aid you in creating your temporary profile. You may now initiate your backup. Multiple backups can be initiated by changing the Threading option from the iSeries Agent menu in the Administrator Interface with Settings > System, Updates, and Licensing > General Configuration > iSeriesAgent. Schedule an iSeries backup To schedule an iSeries backup, select Schedule. From this menu you will be able to select a profile to use for your backup and create a schedule, remove iSeries schedules and view a list of scheduled backups. You can have multiple scheduled backups. Once you have selected a profile for your schedule, you will see client and backup type information. Confirm that this information is accurate before creating your schedule. Create your schedule by providing the hour of the day you wish the backup to run. You can view a list of your schedules by selecting the View List of Scheduled Backups option. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 32: iSeries Protection 706 iSeries restore operation Use the procedures in this section to restore an iSeries backup. With Unitrends version 7.1 and higher, you can restore to the original server or to an alternate iSeries server. For earlier Unitrends versions, only restores to the original iSeries server are supported. To restore data to an iSeries system, select Restore. This launches the Restore menu from which you select the iSeries system to which you will be restoring data. After selecting the server to which you will be restoring data, you will have the option of doing a full or selective restore. If you choose to perform a full restore, you will be given the option to enter a list of files you wish to exclude from your restore. Please specify the full path of the filename you want to exclude with one entry per line. When your list is complete, type q to end your list and launch your restore. If you choose to perform a selective restore, you will be given the option to enter a list of files you wish to include in your restore. Please specify the full path of the filename you want to include with one entry per line. You may optionally restore Libraries and IFS objects to an alternate location. Please specify the full path of the destination or leave blank to restore to the original location. When your list is complete, type q to end your list and launch your restore. There can only be one restore operation running at any given time. Therefore, before initiating a restore, check to ensure that there are no active backup or restore jobs running. iSeries disaster recovery To recover the iSeries from a catastrophic state, you must first restore the OS and Licensed Internal Code from your supplemental system backup. After this, you may perform a restore of the master backup to obtain data. However, the bare metal restore solution is not available for this platform. iSeries log files Log files are stored on the system for each backup and restore operation. They are located in the /usr/bp/logs.dir directory. Logs are recycled for each operation. Therefore if logs are to be saved for future use they must be renamed to a different file name. The following naming conventions are used for the various operations: • • • • iSeries_backupXXXX.log is the log for a backup operation. iSeries_restoreXXXXX.log is the log for a restore operation. iSeries_sched_XXXX.log is created when a schedule is saved. iSeries_configXXXX.log is written when a profile is created. The iSeries logging level can be configured under the debugging section of the Settings file. The Settings file can be accessed in the backup system by selecting Settings > System, Updates, and Licensing > General Configuration. Log files can be moved from the system using a third party product such as WinSCP. Legacy Recovery-Series and UEB Administrator's Guide Chapter 32: iSeries Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 707 Chapter 33: Linux Protection This chapter describes considerations and procedures specific to Linux clients. Unitrends software protects most Linux distributions, including CentOS, Debian, Fedora (hot bare metal not supported), Red Hat, SUSE, and Ubuntu. See the following topics for details about protecting Linux clients: • • • "Linux agent versions" on page 707 • "Configuring a Linux firewall to allow communication with the Unitrends backup system" on page 713 • • • • "Working with Linux clients" on page 713 "Installing the Linux agent" on page 708 "About Linux agent dependencies" on page 711 "File-level backup and restore for Linux clients" on page 713 "Bare metal backup and disaster recovery for Linux clients" on page 717 "Uninstalling Linux protection software " on page 718 Supported Linux distributions Unitrends software protects most Linux distributions. For a list of supported distributions, see the Unitrends Compatibility and Interoperability Matrix. Linux agent versions Before registering a Linux client to the Unitrends system, you must install a Linux agent. For all supported distributions, you can use GZEXE installers, and in some instances, you might need to install dependencies before installing the agent. For CentOS, Oracle Linux, and Red Hat clients, you can use RPM-based installers that automatically install all necessary dependencies (releases 7.4 and higher). For Ubuntu clients, you can use dpkg-based installers that install all necessary dependencies (releases 7.4 and higher). See the table "Linux distributions and agent installers" on page 708 to determine which installer to use for your Linux client. You can download the agent installers from the Latest Agent Releases page on the Unitrends website. You might not see an agent for the particular Linux distribution that you are using, but if it is a supported distribution listed in the Unitrends Compatibility and Interoperability Matrix, the standard Linux agent will work with your machine. For Oracle Linux clients, use the CentOS or Red Hat agent. For instructions on installing the Linux agent, see "Installing the Linux agent" on page 708. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 33: Linux Protection 708 Linux distributions and agent installers Linux distributions Agent installers CentOS Oracle Linux Red Hat RPM-based installers (releases 7.4 and higher) All 32-bit and 64-bit distributions listed in the Unitrends Compatibility and Interoperability Matrix GZEXE installers Ubuntu dpkg-based installers (releases 7.4 and higher) Installing the Linux agent Installation procedures for the Linux agent vary depending upon the Linux distribution. You can perform the installations using core utilities, and for Ubuntu clients, you can use also the GDebi tool for a simpler installation procedure. For details about different agent versions, see "Linux agent versions" on page 707. See the following topics for instructions on installing the Linux agent: • • • "To install the Linux agent" on page 708 "To install the Linux agent for CentOS, Oracle Linux, and Red Hat clients" on page 709 "Installing the Linux agent for Ubuntu clients" on page 710 To install the Linux agent This section explains how to install the agent using GZEXE installers, which are available for all supported Linux distributions. If the agent requires dependencies, the installer stops the installation and lists the required dependencies. For CentOS, Oracle Linux, and Red Hat clients, it is recommended that you use RPM-based installers. For instructions, see "To install the Linux agent for CentOS, Oracle Linux, and Red Hat clients" on page 709. For Ubuntu clients, it is recommended that you use dpkg-based installers. For instructions, see "Installing the Linux agent for Ubuntu clients" on page 710. 1 Save the appropriate agent installer on the Linux machine that you want to add to the Unitrends appliance. You can download the installer from the Latest Agent Releases page on the Unitrends website. 2 Open a terminal, and log in as root user. 3 Change directories to the location where you have saved the agent installer, and run the command ls -l to view the installer file and determine whether you have execute permission. If necessary, add execute permission using the command: chmod +x 4 Perform one of the following depending on whether you are using a 32-bit or 64-bit installer: • For a 32-bit installer, run the command: Legacy Recovery-Series and UEB Administrator's Guide Chapter 33: Linux Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 709 ./lnx32_cnt • For a 64-bit installer, run the command: ./lnx64_cnt Skip to step 6 below if the installation begins without prompting you to install dependencies. Proceed to step 5 below if the installer prompts you to install dependencies. 5 Install dependencies if necessary. The installer notifies you of any dependencies the agent needs. The dependencies listed are the resources needed and not the name of the package that you must install. For more about locating and installing dependencies, see "About Linux agent dependencies" on page 711. Run the appropriate command from step 4 on the previous page after installing the necessary dependencies. 6 (Optional) If you wish to protect Oracle databases, install a Samba client. Otherwise, a Samba client is not a dependency. You can download the necessary packages from the Latest Agent Releases page on the Unitrends website. For more information, see "Needed dependencies for Oracle" on page 712. 7 Enter the hostname for the backup system that will protect the client. 8 If you are using a firewall, you must configure the firewall to allow the Unitrends backup system to communicate with the Linux machine before registering it to the system. For details, see "Configuring a Linux firewall to allow communication with the Unitrends backup system" on page 713. 9 Register the client to your Unitrends backup system to begin protecting it. For instructions, see "Working with Linux clients" on page 713. To install the Linux agent for CentOS, Oracle Linux, and Red Hat clients For CentOS, Oracle Linux, and Red Hat clients, you can use RPM-based installers that often automatically install the necessary dependencies if connected to a remote repository. 1 Save the appropriate agent installer on the Linux machine that you want to add to the Unitrends appliance. You can download the installer from the Latest Agent Releases page on the Unitrends website. Note: For Oracle Linux clients, download the CentOS or Red Hat agent installer. 2 Open a terminal, and log in as root user. 3 Change directories to the location where you have saved the agent installer. 4 Perform one of the following depending on whether you are using a 32-bit or 64-bit installer: • For a 32-bit client, run the command: yum localinstall --nogpgcheck unitrends-linux-agent-..i386.rpm • For a 64-bit client, run the command: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 33: Linux Protection 710 yum localinstall --nogpgcheck unitrends-linux-agent-..x86_64.rpm 5 Install the dependencies if necessary. See "About Linux agent dependencies" on page 711. 6 (Optional) If you wish to protect Oracle databases, install a Samba client. Otherwise, a Samba client is not a dependency. You can download the necessary packages from the Latest Agent Releases page on the Unitrends website. For more information, see "Needed dependencies for Oracle" on page 712. 7 If you are using a firewall, you must configure the firewall to allow the Unitrends backup system to communicate with the Linux machine before registering it to the system. For details, see "Configuring a Linux firewall to allow communication with the Unitrends backup system" on page 713. 8 Register your machine to the backup system to begin protecting it. For instructions, see "Working with Linux clients" on page 713. Installing the Linux agent for Ubuntu clients For Ubuntu clients, you can use dpkg-based installers that often automatically install all necessary dependencies if connected to a remote repository. You can choose to install the agent using core utilities or the GDebi tool. If you install using core utilities, you must run two commands if the necessary dependencies have not been installed on your Ubuntu machine. If you use the GDebi tool, one command installs the agent and all necessary dependencies. For instructions, see the following topics: • • "To install the Linux agent for Ubuntu clients using core utilities" on page 710 "To install the Linux agent for Ubuntu clients using GDebi" on page 711 To install the Linux agent for Ubuntu clients using core utilities For Ubuntu clients, you can use dpkg-based installers that install all necessary dependencies. Note: This procedure might require you to run two commands. The first command installs the agent if the necessary dependencies are already installed on the client. If the agent requires dependencies, the second command in this procedure installs them and then installs the agent. If you have installed the GDebi tool on the client, you can use it to install the agent using only one command. For details, see "To install the Linux agent for Ubuntu clients using GDebi" on page 711. 1 Save the appropriate agent installer on the Linux machine that you want to add to the Unitrends appliance. You can download the installer from the Latest Agent Releases page on the Unitrends website. 2 Open a terminal and change directories to the location where you saved the agent installer. 3 Perform one of the following depending on whether you are using a 32-bit or 64-bit installer: • For the 32-bit installer, run the command: sudo dpkg -i unitrends-linux-agent--.i386.deb • For the 64-bit installer, run the command: Legacy Recovery-Series and UEB Administrator's Guide Chapter 33: Linux Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 711 sudo dpkg -i unitrends-linux-agent--.amd64.deb 4 Skip to step 5 below if the agent installed successfully. If the installer stopped because the agent requires dependencies, run the following command to install all the necessary dependencies: sudo apt-get install -f 5 If you are using a firewall, you must configure the firewall to allow the Unitrends backup system to communicate with the Linux machine before registering it to the system. For details, see "Configuring a Linux firewall to allow communication with the Unitrends backup system" on page 713. 6 Register your machine to the backup system to begin protecting it. For instructions, see "Working with Linux clients" on page 713. To install the Linux agent for Ubuntu clients using GDebi To install the agent with this procedure, you must have installed the GDebi package on your Ubuntu clients. Installation of the agent using GDebi requires only one command. To install the agent using core utilities, see "To install the Linux agent for Ubuntu clients using core utilities" on page 710. 1 Save the appropriate agent installer on the Linux machine that you want to add to the Unitrends appliance. You can download the installer from the Latest Agent Releases page on the Unitrends website. 2 Open a terminal and change directories to the location where you saved the agent installer. 3 Perform one of the following depending on whether you are using a 32-bit or 64-bit installer: • To install the 32-bit agent, run the following command: sudo gdebi unitrends-linux-agent--.i386.deb • To install the 64-bit agent, run the following command: sudo gdebi unitrends-linux-agent--.amd64.deb 4 If you are using a firewall, you must configure the firewall to allow the Unitrends backup system to communicate with the Linux machine before registering it to the system. For details, see "Configuring a Linux firewall to allow communication with the Unitrends backup system" on page 713. 5 Register your machine to the backup system to begin protecting it. For instructions, see "Working with Linux clients" on page 713. About Linux agent dependencies When using GZEXE installers to install the Linux agent, you might need to install additional libraries. (To determine which installer to use, see "Linux agent versions" on page 707.) If this is the case, the installer stops the installation and lists the required dependencies. The dependencies it lists are the resources needed and not the name of the package you must install. The table below identifies the packages containing the commonly needed dependencies. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 33: Linux Protection 712 Dependencies by operating system In version 8.0 and later, the following dependencies are required to protect Red Hat Linux environments. These dependencies replace XINETD, which was a dependency for earlier versions. Operating System Red Hat 5 i386 Dependencies • • vixie-cron tcp_wrappers Packages are located on the installation media. Red Hat 5 x86_ 64 • • vixie-cron tcp_wrappers Packages are located on the installation media. Red Hat 6 i386 • ed Packages are located on the installation media. Red Hat 6 x86_ 64 • • • ed glibc.i686 nss-softokn-freebl.i686 The following packages might need to be updated to match the version of a new dependency. • • • glibc.x86_64 (must match glibc.i686) glibc-common.x86_64 (must match glibc.i686) nss-softokn-freebl.x86_64 (must match nss-softokn-freebl.i686) Packages are located on the installation media. Needed dependencies for Oracle Samba is only used to protect Oracle with application backups. Therefore, in version 8.0 and later it is no longer considered a dependency. The Samba packages listed below only need to be installed if you wish to protect Oracle data. You can download them from the Latest Agent Releases page on the Unitrends website. You can also access them from the installation media. For assistance with these packages, you can download the Oracle Dependency plug-in from the Latest Agent Releases page on the Unitrends website. You must install the Linux agent before you can install this plug-in. Depending on your Linux distribution, the Oracle Dependency for CentOS or Red Hat. The table below provides details about the Samba packages needed for Oracle protection. Legacy Recovery-Series and UEB Administrator's Guide Chapter 33: Linux Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 713 Dependency Package name mount.cifs • samba-client (for Red Hat 5, Oracle Linux 5, and CentOS 5) • cifs-utils (for most other Linux distributions) Configuring a Linux firewall to allow communication with the Unitrends backup system If you are protecting a Linux machine with a firewall, you must configure the firewall to allow communication with the Unitrends backup system before you can register the Linux machine as a client. Follow the instructions below to perform the necessary configurations. To configure a Linux firewall to allow communication with the Unitrends backup system 1 Modify the Linux machine’s firewall settings to allow ports 1743 and 1745. 2 Open a terminal or text editor with root access and log in as root. 3 Run the following command: /usr/bp/bin/bputil -p “Configuration Options” data 1745 /usr/bp/bpinit/master.ini For more information about how the Unitrends backup system uses ports, see "Open ports and security levels" on page 132. 4 Register the Linux machine using the instructions described in "Working with Linux clients" on page 713. Working with Linux clients Once you have installed the agent, you are ready to register your Linux client. Beginning with Unitrends release 7.3, you have the option of using DNS or IP to register Linux clients. The name must be limited to 31 characters, and it must be resolvable using DNS or the host table of the Unitrends system. For instructions on adding a Linux client to the Unitrends appliance, see "About adding clients" on page 69. For instructions on modifying and deleting a Linux client, see "About working with clients" on page 88. File-level backup and restore for Linux clients For Linux clients, file-level backups with Extended Attributes are supported. For additional information see the "File-level Backups" chapter. Note: The maximum file pathname size for Linux is 4 KB. File pathnames that exceed this limit are not included in the backup. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 33: Linux Protection 714 See the following topics for more information about file-level backups, selection lists, and restores for Linux clients: • • • "Linux selection lists" on page 714 "Pre- and post-backup commands for Linux clients" on page 717 "Linux restore considerations" on page 717 Linux selection lists When protecting Linux clients, the selection list options are different than the generic behaviors described in the File-level Backups chapter. Like all client types, inclusion lists for selective backups and exclusion lists for full, differential, and incremental backups are supported. However, for Linux clients with agent 8.0 or higher, inclusion lists are also supported for full, incremental, and differential backups. Any selection lists applied to a Linux full backup must be applied to all subsequent incremental and differential backups in the backup group. For more information, see "Using selection lists with full, differential, and incremental backups" on page 165. Note: Any backup group using an inclusion list is ineligible for bare metal recovery. Create bare medal media for the full disk. Inclusion lists can then be applied to client aliases. For more information, see "Working with client aliases" on page 198. Exclusion lists for Linux clients Similar to all client types, exclusion lists can be created for full, differential, and incremental backups of Linux clients. Wildcards are not supported for Linux clients. For more information, see "Uses for selection lists" on page 164. The following topics describe Linux exclusion lists: • • "Additional considerations for Linux excludes " on page 714 "Default exclusions from file-level backups of Linux clients" on page 714 Additional considerations for Linux excludes Note the following considerations when applying exclusions to Linux clients: • By default, the system excludes certain Linux directories from backup. For details, see "Default exclusions from file-level backups of Linux clients" on page 714. • Exclusions for Linux clients omit the files from the backup but do not prevent the system from checking these excluded files for changes when identifying data for incremental or differential backups. If you are excluding directories containing large amounts of highly changeable data, it is recommended that you also implement the exclusion in KB 2779. • The maximum number of files you can exclude is 256. The maximum number of directories you can exclude is also 256. The maximum total number of exclusions is 512. If these limits are exceeded, the list is ignored and the backup runs without excluding files. Default exclusions from file-level backups of Linux clients By default, certain directories and files are excluded from file-level backups of Linux. These exclusions are in addition to any exclusions you have applied to the Linux client’s backups. Legacy Recovery-Series and UEB Administrator's Guide Chapter 33: Linux Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 715 Note: If you need to include any of the system-excluded directories in your environment, see KB 2781. Default Linux directories excluded from backup: • • • • • • • • • any network mounts /proc /sys /var/tmp /home/*/.gvfs /var/lib/nfs /rpc_pipefs /lib/modules/*/volatile/* /usr/bp/incremental_forever Inclusion lists for Linux clients Beginning with version 8.0, inclusion lists are supported for full, incremental, and differential backups of Linux clients. Wildcards are not supported. The selection lists applied to a Linux full backup must be applied to all subsequent incremental and differential backups. IMPORTANT! Both the Unitrends appliance and the Linux agent must be version 8.0 or higher. Backups with an inclusion list will contain only files that meet the inclusion criteria. Run a new full upon creating or modifying an inclusion list for the client. Example uses for inclusion lists for Linux full, differential, or incremental backups include: • Prevent accidental inclusion of unwanted external volumes. For example, if someone adds a USB drive or maps an external file system, this is included in subsequent file-level backups. • Include only certain volumes or paths that have important data without losing the ability to capture only changes in subsequent incremental or differential backups. (Using the selective backup type would not allow for incrementals and differentials of included data.) • Configuring the list of what to include is easier than specifying what to exclude from a backup. To specify includes for full, differential, and incremental backups of Linux clients 1 Do one of the following: • • Complete step 1 on page 168 - step 3 on page 167 in "To run a one-time backup". Complete step 1 on page 168 - step 6 on page 168 in "To create a backup schedule". 2 Click Open Client-Specific File System Selection. 3 Browse through the folders and select the appropriate volumes or folders. 4 Click Add to add your selection to the list. Repeat this process until you complete your include list. (If you want to remove a selection or remove all of your selections from the Selection List, click 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 33: Linux Protection 716 on an item in the Selection List and click Remove or Remove All prior to clicking Confirm.) 5 When finished, click Confirm to save. 6 Do one of the following: • • Continue with step 5 on page 168 in "To run a one-time backup". Continue with step 8 on page 169 in "To create a backup schedule". Inclusion and exclusion list combinations for Linux clients Beginning with version 8.0, combinations of inclusion and exclusion lists are supported for full, incremental, and differential backups of Linux clients. Wildcards are not supported. Both the Unitrends appliance and the Linux agent must be version 8.0 or higher, and the selection lists applied to the full backup must also be applied to all subsequent incremental and differential backups. For full, differential, and incremental backups, you can select includes and then specify excludes at either the Enterprise or client level. For selective backups, you can select includes and then specify excludes at the Enterprise level only. The following topics describe Linux inclusion and exclusion lists used together: • • • "Linux full backup with an inclusion and exclusion list combination" on page 716 "When to use inclusion and exclusion list combinations" on page 716 "To specify includes and excludes for Linux clients" on page 717 Linux full backup with an inclusion and exclusion list combination When running an on-demand backup or creating a backup schedule for Windows or Linux clients, you can specify the files to include and then choose a subset of selected files to exclude. If you create both an inclusion list and an exclusion list, the inclusion list is applied first. The exclusion list is then applied to define a subset of included files to omit. In the graphic below, the inclusion list determines that the /usr/docs drive should be included, and then the exclusion list is used to exclude a subset of the included files: F1.tmp and F2.tmp. When to use inclusion and exclusion list combinations Example uses for inclusion and exclusion list combinations for Linux full, differential, and Legacy Recovery-Series and UEB Administrator's Guide Chapter 33: Linux Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 717 incremental backups include: • Include a training folder that contains training videos, then exclude all Word and PowerPoint files within the folder. For example, the training department is updating all of their training videos due to new requirements, and they want to back up all of their video-related files except for companion Word and PowerPoint documents. • Include a particular volume, then exclude a folder within that volume. For example, you want to backup your /usr/docs drive, but you want to exclude the /usr/docs/Status Reports folder. To specify includes and excludes for Linux clients 1 2 Create an inclusion list for the Linux client. • To create the list at the client level, see "To specify includes for full, differential, and incremental backups of Linux clients" on page 715. • To create the list at the Enterprise level, see "To create a selection list" on page 183. Create an exclusion list for the same Linux client. • • To create the list at the client level, see "To specify excludes" on page 172. To create the list at the Enterprise level, see "To create a selection list" on page 183. Pre- and post-backup commands for Linux clients You can enter pre- and post-backup commands for Linux clients using the "Backup option procedures" on page 187. For instructions on using backup options, see "About backup options" on page 187. Running long pre- and post-backup commands can cause backups to fail. To prevent this, adjust the timeouts in the client’s full master.ini file as described in KB 3107. Linux restore considerations When performing a Linux point-in-time restore or restoring a Linux master backup, it is recommended to exclude the /boot directory. If you do not exclude /boot, this directory is overwritten during the restore process and the client may no longer boot. For details on restoring with exclusions, see "Excluding files from the restore" on page 346. Bare metal backup and disaster recovery for Linux clients For Linux clients, a bare metal boot CD and master backups are used for disaster recovery. See "Bare Metal for Linux" on page 787 for details. Note: For VMware clients running Linux, the VM must be configured to use the E1000 network adapter and its SCSI controller must use LSI parallel logic. Bare metal restore is not supported on Linux VMs using the VMXNET 3 adapter or whose SCSI controller uses VMware paravirtual. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 33: Linux Protection 718 Uninstalling Linux protection software You can use the following commands to uninstall the Unitrends agent: • Agent installed with GZEXE installer: /usr/bp/uninstall • Agent installed with RPM-based installer: yum remove unitrends-linux-agent • Agent installed with dpkg-based installer: sudo apt-get remove unitrends-linux-agent Legacy Recovery-Series and UEB Administrator's Guide Chapter 33: Linux Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 719 Chapter 34: Mac OS X Protection This chapter describes additional considerations and procedures specific to Mac OS X clients. See the following topics for details: • • • • • "Mac OS X agent versions" on page 719 "Installing the Mac OS X agent" on page 719 "Working with Mac OS X clients" on page 720 "Backup and restore for Mac OS X clients" on page 720 "Uninstalling Mac OS X protection software" on page 720 Mac OS X agent versions The protection software for Mac OS X allows you to backup Mac OS X server data. Before installing the agent, make sure the Mac OS X is a supported version. For supported versions, see the Unitrends Compatibility and Interoperability Matrix. Download the applicable Mac OS X agent from the Latest Agent Releases page on the Unitrends website. Installing the Mac OS X agent The Mac OS X agent can be installed or upgraded by downloading the installation file from the Unitrends Customer Care site. Before installing, ensure that the client is able to talk to the system using the host file or DNS. Follow the instructions below to install protection software. To install Mac OS X protection software 1 Download the appropriate agent installer to the Mac OS X machine that you want to add to the Unitrends system. (Go to theLatest Agent Releases page to download the installer.) 2 Log in to the Mac client as root user. 3 Change to the working directory where you have saved the agent installer, and run the command ls -l to view the installer file and determine whether you have execute permission. If necessary, add execute permission using the command: chmod +x 4 Begin the installation by executing the file: sudo ./ 5 When a list of distribution files is presented, press Enter to continue. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 34: Mac OS X Protection 720 6 Specify the directory location where the agent will be installed or press Enter to accept the default directory (/usr/local/bp for the 9.0.0 agent or /usr/bp for 8.0.0 and earlier agents). 7 Enter the hostname of the system. 8 If using a low, medium or high security setting on the system, enter y when asked if the client and the server (backup system) are separated by a firewall. This forces data communication between the system and the client to use port 1745. 9 When prompted, press Enter. Your agent installation is complete. Register the client to your Unitrends backup system to begin protecting it. Working with Mac OS X clients Once you have installed the agent, you are ready to register your Mac client. For instructions on adding Mac clients to the Unitrends appliance, see "About adding clients" on page 69. For instructions on modifying and deleting a Mac OS X client, see "About working with clients" on page 88. Backup and restore for Mac OS X clients Support for the Mac OS X protection software includes bare metal disaster recovery, master, differential, and selective file-level backups. Incremental backups are not supported. Note: The Mac OS X Sleep Mode should either be disabled or configured to accommodate scheduled backups. For information and instructions on backing up and restoring your Mac OS X clients, see the following topics: • • "File-level Backups" on page 159 "Restoring File-level Backups" on page 345 Uninstalling Mac OS X protection software To uninstall the agent, log in to the Mac server and run the uninstall command from the directory where the agent is installed. For example: • To remove the 9.0.0 agent from the default install location, enter this command: /usr/local/bp/uninstall • To remove the earlier agent version from the default install location, enter this command: /usr/bp/uninstall Legacy Recovery-Series and UEB Administrator's Guide Chapter 34: Mac OS X Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 721 Chapter 35: Novell NetWare Protection This chapter describes considerations and procedures specific to Novell NetWare clients. See the following topics for details: • • • • "Unitrends Novell NetWare agent information" on page 721 "Protecting GroupWise on Novell Netware" on page 723 "Protecting eDirectory on your Novell client" on page 725 "Switching between TSA and non-TSA backups" on page 728 Unitrends Novell NetWare agent information The Unitrends agent for Novell NetWare allows you to backup and restore a Novell NetWare server using a Unitrends system. Before installing the agent, make sure your Novell system is using a supported operating system version. For supported versions, see the Unitrends Compatibility and Interoperability Matrix. Download the Unitrends Novell NetWare agent from the Latest Agent Releases page on the Unitrends website. See the following topics for details: • • • "Novell NetWare agent restrictions and limitations" on page 721 "Installing the Unitrends Novell NetWare agent " on page 722 "Uninstalling the agent from a Novell client" on page 723 Novell NetWare agent restrictions and limitations Protecting Novell NetWare with Unitrends has the following restrictions: • When restoring NetWare client backups from an archive, the backup must be restored in its entirety during the archive restore process. • File-level backups using TSA must be restored to a NetWare client. Protecting Novell NetWare version 5.1 with Unitrends does not support the following functionality: • • • • TSA GroupWise backups Bare Metal Optimizer eDirectory backups Servers with legacy file system (LFS) volumes only supports DOS 8.3 filenames. Protecting Novell NetWare version 6.0 with Unitrends does not support eDirectory backups. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 35: Novell NetWare Protection 722 Installing the Unitrends Novell NetWare agent The Unitrends Novell NetWare 4.2.2 agent requires the Novell Storage Manager Service (NMS) package. This package is installed by default with Novell 6.5. SP3 and above. If a prior version of Novell is installed, the package must be installed separately. To install the Unitrends Novell NetWare agent The Unitrends agent must first be installed to a Windows Server and then pushed to the Novell client. The following procedures guide you through the process. 1 Mount the Novell Server on the Windows Novell client 2 Copy the bp_nov.exe file to the Windows Novell client. 3 On the Windows Novell client, run bp_nov.exe. 4 When asked for the destination drive and directory on the NetWare server, enter: :\TMP\BP 5 Select Full Installation. 6 The Unitrends Novell NetWare agent is copied to your Novell server. 7 After the copy is completed, go to the Novell server and run the following command at a console prompt: SYS:\TMP\BP\bpinstall.ncf 8 Go to the Backup Professional Installation screen. 9 The installation screen asks where you want to install. Select Yes to select the default sys:\bp. 10 If the version of Novell supports eDirectory backups, you are asked: Do you want to install the eDirectory Backup Before Command? (Press Y or N). This requires the dsbk utility to be installed. If it is not present, select N or download before continuing. For more information, see "eDirectory backup and restore using Novell agent" on page 725. 11 The installation provides an option to configure the GroupWise database paths. If the database backups will be managed outside of system agent, this configuration may be skipped (for more information, see "Considerations for protecting GroupWise" on page 723. 12 Select Enter to accept the default ports and autoexec.ncf settings. 13 To load the protection software on the Novell sever, run the following command: LOAD SYS:\BP\bps.nlm During the LOAD process, SMS-TSAs based backups and restores are enabled. It is recommended to use the credentials for the full context administrative user account. At this time the Admin password must be provided to enable SMS-TSA based backup. You are given an option to store the password in an encrypted state on the Novell server. This allows the bps service to auto-log in when there is a reboot or if the service is ever manually loaded. Legacy Recovery-Series and UEB Administrator's Guide Chapter 35: Novell NetWare Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 723 14 If the password changes, you will be prompted for the password the next time the bps service loads. If you choose not to store the password, you will be prompted to enter it whenever the bps service loads. 15 The Unitrends Novell NetWare agent has been installed on your Novell server. Uninstalling the agent from a Novell client To uninstall the protection software from a Novell client 1 Stop any running backups on the Novell server. 2 Run the command: sys:\bp\bpinstl uninstall 3 The Unitrends Novell NetWare agent has been removed and your Novell server can no longer be protected with Unitrends. Protecting GroupWise on Novell Netware Unitrends provides several methods for protecting your GroupWise database on your Novell NetWare clients. See the following topics for details: • • "Considerations for protecting GroupWise" on page 723 "Restoring GroupWise on Novell" on page 724 Considerations for protecting GroupWise When installing the Unitrends Novell NetWare agent, there is an option to configure your GroupWise paths. Any time the GroupWise location changes, the paths should be updated in the master.ini. The GroupWise location changes anytime the database is restored to an alternate location. The GroupWise database consists of at least one domain and one post office. For example, during the GroupWise system creation, a user has defined: • • Domain as SYS: \gwdom\ Post office as SYS: \gwpoa\ The master.ini will have the following: GW_DB_PATH1=SYS:\gwdom\ GW_DB_PATH2=SYS:\gwpoa\ Note: To modify GroupWise paths in the master.ini file manually, remember that GW_DB_PATH variables should be in ascending order, starting from GW_DB_PATH1, GW_DB_PATH2, and GW_DB_PATH3. The paths should be in following format: :\\\ 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 35: Novell NetWare Protection 724 Considerations for TSA based GroupWise backups TSA-based Novell NetWare clients support live backups of your GroupWise database for Novell NetWare versions 6.0 and later. A live backup means that your database does not have to be stopped and restarted for protection. To ensure a consistent state, the underlying TSAFS.NLM should be loaded with the GroupWise flag set to True. To edit the GroupWise enabling flag 1 Edit the SYS:\SYSTEM\SMSSTART.NCF flag to read: UNLOAD TSAFS.NLM LOAD TSAFS.NLM \EnableGW=True 2 To determine the state of the EnableGW switch, type the following at the command line prompt: TSAFS.NLM \EnableGW 3 The TSAFS.NLM has been loaded, thus ensuring a consistent state for your GroupWise databases. Restoring GroupWise on Novell Unitrends enables the restore of your GroupWise databases. Before you restore you database, GroupWise must be stopped. This section provides considerations for restoring GroupWise as well as how to properly stop and re-start the databases. For details, see the following information: • • "Considerations when restoring GroupWise databases" on page 724 "Stopping and starting GroupWise databases" on page 724 Considerations when restoring GroupWise databases Restoring to an alternate location • It is recommended to restore your DOMAIN and Post Office directory backups to alternate locations. See . • When restoring a GroupWise database that is still running, it is recommended to restore it to an alternate location. Restoring the entire GroupWise directory • If you are rebuilding the GroupWise system to return the entire database to a previous state, it is acceptable to restore the database to the location of the running GroupWise database. • When restoring the entire GroupWise directory, the following paths should not be restored: Message queues at DOMAIN level, at the Post Office level, and the TSA files. Restoring these paths may cause corruption of the entire GroupWise database and the Novell file system. Stopping and starting GroupWise databases When restoring the GroupWise databases, it is required that they be stopped before initiating the restore, and must be restarted upon job completion. Legacy Recovery-Series and UEB Administrator's Guide Chapter 35: Novell NetWare Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 725 To stop a live GroupWise databases 1 Run the following commands: unload unload unload unload 2 gwmta gwpoa gwia gwinter The GroupWise database has been stopped. A message displays for verification. To restart a GroupWise database 1 Update the GroupWise files to point to the new directory. 2 Run the command: SYS:/system/grpwise.ncf 3 The GroupWise database is now re-started. A message displays for verification. Protecting eDirectory on your Novell client eDirectory can be protected using Unitrends software. See the following topics for details: • • "eDirectory backup and restore using Novell agent" on page 725 "ConsoleOne recovery using NetWare agent" on page 727 eDirectory backup and restore using Novell agent DSBK is a command line utility that enables backup and restore of eDirectory. The backups that are generated using DSBK are server-centric and not tree-centric. The backup file and logs contain information necessary to restore eDirectory. It allows the backup from the server console without user credentials. It runs as an NLM on the NetWare server, and backs up data from an eDirectory database on a server to a specific file. The DSBK generated backups are server-centric and not tree-centric. The backup file and logs contain information necessary to restore eDirectory. The Novell eDirectory backup is supported for version 8.7.3 IR3 or later. No changes are needed to the master.ini file if only eDirectory is being backed up with the system agent. See the following for additional considerations when backing up eDirectory on the Unitrends system: • • • • "Installing eDirectory" on page 726 "Backing up eDirectory" on page 726 "Restoring eDirectory" on page 727 "Example restore commands" on page 727 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 35: Novell NetWare Protection 726 Installing eDirectory • During the installation process, a directory named SYS:\edirbk\ is created on the NetWare server to store eDirectory back and related logs. • Two NCF files named dsbkinc.cfg and edirbk.ncf are placed in the SYS:/BP directory on the NetWare server. • If required, edit the SYS:\BP\dsbkinc.cfg file. This file has list of additional files to be backed up along with eDirectory. These are the files, which backup administrator assumes, are important when restoring the server’s eDirectory database. The entries in the file should list the full path of each file followed by (;). It should not contain spaces or hard returns. • The default contents of the file are as follows: sys:\system\autoexec.ncf;sys:\etc\hosts; • If required, edit the sys:\BP\eDirbk.ncf file to modify the default paths for backup and eDirectory logs. – By default, the backup is created in SYS:\edirbk\ndsbak.bak. It can be modified by altering the value for the option -f in sys:\BP\edirbk.ncf. – By default, the log for the backup process is kept in sys:\edirbk\ndabak.log. It can be modified by altering the value for the option -l in sys:\BP\edirbk.ncf. – By default, the roll forward logs (RFL) path for eDirectory is set to SYS:\edirbk\rfl. It can be modified by altering value for the option -r in SYS:\BP\edirbk.ncf. Roll forward logs are activated after a backup but are set OFF after every Restore. Note: It is advised to keep the RFL on a separate drive. This helps to recover in case there is a hard drive failure. Backing up eDirectory • Enter the following in the Pre-Backup command field: SYS:/BP/EDIRBK.NCF This Pre-Backup command backups up the eDirectory and stores it in the ndsbak.bak file on the Novell client. The system will then backup this nsdbak.bak file as part of the file-level backup. See "About backup options" on page 187 for details. • To avoid backup timeout situations, you may need to increase the BeforeCmdWaitTime value in the master.ini on the NetWare server. This file is located in SYS:\BP. The default value for the BeforeCmdWaitTime is 60 seconds. It is advised that you increase this to a time that will allow the eDirectory backup to complete such as 6000 seconds. The file-level backup will proceed when the eDirectory backup concludes. • The following is the backup command used: dsbk backup -f sys:\EDIRBK\ndsbak.bak -l sys:\EDIRBK\ndsbak.log -u sys:\BP\dsbkInc.cfg -b -t -w where: Legacy Recovery-Series and UEB Administrator's Guide Chapter 35: Novell NetWare Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 727 -f is the backup filename and path (mandatory field) -l is the log filename and path (mandatory field) -u is the user includes filename and path (optional field) -b is the option to perform a full backup (optional field) -t backup up stream files (optional field) -w overwrites the existing backup file of the same name (optional field). Restoring eDirectory • Restoring the eDirectory is a manual process that should be done on the Novell server console screen once the files have been restored from the Novell file-level backup. • Once the restore has been successfully completed from the system to the Novell server, the ndsbak.bak file that contains the backup will be restored back in the SYS:\EDIRBK folder. • Next, run the eDirectory restore manually using any of the restore commands from "Example restore commands" on page 727 on the server to get back the contents of the database. Example restore commands • The following command restores the eDirectory database as well as included files but without the roll forward logs: dsbk restore -f sys:\eDirBk\ndsbak.bak -l sys:\eDirbk\ndsres.log -u -r -o -a -k • The following command restores the eDirectory databases well as included files, but with the roll forward logs: dsbk restore -f sys:\eDirBk\ndsbak.bak -l sys:\eDirbk\ndsrestore.log -d sys:\EdirBk\ nds.rfl -r -o -a -k Note: • The only difference in the above commands is the use of option -d. If you want to use the roll forward logs you will need to make sure it is set to ON. To check the current status of the RFL logs run: dsbk getconfig • If the switch is not ON, set it by running the following command: dsbk setconfig -L -r ConsoleOne recovery using NetWare agent Lost user emails are recovered using the Out-of-Place restore in conjunction with the Restore Area in ConsoleOne and the File Open Backup menu item in the GroupWise client. When an entire user account is deleted, Out-of-Place restore is also used, and ConsoleOne is utilized to restore the user account. For additional information, please review these Novell documents: • • http://support.novell.com/docs/Tids/Solutions/10095203.html http://www.novell.com/coolsolutions/tip/11295.html 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 35: Novell NetWare Protection 728 Switching between TSA and non-TSA backups If you choose to disable TSA backups, set the value of the TSA_ENABLE flag to False in the TSACONFIG section of the Unitrends agent Master.ini file. This file is located in SYS:\BP. Set the value of the TSA_ENABLE flag to True to turn it back on. The default value for the option is True. Legacy Recovery-Series and UEB Administrator's Guide Chapter 35: Novell NetWare Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 729 Chapter 36: Novell OES Linux Protection This chapter describes considerations and procedures specific to OES Linux clients. See the following topics for details: • • • • • "OES Linux agent versions" on page 729 "Changing root password on OES agent" on page 731 "Protection software for OES with AppArmor" on page 731 "Protecting GroupWise on Novell OES Linux" on page 731 "Protecting eDirectory on your OES Linux client" on page 733 OES Linux agent versions The Unitrends agent for Open Enterprise Server (OES) allows you to backup and restore OES data. Before installing the Unitrends OES agent, make sure your OES operating system and its applications are running supported versions. For supported versions, see the Unitrends Compatibility and Interoperability Matrix. Installing the OES agent Download the applicable OES agent from the Latest Agent Releases page on the Unitrends website. After downloading the agent from the Unitrends website, perform the following procedure to install the Unitrends OES agent. To install the Unitrends OES agent Before installing a Novell OES Linux agent: • Make sure your Novell OES Linux system and its applications are running supported versions listed in the Unitrends Compatibility and Interoperability Matrix. • Add the Unitrends appliance name to the local host table or set up the TCP/IP system to use DNS with the Unitrends appliance. • To install on a 64-bit OES system, the 32-bit runtime environment must be enabled (this is the default configuration). 1 Verify that the novell-sms package is running on the OES system by entering the following command: service novell-smdrd status 2 If the service is running, continue to Step 3. If the service is not running, enter the following command: service novell-smdrd start 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 36: Novell OES Linux Protection 730 3 Place the agent installation file, oes_cnt, on the OES system 4 Grant execute permission to the file by running the following command: chmod +x oes_cnt 5 Begin the installation by executing the file: .\oes_cnt 6 When the system agent screen is displayed, enter y to continue the installation and press enter to continue. 7 Press enter to accept the default installation directory (\usr\bp) or enter the full path where you prefer the software be installed. Respond with a y when asked if the directory can be created. 8 (Optional) Enter an email address to receive reports from the OES system. The default response for this parameter is none. 9 Enter the hostname of the backup system. 10 You are asked if your server is behind a firewall. The default answer is no, this means that all ports between the backup system and the OES system are open. 11 Select Enter to approve default port and autoexec settings. 12 After the connection is made to the TSA, enter the user name (root) and password as prompted. This will enable SMS-TSA based backups. Note: System agent backup and restore speeds are limited by the TSAFS performance. The TSAFS performance on an NSS file system is superior to performance on a non-NSS file system by as much as 300%. For more information on improving the TSAFS performance, please refer to the following Novell document,Fine-Tuning SMS Performance. OES agent restrictions and limitations • Restore of individual files and folders to the system from an archive disk is not supported. Only full backups can be recovered from an archive disk when restoring a TSA based backup. • Protection software supports Xen only when it is running on OES 2 on SUSE Linux Enterprise 10. • • Hot bare metal is not supported for OES 2 on SUSE Linux Enterprise 10 and 11. • If a network mount is mounted on a directory with the same name as seen on the client, then the backups can have difficulty traversing that file system. For example, if server1:\data is mounted to \data, this presents a problem. The mount point should use a different name, such as server1:\data mounted to \netdata. This is a known issue with TSAFS. Bare metal of Xen guest operating system can be performed only if VT/AMD-V is supported by the host server’s CPU and this support is enabled in BIOS. Uninstalling the Unitrends agent for OES To uninstall the protection software from an OES system, run the following command: \usr\bp\uninstall Legacy Recovery-Series and UEB Administrator's Guide Chapter 36: Novell OES Linux Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 731 The Unitrends agents is removed from the OES Linux system. Changing root password on OES agent When the root password is changed, the system agent configuration needs to be updated to allow SMS-TSA backups. To change the root password 1 Run the following command: \usr\bp\bin\bpinstl 2 Follow the prompts displayed on the screen. Protection software for OES with AppArmor When AppArmor is active, profiles must be created for the system agent binaries to allow communication between the OES server and the system. To perform backup and restore activities, the system agent uses two binaries: \usr\bp\bin\bpclientd – bpclientd listens on standard port 1743. It communicates with the system software, over sockets, to read and write data to the system. \usr\bp\bin\bkup – bkup runs with root privileges and reads and writes data to the entire disk. The bkup process requires read and write access to the entire disk. The bkup application communicates locally with bpclientd over sockets. AppArmor profiles for bpclientd and bkup can be created using the YaST wizard. Details on creating AppArmor profiles can be found at: Novell AppArmor Administration Guide Protecting GroupWise on Novell OES Linux Unitrends provides several methods for protecting your GroupWise database on your Novell OES Linux clients. See the following topics for details: • • • "Considerations for protecting GroupWise on OES Linux" on page 731 "To update GroupWise paths" on page 732 "To edit the GroupWise enabling flag" on page 732 Considerations for protecting GroupWise on OES Linux The Unitrends OES agent installer provides an option to configure GroupWise paths. These configured paths are excluded during any master restore to avoid corruption of the GroupWise database. These paths should be updated whenever the GroupWise location changes. See "To update GroupWise paths" on page 732. The GroupWise database consists of at least one domain and one post office. Make sure that you have a separate path for every post office and domain. For example, during the GroupWise system creation a user has defined: • • The domain as \gwdom\ Post office as \gwpoa\ 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 36: Novell OES Linux Protection 732 The master.ini on the OES system will have the following entries (there may be multiple GroupWise database paths): GW_DB_PATH1=\gwdom\ GW_DB_PATH2=\gwpoa\ TSA-based Novell OES Linux clients support live backups of your GroupWise database. A live backup (i.e. without stopping and restarting GroupWise). To ensure a consistent state, the underlying TSAFS must be loaded with the GroupWise flag set to True. To update GroupWise paths Update GroupWise paths when a location changes or if there are new databases. 1 Run the command: \usr\bp\bin\bpinstl This will walk you through the installation process. 2 When you are asked to configure database paths, enter the location of all GroupWise databases. The paths should be in following format: \\\\ To edit the GroupWise enabling flag 1 Run the following two commands: \opt\novell\sms\bin\smsconfig -u tsafs \opt\novell\sms\bin\smsconfig -l tsafs --tsaMode=Linux --EnableGW 2 To verify that the correct options have been loaded, run the following command: \opt\novell\sms\bin\smsconfig -t 3 To set the GroupWise enabling flag automatically each time the system boots, edit the file \etc\opt\novell\sms\smdrd.conf. Make sure there is an entry that reads: autoload:tsafs --EnableGW 4 The default entry for the tsafs line in the file reads autoload:tsafs. Restoring GroupWise on Novell OES Linux Unitrends enables the restore of your GroupWise databases. Before you restore you database, GroupWise must be stopped. This section provides considerations for restoring GroupWise as well as how to properly stop and re-start the databases. For details, see the following topics: • • "Considerations when restoring GroupWise databases" on page 733 "Starting and stopping GroupWise databases" on page 733 Legacy Recovery-Series and UEB Administrator's Guide Chapter 36: Novell OES Linux Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 733 Considerations when restoring GroupWise databases • File-level backups taken on an OES Linux system using TSA-based backups can only be restored to a OES Linux system. Restoring to an alternate location • It is recommended to restore your DOMAIN and Post Office directories to alternate locations. See . • When restoring a GroupWise database that is still running, it is recommended to restore it to an alternate location. Restoring the entire GroupWise directory • When restoring the GroupWise directory, the following paths should not be restored: Message queues at DOMAIN level, at the Post Office leve, and the TSA files. Restoring these paths may cause corruption of the entire GroupWise database and the Novell file system. • If you are rebuilding the GroupWise system to return the entire database to a previous state, it is acceptable to restore the database to the location of the running GroupWise database. Starting and stopping GroupWise databases When restoring the GroupWise databases, it is required that they be stopped before initiating the restore, and must be restarted upon job completion. To stop a live GroupWise database 1 Run the following command: \etc\init.d\grpwise stop 2 The GroupWise database has been stopped. To restart a GroupWise database 1 Run the following command: \etc\init.d\grpwise start 2 The GroupWise database is re-started. Protecting eDirectory on your OES Linux client Use these procedures to protect eDirectory: • • "eDirectory backup and restore using OES agent" on page 733 "ConsoleOne recovery on OES agent" on page 735 eDirectory backup and restore using OES agent DSBK is a command line utility that enables backup and restore of eDirectory. The backups that are generated using DSBK are server-centric and not tree-centric. This means that if you have multiple servers on your tree, the backup and restore operation only capture information from the server where the command is initiated. The backup file and logs contain information necessary to restore eDirectory. Usage of Pre-Backup command to Backup eDirectory on NetWare Server is as follows: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 36: Novell OES Linux Protection 734 During the installation process, a directory named \eDirBackup is created on the OES server to store eDirectory backups and related logs. By default, the eDirectory backup is created as\eDirBackup\nds.bak. The backup name and location can be modified by altering the value for the option -f in \eDirBackup\edirbk.sh. By default, the log for the backup process is stored as \eDirBackup\nds.log. The log name and location can be modified by altering the value for the option -l in \eDirBackup\edirbk.sh. To backup eDirectory To backup eDirectory to a system, a pre-backup command must be specified in the Options List used for the backup of the OES system. The pre-backup command initiates a backup of the OES server’s eDirectory database. 1 The following should be entered as the pre-backup command: \eDirBackup\edirbk.sh 2 The backup is stored in the ndsbak.bak file on the Novell client. The system then backs up this nds.bak file as part of the file-level backup. 3 The file-level backup proceeds when the eDirectory backup concludes. For details on applying pre-backup commands, see "About backup options" on page 187. To restore eDirectory Restoring the eDirectory is a manual process that should be done using the dsbk utility from the OES system console screen once the files have been restored from the OES file-level backup. 1 Once the restore has been successfully completed from the system to the OES server, the nds.bak file that contains the backup is restored back in the \eDirBackup\ folder. 2 Next run the eDirectory restore manually using any of the restore commands listed below on the OES system to get back the contents of the database. This is an example of a restore command: dsbk restore –f \eDirBackup\nds.bak –l \eDirBackup\nds.log –u –r–o–a–k For more information on the restore commands, see the Novell article Using DSBK. Restores the eDirectory database as well as included files but without the roll forward logs. If you want to use the roll forward logs you will need to make sure it is set to ON. To check the current status of the RFL logs run: dsbk getconfig If the switch is not ON, set it by running the following command: dsbk setconfig -L -r For additional information, please review the following Novell documentation: http://support.novell.com/docs/Tids/Solutions/10095203.html Legacy Recovery-Series and UEB Administrator's Guide Chapter 36: Novell OES Linux Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 735 ConsoleOne recovery on OES agent Lost user emails are recovered by restoring to an alternate location in conjunction with the Restore Area in ConsoleOne and the File Open Backup menu item in the GroupWise client. When an entire user account is deleted, Out-of-Place restore is also used, and ConsoleOne is utilized to restore the user account. For additional information, see these Novell documents: • • http://support.novell.com/docs/Tids/Solutions/10095203.html http://www.novell.com/coolsolutions/tip/11295.html 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 36: Novell OES Linux Protection 736 Legacy Recovery-Series and UEB Administrator's Guide Chapter 36: Novell OES Linux Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 737 Chapter 37: SCO OpenServer Protection This chapter describes additional considerations and procedures specific to SCO OpenServer. See the following topics for details: • • • • "SCO OpenServer agent versions" on page 737 "Installing protection software for SCO OpenServer" on page 737 "Working with SCO OpenServer clients" on page 738 "Uninstalling protection software on SCO OpenServer client" on page 738 SCO OpenServer agent versions The protection software for other SCO OpenServer clients allows you to backup, verify, and restore SCO server data. Before installing a SCO OpenServer client, make sure your SCO OpenServer system is using a supported version of the operating system. For supported versions, see the Unitrends Compatibility and Interoperability Matrix. Download the applicable SCO agent from the Latest Agent Releases page on the Unitrends website. Installing protection software for SCO OpenServer The SCO OpenServer client can be installed by downloading the installation file from the Unitrends Customer Care site. Refer to the table above to determine the appropriate file to download. Follow the instructions below to complete the installation. Download the installation file to a temporary folder. Change to that directory: cd Change the permissions on the file: chmod +x sco5_cnt Begin the installation by executing the file: ./sco5_cnt At the Bare Metal Plus splash, you are given another opportunity to discontinue the installation. To continue, enter y and press enter. Note: This menu makes reference to the UNIX Client as the installation methodology is the same for Linux, Mac OS, and UNIX. You will be given the opportunity to enter the directory where you would like to install the software. Press enter to accept the default installation directory (/usr/bp) or enter the full path to where you 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 37: SCO OpenServer Protection 738 prefer the software be installed. If it does not exist, you will be asked if you wish to create it, enter y to continue. There will be an option to enter an email address for the computer’s backup summaries. Typically, backups will be launched using schedules on the system. Schedule reports will be sent from the system. Enter none to disable reports directly from the SCO OpenServer client. You will be asked to enter the hostname of the system. This name should be resolvable using DNS or the /etc/hosts file. You will be asked if the client and the server (backup system) are separated by a firewall. If using a low, medium, or high security setting on the system, enter y when answering this question. Saying yes forces data communication between the system and the client to use port 1745. The client can now be registered. Working with SCO OpenServer clients Once you have installed the agent, you are ready to register your SCO OpenServer client. For instructions on adding SCO OpenServer clients to the Unitrends appliance, see "About adding clients" on page 69. For instructions on modifying and deleting an SCO OpenServer client, see "About working with clients" on page 88. Uninstalling protection software on SCO OpenServer client To uninstall the protection software from a SCO OpenServer system, run the following command: /usr/bp/uninstall Legacy Recovery-Series and UEB Administrator's Guide Chapter 37: SCO OpenServer Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 739 Chapter 38: Solaris Protection This chapter describes additional considerations and procedures specific to Solaris clients. See the following topics for details: • • • • "Solaris agent versions" on page 739 "Installing Solaris protection software " on page 739 "Working with Solaris clients" on page 739 "Uninstalling Solaris protection software " on page 740 Solaris agent versions System protection software for Solaris clients allows you to backup, verify, and restore Solaris server data. Before installing a Solaris client, make sure your Solaris system is using a supported version of the operating system. For a list of supported Solaris platforms, see the Unitrends Compatibility and Interoperability Matrix. Download the applicable Solaris agent from the Latest Agent Releases page on the Unitrends website. Installing Solaris protection software For Solaris installation, access is needed to the Solaris client(s) on the same network as the backup system. Log in to the client machine as root and download the client software. Before starting the installation process, make sure that you have the system name in the local host table or the TCP/IP system setup to use a DNS with the system known to it. Have the client server in the host table on the backup system if not using DNS. Once downloaded the following steps should be done: chmod 711 /tmp/solaris8_cnt ./tmp/solaris8_cnt After agreeing with the license terms, specify the directory location where the software will be installed. If this is a reinstall, you will be asked if you wish to overwrite certain files. Type the interrupt character or press return to continue. Once the files have been moved to their permanent location, you will be given a chance to review the release notes. Working with Solaris clients Please use the Administrator Interface to register the client. For instructions on adding Solaris clients to the Unitrends appliance, see "About adding clients" on page 69. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 38: Solaris Protection 740 For instructions on modifying and deleting a Solaris client, see "About working with clients" on page 88. Uninstalling Solaris protection software To uninstall the protection software from a Solaris system, run the following command: /usr/bp/uninstall Legacy Recovery-Series and UEB Administrator's Guide Chapter 38: Solaris Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 741 Chapter 39: UnixWare Protection This chapter describes additional considerations and procedures specific to UnixWare clients. See the following topics for details: • • • • • "UnixWare agent versions" on page 741 "Installing protection software for UnixWare" on page 741 "Working with UnixWare clients" on page 742 "Master backup of the UnixWare client" on page 742 "Uninstalling protection software on UnixWare client" on page 742 UnixWare agent versions The protection software for UnixWare clients allows you to backup, verify, and restore UnixWare server data. Before installing a UnixWare agent, make sure your UnixWare system is using a supported version of the operating system. For supported versions, see the Unitrends Compatibility and Interoperability Matrix. Download the UnixWare agent from the Latest Agent Releases page on the Unitrends website. Installing protection software for UnixWare From a terminal window on the client system: Get the latest version of the UnixWare client. In binary mode, copy /bp//svr4_cnt to the /tmp directory. Edit the local host file (/etc/hosts) to include the IP address and DNS name for the backup system. Do the same on the backup system pointing to the UnixWare client. Install the Client software. Follow the prompts and take the default values. Register the client to the backup system. cd /tmp; chmod 755 svr4_cnt ./svr4_cnt To CONTINUE with installation type y Please press ENTER to continue Please press ENTER to continue [Default: /usr/bp ] Enter directory: Please press ENTER to continue (99) Complete Installation 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 39: UnixWare Protection 742 [Default: none ] Enter email address for this computer’s backup summariesEnter: [Default: ]Enter the hostname of the Backup Professional Server: [Default: no ]Is this client and server separated by a firewall? (y/n): Please press ENTER to continue This completes the UnixWare Installation. Working with UnixWare clients Once you have installed the agent, you are ready to register your UnixWare client. For instructions on adding UnixWare clients to the Unitrends appliance, see "About adding clients" on page 69. For instructions on modifying and deleting a UnixWare client, see "About working with clients" on page 88. Master backup of the UnixWare client On the backup system, navigate to the Backup function and set the following variables: • • • • • • Client: [UW Host] Device: Backups Backup Type: Master Backup Read Locking: NOT Forced Speed Option: Checked Verify Level: Level 1 Select the files to exclude, if any, and choose the Profile/Save Profile As option. Supply a descriptive name for the profile. Click Run and allow the master backup and verification to complete. Note: The master backup should be performed prior to creating the media. Uninstalling protection software on UnixWare client To uninstall the protection software from a UnixWare system, run the following command: /usr/bp/uninstall Legacy Recovery-Series and UEB Administrator's Guide Chapter 39: UnixWare Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 743 Chapter 40: Xen on OES 2 Protection Xen is the virtualization technology integrated into SUSE Linux Enterprise 10 x64 editions operating system. The protection software supports Xen when implemented in conjunction with OES 2. Xen provides the capability to run multiple operating systems on virtual machines on the same physical server. Backup of a Xen environment can be done at the file-level which includes the virtual machine configuration files, virtual disk drives, and the host (SUSE Linux Enterprise 10 x64) system files. File-level and bare metal backups of the virtual machines can also be performed. This chapter describes additional considerations and procedures specific to Xen in OES 2 clients. See the following topics for details: • • • "Xen virtualization architecture" on page 743 "Domain Management and Control (Xen DM&C)" on page 744 "Xen backup scenarios" on page 744 Xen virtualization architecture The Xen virtual environment consists of the following components: • Xen Hypervisor – The Xen Hypervisor creates and manages isolated execution environments called partitions. The hypervisor controls execution of virtual machine as they share the common processing environment. • Domain 0 – Domain 0 is a virtual machine running on the Xen Hypervisor that has special rights to access physical I/O resources as well as interact with the other virtual machines (Domain U: PV and HVM Guests) running on the system. All Xen virtualization environments require Domain 0 to be running before any other virtual machines can be started. Protecting OES on Linux with Xen Unitrends supports Xen host and guest operating system backup and restore. To fully protect an OES on Linux system with Xen enabled, you must perform the following tasks: • When backing up the host, at a minimum, backup the host root file system to capture the Xen configuration information. • If you want to backup virtual machines while backing up the host, backup each file system that contains files that make up that virtual machine. This includes the Xen configuration information in the root file system and virtual machine data that may be on other file systems. When using this method of backing up virtual machines, the sparse file is expanded and sparse data is backed up as zeros. This will impact the Protected System Content on your backup system, using more licensed capacity than would be used if the virtual machines are backed up as registered clients to the backup system. • You cannot restore individual files on a virtual machine from a backup of the host. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 40: Xen on OES 2 Protection 744 • Virtual machines can be backed up to allow individual file restore by installing the appropriate protection software for the guest operating system and registering the virtual machine to the backup system as a client and using standard backup and restore operations. If performing full backups of the host and virtual machines, data on the virtual machines may be captured twice and this can have a significant impact on the total system content on the backup system. To avoid this, when performing file-level backups of the virtual machine data, exclude the directories holding virtual machine data from the file-level backup of the host system. • If the virtual machine is using external storage (not disk space on the host system), you will need to install the protection software on the virtual machine to protect the data that exists on the external storage volumes. For example, if a VM is using storage on a SAN, it will be necessary to backup the VM as a client registered to the backup system. Domain Management and Control (Xen DM&C) A group of Linux daemons make up Domain Management and Control. These services support the overall management and control of the virtualization environment and exist within the Domain 0 virtual machine. Domain U (Dom U) PV Guest – The Dom U PV Guests are paravirtualized machines. Domain U (Dom U) HVM Guest – The Dom U HVM guests are fully virtualized machines. Xen guest operating systems supported: • • • • • • • • • SUSE Linux Enterprise Server 10 SP1/SP2 SUSE Linux Enterprise Server 9 SP3/SP4 Open Enterprise Server 2 NetWare 6.5 SP7 Windows Server 2000, 2003, 2008, 2012 Windows XP Windows Vista Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Xen backup scenarios There are a number of ways to backup a Xen environment allowing for quick recovery of both the host system and the virtual machines. These include: • File backup of the host system with the virtual machine’s data excluded (VMs backed up at the VM operating system level) • • • File and bare metal backup of the virtual machines at the VM operating system level File backup of the host system including all virtual machines Microsoft SQL database and Microsoft Exchange information store backup on the virtual machine Legacy Recovery-Series and UEB Administrator's Guide Chapter 40: Xen on OES 2 Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 745 Each backup option has advantages and disadvantages. See the following topics for examples of how each option can be used to protect the host system and virtual machines: • • • "Scenario 1: Protecting Xen host only (recommended method)" on page 745 "Scenario 2: Protecting Xen virtual machines only" on page 746 "Scenario 3: Protecting Xen host and virtual machines together" on page 747 Scenario 1: Protecting Xen host only (recommended method) Backup the host system using system agent file backups with the virtual machine’s data excluded. Backup the virtual machines directly using the appropriate system agent on the VM. This approach to protecting a Xen environment protects the host system and the virtual machines in separate backups. File backups (that exclude the virtual machine data) are performed on the host system. The file backup will capture the virtual machine’s configuration files, but not the data. A system agent is used on the virtual machine to perform bare metal (if supported) and file backups. The virtual machine is registered to the system as any other client. Unitrends’ Microsoft SQL Server and Microsoft Exchange Agents can be used to protect SQL and Exchange databases running on a virtual machine. Under this scenario, recovering a full host system would mean reloading the host operating system and then restoring the last master and last incremental backups of the host system. Virtual machines are recovered by booting the VM from a bare metal restore ISO image, which allows a full recovery of the VM operating system (if supported). When the VM is back online, a full restore of the last master and last incremental backups recover the VM data files. If there is no bare metal backup of the virtual machine, the VM will need to be rebuilt manually before data can be restored from file backups. The Microsoft SQL Server and Microsoft Exchange agents allow recovery of a SQL or Exchange database to the original virtual machine or to another client on the domain. Advantages of protecting Xen host only Advantages of only protecting the Xen host include: • • • Takes advantage of the performance benefits of concurrent backups • Microsoft SQL and Exchange databases can be recovered to the original VM or to another client on the domain • • Virtual machine data stored externally to the host system (i.e. SAN) will be protected Selected files can be recovered to the virtual machines Virtual machines running Windows 2003 as an operating system can be restored to dissimilar systems using bare metal backups (i.e. move a VM to a dedicated server) Restore virtual machine data to alternate clients and locations. File-level backups taken on an OES on Linux system using a TSA based backup agent can only be restored to an OES on Linux system. File-level backups taken on a NetWare system using a TSA based backupagent can only be restored to a NetWare or OES on Linux system. Disadvantages of protecting Xen host only Disadvantages of only protecting the Xen host include: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 40: Xen on OES 2 Protection 746 • • More backups can mean more complexity • A greater number of backups to restore when performing a full host system recovery that includes the virtual machines The possibility of capturing virtual machine data twice (if exclusions are not configured correctly) taking more licensed capacity than necessary Considerations for protecting Xen host only Consider the following: • To prevent redundant backups, exclude the virtual machine data files from the host system’s file backups. • • Hot bare metal is not supported for OES or OES 2 on SUSE Linux Enterprise 10. Bare metal of Xen guest operating system can be performed only if VT/AMD-V is supported by the host server’s CPU and this support is enabled in BIOS. Scenario 2: Protecting Xen virtual machines only Backup the host system and virtual machines using system agent file backups of the host system. The minimalist approach to protecting a Xen environment is to perform file backups of the host system. The file backup will capture the virtual machine’s configuration and data files. Under this scenario, recovering a full host system and the virtual machines would mean reloading the host operating system and then restoring the last master and last incremental backups of the host system. The virtual machines will be recovered during the file restore of the host. Individual virtual machine can be restored from the file backup of the host system. Advantages of protecting Xen virtual machines only Advantages of protecting Xen VMs only : • • • • One backup to capture all host system and virtual machine configuration data One backup to backup all virtual machine data when VMs use host system storage for all files Single virtual machines can be restored from file backup Very little complexity in terms of scheduling backups Disadvantages of protecting Xen virtual machines only Disadvantages of protecting Xen VMs only: • • • • • • Single backup can be quite large The performance benefits of concurrent backups not being used Unable to recover selected files from virtual machine backups Virtual machine data not stored on the host system will not be protected No bare metal backups of the virtual machines When using this method of backing up virtual machines, the sparse file is expanded and sparse data is backed up as zeros. This will impact the Protected System Content on your system, using more licensed capacity than would be used if the virtual machines are backed up as registered clients to the system Legacy Recovery-Series and UEB Administrator's Guide Chapter 40: Xen on OES 2 Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 747 • There is no flexibility in recovering Microsoft SQL or Exchange databases located on a virtual machine Considerations for Protecting Xen virtual machines only Consider the following when protecting Xen VMs only: • When you perform a backup of the virtual machines, you must backup all volumes that host files for the virtual machine. • If the virtual machine is using storage external to the host system, this backup scenario will not capture all VM data. • Hot bare metal is not supported for OES 2 on SUSE Linux Enterprise 10. Scenario 3: Protecting Xen host and virtual machines together Backup the host system and virtual machines using system agent file backups of the host system. Protect Microsoft SQL and Exchange databases on the virtual machines using the appropriate system agent. This approach to protecting a Xen environment entails performing file backups of the host system that include all of the virtual machine data. The file backup will capture the virtual machine’s configuration and data files. Unitrends Microsoft SQL Server and Microsoft Exchange Agents are used to protect SQL Server and Exchange databases located on the virtual machines. This allows for multiple database backups during a day. Under this scenario, recovering a full host system and the virtual machines would mean reloading the host operating system and then restoring the last master and last incremental backups of the host system. The virtual machines will be recovered during the file restore of the host. Individual virtual machine can be restored from the file backup of the host system. The Microsoft SQL Server and Microsoft Exchange Agents allow recovery of a SQL Server or Exchange database to the original virtual machine or to another client on the domain. Advantages of protecting Xen host and virtual machines together Advantages of protecting the Xen host and its VMs together: • • • One backup to capture all host system and virtual machine configuration data • Single virtual machines can be restored from file backup One backup to backup all virtual machine data when VMs use host system storage for all files Microsoft SQL and Exchange databases can be recovered to the original VM or to another client on the domain Disadvantages of protecting Xen host and virtual machines together Disadvantages of protecting the Xen host and its VMs together: • • • Single backup can be quite large The performance benefits of concurrent backups not being used Unable to recover selected files from virtual machine backups when full file backups are not performed on the VM 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 40: Xen on OES 2 Protection 748 • • Virtual machine data not stored on the host system will not be protected • No bare metal backups of the virtual machines When using this method of backing up virtual machines, the sparse file is expanded and sparse data is backed up as zeros. This will impact the Protected System Content on your backup system, using more licensed capacity than would be used if the virtual machines are backed up as registered clients to the system Considerations for protecting Xen host and virtual machines together Consider the following when protecting the Xen host and its VMs together: • When you perform a backup of the virtual machines, you must backup all volumes that host files for the virtual machine. • If the virtual machine is using storage external to the host system, this backup scenario will not capture all VM data. • Hot bare metal is not supported for OES 2 on SUSE Linux Enterprise 10. Legacy Recovery-Series and UEB Administrator's Guide Chapter 40: Xen on OES 2 Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 749 Chapter 41: Bare Metal Protection Overview Bare metal technology is used for disaster recovery of the protected client. The following figure depicts the bare metal protection and recovery process. Bare metal procedures vary depending on the client operating system. For some operating systems, a hot bare metal backup can run while the client is up and operational. For others, the client must be shut down so a cold bare metal backup can be run. Refer to the table below to determine the procedures used for your client. An overview of bare metal protection types is given here: • Windows integrated bare metal (release 7.4 or higher) – To protect many Windows clients, you can use their file-level backups and the integrated bare metal recovery ISO images provided on the Unitrends Recovery-Series or UEB appliance. • Windows image-based bare metal – To protect Windows environments, burn a bare metal ISO image to a CD and run periodic hot bare metal backups. For disaster recovery of the Windows client, you boot from the CD, then restore the bare metal backup followed by any file-level backups (master, differential, etc.). Windows hot bare metal backups can be scheduled in the same manner as file-level backups. See the "File-level Backups" on page 159 chapter for details. • x86 platforms bare metal – For all Intel-compatible platforms built on the x86 architecture, other than Windows and Linux, burn a bare metal ISO image to CD and run periodic cold bare metal backups by shutting down the client, booting from the CD, and selecting the bare metal backup 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 41: Bare Metal Protection Overview 750 option from the boot menu. For disaster recovery, boot from the CD, then restore the bare metal backup followed by any file-level backups (master, differential, etc.). • Non-x86 platforms and Linux – To protect non-x86 platforms and Linux environments, burn a bare metal ISO image to CD and run periodic master backups. For disaster recovery, you boot from the CD, then restore the master backup followed by any differential and/or incremental backups. Note: For Windows, Linux, and non-x86 platforms, hot bare metal is the recommended approach, but you can run a cold bare metal if desired. Note that for GPT-partitioned Windows and Ubuntu 12.04 systems, you must back up the entire disk as described in "Performing cold bare metal backups and restores" on page 792. Bare metal procedures by client operating system Client operating system Bare metal procedures AIX See "Bare metal for AIX" on page 807. FreeBSD See "Intel platforms bare metal disaster recovery" on page 795. Hyper-V hypervisor See "Windows Bare Metal Protection" on page 753. Protection is based on the operating system of the Hyper-V host. Hyper-V virtual machine Protection is based on the operating system of the virtual machine. See the applicable procedure. For bare metal restores, see "Image-based restore to a Hyper-V virtual machine" on page 779. Linux See "Bare Metal for Linux" on page 787. Mac OS X See "Bare metal for Mac OS X" on page 810. Novell Netware See "Bare Metal for x86 Platforms" on page 795. Novell OES See "Bare Metal for x86 Platforms" on page 795 SCO OpenServer See "Bare Metal for x86 Platforms" on page 795. UnixWare See "Bare metal for UnixWare" on page 812. Solaris (Intel) See "Bare Metal for x86 Platforms" on page 795. Solaris (SPARC) See "Bare metal for Solaris SPARC" on page 821. Legacy Recovery-Series and UEB Administrator's Guide Chapter 41: Bare Metal Protection Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 751 Client operating system Bare metal procedures VMware hypervisor or virtual machine Protection is based on the VM operating system. See the applicable procedure. Windows XP, 2003, and up See "Windows Bare Metal Protection" on page 753. Windows 2000 See "Windows Bare Metal Protection" on page 753. Xen virtual machine See "Bare metal for Xen on OES 2 virtual machines" on page 826. Considerations for bare metal test restores If you choose to perform a bare metal restore as a test, there are several special conditions you need to be aware of: • Network considerations - (These do not apply to integrated bare metal restores. See "Performing a test integrated bare metal recovery" on page 770 instead.) When booting from a bare metal test CD, the client will come on the network using the IP and hostname of the client the CD was made for. When creating the bare metal boot disk for Windows clients, you have the option to manually change the IP and hostname when creating the disk. For all other client operating systems, and for Windows clients whose bare metal boot disks’ IPs and hostnames were not changed, it’s critical that the test system not be connected to the same physical network if the original server is still online as this can cause an IP/DNS conflict. When you boot a server or virtual machine using a bare metal boot disk, the bare metal restore software will look in the Unitrends system’s host file to match a client to its data. Therefore, when testing bare metal restores it may be necessary to edit the client’s entry in the system’s host file to a free IP address before booting from the bare metal media. See "To modify a hosts file entry" on page 86 for details. Note: • Standard backup and restore procedures for a client whose host file entry you edit cannot occur until the entry is edited back. Active Directory considerations - Clients that are dependent on Active Directory for day to day functions may not function properly when recovered to a test network if a domain controller is not recovered into the test network first. If you plan to recover a domain controller with bare metals, it is extremely critical to perform this restore into a test network. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 41: Bare Metal Protection Overview 752 Recovering aliased clients When you perform disaster recovery of a client with aliases, it’s important to restore them in a particular order. Note: When you are backing up an aliased client, you must decide whether to include or exclude the system state. You MUST include the system state on the client that contains the operating system volumes (this is typically the C: volume). For all other client aliases that do not include the OS volume, you should NOT include the system state. Only one client alias can include the system state. The bare metal recovery fails if the system state is not included in the OS volume and if the system state is included in the client aliases that do not include the OS volume. For more information, see "Working with client aliases" on page 198. To perform bare metal recovery of a client with aliases 1 First, restore the client that contains the operating system and other critical volumes. You MUST do this before you restore any additional aliased clients. Follow the applicable procedure listed in "Bare metal procedures by client operating system" on page 750 for details. 2 Next, restore each aliased client. Follow the applicable procedure listed in "Bare metal procedures by client operating system" on page 750 for details. Legacy Recovery-Series and UEB Administrator's Guide Chapter 41: Bare Metal Protection Overview 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 753 Chapter 42: Windows Bare Metal Protection Beginning in release 7.4, you have two options for hot bare metal recovery (BMR) of Windows clients: Windows integrated BMR and Windows image-based BMR. With Windows integrated BMR, Unitrends provides Unified Bare Metal™ protection by enabling you to perform disaster recovery (DR) of your Windows client right from its file-level backup. This reduces recovery time enabling you to meet more aggressive recovery time objectives (RTOs), provides additional recovery points enabling you to meet more aggressive recovery point objectives (RPOs), increases on-system retention by eliminating the need for bare metal backups, and simplifies the Windows DR process. Windows DR is simplified with the new Integrated BMR Wizard and standard 32-bit and 64-bit ISO images that can be used to recover most Windows clients, eliminating the need to create bare metal ISOs for each protected client and keep them on-hand in case disaster strikes. With image-based BMR, you must run bare metal backups and create ISOs for each Windows client you want to protect. Image-based BMR can protect older versions of Windows that are not supported by integrated BMR. Note: About Windows virtual machines - If you have Windows VMware or Hyper-V virtual machines, you can protect them using Unitrends VMware backups, Hyper-V backups, or by installing the Windows agent and running Unitrends file-level backups. If you are running agent-based file-level backups for a VM, use the hot bare metal procedures in this chapter for Disaster Recovery. If you are running VMware or Hyper-V backups for a VM, restore the virtual machine using these procedures instead: "Restoring the entire VMware virtual machine" on page 656 (VMware) or "Restoring Hyper-V virtual machines" on page 606. For details, see the following topics: • • • "Integrated BMR and image-based BMR comparison" on page 754 "Windows integrated bare metal recovery" on page 755 "Windows image-based bare metal recovery " on page 771 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 754 Integrated BMR and image-based BMR comparison The following table provides a high-level comparison of integrated and image-based hot bare metal recovery. Item Integrated BMR Image-based BMR Recovery Time Objective (RTO) Faster recovery time than with imagebased BMR. Slower recovery time than with integrated BMR. Recovery Point Objective (RPO) More recovery points available since you restore from any eligible file-level backup. Fewer recovery points since you restore from a bare metal backup only. Recovery types Supports physical-to-virtual (P2V), virtual-to-physical (V2P), physical-tophysical (P2P), and virtual-to-virtual (V2V) DR. Supports physical-to-virtual (P2V), virtual-to-physical (V2P), physical-tophysical (P2P), and virtual-to-virtual (V2V) DR. Dissimilar restore of Windows Vista/Server 2008 Yes, restore of Windows Vista/Server 2008 to dissimilar hardware is supported on appliances running Unitrends version 7.5 and higher. Yes, restore of Windows Vista/Server 2008 to dissimilar hardware is supported. Dissimilar restore of Windows Server 2003 No, restore of Windows Server 2003 to dissimilar hardware is not supported. Yes, restore of Windows Server 2003 to dissimilar hardware is supported for some distributions. See the Compatibility and Interoperability Matrix for details. Dissimilar restore of Windows XP No, restore of Windows XP to dissimilar hardware is not supported. No, restore of Windows XP to dissimilar hardware is not supported. On-system retention More on-system retention due to eliminating bare metal backups. Less on-system retention due to bare metal backup storage. ISO image/boot disk Standard 32-bit and 64-bit ISO images used for most Windows clients; available on the Unitrends system. Separate ISO required for each Windows client; ISOs must be created manually with the Unitrends bare metal agent. Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 755 Item Integrated BMR Image-based BMR Bare Metal Interface Simplified wizard interface enables DR to the desired point-in-time using a single process, decreasing overall recovery time. Leverages WinPE 4.0 for all Windows clients. Two dialog-based interfaces (one WinPE 1.5 for older clients, one WinPE 2.0 for newer clients), cannot perform DR in a single process. Target disk size Supports recovery of original Windows client to a smaller disk size. Must recover to a disk of an equal or greater size than that of the original client. UEFI-based clients Supports recovery of UEFI-based clients. Cannot recover UEFI-based clients. GPTpartitioned clients Supports recovery of GPT-partitioned clients. Cannot recover GPT-partitioned clients. Windows integrated bare metal recovery With the Windows integrated bare metal recovery feature (release 7.4 or higher), you can protect a Windows client’s operating system without having to run bare metal backups or create ISO images for each of your Windows clients. File-level backups run with agent version 7.4 or higher capture the disk metadata necessary for the recovery, and backup systems running release 7.4 or higher contain standard 32-bit and 64-bit ISO images that you can use for the recovery. You can recover a client from eligible file-level backups residing on a Unitrends backup system or replication target running release 7.4 or higher. The destination for the recovery can be a physical or virtual machine. When you boot the destination machine from the standard ISO, it boots into WinPE 4, a minimal version of Windows used for installations, and the Windows Integrated Bare Metal Recovery Wizard launches to guide you through the recovery. Depending on your operating system and hardware, it might be necessary to add drivers to WinPE and the restored operating system during the recovery. You can use the wizard interface to add drivers. With integrated BMR, you can restore only critical volumes, so to complete the recovery, you will need to perform file-level recovery to restore files that reside on non-critical volumes. After restoring the critical volumes, injecting any necessary drivers, and configuring network settings on the new machine, you can connect to the Unitrends backup system to restore your files. If, however, all of your data resides on the critical volumes, it is restored through the integrated BMR and the recovery of your failed client is complete. See the following topics for details about protecting the operating systems of your Windows clients using the integrated bare metal recovery feature: • • • • "Implementing Windows integrated bare metal protection" on page 756 "Prerequisites for Windows integrated bare metal recovery" on page 756 "Supported integrated bare metal recovery scenarios" on page 758 "About eligible backups for Windows integrated bare metal recovery" on page 758 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 756 • • • • "About integrated bare metal recovery ISO images" on page 759 "About adding drivers during the integrated bare metal recovery" on page 759 "Performing the integrated bare metal recovery" on page 760 "Performing a test integrated bare metal recovery" on page 770 Implementing Windows integrated bare metal protection For best results, it is recommended that you plan your strategy for disaster recovery before a client fails. This section provides a high-level overview of the steps you must complete to implement integrated bare metal protection for your Windows clients. It identifies steps to complete before and after a client fails. Perform the following before a client fails Step 1: Determine which Windows operating system the client is running and whether it is the 32bit or 64-bit version. For instructions, see the Microsoft document Which Windows operating system am I running? Step 2: Verify that the client’s operating system is supported, and review the additional considerations for integrated BMR. See "Prerequisites for Windows integrated bare metal recovery" on page 756. Step 3: Determine whether the client’s firmware interface type is BIOS or UEFI. In most version of Windows, you can determine the firmware interface type by viewing system information (as described in the Microsoft document What is System Information?) or by viewing the Windows machine’s volumes in the computer management tool (see the Microsoft document What are Administrative Tools?). Step 4: Upgrade your backup system to release 7.4 or higher. For instructions on updating your system, see "About system updates" on page 92. Step 5: Install Windows agent version 7.4 or higher. See "Windows agent versions" on page 425 for details about Windows agents. Step 6: Run file-level backups that include disk metadata. Disk metadata is captured in all filelevel backups run with agent version 7.4 or higher unless you exclude critical volumes using selection lists. (For details about running file-level backups, see "File-level Backups" on page 159.) Step 7: Review the recovery scenarios described in "Supported integrated bare metal recovery scenarios" on page 758. To recover a failed client Step 8: Perform the integrated BMR recovery using the procedures described in "Performing the integrated bare metal recovery" on page 760. Prerequisites for Windows integrated bare metal recovery Consider the prerequisites for integrated BMR as you plan your disaster recovery strategy. For Windows operating systems not supported by integrated BMR, use "Windows image-based bare metal recovery " on page 771. Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 757 Supported operating systems Recovery to identical hardware and virtual machines is supported for the operating systems listed below. • • • • • • • • • Windows XP (32-bit and 64-bit) • • Windows Server 2012 (64-bit) Windows Server 2003 (32-bit and 64-bit) Windows Server 2003 R2 (32-bit and 64-bit) Windows Vista (32-bit and 64-bit) Windows 7 (32-bit and 64-bit) Windows 8 (32-bit and 64-bit) Windows 8.1 (32-bit and 64-bit) Windows Server 2008 (32-bit and 64-bit) Windows Server 2008 R2 (64-bit) Windows Server 2012 R2 (64-bit) Recovery to dissimilar hardware is supported for clients running Windows Vista/Server 2008 and later. Additional considerations for integrated BMR • GPT disks are supported. • Dynamic disks are not supported. Note: To protect the operating systems of clients using dynamic disks, you must use cold bare metal protection, as described in "Performing cold bare metal backups and restores" on page 792. • BIOS- and UEFI-based clients are supported. The firmware interface type (BIOS or UEFI) of the destination machine must match that of the failed client. • Backups used for the recovery must contain disk metadata (For details, see "About eligible backups for Windows integrated bare metal recovery" on page 758.) • • Backups used for the recovery must have been run with agent version 7.4 or higher. • • Wireless network adapters cannot be used for the recovery. • WinPE 4.0 requires the processor features NX, PAE, SSE2 to be enabled. You might need to enable these features for a physical destination machine before booting from the ISO image. For instructions, see KB 1190. Machines that do not have these processor features cannot be used for the restore. Recovery to a virtual machine is supported on VMware ESX/ESXi 5.0 and higher and all versions of Hyper-V. The integrated bare metal recovery ISO image contains WinPE 4.0, which is based on Windows 8. If you are restoring to a physical machine, you might need to add Windows 8 drivers for the restore. For more about adding drivers during the recovery process, see "About adding drivers during the integrated bare metal recovery" on page 759. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 758 • After recovering a Hyper-V server, you must run the following command on the Hyper-V server: bcdedit /set hypervisorlaunchtype Auto. You should then reboot the server. Supported integrated bare metal recovery scenarios The supported integrated bare metal recovery scenarios are listed below. You can perform all of the recovery scenarios using the instructions provided in "Performing the integrated bare metal recovery" on page 760. • Restore to same physical hardware as the failed client. Supported for all operating systems listed in "Supported operating systems" on page 757. • Restore a failed physical client to a virtual machine (Hyper-V/VMware). Supported for all operating systems listed in "Supported operating systems" on page 757. Supported on VMware ESX/ESXi 5.0 and higher and all versions of Hyper-V. • Restore a failed virtual client to a virtual machine. Supported for all operating systems listed in "Supported operating systems" on page 757. Supported on VMware ESX/ESXi 5.0 and higher and all versions of Hyper-V. • Restore a failed virtual client to a physical machine. Supported for Windows 7/ Server 2008 R2 and higher. Note: To restore a failed virtual client using the integrated bare metal recovery feature, you must have protected the client using agent backups. If you have protected the client with VM backups, you can use the procedures for restoring an entire VM from a backup. For details, see "Restoring Hyper-V virtual machines" on page 606 and "Restoring the entire VMware virtual machine" on page 656. • Restore a failed physical client to dissimilar hardware. Supported for Windows Vista/Server 2008 and higher. • Restore a failed physical client to dissimilar hardware with fewer disks. Supported for Windows Vista/Server 2008 and higher. • Restore a failed physical client to hardware with smaller or larger disks. Supported for all operating systems listed in "Prerequisites for Windows integrated bare metal recovery" on page 756. • Restore a failed client BIOS/MBR configuration to dissimilar BIOS/MBR configuration. Supported for Windows Vista/Server 2008 and higher. • Restore a failed client UEFI/GPT configuration to dissimilar UEFI/GPT configuration. Supported for Windows Vista/Server 2008 and higher. • Restore multi-boot configured BIOS servers. About eligible backups for Windows integrated bare metal recovery For a client’s operating system to be recovered using the integrated BMR feature, eligible file-level backups for the client must reside on a Unitrends Recovery-Series or UEB backup system or replication target running release 7.4 or higher. A file-level backup is eligible for an integrated BMR if it meets all of the following criteria: • It is successful. Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 759 • It is a full, differential, or incremental file-level backup that contains disk metadata. Disk metadata is captured in all file-level backups run with agent version 7.4 or higher unless you exclude critical volumes using selection lists. If you are using selection lists, and you want to determine whether a backup is eligible, see "To verify that a file-level backup is eligible for integrated bare metal recovery" on page 759. • It was run with agent version 7.4 or higher. Note: Bare metal backups cannot be used for integrated bare metal recovery. You can recover an operating system from a bare metal backup using the procedure described in "Windows image-based bare metal recovery " on page 771. However, if you have eligible file-level backups for a failed client, it is recommended that you use one of these backups to perform an integrated bare metal recovery to take advantage of significant performance enhancements. To verify that a file-level backup is eligible for integrated bare metal recovery 1 View backup details, as described in "To view backup details" on page 149. 2 Verify that for the Category DiskMetadata, the Entry is Yes. If the Entry is Yes, then the backup contains disk metadata, and it is eligible for integrated BMR. If the Entry is No, then the backup does not contain disk metadata, and it is not eligible. 3 Repeat step 2 above as needed to determine whether other backups are eligible. If no eligible backups reside on your backup system, then you must run new file-level backups that capture disk metadata if you want to use integrated BMR in the event that the client fails. For details, see "About executing file-level backups" on page 166. About integrated bare metal recovery ISO images For the recovery, you must use the 32-bit or 64-bit integrated BMR ISO image provided on the Unitrends Recovery-Series or UEB appliance. The ISO contains WinPE 4.0, a minimal version of Windows used for installations, and the Unitrends Integrated Bare Metal Recovery Wizard that guides you through the recovery. For details about WinPE 4.0, see the Microsoft TechNet document WinPE: Windows PE Overview. To access the images, see "Accessing the integrated bare metal recovery ISO images" on page 760. About adding drivers during the integrated bare metal recovery Depending on the recovery destination and your operating system, you might need to add drivers during different stages of the recovery. For details, see the following topics: • • "Loading WiinPE drivers for integrated bare metal recovery" on page 759 "Injecting restored operating system drivers for integrated bare metal recovery" on page 760 Loading WiinPE drivers for integrated bare metal recovery The Integrated BMR Wizard uses WinPE 4.0 for the recovery. WinPE 4.0 is based on Windows 8, and if it cannot detect a network adapter or storage disks, you must load Windows 8 drivers into WinPE for the restore. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 760 Note: WinPE 4.0 is used only for the restore. After the wizard restores the critical volumes from the failed client, you might need to inject additional drivers into the restored operating system before you can reboot the restored client. Injecting restored operating system drivers for integrated bare metal recovery After the critical volumes have been restored, you must inject drivers into the restored operating system if you are restoring to dissimilar hardware or to a virtual machine. If you restore to a physical machine, drivers vary depending upon the hardware and operating system. It is recommended that you verify whether the operating system requires additional drivers to run on the hardware to which you will restore before beginning the recovery. If you restore to a virtual machine, you must inject ESX or Hyper-V guest storage drivers, depending upon your virtual environment. These drivers are included in the integrated BMR ISO image. Performing the integrated bare metal recovery This section provides a high-level overview of the steps you must complete to perform the integrated bare metal recovery. Before beginning the recovery, it is recommended that you read "Implementing Windows integrated bare metal protection" on page 756, which provides an overview of the recovery process and identifies the prerequisites and supported recovery scenarios. You can perform all of the recovery scenarios using the Integrated Bare Metal Recovery Wizard, as described in "Running the Integrated Bare Metal Recovery Wizard" on page 762. Use the following steps to perform the recovery: Step 1: "Accessing the integrated bare metal recovery ISO images" on page 760 Step 2: "Preparing the destination machine for an integrated bare metal recovery" on page 761 Step 3: "Running the Integrated Bare Metal Recovery Wizard" on page 762 Step 4: "Post-restore driver injection" on page 769 Note: Step 5: This step is required only when restoring to dissimilar hardware. "Completing the integrated bare metal recovery" on page 770 Accessing the integrated bare metal recovery ISO images For the recovery, you must use the 32-bit or 64-bit integrated BMR ISO image provided on the Unitrends Recovery-Series or UEB appliance. The ISO contains WinPE 4.0, a minimal version of Windows used for installations, and the Unitrends Integrated Bare Metal Recovery Wizard that guides you through the recovery. Use the procedure described below to access the 32-bit and 64-bit ISO images. To access the integrated bare metal recovery ISO images 1 Mount a working client to the Samba share virtual_failover on your Unitrends appliance. Mounting procedures vary depending upon the operating system, but for most Windows versions, you should be able to access the Map network drive option after selecting Computer. For example, to mount to the virtual_failover share in Windows 7, you can select Computer and then Map network drive. You can then map to the Samba share by entering the following in the Folder field: \\\virtual_failover. Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 761 2 Select winbm32 for 32-bit BIOS-based clients and winbm for 64-bit BIOS-based clients. Select winbm for 32-bit and 64-bit UEFI clients. 3 Burn the image to a disk for recovery to a physical machine, or save it in a location that you can access from your hypervisor for recovery to a virtual machine. 4 Proceed to "Preparing the destination machine for an integrated bare metal recovery" on page 761 to continue the recovery. Preparing the destination machine for an integrated bare metal recovery You can restore a failed client to a physical or virtual machine. Your first step in performing the integrated bare metal recovery is to prepare the destination machine. See the topics below for instructions: • • "To prepare a physical machine for an integrated bare metal recovery" on page 761 "To prepare a virtual machine for an integrated bare metal recovery" on page 762 To prepare a physical machine for an integrated bare metal recovery Note: 1 WinPE 4.0 requires the processor features NX, PAE, SSE2 to be enabled. You might need to enable these features for the destination machine before booting from the ISO image. For instructions, see KB 1190. Machines that do not have these processor features cannot be used for the restore. Determine whether the machine’s firmware interface type (BIOS or UEFI) matches the firmware interface type of the failed client. If you do not know whether the failed client’s firmware interface type is BIOS or UEFI, you can attempt the recovery, but the restored client will not boot if you try to restore to a dissimilar interface type. 2 Make sure the machine has enough disk space for the restore. • The restore destination can have smaller disks than the failed client; however, if the disks on the target machine do not have enough space for the data on the critical volumes, the restore will fail. Note: After a client has failed, there is no way to determine the size of its critical volumes. You can determine the size of a client’s backup by viewing the backup details as described in "To view backup details" on page 149. However, the size of the critical volumes will be smaller than the total size of a full backup if it also contains non-critical volumes. If you are unsure about the size of the critical volumes, it is recommended that you restore the failed client to destination disks that are the same size as the original disks or larger. CAUTION! If you are restoring to new disks, any existing data on the destination disks is overwritten or deleted during the restore, even if the disks have more than enough space. Before performing a restore, make sure you have additional copies of any data on the destination disks. If you are restoring to the original disk, only the restored volumes are overwritten. Other volumes on the original disk are not impacted by the restore. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 762 3 Load the disk with the burned ISO image into the machine’s CD/DVD drive. For instructions on accessing the ISO, see "Accessing the integrated bare metal recovery ISO images" on page 760. 4 Proceed to "Running the Integrated Bare Metal Recovery Wizard" on page 762 to begin the integrated bare metal recovery. To prepare a virtual machine for an integrated bare metal recovery 1 Create a Hyper-V or VMware virtual machine or edit the settings of an existing VM. • Make sure the VM’s firmware interface type (BIOS or UEFI) matches the firmware interface type of the failed client. • Add enough memory to satisfy Microsoft’s support guidelines for the operating system being restored. The integrated bare metal recovery ISO requires at least 1 GB of memory. • Assign the VM a virtual hard disk with enough memory for the restore. You can restore to a disk that is smaller than the original disk, but the restore fails if the disk does not have enough space for the critical volumes. Note: After a client has failed, there is no way to determine the size of its critical volumes. You can determine the size of a client’s backup by viewing the backup details as described in "To view backup details" on page 149. However, the size of the critical volumes will be smaller than the total size of a full backup if it also contains non-critical volumes. If you are unsure about the size of the critical volumes, it is recommended that you restore the failed client to destination disks that are the same size as the original disks or larger. CAUTION! If you are restoring to new disks, any existing data on the destination disks is overwritten or deleted during the restore, even if the disks have more than enough space. Before performing a restore, make sure you have additional copies of any data on the destination disks. If you are restoring to the original disk, only the restored volumes are overwritten. Other volumes on the original disk are not impacted by the restore. • For a VMware virtual machine, make sure you are using the E1000 NIC. Note: • 2 This requirement is necessary only for the restore. After rebooting the restored client, you can use a different NIC. Add the bare metal ISO image to the VM’s disk drive. For instructions on accessing the ISO, see "Accessing the integrated bare metal recovery ISO images" on page 760. Proceed to "Running the Integrated Bare Metal Recovery Wizard" on page 762 to begin the integrated bare metal recovery. Running the Integrated Bare Metal Recovery Wizard Perform the recovery process using the Integrated Bare Metal Recovery Wizard. See the following topics for details: • • "To perform the integrated bare metal recovery to a physical destination" on page 763 "To perform the integrated bare metal recovery to a virtual destination" on page 766 Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 763 To perform the integrated bare metal recovery to a physical destination Follow these instructions to restore to identical or dissimilar hardware. Note: If you exit the Integrated BMR Wizard before you are finished with the recovery, you are taken to a command window. To return to the wizard from this window, run the following command: z:\pcpb\Restore.exe. 1 Prepare the destination machine using the procedure described in "To prepare a virtual machine for an integrated bare metal recovery" on page 762. 2 Boot the destination machine from the bare metal ISO image. The machine boots in WinPE 4, and the first screen of the Integrated Bare Metal Recovery Wizard displays. Note: If a message displays stating that you must set up networking to continue or that no disks are detected on the local system, you might need to load drivers into WinPE. Click Ok to allow the boot to continue. If necessary, you can load drivers as part of the next step. To set up the local environment for the integrated bare metal recovery To begin the recovery process, you must set up the local environment to ensure that the destination machine can communicate with the appliance that is storing the backup you will use for the recovery. 3 Select a network adapter in the drop-down menu to begin configuring network settings for the destination machine. If the machine has more than one adapter, the default adapter displays first. If a network adapter does not display, WinPE cannot detect one. To resolve this problem, perform the following: • • Ensure that the network cable is plugged in to an active port. If the adapter is connected to the network and WinPE is unable to detect it, you must load a Windows 8 network driver into WinPE. Use the Load WinPE Drivers section of the wizard screen to enter a Path for a driver or Browse to locate a driver. 4 Skip this step unless the wizard informs you that no disks are detected on the local systems. If no disks are detected, you must load Windows 8 storage drivers into WinPE. Use the Load WinPE Drivers section of the wizard screen to enter a Path for a driver or Browse to locate a driver. 5 If DHCP is configured for your network, network settings are assigned automatically. If DHCP is not configured, or if you wish to configure network settings for the target machine manually, click Change Settings. Then enter a unique IP address for the machine, and the Subnet Mask and the Gateway for the network. It is not necessary for the network settings to match those of the original client. The only requirement for network setup is that the machine can communicate with the appliance that is storing the backup that you will use for the recovery. Note: The network settings that you configure during this step are used only for the restore. They are not applied to the network adapter when you reboot the restored operating system. Before connecting the restored client to your network, you must reconfigure the client’s network settings. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 764 6 Select the time zone of the Unitrends system storing the backup that you will use for the restore. 7 Click Next to proceed to the next screen in the wizard. To select a source and recovery point for integrated bare metal recovery You must now select an appliance and recovery point for the restore. 8 Select a source for the restore. The wizard detects any backup systems and replication targets on the same subnet as the destination machine and displays them in the Backup Source dropdown menu. Select a system from this drop-down menu, or enter the IP address for a different system if you want to restore from a system on a different subnet. If you are using replication, when selecting the source for the restore, you must determine whether you want to restore from a client’s local or replicated backup. To restore from a local backup, you must select a backup system containing local backups for the client. To restore from a replicated backup, you must select the target to which the client’s backups have replicated. 9 Select a Client from the drop-down menu. Only clients with eligible backups display in the menu. Eligible backups contain the system state data necessary for the integrated bare metal recovery. For more about eligible backups, see "About eligible backups for Windows integrated bare metal recovery" on page 758. 10 Select a recovery point in the calendar. If multiple backups exist for a client on a given day, the different times for these backups display in the Recovery Point drop-down menu. If the recovery times do not match the backup times on the Unitrends system, verify that in step 6 above you selected the time zone of the system that you are using for the restore. Click Next to continue. To map drives/volumes for integrated bare metal recovery After selecting an appliance, client, and recovery point for the restore, you must map the failed client’s disks and volumes to disks in the recovery destination. 11 In the Drive/Volume Mapping screen of the Integrated Bare Metal Recovery Wizard, select critical volumes from the client’s backup to restore to the destination machine. • Disks and critical volumes (boot, system, and other critical volumes) that can be restored from the recovery point you have selected display in the Source Disks/Volumes window in the top part of the screen. GPT disks are identified in the window. For the most recent versions of Windows, two volumes display: a boot volume and a system volume. For most older versions, the boot and system files are on a single volume. Some clients require additional critical volumes to boot, and these volumes also display in the Drive/Volume Mapping screen. • Non-critical volumes do not display because they cannot be restored through the Integrated Bare Metal Recovery Wizard. (For details about restoring non-critical volumes after performing the bare metal recovery, see "Completing the integrated bare metal recovery" on page 770.) • If the recovery destination is reasonably similar to the original machine, the wizard automatically maps the backed up volumes to the destination disk. To perform the mapping manually, uncheck the box next to Restore to original system (automatic mapping). Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 765 • The wizard does not require you to select all critical volumes displayed in the Source Disks/Volumes window to proceed, but for the recovery to succeed, you must select the volumes necessary for the operating system to boot. If you are unsure, select all critical volumes displayed in the window. You can select all critical volumes by highlighting the disk that contains them. 12 Add selected volumes to the Destination Disks window in the bottom half of the integrated BMR screen. After highlighting the necessary volumes in the Source Disks/Volumes window, highlight the destination disk in the Destination Disks window. Then click Add to map the volume to the destination disk. To remove a volume, select the volume you wish to remove and click Remove. Consider the following when selecting a destination disk for the restore: • If you are restoring to a new disk, and this destination contains existing volumes, they are deleted during the restore and new volumes are created. If you are restoring to the original disks, only the restored volumes are overwritten. Other volumes on the original disk are not impacted by the restore. • It is recommended that the destination disk be the same size as the original disk or larger to ensure that there is enough space for the critical volumes. However, the destination disk can be smaller than the original disk. Before initiating the recovery, you must make sure that the disk is large enough for the critical volumes; otherwise, the recovery will run until the disk is full, and then it will fail. Note: The disk/volume sizes displayed in the Source Disk/Volume window are the total capacity of the original disks/volumes and not the size of the backup that will be restored. After a client has failed, there is no way to determine the size of its critical volumes. You can determine the size of a client’s backup by viewing the backup details as described in "To view backup details" on page 149. However, the size of the critical volumes will be smaller than the total size of a full backup if it also contains non-critical volumes. If you are unsure about the size of the backed up data on the critical volumes, it is recommended that you restore the failed client to destination disks that are the same size as the original disks or larger. • Volumes are assigned numbers during the restore that do not necessarily match the numbers from the original disk. • For dissimilar restores of multi-boot configured BIOS servers, the boot and system volumes must be restored to the same disk numbers used on the original server. Click Next to proceed to the Execute the Restore screen. To execute the integrated BMR 13 Click Restore in the Execute the Restore screen to start the restore. The Integrated BMR Wizard assigns the restore a job number. You can monitor its progress in the Restore Progress window in the top half of the wizard screen or in the Status screen of the appliance where the backed up volumes reside. The restore process can take several minutes. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 766 14 If the restore destination has hardware that is identical to that of the failed client, you are ready to reboot the destination machine. Click Reboot, and then proceed to step 15 below. If you have restored to dissimilar hardware, you must inject drivers before rebooting. Skip to "Post-restore driver injection" on page 769. 15 When the restored client reboots, proceed to "Completing the integrated bare metal recovery" on page 770. Note: If the restored client fails to boot, you might need to inject drivers. To inject drivers, boot the machine from the disk and follow the instructions described in "Post-restore driver injection" on page 769. To perform the integrated bare metal recovery to a virtual destination Note: If you exit the Integrated BMR Wizard before you are finished with the recovery, you are taken to a command window. To return to the wizard from this window, run the following command: z:\pcpb\Restore.exe. 1 Prepare the destination machine using the procedure described in "To prepare a virtual machine for an integrated bare metal recovery" on page 762. 2 Boot the destination virtual machine from the integrated bare metal ISO image. The machine boots in WinPE 4, and the first screen of the Integrated Bare Metal Recovery Wizard displays. To set up the local environment for integrated bare metal recovery To begin the recovery process, you must set up the local environment to ensure that the destination machine can communicate with the appliance that is storing the backup that you will use for the recovery. 3 Select a network adapter in the drop-down menu to begin configuring network settings for the destination machine. If the machine has more than one adapter, the default adapter displays first. 4 If DHCP is configured for the VM’s host, network settings are assigned automatically. If DHCP is not configured, or if you wish to configure network settings for the target VM manually, click Change Settings. Then enter a unique IP address for the VM, and the Subnet Mask and the Gateway for the network. It is not necessary for the network settings to match those of the original client. The only requirement for network setup is that the VM can communicate with the appliance that is storing the backup that you will use for the recovery. Note: The network settings that you configure during this step are used only for the restore. They are not applied to the network adapter when you reboot the restored operating system. Before connecting the restored client to your network, you must reconfigure the client’s network settings. 5 Select the time zone of the Unitrends system storing the backup that you will use for the restore. 6 Click Next to proceed to the next screen in the wizard. To select a source and recovery point for integrated bare metal recovery You must now select an appliance and recovery point for the restore. Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 767 7 Select a source for the restore. The wizard detects any backup systems and replication targets on the same subnet as the VM and displays them in the Backup Source drop-down menu. Select a system from this drop-down menu, or enter the IP address for a different system if you want to restore from a system on a different subnet. If you are using replication, when selecting the source for the restore, you must determine whether you want to restore from a client’s local or replicated backup. To restore from a local backup, you must select a backup system containing local backups for the client. To restore from a replicated backup, you must select the target to which the client’s backups have replicated. 8 Select a Client from the drop-down menu. Only clients with eligible backups display in the menu. Eligible backups contain the system state data necessary for the integrated bare metal recovery. For more about eligible backups, see "About eligible backups for Windows integrated bare metal recovery" on page 758. 9 Select a recovery point in the calendar. If multiple backups exist for a client on a given day, the different times for these backups display in the Recovery Point drop-down menu. If the recovery times do not match the backup times on the Unitrends system, verify that in step 5 on the previous page you selected the time zone of the system that you are using for the restore. 10 Click Next to continue. To map drives/volumes for integrated bare metal recovery After selecting an appliance, client, and recovery point for the restore, you must map the failed client’s disks and volumes to disks in the recovery destination. 11 In the Drive/Volume Mapping screen of the Integrated Bare Metal Recovery Wizard, select critical volumes from the client’s backup to restore to the destination machine. • Disks and critical volumes (boot, system, and other critical volumes) that can be restored from the recovery point you have selected display in the Source Disks/Volumes window in the top part of the screen. GPT disks are identified in the window. For the most recent versions of Windows, two critical volumes display: a boot volume and a system a volume. For most older versions, the boot and system files are on a single volume. Some clients require additional critical volumes to boot, and these volumes also display in the Drive/Volume Mapping screen. • Non-critical volumes do not display because they cannot be restored through the Integrated Bare Metal Recovery Wizard. (For details about restoring non-critical volumes after performing the bare metal recovery, see "Completing the integrated bare metal recovery" on page 770.) • If the recovery destination is reasonably similar to the original machine, the wizard automatically maps the backed up volumes to the destination disk. To perform the mapping manually, uncheck the Restore to original system (automatic mapping) box. • The wizard does not require you to select all critical volumes displayed in the Source Disks/Volumes window to proceed, but for the recovery to succeed, you must select the volumes necessary for the operating system to boot. If you are unsure, select all critical volumes displayed in the window. You can select all critical volumes by highlighting the disk. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 768 12 Add selected volumes to the Destination Disks window in the bottom half of the integrated BMR screen. After highlighting the necessary volumes in the Source Disks/Volumes window, highlight the destination disk in the Destination Disks window. Then click Add to map the volume to the destination disk. To remove a volume, select the volume you wish to remove and click Remove. Consider the following when selecting a destination disk for the restore: • If you are restoring to a new disk, and this destination contains existing volumes, they are deleted during the restore and new volumes are created. If you are restoring to the original disks, only the restored volumes are overwritten. Other volumes on the original disk are not impacted by the restore. • It is recommended that the destination disk be the same size as the original disk or larger to ensure that there is enough space for the critical volumes. However, the destination disk can be smaller than the original disk. Before initiating the recovery, you must make sure that the disk is large enough for the critical volumes; otherwise, the recovery will run until the disk is full, and then it will fail. Note: • The disk/volume sizes displayed in the Source Disk/Volume window are the total capacity of the original disks/volumes and not the size of the backup that will be restored. After a client has failed, there is no way to determine the size of its critical volumes. You can determine the size of a client’s backup by viewing the backup details as described in "To view backup details" on page 149. However, the size of the critical volumes will be smaller than the total size of a full backup if it also contains non-critical volumes. If you are unsure about the size of the backed up data on the critical volumes, it is recommended that you restore the failed client to destination disks that are the same size as the original disks or larger. Volumes are assigned numbers during the restore that do not necessarily match the numbers from the original disk. Click Next to proceed to the Execute the Restore screen. To execute the integrated BMR 13 Click Restore in the Execute the Restore screen to start the restore. The Integrated BMR Wizard assigns the restore a job number. You can monitor its progress in the Restore Progress window in the top half of the wizard screen or in the Status screen of the appliance where the backed up volumes reside. The restore process can take several minutes. 14 After the critical volumes have been restored to the destination disk, you must inject an ESX or Hyper-V guest storage driver, depending upon your virtual environment. Click Driver Injection, and the Final Steps screen of the wizard displays. Note: If you attempt to reboot without adding the driver, the VM will boot to a blue screen. You can return to the Integrated BMR wizard by booting from the disk containing the ISO image. The wizard will return to the first screen, and you can click Driver Injection and continue with step 15 on the facing page to inject the necessary driver. Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 769 15 Click the Add Driver button near the bottom of the screen. 16 Select the ESX or Hyper-V guest storage driver, and then click Done to add the driver to the list of drivers being injected. 17 To inject the driver, highlight the volume containing the operating system files in the window Client’s Offline Disk and Volume(s) Information. Then highlight the driver to add and click Inject. 18 When you receive a message stating that the driver injection was successful, you are ready to reboot the VM. Once the volumes have been restored, the Restore button in the wizard becomes a Reboot button. Click Reboot to complete the Integrated BMR Wizard. After the VM reboots, you can restore data from the non-critical volumes that were not restored as part of the integrated BMR, as described in "Completing the integrated bare metal recovery" on page 770. Post-restore driver injection Note: This step is required only when restoring to dissimilar hardware. If you are restoring to dissimilar hardware, or if a restored operating system fails to boot, you may need to inject drivers, so the operating system can communicate with the new hardware. You must perform this procedure from within the Integrated Bare Metal Recovery Wizard. If you are continuing from step 15 on page 766 of the procedure "To perform the integrated bare metal recovery to a physical destination" on page 763, you see the Driver Injection button on the screen that you used to restore the critical volumes. If you have booted from the integrated bare metal ISO after your restored operating system failed to boot, you are returned to the first screen of the wizard, and you can click Driver Injection in this screen. Note: If you have returned to the wizard after your restored operating system failed to boot, do not use the Load Driver button under Load WinPE Drivers. This loads drivers into WinPE for the restore. Because your operating system has already been restored, you must inject drivers into this restored operating system instead. To inject drivers into a restored operating system 1 Click Driver Injection. 2 Click the Add Driver button near the bottom of the screen. You can now browse for drivers to inject. 3 When you locate the necessary driver, select it and click Done to add it to the window labeled List of drivers being injected. Repeat this step as needed to add all the necessary drivers. 4 To inject drivers, highlight the volume containing the operating system files in the window Client’s Offline Disk and Volume(s) Information. Then highlight a driver to add and click Inject. Repeat this step as needed to inject all the necessary drivers. 5 When the wizard notifies you that drivers have been successfully injected, click Reboot. 6 When the restored client reboots, you can restore data from the non-critical volumes that were not restored as part of the integrated BMR, as described in "Completing the integrated bare metal recovery" on page 770. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 770 Note: If the restored client fails to reboot, you might need to add additional drivers. Completing the integrated bare metal recovery After you have restored the critical volumes, injected necessary drivers, and successfully rebooted your restored client, use the steps described in this section to complete the recovery. To complete the integrated bare metal recovery 1 Configure network settings for the restored client. The network settings that you used for the restore in WinPE are not retained when you restore the failed client’s operating system. Consider the following when configuring network settings for the restored client: • If you assign it the same IP address as the failed client, the backup system treats it as if it is the original failed client. • If you are using DHCP to assign IP addresses and you registered the original client to the backup system using only the client’s name, the backup system detects the restored client after you connect it to the network unless you rename it. The backup system then treats the restored client as if it is the original client. • If the original client is still connected to the network, you must assign the restored client a unique IP address and rename it before connecting to the network to avoid conflicts. 2 If necessary, you can now restore data that resides on non-critical volumes. For details, see "Executing a point-in-time restore" on page 346. To restore data on non-critical volumes from a replication target, see "Restoring replicated backups" on page 319. If all of your data resides on the critical volumes, then it has already been restored. 3 The backup system now protects the restored client using the same settings it used to protect the failed client. Existing backup and archive schedules for the failed client are now applied to the restored client. It is not necessary to create new schedules for the restored client. Notes: • For Exchange servers - If you are unable to mount Exchange databases after performing the restore, the databases may be in a Dirty Shutdown state. See this Microsoft article for details: Exchange Database is in a Dirty Shutdown State.. • For Hyper-V servers - After booting the recovered Hyper-V server, you must run the following command on the Hyper-V server: bcdedit /set hypervisorlaunchtype Auto. You should then reboot the server. Performing a test integrated bare metal recovery Before a client fails, you can perform a test integrated bare metal recovery without impacting the original client. As long as you assign the restored client a unique IP address and rename it, the test recovery will not result in any network conflicts with the original client. To perform the test recovery, use the procedures described in "Performing the integrated bare metal recovery" on page 760. CAUTION! If you perform a test recovery and do not assign the restored client a unique name and IP address, this will result in conflicts. Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 771 Windows image-based bare metal recovery Use Unitrends image-based bare metal recovery to restore Windows clients from hot bare metal backups. See the following topics for details: Note: • • • • Beginning in release 7.4, you have two options for hot bare metal recovery (BMR) of Windows clients: Windows integrated BMR and Windows image-based BMR. See "Integrated BMR and image-based BMR comparison" on page 754 before proceeding with image-based recovery. "Windows image-based recovery overview" on page 771 "Implementing image-based bare metal protection" on page 772 "Image-based bare metal restore procedures" on page 776 "Additional considerations for Windows imaged-based bare metal" on page 781 Windows image-based recovery overview Windows bare metal backups and image-based restores can be performed on all recent Windows operating systems. The following sections describe the functionality Unitrends provides with bare metal tools, as well as the necessary system requirements for backup and restore operations. The following functionality is provided with the feature: • • • • Disk-level backup of all partitions on the system disk Disk-level restore of all partitions on the system disk Restore of system partition table Dynamic driver loading to inject drivers that are not included on the boot media Windows system requirements for image-based bare metal This section describes requirements for Windows bare metal protection. Supported operating systems The following operating systems support hot bare metal backups and restores: • Microsoft Windows 2000 (WinPE 1.5) Note: On Windows 2000, hot bare metal does not guarantee application consistency since no applications are compliant with Microsoft Volume Shadow-copy Services (VSS) application programming interfaces on this operating system. Due to limited VSS support in Windows 2000, combinations of non-VSS aware applications can result in consistency issues with the system state. This can cause bare metal images to be unstable. If this occurs, use cold bare metal backups to ensure image integrity as described in "Performing cold bare metal backups and restores" on page 792. • Microsoft Windows XP (32-bit and 64-bit, WinPE 1.5). Recovery to identical hardware is supported. Recovery to dissimilar hardware is not supported. • Microsoft Windows Server 2003 (32-bit and 64-bit, WinPE 1.5). Recovery to identical hardware is supported. Recovery to dissimilar hardware is supported for some distributions. See the Compatibility and Interoperability Matrix for details. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 772 • • • • • • • • • Microsoft Windows Server 2003 R2 (WinPE 1.5). Vista (32-bit and 64-bit, WinPE 2.0) Windows 7 (WinPE 2.0) Windows 8 (WinPE 2.0) Windows 8.1 (WinPE 2.0) Microsoft Windows Server 2008 (32-bit and 64-bit, WinPE 2.0) Microsoft Windows Server 2008 R2 (WinPE 2.0) Microsoft Windows Server 2012 (64-bit, WinPE 2.0) Microsoft Windows Server 2012 R2 (WinPE 2.0) Additional image-based bare metal requirements In addition, the following conditions must be met for hot bare metal backups: • • • • Client bare metal agent is version 2.1 or higher. Client is registered to the Unitrends system. Disks configured as Basic (not Dynamic). MBR boot partition. Note: Systems with dynamic disks and GPT boot partitions can be protected through cold bare metal backups. See "Linux cold bare metal protection" on page 791 for details. Systems with UEFI BIOS are automatically partitioned with GPT and should be protected with cold bare metals. Windows image-based restore requirements The following conditions must be met for image-based restores: • • • • • Bare metal boot media has been created and is available for the client. A valid hot bare metal backup exists for the client. The restore target machine has a minimum of 256MB of RAM available. The target has a graphics card supporting a minimum 800X600 resolution. The target disk is at least as large as the source disk. Implementing image-based bare metal protection To ensure your Windows systems are fully protected in the event of a disaster, implement imagebased hot bare metal protection as follows: Note: Beginning in release 7.4, you have two options for hot bare metal recovery (BMR) of Windows clients: Windows integrated BMR and Windows image-based BMR. See "Integrated BMR and image-based BMR comparison" on page 754 before proceeding with image-based recovery. Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 773 Perform the following before a client fails Step 1: Install the Unitrends core and bare metal agents, and add the client to the backup system. See "Windows agent versions" on page 425. Step 2: Use the Bare Metal Media tool to create a bare metal .iso image. See "Creating the boot media for image-based recovery" on page 773. Make sure you have a bare metal boot disk for each client you are protecting. Step 3: Burn the bare metal .iso to CD. See "Creating the boot media for image-based recovery" on page 773. Step 4: Run periodic hot bare metal backups. A valid hot bare metal backup is required to perform a bare metal restore of the client. Windows hot bare metal backups are scheduled and executed in the same manner as regular file-level backups. See "To create a backup schedule" on page 168 for details. To recover a failed client Step 5: Perform the image-based BMR recovery using the procedures described in "Image-based bare metal restore procedures" on page 776. Creating the boot media for image-based recovery A new Windows bare metal .iso image and bootable CD should always be created after an agent upgrade to utilize new product features. Once you have added the Windows server to the Unitrends system, use this procedure to create a bare metal .iso. For details on adding the Windows server, see "About adding clients" on page 69. See the following for details on creating the boot media: • • "To create the Windows bare metal boot media" on page 773 "Additional notes for burning bare metal Boot CDs on Windows OS" on page 774 To create the Windows bare metal boot media 1 Log in to the Windows server and launch the Bare Metal Media program. From the Start Menu, select All Programs > Unitrends Agent, then right-click Bare Metal Media and select Run as Administrator. 2 3 Enter the following in the Unitrends System Settings fields: • System Name - The hostname of the Unitrends system to which this Windows client is registered. • • System IP - IP of the Unitrends system. Select a device in the Select a backup device list. If you are storing backups on the default device, select D2DBackups. Review the Client Settings. These are populated by default, and will be the network settings that your server will have after the restore process. Note: If performing a bare metal restore as part of a test, consider changing the Client IP to a free IP address so as not to affect your production server. See "Considerations for bare metal test restores" on page 751 for details. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 774 4 If necessary, check the DHCP checkbox. This will cause the client to reach out to a DHCP server and grab an available address upon booting from the bare metal CD. Leave the firewall and resolve client IPs boxes unchecked. These features are deprecated and should not be used. 5 Review the path in the Save Windows Bare Metal ISO to area. If desired, you can change this path to save to a different location. The default location is C:\PCBP_BM\WinBm.dir\cdrom_ images. 6 Review the Save Windows Bare Metal ISO as area to see the name of the .iso that will be created. If desired, you can modify the .iso file name. 7 Click Create ISO. 8 On the Continue page, check for the message All tests are successful, then click Yes to continue. If you do not see a success message, modify settings as required before clicking Create ISO. 9 Do one of the following: For... Procedure WinPE The system creates the .iso. Proceed to step 10 below. 2.0 Note: The option to insert 3rd party drivers does not exist on WinPE 2.0 machines. You will have the ability to inject drivers at the time of the restore. WinPE You are asked if you would like to insert additional drivers: 1.5 • Click Yes to inject drivers. Browse to your driver(s), select them in the box on the right, and click Add. Be certain to check the Mass storage device checkbox if drivers are being added for a mass storage device. Click Continue to proceed with the .iso creation process. • Click No if you do not wish to inject drivers. The .iso creation process continues. 10 Once created, the Success page displays. • If this is a physical client, burn the .iso to CD. For an example of this procedure, see "Additional notes for burning bare metal Boot CDs on Windows OS" on page 774. • For virtual clients, be sure to store the .iso image in a safe place. Additional notes for burning bare metal Boot CDs on Windows OS Here we are using Nero5 software as an example. Other programs can be used but you need to refer to the documentation for the burner you are using to walk you through the process of creating a bootable CD from an .iso image, which is not the same as burning an .iso image to a CD. Please note the distinction. To burn the .iso to disk 1 Start up the Nero5 software, press Multi session and select No Multi session. 2 Go to the ISO section and select the following: Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 775 • • • • • ISO Level 2 for File/Directory name length Mode 2 for Format ASCII for Character Set Check the Allow pathdepth of more than 8 directories box Check the Allow more than 255 characters in path box 3 Press Burn and change the Write Method to disk-At-Once. 4 Select the image. 5 Make sure the Write Method still has disk-At-Once. 6 Write the CD. Testing bare metal media for image-based recovery To ensure the boot media you created functions properly, use the Bare Metal Hardware Confirmation option in the Windows Bare Metal GUI as described below. This verifies the disk can be used to connect to the Unitrends system and restore bare metal backups. Note: For information on other Windows Bare Metal GUI options, see "Windows imaged-based bare metal Interface" on page 782. To test the bare metal media 1 After creating the bare metal .iso and burning it to a disk, shut down your Windows server and boot it from the CD. 2 The bare metal GUI loads. This can take a few minutes. 3 A menu with eight buttons displays. Click Bare Metal Hardware Confirmation in the top right. The Bare Metal Hardware Confirmation dialog box displays. 4 Check boxes to ensure the following test options: Ping server, Quick connect server, and Disk read (MBR). 5 Click Start to begin the test. 6 The results of your test display. If you see Success, click OK and reboot your server into its operating system. If you see Windows Bare Metal Quick Test Failed, do one or all of the following: • Ensure that your server and the Unitrends system are able to communicate on your network. • Verify that the hostname and IP address of the WinPE environment matches up with the hosts table of the Unitrends system. View WinPE settings by clicking Bare Metal Setup from the main menu. View the Unitrends hosts file from the Unitrends Administrator Interface under Settings > Clients, Networking, and Notifications > Networks > Hosts. • Verify that your server uses MBR partitions. To do this, boot into the Windows operating system, open the Start menu, right-click Computer, click Manage, expand Storage, click Disk Management, right-click each of your disks (Disk 0, Disk 1, etc.), click Properties, click Volumes, and look for Partition Style. It should read Master Boot Record (MBR). 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 776 Image-based bare metal restore procedures For disaster recovery of the Windows client, the restore procedure varies slightly depending on the Windows Pre-installation Environment (WinPE) of the operating system and target to which you restore. Server 2003 R2 and earlier clients use WinPE 1.5, while Vista and later clients use WinPE 2.0. In general, you boot from the CD, then restore the system volume with the bare metal backup, followed by any other volumes and data with file-level backups (master, differential, or incremental). Before restoring, be sure the "Windows system requirements for image-based bare metal" on page 771 have been met. Then proceed to one of the following procedures: • "Physical to Virtual (P2V) image-based restores of Windows clients" on page 776 to create a virtual machine instance of a physical server. • "Dissimilar image-based bare metal restore for Windows 2003 and 2003 R2" on page 777 to restore Server 2003/2003 R2 to a computer of a different make, model, or hardware configuration. • "Dissimilar image-based restore for Vista and later environments" on page 780 to restore Windows Vista, 2008, and 2012 server to a computer of different make, model, or hardware configuration. Physical to Virtual (P2V) image-based restores of Windows clients With bare metal backups, you can use your UEB or Unitrends Recovery-Series appliance to create a VMware or Hyper-V virtual machine instance of a physical server. You will need a bare metal .iso file created with the Unitrends Bare Metal Media tool, and a bare metal backup of the server you want to restore. Note that if you’re performing the P2V operation as a test and the server you’re restoring is currently online, you will need to change the network settings in the Client Settings section of the Bare Metal Media tool to an available IP address. If you are restoring a domain controller to a Hyper-V VM, see "Special consideration for Domain Controllers on Hyper-V" on page 781 after completing the restore. See these procedures for details on P2V restores: • • • • "To perform a P2V image-based restore" on page 776 "Dissimilar image-based bare metal restore for Windows 2003 and 2003 R2" on page 777 "Dissimilar image-based restore limitations for WinPE 1.5 environments" on page 778 "Image-based restore to a Hyper-V virtual machine" on page 779 To perform a P2V image-based restore 1 If performing the restore as a test, first see "Considerations for bare metal test restores" on page 751. 2 Make sure the IP in the hosts file of the Unitrends system matches what was entered in the Client Settings section of the Bare Metal Media tool. To edit the hosts file, on the Backup system navigate to Settings > Clients, Networks, and Notifications > Networks > Hosts, select your client in the list, type in its new IP, and click Confirm. 3 Create your virtual machine. • • Do not install an OS on the VM. Add at least 2 GB of memory, or more if preferred. Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 777 • Give the virtual hard drive at least as much space as was available on the physical server. If you give it less space, the restore will fail. • Make sure you’re using the E1000 NIC for VMware, or the Legacy NIC for Hyper-V. For Hyper-V, this may require removing the existing network adapter and adding the legacy. For details, see "To configure the Hyper-V VM to use the legacy network adapter" on page 779. • Add your bare metal .iso to the VM’s disk drive. 4 Boot the VM from the bare metal .iso. 5 Once the bare metal screen comes up, select Bare Metal Restore. 6 A list of your bare metal backups appears at the top of the screen. Select the one you would like to use for your restore and click Start Restore. 7 On this screen, click Add to tell the Unitrends system to restore your bare metal backup to the virtual hard drive you created in step 3 on the previous page. Click OK. 8 The option to view real-time statistics appears in a dialog box. Monitor the status of the restore on the Bare Metal Statistics screen, or from the Unitrends Administrator Interface at Settings > System Monitoring > Jobs. 9 Once the restore is complete, inject the networking driver. 10 Click OK and then Exit to take you back to the Windows Bare Metal Restore screen. 11 Click Rescan Disk to scan for newly created partitions and volumes 12 Click Inject Offline Driver. 13 Select your OS volume under Disk information and click either ESX Guest Storage Driver or HyperV or Xen Guest Storage Driver. 14 Click Cancel to close windows until you’re back to the Windows Bare Metal menu. 15 Click Diagnostic Tools and Reboot to reboot your system. 16 At this point the Windows boot volume (usually C:) has been restored. Create and format additional volumes as necessary. IMPORTANT! If file-level backups of the original Windows client contain files from volumes outside of the Windows boot volume, you must create and format those additional volumes. File-level restore will fail if these additional volumes do not exist. 17 Perform file-level recovery to restore your machine to its latest backup. See "Executing a pointin-time restore" on page 346 for details. Note: For Exchange servers - If you are unable to mount Exchange databases after performing the restore, the databases may be in a Dirty Shutdown state. See this Microsoft article for details: Exchange Database is in a Dirty Shutdown State. Dissimilar image-based bare metal restore for Windows 2003 and 2003 R2 The Dissimilar Bare Metal feature provides the ability to restore a backup from one computer to a second computer of a different make, model, or hardware configuration. See the following topics for 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 778 details on the proper configuration and use of this feature. Note: • • • Dissimilar restores are supported for some Windows 2003 distributions. See the Compatibility and Interoperability Matrix for details. Dissimilar restores are not supported for Windows 2000 or Windows XP. "Dissimilar image-based restore limitations for WinPE 1.5 environments" on page 778 "To perform dissimilar image-based restores for WinPE 1.5 clients" on page 778 "Image-based restore to a Hyper-V virtual machine" on page 779 Dissimilar image-based restore limitations for WinPE 1.5 environments • Dual-boot or Multi-boot is not supported. • The bare metal backup must be created using Unitrends system version 3.0.0 or higher. • A boot disk must be made with the Unitrends Bare Metal Media tool. See "Creating the boot media for image-based recovery" on page 773. • You must not remove the boot media from the machine once the system has booted. The CD contains important Windows bare metal system files. This is a restriction of Microsoft Windows PE. • • A bare metal backup cannot be restored to a smaller disk. To restore to a Hyper-V virtual machine, you must first configure the VM with the legacy network adapter as described in "Image-based restore to a Hyper-V virtual machine" on page 779. To perform dissimilar image-based restores for WinPE 1.5 clients 1 If performing the restore as a test, first see "Considerations for bare metal test restores" on page 751. 2 If restoring to a Hyper-V VM only, complete the procedure "Image-based restore to a Hyper-V virtual machine" on page 779. 3 Boot the Windows server from the boot CD. Upon completion of the Windows bare metal boot process, the Windows Bare Metal interface displays. 4 Select Bare Metal Restore. This loads the restore GUI which lists all the bare metal backups for this client stored on the backup system. Select one of the backups (normally the most current one). 5 Check the Enable Seek in Restore checkbox to speed up the restore by only sending data to the client, skipping unused sections of the disk. 6 Select the appropriate options for the desired restore operation and click Start Restore. 7 Select the backup and disk to be restored and click Add. 8 Select the Enable Dissimilar Restore checkbox. Then locate the appropriate drivers. Select the known platform that you are restoring to from the list. Then click OK to continue with the verification of the driver files. 9 A message displays to acknowledge the success or failure of the driver file verification. • If the driver file verification is successful, select OK to continue with the restore and inject Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 779 the necessary driver files. • If verification fails, select OK to locate and verify drivers in a different location. 10 Upon successful completion of the restore, the following message displays: Quit the Bare Metal Restore GUI and reboot the server with the Windows Bare Metal CD removed from the server. 11 Remove the bare metal CD and reboot your server into its operating system by clicking on Diagnostic Tools, then Reboot. Click Yes twice to reboot your system. 12 At this point the Windows boot volume (usually C:) has been restored. Create and format additional volumes as necessary. IMPORTANT! If file-level backups of the original Windows client contain files from volumes outside of the Windows boot volume, you must create and format those additional volumes. File-level restore will fail if these additional volumes do not exist. 13 Perform file-level recovery to restore your machine to its latest backup. See "Executing a pointin-time restore" on page 346 for details. Note: For Exchange servers - If you are unable to mount Exchange databases after performing the restore, the databases may be in a Dirty Shutdown state. See this Microsoft article for details: Exchange Database is in a Dirty Shutdown State.. Image-based restore to a Hyper-V virtual machine To perform a bare metal restore for Windows XP or Windows 2003 guests in Hyper-V, the legacy network adapter is needed to boot the WinPE 1.5 media. Later Windows versions use WinPE 2.0 media and do not require the legacy adapter. To restore a Windows XP or Windows 2003 Hyper-V guest, configure the VM to use the legacy network adapter, then proceed to "Dissimilar image-based bare metal restore for Windows 2003 and 2003 R2" on page 777. If you are restoring a domain controller, see "Special consideration for Domain Controllers on Hyper-V" on page 781. To configure the Hyper-V VM to use the legacy network adapter 1 Launch Hyper-V Manager, right-click the VM, and select Shut Down. The VM shuts down and its State changes to Off. 2 Right-click the VM and select Settings. 3 In the Hardware list, select the existing Network Adapter and note the current value in the Network drop-down box. 4 Change the value in the Network drop-down box to Not connected and click Apply. 5 In the Hardware list, select Add Hardware. 6 Choose Legacy Network Adapter in the list and click Add. 7 Change the value in the Network drop-down box to the value you noted above, and click OK. 8 Right-click the VM and select Start to power it on. The virtual machine is now running and a bare metal recovery can be performed. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 780 Dissimilar image-based restore for Vista and later environments Performing a dissimilar bare metal restore for Windows Vista and later servers is similar to that of Windows 2003 servers. Some of the basic differences include: • The bare metal boot environment requires Windows Vista, 2008, or 2012 drivers to access the underlying network and storage hardware. • Once the bare metal image has been booted and the GUI displays, storage controller drivers may be loaded into the WinPE image. This is different from the previous bare metal versions where the F6 key had to be pressed during boot time in order to load drivers. • For dissimilar restores, the driver verification process has been eliminated. Instead, the restore of a bare metal backup is performed and then the necessary drivers are injected into the newly restored image. The injection is performed with WinPE 2.0 utilities that handle driver file verification and error reporting. To perform dissimilar image-based restores for WinPE 2.0 clients 1 If performing the restore as a test, first see "Considerations for bare metal test restores" on page 751. 2 Boot the Windows server from the boot CD. Upon completion of the boot process, the Windows Bare Metal interface displays. 3 When the WinPE image boots, an attempt is made to discover the local network hardware. Do one of the following: • • 4 If no errors occur, proceed to step 4 below. If a network device cannot be found, select Yes to load a driver for the network device. Drivers can be accessed from a removable device, like a USB thumb-drive. Once the driver is loaded successfully, the boot process continues and the WinPE GUI displays. If a storage driver is needed to access the local storage devices, load it as follows: • • Click Bare Metal Setup. • Select the target file then click Load Driver. The selected driver is loaded into the active WinPE image. If you see a failure message, the driver could not be loaded. • When you see the message indicating the driver was loaded successfully, click OK then Exit to return to the main menu. Select Bare Metal Restore, then Rescan Disk and the local disks that are available for restore display in the list. Select Load Driver to select the desired driver file(s). You must use 32-bit drivers to be compatible with the WinPE 2.0 environment. 5 To begin the bare metal restore, select the backup and target disk information, then click Start Restore. 6 The option to view real-time statistics appears in a dialog box. Monitor the status of the restore on the Bare Metal Statistics screen, or from the Unitrends Administrator Interface at Settings > System Monitoring > Jobs. 7 Once the restore is complete, inject any necessary drivers: • • Click OK and then Exit to take you back to the Windows Bare Metal Restore screen. Click Rescan Disk to scan for newly created partitions and volumes. Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 781 • 8 9 Click Inject Offline Driver. Select drivers in the Inject Offline Driver dialog: • • • Drivers can be accessed via a network share or USB thumb-drive. • Once the injection completes, a dialog confirming success or failure displays. If there is a failure, view the resulting log file to determine the cause. Navigate to the folder containing storage drivers. Select your drivers then click Inject. An attempt is made to inject all of the drivers in the selected folder. Please note that you must inject 32-bit drivers to be compatible with the WinPE 2.0 environment. Remove the bare metal CD and reboot your server into its operating system. 10 At this point the Windows boot volume (usually C:) has been restored. Create and format additional volumes as necessary. IMPORTANT! If file-level backups of the original Windows client contain files from volumes outside of the Windows boot volume, you must create and format those additional volumes. File-level restore will fail if these additional volumes do not exist. 11 Perform file-level recovery to restore your machine to its latest backup. See "Executing a pointin-time restore" on page 346 for details. Note: For Exchange servers - If you are unable to mount Exchange databases after performing the restore, the databases may be in a Dirty Shutdown state. See this Microsoft article for details: Exchange Database is in a Dirty Shutdown State. Additional considerations for Windows imaged-based bare metal The following sections outline troubleshooting and considerations when using bare metal backups for disaster recovery protection. • • • "Special consideration for Domain Controllers on Hyper-V" on page 781 "Windows imaged-based bare metal Interface" on page 782 "When a system does not boot following an image-based restore" on page 783 Special consideration for Domain Controllers on Hyper-V After a bare metal image is restored, when the virtual machine is booted for the first time, it is a member of an Active Directory forest and must be started in Directory Services Restore Mode (DSRM). You then must complete a restore of the last master and incremental file backups of the server (if they are available). If a file backup from the virtual machine is not available, the VM must be started in Directory Services Restore Mode and the database restored from backup registry value must be set to 1. For instructions on how to edit this registry value, please review the Microsoft TechNet article, Backup and Restore Considerations for Virtualized Domain Controllers. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 782 Note: To eliminate the possibility of starting in normal mode, when booting an Active Directory server the first time after a bare metal recovery, do so with the server disconnected from the network. Once the file backups have been restored or the database restored from backup registry value has been set to 1, restart the domain controller in normal mode. Windows imaged-based bare metal Interface When the Windows bare metal boot CD has been created, use it to reboot the Windows client. The reboot process takes a few minutes to complete. Upon completion of the boot process, the Windows bare metal GUI displays. Use the Windows bare metal GUI to test the bare metal media, perform cold bare metal backups, inject drivers, and perform bare metal restores. Not all of these options are used in typical restores. Many of these options should only be used in very specific scenarios. See "Image-based bare metal restore procedures" on page 776 for the most common bare metal operations. After booting your Windows server from the bare metal boot disk, the Windows Bare Metal GUI displays and the following options are available. Button Description Real-time Statistics View the progress of backup and restore procedures. Bare Metal Backup Perform a cold bare metal backup of your server. Note that it is preferable to schedule and run a hot bare metal backup from the web interface if possible. Diagnostic Tools Tools used for troubleshooting bare metal restores. See "Diagnostic tools option" on page 782 for details. Bare Metal Help Search for and view information relating to Unitrends bare metal procedures. Bare Metal Hardware Confirmation Verify that the WinPE environment is properly configured for performing bare metal restores. Bare Metal Restore Perform restore operations. Bare Metal Setup Configure the NIC(s) in the WinPE environment. See "Bare metal setup option" on page 783 for details. New Console Open a Windows command prompt within the WinPE environment. Diagnostic tools option Windows Bare Metal diagnostic tools are used to check system availability and to monitor system health. Use these tools to check network connectivity, detect hardware, view logs, and verify normal system operations. Click Diagnostic Tools on the main menu to access the tools. Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 783 The following options are available: • • • • Quick Test allows you to perform Bare Metal Hardware Confirmation. • • • • • Diskpart opens the Windows Diskpart utility. Console opens a Windows command prompt. Settings allows you to view and modify the network settings of the WinPE environment. Map Drive allows you to map a network drive to the WinPE environment so you can inject drivers. View Logs allows you to view logs associated with bare metal backup and restore procedures. Help opens all help topics available. Reboot reboots the WinPE environment. Return returns to the main Windows Bare Metal menu. Bare metal setup option Use the Bare Metal Setup interface to modify network information and configure network adapters. To modify connection settings 1 Click Bare Metal Setup to launch the Configuration interface. 2 Select the desired network adapter. 3 Select Change Settings, modify settings as desired, then click Apply to save. 4 Click Query Server to verify connectivity by querying the Unitrends system’s backup records. Note: When the system is booted and an adapter has incorrect settings (e.g., duplicate IP address or the adapter is not plugged into a switch), select Use DHCP to configure the adapter using the DHCP protocol. This resets the IP address settings for that adapter. To subscribe to a new DHCP address, select Renew. Optionally, the adapter can remain in an unconfigured state if another adapter will be used instead. To view summary of current network adapters 1 Select the red Available Network Adapters entry to display a table view of all adapters and their properties. 2 Select Available Network Adapters title again to switch back to the network settings view. When a system does not boot following an image-based restore This section is specific to WinPE 2.0 clients that fail to reboot with the following symptoms after a bare metal restore: • After completion of the BIOS post routines, the system remains at a blank console screen without attempting to boot from any internal hard drive. • After completion of the BIOS post routines, the boot procedure fails with a message similar to BOOTMGR missing. In these cases, the probable cause of the boot failure is that the Windows BOOTMGR and Boot Configuration Database (BCD) were not restored during the bare metal restore. By default, the Windows installer places these components into a small partition separate from the partition that 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 784 contains the Windows system. If the server contains multiple internal hard drives, the Windows installer may place this partition on a disk different from the Windows system. Below is a configuration where this is the case: The Windows system partition C:\Windows is on disk 0 and the Windows BOOTMGR has been installed on disk 3 in a partition named System Reserved. The partition containing C:\Windows is not marked as Active and the System Reserved partition on disk 3 is marked Active. An Active partition is a bootable partition. Therefore, in this configuration, a bare metal backup only backs up the partition containing C:\Windows. The System Reserved partition containing the Windows BOOTMGR is not backed-up since it is on a separate physical disk. In a configuration where the Windows system partition and the BOOTMGR partition are on the same physical disk, a bare metal backup and restore completes successfully, since both partitions are backed up and restored together. The following procedure allows the Windows BOOTMGR configuration to be recovered after a bare metal restore so that the server will boot properly. To recover the BOOTMGR configuration 1 Boot the server using the Windows installation media. 2 On the main screen, select Next and then Repair Your Computer. 3 At this point, the repair procedure does not detect the desired Windows installation and presents none to select, even after storage drivers are loaded. Select Use recovery tools and then Next. On the following screen, select the Command Prompt option. 4 Enter this command at the prompt: # diskpart.exe 5 Enter this command to list available disks: DISKPART> list disk 6 Find the desired disk in the list and select it by entering this command: DISKPART> select disk number where number is the number of the disk that contains the Windows installation. 7 Select the Windows partition on the disk: DISKPART> select partition number where number is the partition number. 8 Make the selected partition active (bootable): DISKPART> active 9 Exit the diskpart utility: DISKPART> exit Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 785 The partition is now bootable. 10 Reapply the master boot record and the boot sector by entering these commands: # bootrec.exe /FixMbr # bootrec.exe /FixBoot 11 When the master boot record and boot sector have been reapplied, rebuild the Boot Configuration Database (BCD) by executing: # bootrec.exe /rebuildbcd The /rebuildbcd option scans all disks for Windows installations. 12 For each instance found, you are asked if that instance should be added to the BCD. Answer Y for the Windows installation that is currently being repaired. 13 When the Boot Configuration Database has been rebuilt, reboot again using the Windows installation media and select Repair Your Computer. The desired Windows install should now be detected. If it is not, load the appropriate storage drivers. 14 When the Windows install instance displays in the list, select it, then click Next and choose Command Prompt. 15 From the command line, execute: # X:\sources\recovery\StartRep.exe This runs for a few minutes looking for problems and attempting to perform a repair. Some repairs require a system restart to complete. Remove the installation media from the drive and allow the computer to reboot itself from the newly restored Windows install. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 786 Legacy Recovery-Series and UEB Administrator's Guide Chapter 42: Windows Bare Metal Protection 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 787 Chapter 43: Bare Metal for Linux Use Unitrends bare metal protection for disaster recovery of your Linux clients. See the following topics for details: • • • • "Linux bare metal overview and requirements" on page 787 "Implementing Linux bare metal protection" on page 788 "Linux bare metal restore procedure" on page 789 "Linux cold bare metal protection" on page 791 Linux bare metal overview and requirements To protect Linux clients, burn a bare metal .iso image to CD and run periodic master backups. For disaster recovery, boot from the CD, then restore the master backup followed by any differential and/or incremental backups. The most common situation necessitating a bare metal restore is when the entire file system on the Linux client has crashed and cannot be recovered with the fsck command, but the system can be booted from the hard drive. Linux hot bare metal recovery requirements and limitations Keep the following criteria in mind when planning for Linux disaster recovery: • For a list of supported Linux distributions, see the Unitrends Compatibility and Interoperability Matrix. • • • • • • • • • • A valid Master Backup of the client must be performed before restoring from the boot CD. • • Test the bare metal CD when created to make sure that it will work at the time of restore. Linux bare metal protection does not support backups with inclusion lists. File systems cannot be removed from the configuration. Disks cannot be partitioned manually. Root disks cannot be changed. Linux hot bare metal protection does not support full disk encryption. The system must be restored to disks which are the same size or larger than the original disks. You are responsible for booting the system and the availability of the bare metal media. The computer can boot from the bare metal CD. For Linux platforms, you can run a cold bare metal if desired. For GPT-partitioned Ubuntu 12.04 systems, you must back up the entire disk as described in "Performing cold bare metal backups and restores" on page 792. The bare metal media for the server cannot be created after the system has crashed. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 43: Bare Metal for Linux 788 • The server must use the default service port of 1743. This is because the client may not be able to modify its services file (/etc/services) when booted from the alternate boot media. • Linux bare metal software will work correctly only if the client has GRUB boot loader as the default. LILO boot loader is not supported. • For VMware guests running Linux that were backed up at the GOS level, the VM must be configured to use the E1000 network adapter and its SCSI controller must use LSI parallel logic. Bare metal restore is not supported on Linux VMs using the VMXNET 3 adapter or whose SCSI controller uses VMware paravirtual. It is recommended to run backups at the host level rather than at the agent level. • For clients with a default network adapter with a name other than eth0, you might need to edit the configuration file when creating the bare metal media. For details, see KB 1100. • Dissimilar bare metal restores are not supported for Linux clients. The premise of bare metal protection is to create a Linux bare metal boot disk, which contains programs, utilities, and system-specific information. This disk can be used to aid in recovery of a crashed system. The crashed system is booted using the bare metal disk to begin the restore process. Bare metal restores the entire system from a selected master backup. All disks present in the system configuration during creation of the bare metal media are configured and used for restoring data. Implementing Linux bare metal protection To ensure your Linux systems are fully protected in the event of a disaster, implement bare metal protection as follows: 1 Install the Unitrends Linux agent and add the client to the backup system. See "Linux Protection" on page 707 for details. 2 Run periodic master backups. A valid master backup is required to perform bare metal restore of the client. See "To create a backup schedule" on page 168 for details. Note: 3 Any backup group using an inclusion list is ineligible for bare metal recovery. Create bare medal media for the full disk. Inclusion lists can then be applied to client aliases. For more information, see "Working with client aliases" on page 198. Use the Unitrends console interface to create a bare metal .iso image. See "Creating Linux hot bare metal boot media" on page 788. Creating Linux hot bare metal boot media You can use your Linux master backups to create bare metal media, which can then be used to restore your server to similar hardware. Dissimilar bare metal restores are not supported for Linux clients. Ensure you have a successful master backup of the Linux server you wish to restore. This will be used to create your bare metal media. If you do not have a successful master backup of your Linux server, bare metal restore is not possible. To create the bare metal boot media Note: For clients with a default network adapter with a name other than eth0, you might need to Legacy Recovery-Series and UEB Administrator's Guide Chapter 43: Bare Metal for Linux 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 789 edit the configuration file when creating the bare metal media. For details, see KB 1100. 1 If you have a physical Unitrends appliance, insert a blank CD into the Unitrends system's optical drive. This is not necessary for the UEB virtual system. 2 From the console interface of the Unitrends system, select option 4 - Advanced Options. Note: You may remotely access the Unitrends system using an SSH client and issue the command /usr/bp/bin/dpuconfig to access the console interface. 3 Select option 1 - Bare Metal Media Creation. 4 Select option 1 - Linux Hot Bare Metal Media. 5 Use the arrow keys to select the desired Linux client. 6 The media is created. For physical Unitrends systems, it is burned to the media you inserted into the Unitrends system in step 1 above. For virtual Unitrends systems, an .iso is created in the baremetals share, accessible from \\\baremetals. Linux bare metal restore procedure The Linux bare metal restore process uses a master backup of your server to recreate the operating system. All files associated with the master backup are restored. Files in any differential or incremental backups can be restored after the bare metal restore is complete. It is important to know: • You need a valid master backup, and the bare metal media should be tested using the Test option described in "Linux bare metal menu options" on page 790. • The option Smart restore destroys all of the existing data on all disks. Please be sure that this is absolutely desired. • The option to Make disk bootable in the Restore menu cannot damage anything on the disk. To perform the restore 1 If performing the restore as a test, first see "Considerations for bare metal test restores" on page 751. 2 Boot your new hardware from the disk you burned in "Creating Linux hot bare metal boot media" on page 788. If you need to change the IP of the restore target, navigate to Utilities > Change IP addresses > Change Client IP address. If you change the IP of the restore target, you need to change the relevant entry in the hosts file on the Unitrends system at this point as well. To do so, navigate to Settings > Clients, Networking, and Notifications > Networks > Hosts on the Unitrends interface. 3 You may optionally test connectivity to the Unitrends system by selecting Test from the menu. 4 Begin the restore process by selecting Restore > Smart Restore. Note: If the IP address of the Linux client is changed before the bare metal restore process, the client’s IP address must also be updated in the Unitrends system’s hosts file by navigating to Settings > Clients, Networking, and Notifications, Networks > 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 43: Bare Metal for Linux 790 Hosts. 5 You are warned that the restore process will destroy all data currently on the disk you are restoring to. Type Y and press Enter to proceed. 6 Enter the name of your backup device and press Enter, or simply press Enter to accept the default. This is typically D2DBackups. 7 Enter ID number of backup to use. You may leave this blank and press Enter to use the most recent master. 8 Follow on-screen instructions to enter any exclusions. This data will not be included in your newly restored system. Type none and press Enter if you have no exclusions. 9 Review your choices and press Enter to proceed. 10 Your backup is transferred to your new hardware. Do not perform any actions on your new server until the restore is complete. You can monitor the status of this restore in the Unitrends interface by navigating to Settings > System Monitoring > Jobs. 11 Once the restore is complete, go back to your Linux server and press Enter to return to the Linux Hot Bare Metal menu. Select Exit, then select Yes to exit. If asked to make disk bootable, select Yes. 12 Your server reboots into its former state. 13 Perform file-level recovery to restore your machine to its latest backup. See "Executing a pointin-time restore" on page 346 for details. Linux bare metal menu options When booting the computer using the Linux bare metal media, the Hot Bare Metal interface displays. This permits the restore of an existing client or allows information to be viewed regarding the configuration of the system’s disks and file systems. These menu options are available: • Test - It is strongly recommended that the bare metal test be performed once the client boots using the media. This can be done by selecting the Test option from the main menu. These tests establish a network connection to the backup system. After successfully testing bare metal media, store it in a safe location. • Restore - To restore your file system in the event of a disaster, select Restore > Smart Restore. This process automatically performs all necessary steps to set up the disk. Restore > Prepare Disks formats the disks. Your server is rebooted after the format is complete. Restore > Make Disk Bootable prepares the disk to be bootable and should be selected upon completion of the restore. • View Info - Using the View Information menu permits review of the mounted file systems, the file system table, mount points, disk partition information, the hosts, and the network routes. • Utilities - This option enables you to check the file systems on your disks, mount or unmount file systems, change the client, system, and gateway IP address, and execute the UNIX shell. • Exit - Select Exit to exit the Linux hot bare metal menu and reboot your server. Legacy Recovery-Series and UEB Administrator's Guide Chapter 43: Bare Metal for Linux 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 791 Initiate Linux client restore from backup system Use this procedure to manually initiate a bare metal restore of a Linux client if a problem prevents the normal procedures from being used. To perform a bare metal restore of a Linux client 1 Boot the Linux server from the boot CD. Upon completion of the Linux bare metal boot process, the Linux Bare Metal interface displays. 2 Run the Test utility from the Linux hot bare metal menu. This is important since the test utility not only checks the client, it also starts the network. 3 Mount file systems by selecting Utilities > Mount filesystems. 4 From the Unitrends interface, start the client restore by selecting your client in the Navigation pane and clicking Restore. 5 Choose the backup to be restored and click Next (Select Files/Items) below. 6 In the File Selection List, select all files. 7 Click Show Advanced Execution Options to open the form. Make sure that the Target Directory value is set to /tmp/root.mnt. This is the directory where the bare metal application has mounted the root file system on the client. 8 Click Restore to initiate the restore. An alert displays warning you that restoring /boot will overwrite boot loader files. Click Yes to continue. 9 Select Settings > System Monitoring > Jobs to view the progress of the restore. Linux cold bare metal protection Unitrends cold bare metal backups perform a block-level backup of a server's boot disk. This backup allows you to restore your operating system in the event of a disaster. Unitrends recommends using the master backup to create the bare metal media when possible, but in some cases you may have to perform a cold bare metal backup. This requires the server to be offline during the backup, and is necessary on GPT-partitioned Ubuntu 12.04 systems. Note: On Windows systems, cold bare metal backups are necessary if using dynamic disks or GPT partitions. Use the Linux cold bare metal procedures for these Windows systems. Creating the iso for use with cold bare metal backups A special bootable disk must be used to run cold bare metal backups. This section explains the steps necessary to create this disk. WARNING! .isos created with the Unitrends Bare Metal Media tool on the client and .isos created with the Linux Hot Bare Metal option on the backup system should not be used to perform cold bare metal backups. These backups may not function properly during restores. Only use .isos created on the backup system using the Cold Bare Metal Media option as described below. To create the cold bare metal .iso 1 If you have a physical Unitrends appliance, insert a blank CD into the Unitrends system's optical drive. This is not necessary for the virtual system (UEB). 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 43: Bare Metal for Linux 792 2 From the console interface of the Unitrends system, select option 4 - Advanced Options. Note: You may remotly access the Unitrends system using an SSH client and issue the command /usr/bp/bin/dpuconfig to access the console interface. 3 Select option 4 - Advanced Options. 4 Select option 1 - Bare Metal Media Creation. 5 Select option 2 - Cold Bare Metal Media. 6 A list of clients displays. Use the arrow keys on your keyboard to select which client you would like to make the media for and press Enter. 7 Press Y if the root disk on the client is SCSI, or N if it is IDE. 8 Enter the network gateway of the client and press Enter. 9 Enter the netmask of the client and press Enter. 10 Press Y if there is a firewall between the client and Unitrends system. If not, press N. 11 Press Y to configure the bare metal boot disk to run a cold bare metal backup as soon as your client boots from it. If not, press N. 12 The media is created. For physical Unitrends systems, it is burned to the media you inserted into the Unitrends system in step 1 on the previous page. For virtual Unitrends systems, an .iso is created in the baremetals share, accessible from \\\baremetals. Performing cold bare metal backups and restores Cold bare metal backups by definition require your server to be offline during the backup operation. For this reason, Unitrends recommends using the master backup to create the bare metal media where possible. However, you must use this cold bare metal backup procedure for GPT-partitioned Ubuntu 12.04 systems. Note: On Windows systems, cold bare metal backups are necessary if using dynamic disks or GPT partitions.Use the Linux cold bare metal procedures for these Windows systems. To perform a cold bare metal backup 1 Insert the client-specific cold bare metal boot disk into the client and reboot. When the client reboots, boot from disk. 2 Depending on the settings you chose when creating your boot media, a backup may begin right away. To initiate a backup, select Backup from the menu. The backup is queued. 3 Monitor the status of the backup from Tasks > Real Time Task Monitor or from the Unitrends interface. 4 When the backup completes, remove the boot disk and reboot your client into its operating system. To perform a cold bare metal restore 1 Insert the client-specific cold bare metal boot disk into the client and reboot. When the client Legacy Recovery-Series and UEB Administrator's Guide Chapter 43: Bare Metal for Linux 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 793 reboots, boot from disk. 2 To initiate a restore, select Restore > Restore All from the menu. 3 Type the name of the backup device where your cold bare metal is located. D2DBackups is typical. 4 Press Tab to select the Backup Number field. A message displays explaining your options. Type a backup number or leave this field at 0 to use the most recent backup. 5 Press F6 to begin the restore. A message displays warning that this operation will overwrite existing data on the disk. Press any key. 6 Select Yes to confirm the restore operation. The restore is queued. 7 Monitor the status of the restore from Tasks > Real Time Task Monitor or from the Unitrends interface. 8 When the restore completes, remove the boot disk and reboot your client into its operating system. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 43: Bare Metal for Linux 794 Legacy Recovery-Series and UEB Administrator's Guide Chapter 43: Bare Metal for Linux 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 795 Chapter 44: Bare Metal for x86 Platforms The procedures in this chapter apply to all Intel-compatible platforms running on x86 architecture, other than Linux and Windows. For Linux and Windows clients, see "Bare Metal for Linux" on page 787 or "Windows Bare Metal Protection" on page 753. Cold bare metal backups are used to protect x86 platforms. To start, burn a bare metal ISO image to CD. Then run periodic cold bare metal backups by shutting down the client, booting from the CD, and selecting the bare metal backup option from the boot menu. For disaster recovery, boot from the CD, then restore the bare metal backup followed by any file-level backups (master, differential, etc.). See the following topics for details: • • • • • • • • • • • • "Intel platforms bare metal disaster recovery" on page 795 "Specifying bare metal settings for a client" on page 797 "Testing bare metal backups" on page 798 "Recovering from a crash with the bare metal boot CD" on page 798 "Using the bare metal crash recovery boot CD" on page 798 "Bare metal boot CD menu options" on page 799 "Manual bare metal backup" on page 802 "When to perform a cold bare metal backup" on page 802 "Recovering from a crash using cold bare metal" on page 802 "Configuration settings for CD only version of bare metal" on page 804 "Bare metal optimization" on page 804 "Novell agent bare metal optimizer utility " on page 804 Intel platforms bare metal disaster recovery Bare Metal Plus for Intel Platforms allows full crash recovery of any licensed backup system agent running on an Intel compatible PC platform. Bare metal backs up a client’s main hard drive in a sequence of partition images. This version uses a Linux based bare metal boot media. There are several fundamental things to understand about bare metal before getting started: • Setup and configuration of some client workstations must be done. This is because Bare Metal Plus is designed for crash recovery protection of client workstations, not the backup system. • • • Bare Metal Plus only backs up the main hard drive on the first controller of the client. The client must have a CD-ROM drive. Bare Metal Plus supports bootable CD version. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 44: Bare Metal for x86 Platforms 796 The bare metal CD version creates an ISO CDROM image for a given client. This image can then be used to burn a CD specific for each client. It is suggested that you generate a CD for every client and keep it in a sleeve next to the client for emergency use in the event of a crash. A hard disk attached to a PC is sectioned into areas called partitions. Each partition could be a separate operating system (such as Windows on partition-1 and UNIX on partition-2), or the disk could be split into file systems for a particular operating system. For example, Windows would make partition-1 the C: drive and partition-2 the D: drive. Bare Metal Plus will backup all partitions on the main disk without regard to their underlying operating system. We refer to this as an image backup. The rationale behind image backups is: • The system image backup is fast because it only backs up the real data on the drive, not empty blocks of unreferenced data. • There are never issues with locked or open files when backing up the client because the entire image is of a non-running, cleanly shutdown client. • The restore process is simple avoiding the complexities of installing and configuring specific operating systems. Potential problems during a recovery are minimized due to its simplicity. To create a bare metal boot CD After the clients and D2D devices have been configured, create a bare metal boot CD for each client which is bare metal aware. The bare metal boot media is created using the backup system’s console interface. For physical systems, connect to the backup system console. For virtual systems, connect to the backup system VM within your hypervisor. 1 From the backup system’s console interface menu, enter option 4 for Advanced Options, then 1 for Bare Metal Media Creation. 2 On the Bare Metal support screen, type 2, in the Please enter choice field for Cold Bare Metal Media. 3 Select the client for which a bare metal backup needs to be done. 4 In the Is the root disk on the client IDE? [Default is NO] field, enter one of the following: • • Leave this blank or type N to indicate the root disk on the client is SCSI. Type Y to indicate the root disk on the client is IDE. 5 Enter the Network Gateway of the client. 6 Enter 255.255.255.0 in the Netmask field. 7 In the Is there a firewall between the client and System? field, enter Y to indicate there is a firewall or N to indicate there is not a firewall. 8 In the Do you want your Cold Bare Metal backup to start automatically when booting from the CD that you have created? field, enter Y to start the backup automatically or N if you do not want the backup to start automatically. The creation of the ISO begins automatically. Legacy Recovery-Series and UEB Administrator's Guide Chapter 44: Bare Metal for x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 797 9 Once the ISO has been created, map the share on which the ISO was created and burn the ISO to a CD. The following prompt appears, telling you the location of the ISO and how to access it: The CD (baremetal-.iso) has been created. Please map the CIFS share \\\baremetals to access and burn the ISO. Specifying bare metal settings for a client Follow the steps below using the bare metal Bootable CD dialog to specify settings for a client on the backup system. 1 Select the client from the Bare Metal Client combo box. Only Intel and Intel-compatible clients are listed. The backup system does not appear in this list even if it has an Intel CPU since Bare Metal Plus is only for clients. 2 Specify the Backup Device to use when performing manual bare metal backups. This can be a disk-to-disk device. 3 The Is Root Disk SCSI toggle determines whether the client’s primary disk is SCSI or IDE. 4 Specify the network options. Indicate whether there is a firewall between the backup system and the client. Advanced network settings can also be specified which would contain the Netmask and the gateway information. 5 You may select Add Another Client and repeat the above process to configure additional clients to run on the same bare metal CD. 6 Click Create Bare Metal CDROM image. 7 Click Save to save the profile. The images of the clients are stored in the following directory, where $BPDIR is the installation directory of the backup software (which is /usr/bp by default): $BPDIR/cdrom_images The software checks to ensure there is enough free space in the /usr/bp partition for the creation of the ISO images. The creation of the ISO images requires approximately 25MB. The image can be transferred to a CD and used for the bare metal of the client. After the creation of the image, a message is displayed to inform the user about the last backup for that client. If a previous bare metal backup does not exist, use the crash recovery media to perform a bare metal backup of the system. Once the CD is created, use it to boot the client. If multiple clients are configured on the CD, a list of machine names are provided to select the appropriate client. If the CD is created only for one client, an unattended bare metal backup can be performed. For an unattended backup the software waits for 30 seconds before a bare metal backup is queued at the server. If the countdown is interrupted, then the Main Menu system is displayed with various options. Bare Metal Plus supports: • Bare metal bootable CD and the combo CD with an updated set of drivers. This greatly facilitates in detecting new hardware. The drivers are current with the latest Fedora release. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 44: Bare Metal for x86 Platforms 798 • You can manually change the root drive from the Utilities > Set Root Drive option. This feature helps you change the root drive from the standard hda or sda to the actual drive that is to be backed up. This feature plays a crucial role in the case where there is a zip drive attached to a lower SCSI ID than the root disk. In this case, now the root drive can be explicitly set to backup the appropriate drive. • A Troubleshooting Menu has been added to facilitate problem solving when a problem situation occurs. This menu shows useful information, such as SCSI devices that are attached to the system, network configuration, modules loaded by the bootable operating system, and information about the hard drive such as geometry, size, and model type. • • Software ida and cciss devices. • Multiple network cards. It automatically detects and configures the appropriate card. Bootable CD and CD/floppy combination for multiple clients to be configured on the same crash recovery media. Testing bare metal backups Please test your bare metal backup strategy for each client by performing a bare metal restore of the client to a test system. Testing and documenting bare metal restore in your environment will insure quick responses and successful bare metal recovery when required. Recovering from a crash with the bare metal boot CD Every registered client should have a bare metal crash recovery media created as soon as it is set up. Typically, bare metal backups should be done every month or whenever any major changes (hardware or software) are made to the client. To do a bare metal backup, boot the client using the bare metal CD. To restore a bare metal backup, you must have created the Bare Metal Plus crash recovery media and a bare metal backup. To restore a crashed system using the metal boot CD 1 Boot the client from the media. 2 Restore the bare metal backup to the client. 3 Reboot the client using its normal operating system. 4 Restore the last master backup to the client. 5 Restore the last incremental backup that was performed after the last master backup, to the client. This may not be necessary if no incrementals have been done since the last master. Using the bare metal crash recovery boot CD When the client system boots up from the CD it shows a list of clients on that CD if more than one is present. Select the client that you want to restore by using the arrow keys, and then press Enter. A dialog displays asking you to wait until the settings have been applied. This may take a while. At this point the network and hard drives are detected and configured for use. After these settings have been applied, a message box displays. Legacy Recovery-Series and UEB Administrator's Guide Chapter 44: Bare Metal for x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 799 Steps on the above message are necessary only if a hot bare metal is to be performed. Press any key after reading the message to get to the main menu. Use the arrow keys to move from one menu option to another. Press Enter on the option you wish to select. After the client boots up, click Utilities > Bare Metal Quick Test to conduct the Bare Metal Quick Test. This set of tools make sure the hard drive is detected correctly. It tries to check the network connection to the server and tries to ping it by name and IP address. If all tests are successful, the system is ready for performing bare metal backups and restores. The failure of any of these tests is indicated by the status Failed. If Phase 1 (Test for Hard Drive) or Phase 2 (Test for Network) fails, go to Utilities > Advanced > Confirm hardware detection menu option. This displays the root drives as well as the network interfaces of the system and allows the user to change them if incorrect. If Phase 3 (Ping server by name) or Phase 4 (Ping server by IP) fails, go to Utilities > Advanced > Change Settings to change the IP address of the server. If Phase 5 (Test connect BP server) fails, make sure that the backup system’s service is listening on the appropriate port (1743). See "Bare metal boot CD menu options" on page 799 for a description of the options displayed in the menu. Bare metal boot CD menu options The following options are available in the bare metal boot CD menu: • • • • "Bare metal boot CD tasks option" on page 799 "Bare metal boot CD backup option" on page 799 "Bare metal boot CD restore option" on page 800 "Bare metal boot CD utilities option" on page 800 Bare metal boot CD tasks option The Tasks Option provides Real Time Statistics and a Real Time Task Monitor. The Real Time Statistics dialog shows the real time statistics of the currently running bare metal backup. The Real Time Task Monitor is similar in functionality to the Task Monitor on the backup system. It displays the task number, the client name, and type of action taking place, the device on which the backup is taking place, the tape number, the current status and a comment on whether the task is completed. Bare metal boot CD backup option Select Backup > Backup for the backup screen to display. The Bare Metal Backup dialog displays the name of the client and the server. These fields cannot be altered. The Server backup Device field allows you to enter the backup device being used. Verify the backup? field is used to determine if a backup will be verified. Bare metal backups should be done at least once a month. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 44: Bare Metal for x86 Platforms 800 To exclude a partition, select Exclude Partitions and press Enter. A list of partitions displays. Use the up-down arrow keys to select a partition and press the space bar to check the box. A backup comment can be added if desired. Press F6 to start a backup. Bare metal boot CD restore option Restore All – This option queues a restore job on the server and restores all the partitions. Restore Master Boot Record (MBR) – This option allows you to restore only the master boot record from the backup. Restore MBR and Extended MBR – This allows the restore of the master boot record and the extended MBR from the backup selected. Restore Selected Partitions – This option allows you to select specific partition(s) to restore. The Select Partitions field allows you to select partition(s) to restore. The default is none. Press Enter, and use the space bar to check or uncheck the partition. Note: A bare metal backup cannot be restored to a smaller disk. All the restore options mentioned above have the same restore fields. The Client name and the Server name are not editable. Server Backup Device allows you to change the device name, if required. Backup Number allows you to select the backup number to restore. By default this is 0, which indicates the last successful bare metal backup. If you know the number of the backup you want to restore, you can change this number. Press F6 to run the restore. Before a selective partition restore is performed, the partitions have to be created. If a restore is being done to a blank hard drive, then restore the MBR/EMBR first and then restore the selected partition. You could use fdisk to create the partitions as well. If the partition is larger than the one in the backup, the restore does not restore the partition. You will have to use some third party application to restore the partition. Bare metal boot CD utilities option Select Client: This option is used only if the boot CD has multiple clients. If you select Yes to the question asked about configuring the client, a list of clients displays. Choose the client you wish to configure. A hostname and the network for this client is also configured. Bare Metal Quick Test: See the section on Quick Test to view details. Escape to UNIX Shell: This takes you to a UNIX shell prompt where you can perform command line functions and then exit back to the Bare Metal interface. Disk Utilities: This option provides a set of utilities to change the root drive if the one detected is not the correct drive, a utility to partition the disk, cleanup the Master Boot Record, and some statistic information about the disk. Disk Utilities has these options: • fdisk to root disk: This option allows you to view information about the partitions on the system. You can also use this option to partition the drive if the restore is being done to a new disk. Legacy Recovery-Series and UEB Administrator's Guide Chapter 44: Bare Metal for x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 801 • Zap the MBR: This will clean the Master Boot Record which holds the information about partitions and the boot record. This should be used with caution since this will render the system unbootable. Make sure you have a good bare metal backup before performing this operation. • • View Hard Drive: Allows you to view the information about all the hard drives on the system. Set root drive: This option allows you to set the appropriate root drive if the one detected is incorrect. Troubleshooting: This menu allows you to view the system configuration in detail. It shows information about network configuration, the devices detected during boot up, and also allows you to set the speed of the network card if desired. View PCI Bus: This option displays all devices that are attached to the PCI bus. View Loaded Modules: This option displays all the loaded modules on the system. View SCSI Devices Attached: This displays the SCSI devices attached to the system. View Network Settings: This option displays the network card configuration. If there are several network cards, the one connected to the server would be configured. Change Network Settings: This option allows you to change the settings for any network card. The Restart Autonegotiation option tries to configure the network to autonegotiation mode. By default it is set to no. The Force Speed option allows you to set a speed. Select the option and press Enter to view a dropdown list. The force speed options are 10Mbps, 100Mbps, 1000 Mbps. Force Mode sets the mode to be Half or Full Duplex. Logs: This menu option allows you to view or delete the bare metal logs. View Bare Metal Logs: This menu allows you to view the startup logs, the bare metal logs, or a log of a particular file. Delete Logs: This option allows all the log files to be deleted. Advanced: This option has the following parts: • Change settings – As seen the client and server IP settings can be changed. While doing the Bare Metal Quick Test, if there is a failure in phase 3 or 4 (ping server by IP and name), you can check the settings and if incorrect, set the correct IP address. The netmask and the gateway can also be altered if required. • Confirm hardware detection– This option helps you identify the hard drives and network on the system. If the root drive has been identified correctly, select Yes to display all network interfaces. Again you are asked to identify whether the network interface is correct. If both the root drive and the network interface have been correctly identified, it performs the Bare Metal Quick Test. Note: • This function must be done for hot bare metal to function properly. Backup Entire Disk – This option is used to back up the entire disk instead of backing up the partitions on the disk. This option should be used in cases where the system is configured for Software Raids (Dynamic Disks or GPT partitions in Windows). 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 44: Bare Metal for x86 Platforms 802 • Exit – This allows you to exit out of the Bare Metal Menu. Manual bare metal backup Follow the procedures to create the crash recovery media as explained in the above sections in its entirety. Once the crash recovery media has been created, insert it into the client and reboot the PC. The client will boot from the CD, assuming the BIOS is configured to do so. A banner displays on the screen to warn you of an impending automatic backup (the default). Press the Enter key to interrupt the Automatic Backup countdown if any manual adjustments need to be made to how the backup is performed. The main Metal Plus menu then displays where you can choose the Backup option to gain more control over the process. Otherwise, allow the count down to expire and the machine will complete the backup and prompt you to reboot to the normal operating system. When to perform a cold bare metal backup System retention rules retain one bare metal backup per client per week. It is recommended, at a minimum, to perform a bare metal backup of the clients every 30 days or anytime a patch is installed or software is upgraded on a client. A bare metal backup for a client should also be performed anytime a new network or primary hard disk (SCSI, IDE) hardware is added or any significant configuration changes are made to the server. In order for a crashed machine to boot and work properly after a bare metal restore, make sure all the new settings are present on the server. Test the new settings by booting from the newly made metal crash recovery media and make sure that the network and disk have been properly recognized. To do this, go to Utilities > Advanced > Change Settings. Recovering from a crash using cold bare metal To restore a bare metal backup, you must first have a Bare Metal Plus crash recovery media and the last master and differential (if applicable) backups for the client. Follow the procedures in the above mentioned sections to create the media for the client you want to restore. To restore a crashed system using Metal Plus 1 A client Metal Plus crash recovery media should be available with you. 2 Boot the client with the media. To get more details about the usage of the bare metal boot CD, see "To create a bare metal boot CD" on page 796. 3 Restore the bare metal backup to the client. 4 Interrupt the automatic backup so that the Bare Metal Plus menu displays. 5 Remove the bare metal media and reboot the client using its normal operating system. 6 Restore the last master backup to the client. 7 Restore the last differential backup that was performed after the last master backup, to the client. This may not be necessary if no differentials have been done since the last master. 8 Once the restore is done, remove the media. Basic bare metal restore procedures 1 Boot the client using the bare metal crash recovery media. Press the Enter key when you see Legacy Recovery-Series and UEB Administrator's Guide Chapter 44: Bare Metal for x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 803 the Automatic Backup countdown to proceed to the main menu. 2 Select Restore from the main menu. This takes you to the restore menu. From the restore menu you can restore: • • • • Everything Just the master Boot Record (MBR) Selected partitions The system and disk info file 3 Select one of the restore options and you will be asked a few simple questions and then the restore will be queued to the backup system. 4 After having restored the system, reboot to the newly restored operating system and restore the last master and incremental backups. Bare metal restore to a new disk Special considerations must be taken when restoring to a new disk. You must be aware of how the new drive differs from the original. For instance, is the new disk larger or the same size as the old one? Is the new disk SCSI and the original was IDE? When should you restore the Master Boot Record (MBR)? The MBR is the first part of the drive that contains the partition layout and data used to boot the server. These considerations are discussed in the next section. Note: A bare metal backup cannot be restored to a smaller disk. Bare metal restore to a disk of same size and controller This is the simplest restore. Boot from the bare metal media and follow the "Basic bare metal restore procedures" on page 802. Bare metal restore to a larger disk You must partition the drive before performing a restore whenever restoring to a new disk on the same controller (i.e. new and original disks are either both SCSI or both IDE) that is a different size than the original. From the restore menu, choose option Restore and View System/Disk Info to restore and view the sizes of the original disk before it was last seen by a bare metal backup. Write these numbers down. Using the original disk sizes, make new partitions using option FDISK the Main Drive from the main menu. This creates a new MBR. When creating the new partitions, it is OK to make them bigger than the original, but if made smaller, the restore will have problems fitting all of the data onto a given partition. This type of restore requires restoring using the option Restore Selective Partitions. Otherwise, if restore all is selected, the MBR will be restored, which will undo the work you did using FDISK to partition the drive. Bare metal restore to a different disk controller A different controller means that the system was backed up on an IDE disk and you are now restoring to a SCSI disk or vice-versa. If this is the case, you must specify the new disk controller in 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 44: Bare Metal for x86 Platforms 804 the Create Bare Metal for Clients dialog for the client, and then create the Bare Metal Plus diskette. Use the new diskette to boot the client, then follow the steps in "Bare metal restore to a larger disk" on page 803. Configuration settings for CD only version of bare metal These settings are present in the master.ini file in $BPDIR/bpinit. UseAlternateImage – By default this option is set to False. On some servers or specific hardware, the default image might experience problems during the boot. To work around this problem we have another set of drivers that can be used for booting. After setting this flag to True, recreate the media for the client. This option must be set to True if the client machine is a Compaq Server. ForceCDBurn – If the server is configured for burning ISO images using the cdrecord package, then this option can be set to True. Enabling this option allows you to burn the image from the graphical Administrator Interface. CdromDeviceID – This field specifies the SCSI ID of the CDROM drive. The ID can be obtained by running the command cdrecord -scanbus as a shell prompt. Our software determines the SCSI ID internally and defaults to this field if it cannot identify the drive. Bare metal optimization Bare Metal Plus backups can take quite some time on large disks if not optimized before the backup. Optimization can dramatically decrease the time of a bare metal backup. Optimizing the disk takes about one minute per 500 megabytes of data on a slow Intel computer. In contrast, to backup 500 megabytes of unused data to the backup system could take as much as three minutes plus the space used on the disk. The optimization process notes the unused space on a disk so that compression will be maximal. This process must be performed on the running client before the metal backup has begun. To perform optimization of a windows client, you can access this as a choice under the Options section of the main agent menu. Optimization of UNIX clients is performed using the following command: /usr/bp/bin/bputil -X Consider optimization periodically for each client metal backup. The period chosen depends on the amount of disk activity on the client. A good time to consider optimization is when a large number of files have been deleted from the client’s main disk drive. Novell agent bare metal optimizer utility The Bare Metal Optimizer utility (bmopt) is useful when using the add-on bare metal product installed on the server. This option allows for the optimization of a system so that the bare metal backups perform at peak speed and size. This utility displays block-level statistics for all the volumes on NetWare Server. In a user friendly manner, it provides a facility to check and purge all deleted but not purged blocks on a volume. Legacy Recovery-Series and UEB Administrator's Guide Chapter 44: Bare Metal for x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 805 Hence, reduce the size of bare metal backups to optimal size, if ran on all volumes prior to bare metal backups. The available disk blocks on a NetWare server, at any given time, fall into two categories: free and purgeable blocks. The space consisting of free blocks do not contain any files. Purgeable blocks hold deleted files. A deleted file is not actually removed from the disk instantly, but merely marked as purgeable. The deleted file still occupies space on the volume and consumes directory entries. NetWare translates purgeable-blocks into free-blocks at a low priority. It runs a low priority task to scan all volumes, to purge the deleted blocks. When a bare metal backup runs at block level it cannot differentiate between real blocks associated with existing files and purgeable blocks, resulting in large sized backups since the bare metal is backing up deleted files. The bmopt utility can be used to resolve this issue. BMOPT displays a list of all non-admin volumes, and corresponding block-level statistics: • • No. of Available Blocks • No. of Total Blocks on a server No. of Purgeable Blocks It can optimize the available space, and reflect the same in a corresponding volume’s block level statistics. Depending on the number of purgeable block on a volume, you can decide to run optimization on a volume. Usage LOAD SYS:\BP\BMOPT.NLM To select a volume, use the Up and Down Arrow Keys and select Enter to begin. Any progressing optimization process can be canceled by selecting ESC. To exit the tool, select ESC. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 44: Bare Metal for x86 Platforms 806 Legacy Recovery-Series and UEB Administrator's Guide Chapter 44: Bare Metal for x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 807 Chapter 45: Bare Metal for non-x86 Platforms This chapter provides bare metal procedures for platforms that are not built on the x86 architecture. To protect non-x86 compatible platforms, burn a bare metal ISO image to CD and run periodic master backups. For disaster recovery, you boot from the CD, then restore the master backup followed by any differential and/or incremental backups. See the following topics for details: • • "Bare metal for AIX" on page 807 • • • "Bare metal for UnixWare" on page 812 "Bare metal for Mac OS X" on page 810 "Bare metal for Solaris SPARC" on page 821 "Bare metal for Xen on OES 2 virtual machines" on page 826 Bare metal for AIX To protect AIX clients, burn a bare metal ISO image to CD and run periodic master backups. For disaster recovery, you boot from the CD, then restore the master backup followed by any differential backup. AIX client hot bare metal restore Bare metal restores are supported for AIX 5.3 and higher. (For a complete list of Unitrends supported AIX versions, see the Unitrends Compatibility and Interoperability Matrix. Bare metal restores allow you to recover an AIX client due to system failure. Bare metal requires that you create the bare metal media on the client. This media can then be used to aid in recovery of a crashed system. Bare metal restores the entire system from the most recent master backup. All disks which are included in the system configuration at the time the bare metal media was created are configured and data restored. Key points for protecting your system: • • • Bare metal media should be generated whenever there is a significant change to the system. • The bare metal media for a system cannot be created after the system has crashed. Bare metal media should be tested to make sure that it will work at the time of a system restore. You must have a good master backup of the client before restoring from the boot media. Do not exclude system files that are required for a system to boot. Generating bare metal media for an AIX client Bare metal media is created by running the mkbmcd utility on the client. This utility is found in $BPDIR/bin/mkbmcd, where $BPDIR is /usr/bp by default. The creation utility is invoked from the 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 808 shell with: $BPDIR/bin/mkbmcd The mkbmcd requires that you enter the following information: • • Temporary workspace directory – This directory should have 500000 blocks available. Storage directory for iso image – This directory should have 500000 blocks available. If enough space is not available on the client machine, create an NFS share on the backup system and mount it on the AIX client. See "About storage configuration" on page 103 for details. Starting the bare metal restore for an AIX client Boot your computer using the AIX bare metal media. This will allow you to restore your existing client or view information about the configuration of your disks and file systems. Note: By default, the AIX system does not boot from the CD drive. The system configuration should be changed to boot from the CD drive. This can be done during the boot process. Bare metal for AIX menu options Access the bare metal for AIX menu by booting from the AIX bare metal media. The following menu options are available: • Bare metal for AIX test option - It is recommended to run the Bare Metal Test once the client boots using the media. This can be done by selecting Test > Test from the Main menu. This operation tests the mount/unmount of the hard drive, network connection to the backup system, and starts the TCP/IP listener (daemon) to check if it is ready. • Bare metal for AIX restore option - If recovering after a system crash, select Restore > Smart Restore. The process will perform all necessary steps automatically to set up your disk. You will be asked to specify the system’s backup device and backup number. To restore the last master backup, do not enter a backup number response, i.e., leave it blank. At the end of a restore, you are prompted with the following: You may need to make your root disk bootable. Do you want to do it now? (y/n) [y] Answer y or press Enter to accept the default. If you have performed a step by step restore, the option Make disk bootable should be selected before exiting. Another way to restore a system is to perform a step by step restore. Each of the following steps is required to successfully complete the restore. From the restore menu, select Format partition, Create Filesystem, Restore files, Make disk bootable. • View AIX client information option - Using this menu allows you to review important system settings which were saved during the creation of the bare metal CD. View Info displays the mounted file systems, the filesystem table, mount points, disk partition information, the hosts, and the network routes. • AIX client utilities option - This menu allows you to mount / unmount, check, and change the client and server IP address, select an alternate hard disk, and run UNIX shell. Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 809 Initiate AIX client restore from backup system Use the following procedure to manually initiate a restore if a problem prevents the normal procedures from being used: 1 Run Test on the client. 2 Format disk and create file systems if necessary. 3 Mount file systems. 4 From the Administrator Interface, choose the backup for the client to restore. While viewing the details of the backup, choose Restore located in the lower right area of the screen. 5 Click Show Advanced Execution Options to open the form. 6 Make sure that the Target Directory is set to: /tmp/root.mnt This is the directory where the bare metal application has mounted the root filesystem on the client. 7 Press Restore to initiate the restore. You may use the Job Status screen in the to view the progress of the restore. Reasons for AIX bare metal restore The bare metal software is a powerful and flexible tool. In many cases, you do not really need to use all of its features. However, you should understand how to apply bare metal in the quickest and most effective way. Let’s consider a few common cases when a system may need to be restored. • An important file (directory) on the system has been corrupted or removed. If your system is on the network, you do not need your bare metal media. Simply perform a Selective Restore from the backup system and select only the file(s) you need. • The system is dead. The root drive has been formatted or replaced. Something unknown happened to the computer and now it does not work, it cannot be booted. Boot your system using the AIX bare metal boot CD. From the main menu select Restore > Smart Restore. This reconfigures all of the disks and restore all the files. Important things to know about bare metal restores: • The option Smart Restore destroys all of the existing data on all disks. Please be sure that you really need this step. Make sure also that you have a valid master backup and your bare metal media was tested successfully. • The option Create filesystems on the Restore menu removes all of the files from that filesystem. You will be prompted if you really wish to do this. • • The option Format Partitions (Automated) removes all existing data. The choice Make disk bootable in the Restore menu cannot damage anything on your disk. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 810 Bare metal for Mac OS X The topics below describe support for hot bare metal recovery on Mac OS X. They cover installation of the protection software for Mac OS X, steps necessary to create a Mac OS X hot bare metal boot DVD, and instructions for using such media to restore a master backup. • • • "Hot bare metal disaster recovery using Mac OS X" on page 810 "Creating a hot bare metal Mac OS X boot DVD" on page 810 "Mac OS X hot bare metal restore" on page 811 Hot bare metal disaster recovery using Mac OS X Protection of the Mac client begins with the creation of an ISO file that captures information about the system running in its natural state. This ISO image file is then burned to a hot bare metal DVD that can be used to recover a system in the case of disaster or unrecoverable crash. From this disk you boot into the recovery environment and restore the system and files to the state that existed before the crash. Technical limitations and requirements Unitrends supports hot bare metal restore for computers with the following Mac operating systems: Mac OS X 10.5 through Mac OS X 10.9. For a complete list of Unitrends supported Mac OS X versions, see the Unitrends Compatibility and Interoperability Matrix. Note these hot bare metal limitations: • • • Unitrends provides file-level protection of Mac OS X 10.10. Hot bare metal is not supported. Dissimilar bare metal restore is not supported on any Mac OS X at this time. The following file systems are supported: HFS and HFS+. Creating a hot bare metal Mac OS X boot DVD To recover a protected system, a hot bare metal DVD must be created on the computer being protected. To create the Unitrends hot bare metal DVD, place a blank DVD in the computer’s media drive and perform these steps using the terminal application: Enter the working directory where the ISO file will be built. Run the Bare Metal utility by entering the following command, which assumes the Mac OS X agent is installed in the default location of /usr/bp/: /usr/bp/bin/mkbmcd Note: Completion of the ISO file will vary in time. When the ISO image is complete, the following message displays: The newly created iso image is present at the location. Enter the following command to burn the iso image to a disk: Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 811 hdiutil burn //bm_.iso.cdr A few things to keep in mind: • The hot bare metal DVD should be tested after creation to make sure it will work when a system needs to be restored. The disk can be tested by selecting the Test option on the Mac OS X Hot Bare Metal v.60 interface. See "Mac OS X hot bare metal restore" on page 811 for accessing this menu. • A master backup of the client is required prior to doing a hot bare metal restore. Master backups can be performed from the Administrator Interface or from the backup menu. • • • The hot bare metal DVD cannot be created after a system crashes. The computer’s (client’s) hostname should be registered on the backup system. The actual file-level backup for a bare metal restore is either performed from the Administrator Interface or by a scheduled master backup. Mac OS X hot bare metal restore To recover a system using the hot bare metal DVD, perform these steps: 1 Load the hot bare metal DVD, boot the computer and hold down the Option key until the boot menu loads. 2 Choose the boot media using the mouse or arrow keys. 3 Press the following keys simultaneously, until the boot message displays: Command+S+Return 4 To start the Mac OS X Hot Bare Metal interface, at the command prompt enter: ./init It will take a few minutes for the system to start up and launch the interface. 5 From the Restore Menu, select Smart Restore. 6 When the warning displays that all data will be destroyed, select y to proceed. 7 After the file systems have been created, the Restore Now screen loads. Enter the name of the backup device or press Enter to accept the default device. 8 At the next Restore Now screen, provide a backup number or press Enter to use the last master backup. 9 Enter exclusions if necessary, or enter None if there are no exclusions. 10 At the summary screen, verify the Server, Device, and Backup Number are correct. 11 Press y to continue. From here the status of the restore process can be monitored from the Administrator Interface. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 812 Bare metal for UnixWare To protect UnixWare clients, burn a bare metal ISO image to CD and run periodic master backups. For disaster recovery, you boot from the CD, then restore the master backup followed by any differential backup. Details are given in the following topics: • • • • • • • • "UnixWare bare metal disaster recovery " on page 812 • • • • • • • • • • • • • "UnixWare bare metal restore to same hard disk" on page 816 "Bare metal rapid recovery CD for UnixWare 7.13/7.14" on page 814 "Bare metal for UnixWare features" on page 814 "UnixWare bare metal Jump Start booting" on page 814 "UnixWare bare metal AIR-BAG main menu system" on page 815 "UnixWare bare metal diagnostic/confidence test" on page 815 "UnixWare bare metal single filesystem restore " on page 815 "UnixWare bare metal fully automated restore" on page 815 "UnixWare bare metal restoring to a new partition or hard disk" on page 816 "UnixWare bare metal filesystem status report" on page 816 "UnixWare bare metal adjusting filesystem sizes" on page 816 "UnixWare bare metal hard disk parameter information" on page 816 "UnixWare bare metal view controllers" on page 817 "UnixWare bare metal load BTLD modules" on page 817 "UnixWare bare metal view PCI, ISA, PCM/CIA cards" on page 817 "UnixWare bare metal modify resource manager database" on page 817 "UnixWare bare metal hard disk single user mode" on page 817 "UnixWare bare metal deleting filesystems from master list" on page 817 "UnixWare bare metal slice manager" on page 817 "UnixWare bare metal restore from the backup system" on page 820 UnixWare bare metal disaster recovery To install UnixWare 7.13/7.14 protection software from a terminal window on the client system: 1 Download the latest version of the UnixWare Bare Metal (Airbag) module from the Unitrends Customer Care Center by selecting Unixware from the drop-down. http://www.unitrends.com/support/latest-agent-releases.html 2 In binary mode, transfer /bp//ux7_abg.tar to the /tmp directory. This file can also be found on the client distribution CD. 3 Edit the local host file (/etc/hosts) to include the IP address and DNS name for the backup system. Do the same on the backup system to add the client’s IP address and DNS name. 4 Install the Bare Metal (Airbag) module. UnixWare 7 Bare Metal (4.5.1) Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 813 tar -xvf /tmp/ux7_ abg.tar /tmp/init.uairbag7 To continue with installation type ’y’ Press ENTER to continue Press ENTER to continue Press ENTER for default of /usr/cactus/airbag Installing support files in /usr/cactus/airbag Proceed? (y/n): Press ENTER to continue Press ENTER to continue 99) Complete Installation Enter Selection: Now to setup and configure UnixWare 7 Bare Metal Press ENTER to proceed Please insert: UnixWare 7 Installation Diskette (Volume 1 of 2) Or UnixWare 7 Installation CD-ROM (Volume 1 of 3 should be in order to extract a few files that the AIR-BAG will need. Please press ENTER to continue) It will take about 1 minute to extract the files. This needs to be done only once. The original UnixWare 7 Installation Diskette is needed in order to proceed. If the original UnixWare 7 Installation Diskette is not accessible, insert the installation CD-ROM 1 of 3, and continue with this procedure. 5 Press Enter to continue 6 Please choose: I have inserted UnixWare 7 Installation Diskette (Volume 1 of 2) into floppy diskette drive. I have inserted UnixWare 7 Installation CD-ROM (Volume 1 of 3) into CD-ROM drive bay. 99. Exit and fail installation. I cannot find either the UnixWare 7 Installation Diskette (Volume 1 of 2) or the UnixWare 7 Installation CDROM Volume 1 of 3. Enter selection: Insert UnixWare 7 Installation CD-ROM (Volume 1 of 3) The media must say Release 7.1 or higher!! Press ENTER when Ready Copying files to hard disk Phase1 Success! Phase2 Success! Phase3 Success! Phase4 Success! Phase5 Success! Phase6 Success! Please remove Unixware 7 Installation CD-ROM (Volume 1 of 3) Press ENTER when Ready Building Modules needed Veritas VXS VFS Do you wish to create the Bootable System Crash Air-Bag Diskette(s) at this time? (y/n): 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 814 You can generate the Bootable System Crash Air-Bag Diskette(s) later by using the command: /etc/airbag Press ENTER to continue Unitrends Software UnixWare 7 Bare Metal SETUP COMPLETE 7 Follow the prompts and make selections appropriate for the configuration. 8 When the following message is displays, insert the UnixWare 7 Installation CD-ROM (Volume 1 of 3) in order to extract a few files that the AIR-BAG will need. Now to setup and configure UnixWare 7 Bare Metal Note: Do not mount the CD. The UnixWare installation CD is only required once. Complete the Bare Metal installation. Bare metal rapid recovery CD for UnixWare 7.13/7.14 On the backup system, insert a blank, writable CD. Navigate to the Bare Metal>Bootable UX> CD option. Select the client name and the appropriate backup device and click Create Bare Metal CDROM image. When a blue menu pops up, select the option to Generate CDROM ISO image. If a menu is displayed prompting to create floppy media, exit the interface, select Create Bare Metal CDROM image again. When the .iso image has been created successfully, click Burn Bare Metal CDROM to write the .iso image to media. This image combined with the last master and differential backups of the UnixWare client estore the server back to its original state. Bare metal for UnixWare features If the remote backup server or backup device has not been set or has been changed, use the Configure/Reset Airbag Options to set the values. Select y to change the settings. The steps to do this are as follows: When booting from the CD, some CD-ROM/BIOS combinations will work better than others. Have a BIOS that maps the CD-ROM to the A: drive when it detects a bootable media in the drive. It must say this on the screen as it is booting. If it does not, the bootable CD may not work. The CDROM on the UnixWare system cannot be a slave to a channel that does not have a master. If it is a secondary slave on the IDE channel, with no secondary master, the UnixWare kernel will not detect the CDROM If using a SCSI CDROM, there are a few compatibility problems. UnixWare bare metal Jump Start booting This feature allows you to boot into the Airbag Menu System without the bare metal CD. This will only work if the airbag has been previously created and the /stand partition is not corrupted. If not booting with the boot CD, start the boot process as normal. As soon as the UnixWare 7 logo is Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 815 seen, press the SPACEBAR and shortly thereafter the boot command prompt displays. If a non network supported floppy or CD is generated, perform the following commands: ROOTFS=MEMFS and BOOTPROG=AIRBAG b // command is followed by the letter b to denote boot If the network support CD is generated, type the following command: ROOTFS=MEMFS b // command is followed by the letter b to denote boot The following content is an example of how the session will appear. Keep in mind that the string [boot] is produced by the computer and indicates the system prompt. [boot] ROOTFS=MEMFS [boot] BOOTPROG=AIRBAG [boot] b Do not forget the b, this forces a reboot. Boot directly into the Air-Bag Menu System just as if booting from the CD. However, the load time is measured in seconds, not minutes. Perform the desired administration tasks or use the Air-Bag Menu System to fully recover the system. UnixWare bare metal AIR-BAG main menu system The Air-Bag feature is designed to be used from a comprehensive menu system called the Air-Bag Menu System. From the Air-Bag main menu, there are two additional menus; they are the Air-Bag Utilities Menu and the Air-Bag Unix Experts Menu. This section describes the features of the AirBag Main Menu itself. There will exist an option to Verify Network Connection if the Air-Bag has network support and it is used to test the connection to the backup system. UnixWare bare metal diagnostic/confidence test Running the diagnostic/confidence test should be the first thing done after creating the boot CD. This test checks all boot straps and also confirms accessibility of the hard-drive. This diagnostic also tests the network connection to the backup server. At the end of the diagnostics/confidence test, the state of all filesystems are reported. In addition to accessibility, filesystem status is displayed. UnixWare bare metal single filesystem restore The single filesysetm restore feature is used if only one filesystem needs to be restored and no modifications of data on any other filesystem is required. This option is excellent for restoring a corrupted data partition. It automatically excludes every other partition. You can restore the root filesystem, the /stand filesystem, or both. This is also used if the system itself becomes corrupt but the data partitions are still intact. UnixWare bare metal fully automated restore This is the easiest and most versatile choice to use in the entire menu. Using a simple keystroke and pressing Enter a few times, the entire root hard-drive is restored and reconstructed. This feature works for the same hard disk or a new hard disk. If the disk is new, all the filesystems are 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 816 proportionately expanded up to the maximum allowed. For example, the /stand filesystem has a maximum limit of 128 MB. Following this methodology, all filesystems are mounted and the user can proceed to perform a full restore. Keep in mind, this prepares the primary hard-drive only, and does not prepare the secondary or tertiary drives. If these also need repair, first go to the utilities menu to select these drives and reconstruct their filesystems. Then go back to the fully automated restore and finish the process. When the fully automated restore runs, all filesystems, including those on the secondary and tertiary hard-drives are mounted and the data is restored from the tape unless specifically excluded. UnixWare bare metal restore to same hard disk This Restore to Same Hard Disk option is used when the primary hard disk is corrupted but it has not been replaced. A step-by-step reconstruction of the filesystems on the selected hard disk is performed. Choosing this selection leads into the Manager. From there, you can add, delete, or merge filesystems and create new filesystems. When using this choice, the old information can be seen by pressing or . This shows the old filesystem setup and also the old slice tables. UnixWare bare metal restoring to a new partition or hard disk This feature is used when the hard-drive is replaced with a newer one of the same or larger size. It does a full reconstruction and regeneration of the needed filesystems for that particular drive. UnixWare bare metal filesystem status report The status of all filesystems can be viewed by running the Bare Metal Filesystem Status report. The report shows the name of the filesystem, its mount point, filesystem type, and filesystem status. The desired filesystem status should be CLEAN. Additionally, if the status of a filesystem shows REGULAR FILE or NOT CREATED YET, this implies that the slice representing the filesystem is either damaged or not present in the slice table. The slice can be recreated using the Manager. Another value for status may be DIRTY - LOG REPLAY NEEDED. In this event, the filesystem must be cleaned. Cleaning the filesystem can be accomplished by using the Experts Menu. The filesystem state may also show as CORRUPTED. This generally means that the filesysetm is beyond repair. If a filesystem has a bad status, try to repair it using the fsck command. If the attempt to clean the filesystem fails, use the Manager to recreate it. Note: UnixWare 7.1.3 and earlier versions have /stand on slice 10 while version 7.1.4 has it located on slice 8. UnixWare bare metal adjusting filesystem sizes Filesystem sizes can be adjusted using the Manager. In addition, the filesystem type can also be adjusted. See the "UnixWare bare metal slice manager" on page 817 for more details. UnixWare bare metal hard disk parameter information In some cases, the hard disk parameters such as the cylinders, heads, and sectors are not correct. Additionally, you may wish to specify a different geometry so that the UnixWare partition geometry matches that of other partitions. Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 817 The disk stamp is a set of twelve ASCII characters that is a unique disk identifier. Most often, these characters are random and can be modified. If the disk stamp is modified, keep in mind that the UnixWare 7 device database will reflect that a new disk has been added. The database can be reset later so that the older entries with the older disk stamp are removed. UnixWare bare metal view controllers From the Bare Metal View Controller interface, the controllers and system cards in the computer can be viewed. The ISA cards, PCI cards, PC cards, and EISA/MCA cards can be seen. In addition, all modules that are currently loaded in the booted kernel can be seen. UnixWare bare metal load BTLD modules Any number of Boot Time Loadable Driver (BTLD) modules can be loaded from using this option. It recognizes all three of the popular formats. Simply follow the instructions and the module will be loaded and linked into the kernel on the fly. UnixWare bare metal view PCI, ISA, PCM/CIA cards The information on the PCI cards display the type of controller card as well as its identifier. In addition to the card, a resource number is shown on the far left-hand column. This number is used to modify the resource manager database. To change the resource values of a particular card, note the resource key number and select the option to Modify Resource Key (experts only) to adjust the value. UnixWare bare metal modify resource manager database This feature is useful for recognizing a specific card. The interrupt type, the interrupt level, and the IO address may be modified directly from this menu. In addition, the IO address begin and end range may be changed. UnixWare bare metal hard disk single user mode This is one of the best features of the Air-Bag Menu System. This option will cause the system to appear as if it has been rebooted from the hard-drive but in single user mode. All filesystems are mounted, including all data partitions. Administrative tasks can be performed on the system while in this state. The power of this feature is that if the system is not bootable, yet nearly functional, it can be in single user mode and make repairs and restore files that are damaged. UnixWare bare metal deleting filesystems from master list At times, especially when merging two filesystems into one, the need arises to remove a filesystem from the Air-Bag’s knowledge. This option is used in the case where a filesystem was mounted at the time of CD creation, but is not mounted when the filesystem is being rebuilt. When merging two filesystems into one, use this feature to delete the redundant filesystem. UnixWare bare metal slice manager The Manager is a critical and fundamental piece of the UnixWare 7 Air-Bag. It has may of the same options and features as the SCO OpenServer 5 utility. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 818 A full set of commands are specified in the table below.The exclamation mark (!) is used to escape to the shell from within the utility. Other options available to give full control of the slice table include specifying the units (512 by blocks, kilobytes, megabytes, gigabytes, and cylinders), sorting (four ways to sort), adding slices, modifying slices, specifying starting offsets, specifying ending offsets, and specifying slice size. When working with megabyte and gigabyte units, decimal places are allowed in assigned specifications. Command Action A Add a new slice C Create new file system in the slice D Delete a slice E Specify ending slice offset in blocks, kilobytes,gigabytes or cylinders M Modify a slice N Change the name of a slice P Prevent creation of new file system h or ? Comprehensive online help O Sort slices by starting ofset, ending offset, size or slice number S Specify slice starting offset in blocks, kilobytes, gigabytes or cylinders T Change file system type U Change working units(blocks, megabytes, gigabytes or cylinders) Z Change size of a slice 0-9 Select a slice to modify ! Escape to the shell to run some commands The SliceManager is a flexible utility and allows modification of the slice table (VTOC).For example, some users prefer to specify starting offset and a size, while others prefer to specify starting offset and ending offset. The Manager can be used either way. After having executed the Manner and creating a new filesystem, the following message may be displayed: (UX:UFS MKFS:WARNING: XX SECTOR (S) IN LAST CYLINDER UNALLOCATED. Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 819 This means that the last cylinder group is not full since the partition does not end on a cylinder boundary. This is of no concern. The most practical way to view the status of a file system is to enter the SliceManager and elect to modify a slice. If the slice is a filesystem, the status of the filesystem will be shown in bold white letters. It is possible that some types of corruption can make all the slices appear to be in a status defined as SLICE NOT ADDED YET. If this occurs, run a diagnostic of the system then start from scratch preparing the disk and selecting the new hard disk. Status Keyword Description CLEAN File system is clean, ready for mounting, no evidence of any damage MOUNTED File system is mounted, perhaps you forgot to unmount it (run unmount /dev/xxxxx) DIRTY File system was not unmounted cleanly, it needs cleaning DIRTY-LOG REPLY File system needs cleaning to apply the replay log, minor updates needed NOT YET CREATED The slice is allocated,yet file system is not present, create it using c option SLICE NOT ADDED YET There is no slice allocated yet to contain this file system, use option a to add CORRUPTED File system is corrupted, recreate it using the c option REG FILE The device file representing this slice /dev/rdsk/c0b0t0d0sx UNKNOWN STATUS There is a serious problem, Slice Manager cannot be more specific The SliceManager has a built-in help tool. By default, when the slices are first displayed, they are displayed in slice number order. However, this order has absolutely nothing to do with the relative starting offsets or sizes. Therefore, after becoming familiar with the slices, sort the table by starting offset, ending offset, or size. The slice table [VTOC] may be adjusted to display the units in a number of measurements. These include 512 byte blocks, kilobytes, megabytes, gigabytes, and cylinders. When units are switched, it only affects the display. Internally, all offsets or sizes are kept as 512 byte blocks. The percentages used in the SliceManager are approximate; they may not add up to 100% due to rounding and the fact that there are several small slices – each less than one percent – but combined could amount to more than two to three percent. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 820 UnixWare bare metal restore from the backup system This section describes the method for performing a bare metal restore from a backup system with the network support systems. The simplest way to perform a bare metal restore is to select RESTORE Backups to SAME Hard Disk, FULLY AUTOMATED, from the main menu. If files need to be restored, they can be restored using the RESTORE Backups Now option. Before the restore job begins, make sure that all parameters are set correctly. If not, the settings can be changed from the menu. If View Files Locally is set to yes, the files can be viewed while they are being restored. However, this may cause a reduction in the restore speed. If the Air-Bag diskettes have been created using a two-filesystem configuration (/dev/root and /dev/u mounted on /usr), and is being converted to a one-filesystem configuration, manually edit the file /etc/AIRBAG.MOUNTS. This file contains the filesystems that the Air-Bag expects to be mounted when it performs the restore. Simply delete the line containing the filesystem that will no longer be in use under the new configuration. Do not make any other modifications to the file or the restore will fail. When converting from a single-filesystem configuration to a dual-filesystem configuration, add the entry for the second filesystem to the /etc/AIRBAG.MOUNTS file on the CD. The line must have six tokens; the last being the disk number on which the filesystem is found. For the filesystem /dev/u mounted on /usr, use the following command: /dev/u /usr 54389 K disk1 The header of the file /etc/AIRBAG.MOUNTS should be left untouched. For convenience, copy the line representing the single filesystem (/dev/root): /dev/root / 41990 K disk1 and change each of the tokens to the appropriate value. The second token represents the name of the directory on which this filesystem is mounted and must be accurate. The Air-Bag uses this to restore data to the filesystem. The finished output looks like this: FILE MOUNTED FS SIZE DISK SYSTEM ON TYPE in K NO ======================================================== /dev/root / vxfs 41990 K disk1 /dev/u /usr ufs 54389 K disk1 The number representing the size in kilobytes does not have to be exact. It only serves as a reminder when using the SliceManager to decide how to allocate space among the filesystems. Not every combination of hard disks and controllers can be anticipated. There is a good chance that if the CDs were created on a system with a different combination of controllers than when booted, the disk drive mapping can be different. Let us suppose that there are three SCSI controllers, each with one hard disk (at ID 0) and suppose that the third SCSI controller and the disk drive on it becomes corrupt due to a lightning strike. A replacement hard-drive should be added to the second SCSI controller and make its SCSI ID 0. When booting from the Air-Bag diskettes, it will look for the hard-drive on device /dev/rdsk/c3b0t0d0s0. However, since the controller is no longer present, no device is found there. Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 821 Instead, that device will be found at /dev/rdsk/c2b0t1d0s0 (SCSI ID 1). The Air-Bag will have recorded all of its database information and mount points as starting with /dev/rdsk/c3b0t0d0XX. The disk drive name mapping can be changed by using the apply_map utility which checks the file /etc/MAPFILE for mapping information. This file must be manually added to the A2 diskette when it is generated or it must be created on the fly when the system is booted from the Air-Bag. Using the example above, the following entries should be placed in this file: c3b0t0d0 c2b0t1d0 Execute the apply_map utility from the shell. This informs Air-Bag that the hard-drive at c3b0t0d0 has moved to c2b0t1d0. All previous references to c3b0t0d0 are converted. Thus, all features of the Air-Bag, such as the totally automated restore will work as expected. To reverse the change, run apply_map -r This feature is provided as a convenience. With HOT swappable disks, mirroring, volume managers, and fail-over clustering, there is an almost endless combination of hardware possibilities. Since each system crash is unique, this simple tool provides a flexible way to manage the mapping needed to restore the system. It is fairly easy to create this map. If it does not work, the changes can be removed with the -r option. Bare metal for Solaris SPARC To protect Solaris SPARC clients, burn a bare metal ISO image to CD and run periodic master backups. For disaster recovery, you boot from the CD, then restore the master backup followed by any differential backup. Details are given in the following topics: • • • "Solaris SPARC bare metal restore" on page 821 "Generate and boot from the bare metal media" on page 822 "Bare metal recovery from a Jump Start boot server" on page 824 Solaris SPARC bare metal restore Note: For information concerning Solaris Intel, see "Bare Metal for x86 Platforms" on page 795. The Solaris SPARC client bare metal restore enables rapid recovery of the Solaris SPARC client to the most recent state of the system. It is the optimal method of recovering a complete system in the case of catastrophic failure. Unitrends provides support for Solaris 9, Solaris 10, and Solaris 11 (with update 8 or update 9). In addition bare metal boot from a USB drive is supported for Solaris 10. The premise is to first create an iso image that captures pertinent information about all programs, utilities, and the state of the system at the time the image is created. This iso image is then burned to a CD and can be used to aid in recovery of a crashed system. General technical notes: • • • Bare metal media cannot be created after the system has crashed. It is imperative to test bare metal so you know it works when needed. The supported operating systems all have means of alternate booting. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 822 • It is important that you become familiar with alternate boot procedures so the machine can be booted in the case of a disk failure. • You are responsible for the means to boot the system and the availability of the bare metal media. • • • • Bare metal media should be generated whenever there is a significant change to the system. A good master backup of the client must exist before restoring from the boot media. Do not exclude system files that are required for a system to boot. Bare metal restore is not supported to dissimilar target hardware. Generate and boot from the bare metal media Before using the bare metal restore process, the media must first be created and tested on the targeted Solaris SPARC client. Bare metal restores the entire system from the most recent master backup. All disks which are included in the system configuration at the time the bare metal media was created are reconfigured and the data restored. Prerequisite: Solaris 9, Solaris 10, or Solaris 11 (with Update 8 or Update 9). Creating and booting from the bare metal CD See the following topics for details: To generate the bare metal iso image file 1 As root, run the mkbmcd utility on the client, which is found in /bin/mkbmcd, where is /usr/bp by default. 2 Initiate the creation utility by entering the following at the command prompt: /usr/bp/bin/mkbmcd 3 When prompted by the mkbmcd utility, enter the temporary workspace directory, which requires: • • 4 550 MB of space for Sun 4V architecture When prompted, enter the storage directory for the iso image, which requires: • • 5 275MB of space for Sun 4U architecture 275MB of space for Sun 4U architecture 550 MB of space for Sun 4V architecture Locate the ISO image in the designated storage directory and burn that image to a CD. Note: If enough space is not available on the client machine, an NFS partition on the Unitrends System can be created and mounted on the Solaris SPARC client to store the iso image. See "About storage configuration" on page 103 for details. To boot from the bare metal CD By default, the Solaris SPARC system does not boot from the CD drive without one of the following Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 823 commands. This allows the existing client to be restored or viewed, including information about the configuration of disks and file systems. To boot the computer with the bare metal media, use either of the following options: reboot -- cdrom // if at the command prompt or boot cdrom // if in OpenBoot Creating and booting from a bare metal USB drive See the following for details: Requirements • The hardware must include a USB 2.0 port. • • Open Boot firmware must be 4.27 or greater. Before plugging in the USB drive, make certain Volume Management is disabled. The command for this is: svcadm disable volfs To generate bare metal media on a USB drive 1 Run the mkbmcd utility on the client which is found in /bin/mkbmcd, where is /usr/bp by default. 2 Initiate the creation utility by entering the following at the command prompt: /usr/bp/bin/mkbmcd 3 When prompted, indicate y when asked if you want to use USB Bare Metal Recovery. Note: This erases all content on the drive. 4 When prompted by the mkbmcd utility, enter the temporary workspace directory, which requires 550MB of space. 5 When prompted, enter the client and backup system information. 6 When prompted, select the desired USB drive by entering the corresponding number. Note: 7 Device Type must be removable disk. When prompted, confirm the listed information and begin the formatting process by entering y. Once the process is complete and the drive has been formatted, the following message appears: Please follow the instructions below to boot from the USB drive: 8 Remove the USB drive from your machine. 9 Enter ‘# init 0’ to get to the ok prompt. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 824 10 Plug in the USB drive and enter ‘probe-scsi-all’. 11 ‘Locate the SCSI address for the Removable Disk Entry. Append /disk@0,0 to the end of the SCSI address. Example: /pci@0/ pci@0/ pci@1/ pci@0/ pci@1/ pci@0/usb@0,2/storage@3/disk@0,0 12 Boot the USB drive using the SCSI address with /disk@0,0 appended to it. Example: boot /pci@0/ pci@0/ pci@1/ pci@0/ pci@1/ pci@0/usb@0,2/storage@3/disk@0,0 The system boots from the USB drive and starts the Bare Metal Application. You must have a master backup of this system before you can perform a bare metal restore. Bare metal recovery from a Jump Start boot server Solaris bare metal recovery can be performed from a Jump Start server. In this case, a bare metal recovery can be performed without the use of a cdrom or USB media. If the Solaris server is configured to communicate with a Jump Start boot server, a bare metal recovery can be performed. Jump Start boot requirements The following requirements must be met to recover from a Jump Start boot server: • Network boot for bare metal recovery is only supported on SPARC Solaris version 2.10. Please note that the Jump Start server and the protected Solaris server are required to be on the same version. • • • The protected Solaris server (and OpenFirmware version) must support network boot. The Solaris system and the Jump Start boot server should be on the same subnet. To boot the protected server using the Jump Start boot server, it is required that the Jump Start server is configured and the protected Solaris server is added as a client to the Jump Start boot server. The protected Solaris agent can be added to the Jump Start boot server by running the following command on the Jump Start server boot server: add_install_client –e -s sunv240:/ In the command above: Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 825 • Ether address – This is the ethernet (MAC) address of the protected Solaris system. This information can be obtained by running ifconfig –a on the protected Solaris server. • Location of boot server – This is the location of the top level directory on the Jump Start server where the boot server is installed and configured. • Hardware Class – This is the hardware class of the protected Solaris server and can be obtained by running uname –m on the protected Solaris server. • Hostname – This is the hostname of the protected Solaris server and can be obtained by running the hostname command. Example: add_install_client –e 0:3:ba:f4:7e:15 –s sunv240:/boot_server sun4u SunT5220 Setup 1 On the protected Solaris server, run the mkbmcd utility on the client which is found in /bin/mkbmcd, where is /usr/bp by default. Initiate the creation utility by entering the following at the command prompt: /usr/bp/bin/mkbmcd 2 When prompted, indicate n when asked if you want to use USB Bare Metal Recovery. 3 When prompted, enter the information (name and IP) of the protected client and the information (name and IP address) of the backup system. The setup process piggybacks on the process to create an ISO, as described in the section above. When prompted, provide the path to the storage area to save the resulting ISO. A sparc.miniroot file needs to be installed / copied to the Jump Start server in order to perform a network boot operation. Perform the following steps to copy the space.miniroot file to Jump Start server. 1 Create a loopback device with the iso created as mentioned above: lofiadm -a 2 Mount the bare metal iso: mount -F hsfs 3 After mounting the iso the sparc.miniroot can be copied to the boot server by doing the following: scp /boot/sparc.miniroot @:/boot/sparc.miniroot. Example: scp /tmp/sparc.miniroot.SunT5220 root@BootServer:/boot_ server/boot/sparc.miniroot.SunT5220 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 826 Booting into the bare metal interface When performing a bare metal recovery, please perform the following steps to boot into the Bare Metal recovery interface via the network. 1 On the Jump Start boot server, copy the sparc.miniroot. file as sparc.miniroot (save the original sparc.miniroot file before performing this step). 2 On the protected Solaris server, at the Open Firmware prompt type: boot net The Solaris server boots into the Bare Metal recovery interface and is ready for performing the restore as described in "Performing a bare metal restore". Performing a bare metal restore To perform the restore 1 Select Test > Test from the Main menu. This operation tests the network connection to the backup system and verifies that the Solaris client and the backup system can communicate to perform the bare metal recovery. 2 Select Restore Options > Smart Restore. The restore process recreates the disk, partition, and file systems structure for all the disks identified when the bare metal media was created. 3 When prompted, specify the backup device and backup number. Note: 4 To restore the last master backup, simply press Enter . A restore job will be queued to the backup system and the status of the restore can be monitored from the Job Status screen. At the end of a restore, you are prompted with the following: You may need to make your root disk bootable. Do you want to do it now? (y/n) [y] 5 Answer y or press Enter to accept the default. Bare metal for Xen on OES 2 virtual machines A bare metal backup of a Xen virtual machine is captured in a manner supported by the guest operating system on the virtual machine. For example, on a Windows Server 2008 virtual machine, a hot bare metal backup can be scheduled and performed as described in the "Windows Bare Metal Protection" on page 753. Restoring a bare metal image to a virtual machine requires specific steps to be taken to access the bare metal menu on the bare metal boot CD. These same steps would be taken to access the bare metal menu to perform a cold bare metal of a virtual machine. The protection software creates a fully virtualized mock virtual machine to be used to communicate with the system to backup and restore a bare metal image from or to the appropriate location. Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 827 Note: This requires that the server CPU supports a fully virtualized environment and that VT/AMD-V is enabled in BIOS. The virtual machine that is going to be backed up or recovered must be shutdown during the bare metal process. To access the bare metal menu from a bare metal boot CD, perform the following steps: 1 Know the exact name of the virtual machine to be backed up or recovered. The existing virtual machine names can be found using the virtual machine management GUI or executing this command from the command line: xm list 2 Insert a bare metal boot CD in the host system’s CD drive. The bare metal boot CD should have been created for the specific guest virtual machine(s) following the instructions provided in the Bare Metal section. 3 From a command line on the host system, run this command: /usr/bp/bin/start_bare_metal Where is the name of the guest virtual machine to be backed up or recovered and is the name of the device in which the bare metal boot CD is inserted. For example: /usr/bp/bin/start_bare_metal sles10 /dev/cdrom Note: Run mount at a command prompt as root or root equivalent user to verify the device name of the cdrom. When the command runs, a mock virtual machine is created and will be used to backup or restore images of the actual virtual machine to be protected or recovered. The following text displays on the screen: ######################################################### CREATING PLACE HOLDER FULLY VIRTUALIZED VM FOR BARE METAL ######################################################### Checking Processor(s) ...: [ Supports Full Virtualization. ] Checking Kernel ...: [ Running XEN Kernel:2.6.16.46-0.12-XEN ] Checking status of XENd ... [ XENd running (pid 4177 4180) ] Configuration file for the VM ... /etc/XEN/vm/sles10 Creating Profile ... Using config file "/usr/bp/mock_conf". VM: unitrends_Bare Metal created. The new virtual machine is now running and the bare metal menu displays. A bare metal image backup or recovery can be performed following the steps detailed in the applicable bare metal section for the VMs operating system. To find the desired procedure, see "Bare metal procedures by client operating system" on page 750. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 828 Legacy Recovery-Series and UEB Administrator's Guide Chapter 45: Bare Metal for non-x86 Platforms 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 829 Chapter 46: ConnectWise PSA Integration This chapter provides information and procedures about integrating with the PSA tool, ConnectWise. See the following topics for details: • • "Introduction" on page 829 "Configuring the PSA tool" on page 830 – – – • • • "Configuring settings in ConnectWise" on page 830 "Configuring the Unitrends PSA Integration feature" on page 831 "Configuring PSA settings in the Unitrends system" on page 833 "Modifying or deleting a PSA configuration" on page 836 "Viewing ticket history" on page 836 "Invoking the billing script" on page 837 Introduction If you use a Professional Services Automation (PSA) tool, this feature pertains to you. The Unitrends PSA feature automates the creation of tickets in the Managed Service Providers’ (MSPs) PSA tools. Currently, ConnectWise is the only PSA tool that Unitrends supports. Unitrends supports all versions of ConnectWise. The following tickets are supported: Ticket Description Service Tickets that are used to track issues in the system. tickets Billing tickets Tickets that contain billing information for creating invoices. Please note that these show up as service tickets in the PSA tool and contain information required for billing. Previously, when an issue was found, the information was entered manually into ConnectWise. This process was prone to errors and was time-consuming. The PSA Integration feature enables Unitrends software to automatically create a service ticket. The PSA Integration feature also automates the retrieval of billing information from the Unitrends system and creates a billing ticket. Once set up, the Unitrends system sends service ticket and billing information from the company sites directly to the MSPs’ PSA Integration tool. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 46: ConnectWise PSA Integration 830 Configuring the PSA tool To enable the PSA Integration tool, you must: 1 Configure the ConnectWise tool. For details, see "Configuring settings in ConnectWise" on page 830. 2 Configure the Unitrends system. For details, see "Configuring the Unitrends PSA Integration feature" on page 831. 3 Configure PSA settings in the Unitrends system, if needed. For details, see "Configuring PSA settings in the Unitrends system" on page 833. Configuring settings in ConnectWise Follow these instructions to configure the settings in ConnectWise. This is the first step in configuring your PSA tool. Prerequisites Before you configure settings in ConnectWise, you must perform the following prerequisites: Settings Description Set up the Integrator Login This enables the Unitrends system to integrate with the PSA tool. Select the APIs to use / ensure the Service Ticket API is enabled Only the Service Ticket API is required. Ensure that it is enabled. When it is enabled, the Unitrends system can create service tickets in ConnectWise. Ensure that the integrator company name is active When the integrator company is active, ConnectWise is able to “communicate with” the Unitrends system. Note: See step 7 on the facing page in "To configure settings in ConnectWise" for more information. To configure settings in ConnectWise 1 Ensure that the prerequisites are met. See "Prerequisites" on page 830 more information. 2 In ConnectWise, click Setup > Setup Tables to see the Setup Tables window. Legacy Recovery-Series and UEB Administrator's Guide Chapter 46: ConnectWise PSA Integration 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 831 3 Enter Integrator Login into the Tables field and click Search or Enter. You see a second line with the Integrator Login link. 4 Click the Integrator Login link to see the Integrator Login screen. Note: 5 6 Enter the following information: Field Description Username Enter the user name. Password Enter a password. Access Level Select All records in the drop-down box. Service Ticket API (checkbox) Click the Service Ticket API checkbox. Service Board Select Professional Services from the Service Board dropdown box. Callback URL Enter a valid URL, such as www.connectwise.com or “localhost”. Click the Save button (the disk icon in the top line). The integrator login is set up. Note: 7 If you have already set up a user, you see the Integrator List screen. Click the New Item button to see the Integrator Login screen to add a new user. Prior to using the PSA feature, confirm the time zone entry is set up correctly. Please contact your ConnectWise administrator or consult the ConnectWise documentation. Ensure that the ConnectWise company name is set to active in the ConnectWise application under Finance > Company List > Company Finance Detail. For example, using the company name “MyCompany”: Under ‘Finance’, Company List = Company Finance Detail for ‘MyCompany’, the Company ‘MyCompany’ must be ‘Active’ to receive tickets. 8 Continue to "Configuring the Unitrends PSA Integration feature" on page 831, which is the second step in configuring your PSA tool. Configuring the Unitrends PSA Integration feature On the PSA Configuration page, you can create, modify, delete, view, or save configuration and authentication information. You can also create a test service ticket to send to ConnectWise. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 46: ConnectWise PSA Integration 832 Note: Before you configure the Unitrends PSA integration feature, make sure you configure the Connectwise tool. See "Configuring settings in ConnectWise" on page 830 for steps. To create the PSA configuration When you create the PSA configuration, you are providing authentication information to connect with ConnectWise. 1 In the Unitrends system, go to Settings > Clients, Networking, and Notifications > Professional Services Automation. You see ConnectWise in the center stage area. 2 Click ConnectWise. Enter the following information in the Add PSA Configuration window. Note: If you have already configured PSA information, you see the Modify PSA Configuration window. Field Description URL Enter the URL that your company uses for ConnectWise. Enter the node name only. Do not include https:// or http://. Example of correct entry: test.connectwise.com Examples of incorrect entries: www.connectwise.com, http://www.connectwise.com Company ID Enter the integrator company ID from ConnectWise. Make sure the this is an exact match, including case. Note: Make sure the ConnectWise company configuration is active in the ConnectWise application. See step 7 on the previous page in "Configuring settings in ConnectWise" for more information. Select an existing credential or a new credential Existing Credentials (dropdown) If you already set up credentials and would like to use those values, click the Existing Credentials drop-down and select a value. For instance, this could be credentials for Operators or Administrators. Note: You can also edit existing credentials once you select a credential from the drop-down list. Continue to Step 3. Legacy Recovery-Series and UEB Administrator's Guide Chapter 46: ConnectWise PSA Integration 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 833 Field Description New Credential (button) To enter a new credential, click New Credential. You see the Add PSA Configuration window with fields for the new credential. Enter the following fields for the new credential: Field Description Credential Name (optional) Enter a credential name if you want to set up a level of credentials for a group, such as Operators. Username Enter the Integrator Login user name from ConnectWise. Password Enter the Integrator Login password from ConnectWise. Confirm Password Re-enter your password. 3 Click Confirm. You see ConnectWise in the center stage area. 4 Click the ConnectWise line again to see the Modify PSA Configuration window. Note: 5 Click the Send Test Ticket button to send a test ticket to ConnectWise. If the credentials you entered are correct, you see the test ticket number in a message window; otherwise, you see an error message. Note: 6 The URL and Company ID are populated from your entry on the previous window. This window looks slightly different if you selected an existing credential from the dropdown list. Sending the test ticket is crucial to determining that ConnectWise is receiving tickets. Use the ticket number to confirm that the system sent a test ticket to ConnectWise. You can go to ConnectWise to confirm that the test ticket was sent. Perform a ticket search, if necessary. 7 Continue to "Configuring PSA settings in the Unitrends system" on page 833, which is the next step in configuring your PSA tool, if needed. Note: After you create the PSA configuration, you can modify or delete it, as necessary. See "Modifying or deleting a PSA configuration" on page 836. Configuring PSA settings in the Unitrends system There are PSA settings that allow you to configure data in the Unitrends system and data that the Unitrends system sends to Connectwise. This information resides in the Unitrends appliance's master.ini file. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 46: ConnectWise PSA Integration 834 To configure PSA settings in the Unitrends system 1 In the Unitrends system, go to Settings > System, Updates, and Licensing > General Configuration (Advanced). 2 Click PSA in the list. You see the names and current values of the settings associated with PSA. Note: 3 Click the arrow in the right corner of the Name field to sort the list in a different order. Click anywhere on the row that you want to update. You see a Modify Master Configuration Entry window in the bottom of the screen that looks similar to this: 4 Enter the new value in the Value field and click Confirm. This table lists the settings and descriptions you can change. Legacy Recovery-Series and UEB Administrator's Guide Chapter 46: ConnectWise PSA Integration 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 835 Settings Descriptions BaseDelay Time, in seconds, to delay a retry attempt on a remote connection failure between the Unitrends system and Connectwise. Board The Connectwise service board where the ticket information displays. See the Service Board drop-down box in Connectwise for possible values. Verify the exact wording prior to making an entry in this field. DebugTrace Whether or not to show the debug trace in the psa.log (1 = show the debug trace and 0 = do not show the debug trace). ExclusionListFile Use this setting to exclude tickets from the information that the Unitrends system sends to the Connectwise service board. To use this setting: 1 Create a file that contains strings to exclude, one per line. The values are from the Summary Description column in the Service Board List in the Connectwise PSA application. Wildcards are not supported. The appliance excludes any notifications that contain the strings you enter in this file. 2 Enter the filename in the ExclusionListFile field. This field is case-sensitive. Enter the filename using the correct case. Sample exclusion list file text entries: {noformat} Unitrends user interface version will expire in 30 days {noformat} In the example above: • The first line excludes notifications that a new user interface is available. • The second line excludes the license expiration warning. Priority1, 2, 3, and 4 This field must match the Priority 1, Priority 2, Priority 3, and Priority 4 values that display in the Priority drop-down on the Service Board List in the Connectwise PSA application. Verify the exact wording prior to making an entry in this field. ProcessNotifications Whether or not to send an email notification (1 = send and 0 = do not send). The email address comes from the primary contact for the company in the Connectwise PSA application. RetryCount The number of times to retry a remote connection from the Unitrends system to Connectwise before the system times out. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 46: ConnectWise PSA Integration 836 Settings Descriptions Status The initial status description of the ticket. Defaults to N for new, but you can change it to another value, such as unassigned. Modifying or deleting a PSA configuration You can modify or delete a PSA configuration. To modify or delete a PSA configuration 1 Go to > Settings > Clients, Networking, and Notifications >Professional Services Automation. 2 Click the ConnectWise line to see the Modify PSA Configuration window. Note: If you have not configured the PSA information, you see the Add PSA Configuration window. 3 To modify the information, enter the updated information in the field. To modify the password, click the Change Password checkbox. Click Confirm. 4 To delete the PSA configuration, click Delete. Viewing ticket history The PSA Reports page displays information about tickets that were created successfully and tickets that could not be created. To view ticket history 1 Go to Settings > Settings > Clients, Networking, and Notifications > Professional Services Automation. 2 Click View Ticket History at the bottom center of the screen. You see a list of tickets with information such as severity, date, ticket ID, and description. You can sort by column or multiple columns. Legacy Recovery-Series and UEB Administrator's Guide Chapter 46: ConnectWise PSA Integration 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 837 Invoking the billing script With PSA Integration, a command line interface allows you to invoke the billing ticket manually and alter the day that a monthly bill is created. There are three PSA integration billing procedures you can perform: • • • Generate the bill Enable a schedule Change the day of the schedule You can also get usage, and view, modify, or delete a schedule. The following table lists the billing commands. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 46: ConnectWise PSA Integration 838 Billing Procedure Billing Commands Notes Get usage ./billingInvoker The output is: PSA Billing Usage: billingInvoker [generateBill | changeBillDay] generateBill -- generates a billing ticket changeBillDay -- changes the day when the billing ticket should be created. should be between 1-31. Generate the ./billingInvoker bill manually generateBill This gathers the information required to create a bill and creates a billing ticket. This is usually performed when you might need a bill in the middle of the scheduled billing period. ./billingInvoker changeBillDay Enter the day of the month () that the billing ticket should be created. This should be between 1-31. ./billingInvoker changeBillDay Enter the updated day of the month that the billing ticket should be created. This should be between 1-31. View a schedule billingInvoker getBillDay Shows the day of the week. Delete a schedule billingInvoker disableBilling Removes the cron job. Enable a schedule Modify a schedule Legacy Recovery-Series and UEB Administrator's Guide Chapter 46: ConnectWise PSA Integration CAUTION! If you select the 31st, the bill might not be generated for months without a day 31. CAUTION! If you select the 31st, the bill might not be generated for months without a day 31. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 839 Chapter 47: Troubleshooting This section provides tips for resolving issues with the Unitrends system. See the following topics for details: • • • • • "Archive troubleshooting" on page 839 • • • • • • • • • • "Troubleshooting iSeries " on page 842 "Troubleshooting backups and schedules" on page 839 "Troubleshooting bare metal restore" on page 840 "Troubleshooting encryption" on page 841 "Troubleshooting file restore" on page 841 "Troubleshooting license management" on page 842 "Troubleshooting Novell NetWare agent" on page 842 "Troubleshooting backup system messages" on page 843 "Troubleshooting tape devices" on page 843 "Troubleshooting VMware backup " on page 845 "Troubleshooting Windows event IDs" on page 845 "Troubleshooting Windows legacy Exchange agent" on page 848 "Troubleshooting legacy SQL Server agent" on page 849 "Troubleshooting Xen on OES 2 bare metal backup and restore" on page 850 Archive troubleshooting Archive media is not available Ensure that the correct media is loaded in the archive device. New drive is added but is not seen Prepare the media to access the new drive. All existing data is removed. Troubleshooting backups and schedules Backups remain in a queued state but do not execute Verify that the backup device is online. Select Settings > Storage and Retention > Backup Devices and open the device you wish to use. Make sure the online box is checked for the device. Schedules do not launch Make sure tasker is running. Go to Settings > System Monitoring > Jobs and check the Advanced Options checkbox to see the Start tasker at the bottom of the screen, if present. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 47: Troubleshooting 840 Failure adding selective backups to the calendar If a calendar is in use in a schedule that has no selective backups associated with it, attempts to modify the calendar to add a selective backup will fail. This is expected behavior, since an inclusion list is required for selective backups and none are currently assigned in the schedule. Follow these instructions to add a selective backup to an existing schedule: 1 Make a copy of the calendar that will be modified. 2 Edit the copied calendar and add one or more selective backups on the desired dates. For each schedule using the calendar, perform the following: 3 Select the schedule and click View/Modify. 4 Change the calendar assignment to reflect the new calendar. 5 Assign inclusion lists to all clients selected in the schedule. 6 Save the schedule. Troubleshooting bare metal restore The procedures in this section are run from the Bare Metal interface, unless otherwise indicated. This interface launches when you boot a client from the Unitrends bare metal boot media. Before starting a backup or a restore operation, it is highly recommended that you select the option Bare Metal Quick Test from the Utilities menu in the Bare Metal interface. This test makes sure it can read the root drive and also makes sure that the network is configured properly. If any test fails, the next step is to select the Troubleshooting option from the Utilities menu. If a problem about the hard disk controller arises, then the SCSI devices attached to the system can be viewed. If it says Devices Attached: None then the SCSI controller was not detected during bootup. If the Bare Metal Quick Test failed because of a network issue, select Utilities > Troubleshooting > View Network Settings option. If there is no interface configured other than the loopback interface and if the View Loaded Modules option does not show the appropriate module loaded for the network controller, the network controller was not detected during bootup. The module must be inserted when the client boots up into the software. Contact Unitrends Support for further assistance. If the root drive selected by default is not the one being backed up, use the Set Root Drive option from the Utilities > Disk Utilities Menu to change the root drive to the appropriate device. If an IP address is incorrect, an option to change the IP address of the client and the server is provided to the Bare Metal menu. You can manually enter information to specify the precise server desired for bare metal backups even if the bootable media was not built specifically for that targeted server. Hard disk is not detected When the client is booted into the Main menu, select Utilities and invoke the command shell. Check the contents of the /proc/scsi/scsi file to determine if the SCSI controller was detected. Select Utilities > Advanced > Confirm hardware detection option. If the contents denote that there are no SCSI devices attached, contact Unitrends Support for additional assistance. Legacy Recovery-Series and UEB Administrator's Guide Chapter 47: Troubleshooting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 841 Bare metal fails The UseAlternateImage variable in the master.ini file should be set to True. [Bare MetalConfig] UseAlternateImage = True This change can be done using the backup system by selecting Settings > System, Updates, and Licensing > General Configuration > Bare MetalConfig > UseAlternateImage. Now when a CDROM bootable bare metal media is created, an alternate loader is used to detect the hardware. Network could not be configured In the Bare Metal interface, select Utilities >Advance > Change settings and verify that the gateway is correct. If not, update the gateway. Select Troubleshooting > View Network Settings > Change Network Settings and verify that it shows the correct network controller. Verify that the network is enabled. Select Utilities > Escape to Unix Shell. At the prompt, type the following command: ifconfig eth0 up Troubleshooting encryption Processing Error: cryptoDaemon is required but not running This message may present itself if the encryption card is no longer present, either due to being removed, becoming defective, or as a result of performing a disaster recovery to a system that does not have an encryption card. To remove the error, turn off encryption for all clients that are set for encryption. See "About encryption" on page 128 for details. Troubleshooting file restore Common errors and next steps are provided below. Files are not seen when restoring from a backup Make sure the backup has actually completed and that an attempt to restore files is not made before the database has been updated. Be sure to view the backup for the proper client and the proper date for the client. Scroll the files list to the right to see the full name of the files. If the backup was in progress during a system crash and the system was later restored, the database contains the backup record only. The backup’s files do not exist in the database. Windows system state restore for Active Directory fails Make sure you are in Directory Services Mode for the AD restore. Restoring Linux backup files to a Windows file system fails Create the needed directory structure on the Windows client prior to starting the restore. This will produce a successful restore. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 47: Troubleshooting 842 Note: The status indicates the restore was canceled, but the files should be present in the appropriate directory on the Windows server. Troubleshooting iSeries Backup fails with return code 2 The iSeries master or differential backup fails with return code 2 (too many skipped files) if the backup has to omit more than 1 file for every 1,000 files that have been backed up. In this case, view the iSeries backup in the Administrator Interface or the iSeries logs in the backup system to determine which files have been omitted from the backup. Then, create an exclude list to identify these files and retry the backup. See "About Enterprise selection lists" on page 181 for details. Troubleshooting license management Common license errors and next steps are given below. License string is not correct Contact the Unitrends Licensing Department to have them reissue the license, and/or contact the Unitrends Licensing Department for an increase in licensed capacity. Full license has expired Check whether the network cards in the backup system have been switched or renamed. If that is the case, then the MAC address (hardware address) has changed which causes the license to expire. Contact the Unitrends Licensing Department to generate a new license. Troubleshooting Novell NetWare agent Unable to connect to client while backup is running On Novell systems, only one connection at a time is allowed to the client. If any task that attempts to connect to a client is performed while a backup of that client is running, the following error displays: Summary: Error communicating with the server. Cause: Server library layer call was unsuccessful. Detail: Server library layer detailed error message: Could not connect to client An example of a task that attempts to connect to a client would be creating a selection list that includes files on a client. Once the backup completes, the task can be completed without problems. Novell client install fails with the following message: Loading Module [ AUTO FAIL ] > ># is not loaded. ># Please load the , and start the install again. The noted module is not loaded. This installation check ensures the TSAFS.NLM, SMDR.NLM, and SMSUT.NLM modules are loaded prior to starting the installation. Legacy Recovery-Series and UEB Administrator's Guide Chapter 47: Troubleshooting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 843 Troubleshooting backup system messages Could not connect to database You may receive alert emails reading could not connect to database. These are typically invalid messages. Under heavy load, the backup system may generate these messages even though there are no problems with the connection to the database. Adjust the setting under the Alertman section of the Settings file (Settings > System, Updates, and Licensing > General Configuration) to increase the number of minutes a connection cannot be made before generating an email. This setting is: [Alertman] DatabaseEmailTimeoutMins=60 // Minutes the system database must be down before an email is sent Agent not active on server Verify that the client has been registered on the backup system if restoring to an alternate system. Backups are queued but do not run on system Verify the network settings are correct on the system. If the original system is still configured, verify that there is not a network conflict. Backups are no longer replicating Verify that replication has been restarted on the system. Browsing for VMs or SQL databases takes a long time If it seems like it is taking a long time to browse the left navigation window for VMs or SQL databases, use the Reload/Refresh button at the bottom of the left navigation window to clear your cache and resume browsing. Troubleshooting tape devices Tape problems can be caused by anything from bad connections, dirty tape heads, and worn out tapes, to SCSI bus problems. By far, the most difficult of these is SCSI bus problems. These do not occur often, but when they do, they pose a considerable effort to track down. If additional help is needed, try reading the SCSI white paper located on the Unitrends web-site. Try the following: • • • • Check the status of the tape unit. • Test the tape. This performs a variety of tests on the device, including writing tape labels, file set labels, and sample data-streams. Select Task Manager > Misc > Tape Utilities > Tape Commands > TEST. If there is a configuration problem with the device it is usually detected in this phase. Verify the tape drive is idle and ready based on its LCD or other management interface. Close all menus, re-enter the menus, then stop tasker and restart it. Navigate to the device’s section of the menu and click the option to reset the device. This resets the device status and causes the device to resume. Additional tape errors and next steps are described below. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 47: Troubleshooting 844 Tape media errors occur Tape devices can experience problems with writing. If tape write errors occur in the logs, clean the tape device with a fresh cleaning tape. Keep in mind that cleaning tapes are designed to be used only a limited number of times and must be changed periodically. Additionally, for some of the 4mm and 8mm drives, the cleaning tape needs to be used two or three times in a row to fully clean the heads. Try using a new tape to get better results. If a tape encounters a media error while writing data, the tape is marked full. Subsequent backups cannot be appended to this tape. Thus, if there is a single tape, all subsequent backup queued to this tape device fail until a new tape is inserted. Errors occur while writing a tape label Most often, this occurs as a result of a timing issue in the tape drive’s firmware. The backup system performs a fast seek to the last dataset and determines that the tape has arrived before it actually has arrived. In order to fix this, set AdvancedTapePositioning in the Initialization file for the tapes section to False. The tape drive is slow It is possible that the default block size was set to a much lower value. Check the setting using Admin > Devices. A block size of 120 offers excellent performance. There are two types of block sizes. One is the high-level block size. It represents the number of 512 byte blocks sent to the tape drive in one write operation. The second is the low-level SCSI block size which only applies when using a SCSI tape drive. It represents the number of bytes the tape drive head uses. This should be 512 for quarter inch tape drives, 1024 for DAT drives, and 0 (variable) for every other type of tape drive. After any change in block size, test the tape. If it detects a problem with the specified block size, it suggests the proper block size to use. The tape drive is not seen Verify the following: • • • Termination is in place. • • • Make sure that the tape device is LVD/SD. There are no adapters in the connection between the device and the backup system. Shutdown both the backup system and the device. Power on the device and let it become idle/ready, then power up the backup system. The backup system has a 68-pin high density connection for SCSI. Run the following command to verify that the system sees the SCSI device: cat /proc/scsi/scsi A tape drive status may display, even if the drive is empty. For example, mt -f /dev/st0 status Legacy Recovery-Series and UEB Administrator's Guide Chapter 47: Troubleshooting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 845 Troubleshooting VMware backup If a backup fails with the following error: A file was not found Ensure that there are no Consolidate Helper snapshots on the VM. If one exists, delete it, and attempt to backup the VM again. Troubleshooting Windows event IDs Below is a table that describes the flow of events in a backup, as captured in the Windows Events application log. Windows event IDs Event fields used in Unitrends agent entries Source Unitrends Agent Task Category Backup, Restore, Bare Metal, Verify Level Information or Warning or Error Event ID Event IDs begin with 256 and increase Computer Server name Description Contains information specific to the Event ID. Each entry has the string (id # # #), where the ID number is the ID of the running process. If multiple jobs are running concurrently, events with the same ID can be viewed for a particular job. Starting event Task category and message indicate the operation. The description field contains the type of operation that has started. Typical starting event flow for a backup: Event ID Category Level Keywords 256 Backup Information Classic Description Field (id 5396) MASTER started.Version 6.0.0 VSS events leading up to execution of a volume snapshot Related VSS events are seen before and after the Unitrends events are logged. Any failures that occur while issuing these VSS events are logged as errors. Some details are added to the event description for that failure. In the case of errors, some diagnostics can be run from the command line to insure that the VSS subsystem is functioning. Use the ‘VssAdmin’ commands: Vssadmin list writers 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 47: Troubleshooting 846 Vssadmin list providers Vssadmin list volumes If any of these commands fail or return no information, then the VSS subsystem is not functioning. A reboot helps in most cases. VSS events are described here: Event ID Category Level 275 Backup Information Classic Keywords Description Field (id 5396) Agent successfully issued VSS event GatherWriterMetaData 275 Backup Information Classic (id 5396) Agent successfully issued VSS event InitializeForBackup 275 Backup Information Classic (id 5396) Agent successfully issued VSS event PrepareForBackup When creating a snapshot, the agent adds the requested volumes to that snapshot and for each volume added the following event is logged. If a failure occurs while adding a volume to the snapshot event 279 is logged. Included are some details of the error. Typically, failures occur when attempting to add non-NTFS volumes or network attached volumes to a snapshot set. In some cases, network attached volumes require a hardwarespecific VSS provider to be installed before they can be added to VSS snapshots. If this error occurs, the agent attempts the backup without using the VSS snapshot. This could result in files not being backed up due to file in use errors. VSS add volume events are described here: Event ID Category Level 278 Backup Information (id 1476) Added volume C:\ to the snapshot set. 279 Backup Error (id 1476) Failed to add volume C:\ to the snapshot set. Keywords Description Field The system state begins event indicates the exact point in the process that this starts. The system state ending event is seen later, and any errors found in between. System state duration can be determined with these two events. Event ID Category Level 272 Backup Information Classic Legacy Recovery-Series and UEB Administrator's Guide Chapter 47: Troubleshooting Keywords Description Field (id 5396) Agent beginning System state backup. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 847 A volume snapshot operation concludes with one of two events. The successful DoSnapshotSet event indicates that the volume snapshot has completed OK. A failure is logged as an Error category event with some details in the description. If the snapshot operation fails, the following error event is logged. Added to this message is some extra detail about the error. There are many possible causes for this failure. Some of the errors are related to poor disk performance causing the VSS subsystem to give up while waiting for the snapshot to complete. In these cases, the Windows OS usually logs other warnings or errors before and/or after this entry. Do snapshot events are described here: Event ID Category Level 275 Backup Information Classic Keywords Description Field (id 5396) Agent successfully issued VSS event DoSnapshotSet 276 Backup Error Classic (id 5396) Agent failed to issue VSS event DoSnapshotSet For master, differential, and incremental backups, the agent performs a system state backup. When that completes, an information or error event is logged. There are many error cases during system state backup, especially when running on Windows domain controllers. If system state failures persist then more detailed information is logged in the Unitrends agent log files. System state events are described here: Event ID Category Level 274 Backup Information Classic (id 5396) Agent system state backup was successful. 273 Backup Error (id 5396) Agent system state backup failed. Keywords Classic Description Field At the end of the backup, the session completion event is entered. If the summary was sent okay, then the following event appears. A failure to send the summary results in an error event being entered. The success event shows how many files were backed up and how many were skipped due to an error or an in-use condition. The session complete event is described here: Event Category ID Level 262 Information Classic Backup Keywords Description Field (id 5396) Session completes. Summary sent OK. 655 files Processor OK. 0 incomplet6e. If a failure occurs while sending the backup summary to the Unitrends system, the following event is logged. This is usually caused by a network connection disruption between the Unitrends agent and the backup system. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 47: Troubleshooting 848 The failed to send summary event is described here: Event ID Category Level Keywords Description Field 263 Backup Error (id 5396) Session completes. Failed to send summary. Classic For application backups (Exchange or SQL), the agent concludes the session by issuing a VSS BackupComplete event with a success or fail condition. For successful backups, this event indicates to the appropriate VSS writer that any cleanup processing may be done, like transaction log truncation. A failure condition causes this event to log as an Error category and the description indicates the error. There are many possible causes of an application backup failure, some of which are described in the preceding events. Any error during an application backup causes the agent to issue the BackupComplete failure event. Backup complete events are described here: Event ID Category Level 264 Backup Information Classic (id 4720) Backup completes. Issued VSS BackupComplete event - success. 265 Backup Error (id 4720) Backup completes. Issued VSS BackupComplete event - failure. Keywords Classic Description Field Troubleshooting Windows legacy Exchange agent Common errors and next steps are given below. Network share access error is displayed while trying to connect to the Samba share Verify that permissions have been assigned to connect to Samba. Verify the following steps: 1 Check the Samba status by typing the following command. /etc/init.d/smb status 2 Check the Samba configurations file to check if the backup system and client have an entry in the allow hosts field of the Samba section in the smb.conf file. vi /etc/samba/smb.conf 3 Restart the Samba services. Note: Verifies are not supported in the legacy Exchange agent (only), and do not run if configured. Legacy Recovery-Series and UEB Administrator's Guide Chapter 47: Troubleshooting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 849 Transaction logs are not truncating after a master backup is run on the Exchange server Be sure that all of the information stores within the storage group are defined for backup. For more on transaction log truncation, see Microsoft’s technical information on transaction log truncation. Another Exchange backup of a higher priority has been started or is currently running. This backup has been cancelled. This message may occur if an Exchange Information Store differential backup is running when an Exchange Information Store master backup is launched. The Exchange Information Store differential backup is canceled to allow the Exchange Information Store master backup to run. Kroll Ontrack PowerControlsTM message: An error occurred processing the log file. Continuing without logs. This error may occur when Exchange transaction logs are either missing or corrupt. Verify that all restored transaction logs from both the master Exchange store backup and the differential Exchange Store backup are located in the folder specified in the Log File Path field in the Open Source Files dialog box. Use the command ESEUTIL /MH to determine which transaction logs may have uncommitted transactions. Troubleshooting legacy SQL Server agent Did not find any databases for this SQL Server instance Verify that there is a connection to the SQL Server instance where the database being backed up/restored was created. Failure occurs during SQL Server database backup or restore Verify that the client is registered to the backup system. Failure to connect to SQL Server Verify that SQL Server is running on your machine. FATAL - Device open failed fileset validation failed[tape #, fileset #] attempting to restore database Confirm that the database is being restored to the same device type that was used to backup the database. No servers listed in the list of backup server names when launching legacy SQL Server agent Confirm that the client’s hosts file has been updated to include the backup system name and IP Address. Changes to the SQL Server agent backup schedule not automatically applied to the existing associations where the modified schedule was assigned Delete the current database schedule association and reassign the schedule. Modifications to the backup schedule do not affect associations that were created prior to the modification. SQL Server transaction log shows status as successful but the system manager shows status as (Restoring) If this state occurs, restore the database to the latest possible time and perform the restore again. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Chapter 47: Troubleshooting 850 This could have occurred due to a backup and restore of another database taking place at the same time. Restored SQL Server database shows as loading in the Enterprise Manager If the SQL Server Agent is being used in conjunction with another SQL Server maintenance plan, the transaction logs get out of sequence. The database is then seen in loading state. This database should be removed and a full restore along with any differentials must be performed. This restores the transaction log chain. Troubleshooting Xen on OES 2 bare metal backup and restore HVM guest support is unavailable Verify that VT/AMD-V is supported by the CPU and enabled in BIOS. Running Non-Xen Kernel Restart the server and boot with Xen kernel. Xend is not running Check /etc/init.d/xend status and restart if necessary. Configuration file /etc/xen/vm/ is not found The virtual machine has been removed from the system. Re-create a Xen VM with same name, and restart the bare metal. Legacy Recovery-Series and UEB Administrator's Guide Chapter 47: Troubleshooting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 851 Appendix A: Windows Legacy Operations This chapter describes the following legacy operations: "Working with the legacy Windows agent" on page 851 "Legacy SQL Server agent" on page 859 "Legacy Exchange agent" on page 866 Working with the legacy Windows agent This section describes procedures that can be run from a Windows client using the legacy Unitrends agent. Although you can use this client-side interface to queue backup, restore, and verify requests to the Unitrends backup system, this is not the recommended approach. All procedures should be run from the backup system. Only use the procedures in this section if you cannot, for some reason, access the backup system. Note: The legacy agent is required to protect Windows 2000 and Windows NT. If you are running a newer Windows operating system, see "Windows Protection" on page 425 instead. Launching the legacy Windows agent To launch the agent, log in to the Windows client and select Start > Programs > Unitrends Agent > Unitrends Agent Menu. Note: If user account controls are implemented, right-click Unitrends Agent Menu and select Run as Administrator . Legacy Windows agent preferences To change the preferences, launch the agent and select Profile > Preferences. Modify settings as desired and click OK to save. Preferences are described in the reminder of this section. Environment settings These are global settings that effect the environment across all profiles. The following comprise the environment settings (the default settings are in parenthesis): • • • Station Name - This is a generic title of the workstation used for reporting purposes. • Lines per Page (66) - This is the number of lines to load into dialogs that maintain lists. Depending on the amount of memory available this value can be changed. Base Directory (installation directory) - This is the directory where the product is installed. Default Profile (installation directory/profiles.dir/master.spr) - This is the default profile that is loaded each time a request is initiated. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 852 • Catalog Directory (installation dir/catalogs.dir) - This is the directory that contains the local copies of the backup catalogs. If a large history of catalogs needs to be maintained on the local workstation, change this directory to a drive with more space available. • Low Priority - Set this if using the workstation while backups are being performed. When not checked backups will pretty much take over the system and perform the backup as fast possible. When checked other applications can be working at the same time as the backup with little notice, but backup speeds will decrease as well. Log level This specifies the log level at which the applications run. Levels can be specified for the GUI interface (wbpr), the backup engine (wbps), and the service (bpnetd). The minimum and maximum debug levels are: Minimum Debug Level - 0 (Error Log only) Maximum Debug Level - 6 (Log All) Current profile settings These settings only affect the currently loaded profile. Block Size (120) - This is the network frame size that is used when a backup or restore is performed. Generally leave this at 120 unless you have serious performance problems. In which case, lowering this may help (i.e. 20). Directory Depth (0) - This is the default directory depth for the backup. Directory depth is how many levels down in the directory tree the backups should go before stopping. Zero indicates all levels. Advanced preferences Clicking Advance displays the advanced preference dialog. where you can configure the following: • Backup File Properties - Enable/disable backup of file properties, such as security information and extended attributes alternate data streams. This applies to NTFS volumes only. • Backup Registry Security Info - Enable/disable backup of security information associated with registry keys. • Enable Automatic Restart - This enables/disables automatic restart after a restore operation. If disabled, a message displays indicating that a restart is needed. You may restart the machine at your convenience. • Open Data Manager - Used to backup locked files (files locked for exclusive use by other programs) in the system. • Enable ODM - Enable/disable the Open Data Manager. If the ODM is disabled and a locked file is encountered, an error is reported unless the file is in the skip list. • Log Level - Sets the log level for the Open Data Manager. This value can be: 0 - Error Log 1 - Warning Log 2 - Info Log 3 - Success Log Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 853 • Write Cache - This option applies to Windows 2000 systems only. If this button is enabled, the ODM will internally cache NTFS metadata writes. • • Use Default Dir - Use a cache directory computed by the ODM internally. Cache Dir - Specify the cache directory that should be used by the ODM. Legacy Windows agent profiles Profiles are files that contain textual information about a backup. You do not have to use profiles to use the program. Profiles can be used to save frequently performed types of backups. The default profile is used to initially start the program and provide basic backup information. Backup information, such as backup type, files to backup, and files to exclude, can be changed and this information can then be saved in a new profile by using the Save As menu item. Once a profile is saved it can be loaded from the Profile > Load menu item and then run with or without any further modifications. Performing backups with the legacy Windows agent You can run master, differential, and selective backups with the agent. A master backup is a complete backup of the systems files. A differential backup contains all files created or modified since the last successful master. A selective backup is a backup of one or more specifically selected files. Backed up data is stored on D2D devices on the backup system. To perform a backup, click Backup from the main menu, then choose the type of backup you would like to perform. A master backup of the Windows client first backs up the registry and then the C: drive followed by any other subsequent drives. Choose the Backup > Master option to display the master backup dialog. A master backup of a Windows-based client captures the Windows system state, which includes system-critical components and their files that must be captured as a single unit. All system state files are backed up into the file Unitrends.SystemState.bkf, excluding the system state writer files, which are captured with master, incremental, and differential backups. To request a differential backup, select the Backup > Differential option. The Master and differential option dialogs are functionally identical. The steps to perform a master or differential backup request from a Windows client are as follow: Select the backup system from the Server Name drop-down menu. Select the Device Name that the server should use to store the backup. A list of device names can be requested from the server by clicking the arrow button to the right of the name. This connects to the server and returns all known device names to the client. When dealing with disk-to-disk devices that represent single disk files, there are restrictions regarding the devices that appear in the selection list. The only disk-to-disk devices that appear are those that have never had a backup performed or those devices that contain a previous backup of data from this client machine. Choose any files or disk drives to exclude from the backup by selecting the tab Exclude Files. Each choice has a respective dialog that presents you with a list of drives or directories to exclude. Once you have chosen the drives or files to exclude, click OK. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 854 If the backup needs to be verified, select a verification level from the Options tab. Options are None, Level 1-CRC Checking, and Level 2-Bit Level. Generally, Level 2 Bit Level is the best choice if any verification is needed. The Keep a local Catalog under the Options tab option can be toggled on or off. This option is useful to have on so that if you want to see what was backed up on a specific day it can be queried locally without having to make a request to the server. These files are automatically purged every seven days by default. This can be changed by updating the number of days associated with each backup type under the [Purger] section of the local master.ini file to whatever interval you wish. To run any local commands before and/or after the task has completed, select the Advanced Options tab. The command to run before and/or after the backup can be set up by activating the appropriate check box. The command should be some form of a batch file, since only one command can be specified to run. Save the backup settings by pressing Save Profile at the bottom of the dialog. Settings can be saved to a new or existing profile. You can then run the profile at a later date without re-entering the options. Once all choices have been made, select Submit to server to process the backup request. A differential backup first backs up the registry and then the C: drive followed by any other subsequent drives. The backup includes all the files that have changed or been created since the last successful master. If directories or files had been excluded in the master but not in the differential, then all those directories and files are backed up as well during the differential backup, creating a larger than expected differential. Selective file and directory backups allow you to select specific files to be backed up. To specify the files and/or directories, click Include Files and then Add. The concept behind this dialog is to select files from the left hand list and use Add to add them to the right hand list. Double clicking on a directory leads to that directory. You can type in a path or type in selections in the Filter box and click Add. Wildcards like myfiles.* are acceptable entries as well. After selecting the files, click OK. It is generally best to save the backup profile entries prior to submitting to the server. Performing restores with the legacy Windows agent Restore is used to restore files from a backup back to your system. There are three restore methods that can be used. Each method uses the latest backup unless you select an alternate backup from the restore window. Entire Backup – Restores an entire backup with options. One of the most commonly used options is the exclude files option. Use this option to exclude files or directories from the full restore. Selective Files – Restores just selective files or directories. Use one of the methods listed above to find or specify the files or directories you wish to restore. From Inclusion List – Restores a list of files from a text file that is currently residing on the PC. This list contains one filename per line. The complete path of the file should be given starting with the drive letter. Only the files specified in the list are restored. Restoring an entire backup This option restores all the files in an entire backup to a system. The Server tab is described here: Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 855 Server Name – This tab allows you to select the Server Name that you wish to restore from. If the Server Name is not correct, click the Server name combo box. If the host table is setup correctly then the server can be chosen from the drop-down list that displays the list of servers. Device Name – Select the Device Name to which the restore should be done. If the device name is not correct, open the drop-down list from the combo box to select from the list of devices on the server. This selects the device for this task only. To make the device name be the default click Save Profile. Backup No – To select a backup number from which the restore should occur, click Select Backup Number to get a listing of all available backups to restore from. If you leave the Latest and Using original device without specifying a backup number explicitly, a restore of the last backup found on the device that is currently in the drive that belongs to this workstation, will take place. Submit to Server – When ready to perform the backup, click Submit to Server. Once the resources on the server become available, the server scheduler connects to your machine and begins the requested restore. Generally, restores are performed in the background. Save Profile – Click Save Profile to save the current settings into the profile. This opens a Save As dialog where you can either overwrite an existing profile or create a new one. Restoring a backup by backup number For entire restore operation, select a particular backup by clicking on the backup line you wish to restore from. Then click OK. Also, you can view the files of a particular backup by checking the Show Files check box. On clicking Show files, the dialog looks as follows: • The File Listing list box is updated with the files as you click on different backup lines in the Backup Listing. • The page buttons navigate through the file listing as follows: > Next Page < Previous Page >> Last Page << First Page • • Insert a page number in the edit box and press Goto to jump to a particular page. In the Preference Dialog you can specify how many filenames are displayed in a page. The default is 66. That means that each page contains 66 files. The indicator box at left indicates the current page and the total number of pages in the list. Performing selective restores The Selective restore option allows you to select the files that you want to restore. From the Selective Restore Server tab, choose the Server Name (backup system) and Device Name (disk device) that contains the backup file to restore from. Include files option To add files to the restore list, use one of the following from the Select file from options: • Use A backup listing to select files from a backup listing. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 856 • • • Use Browse for file to select local file names. Use Delete to remove selected files from the backup list. Use Clear All to clear the entire list altogether. Backup listing dialog The listing of backup gives the backup number, tape number, backup date and time, Starting Directory, Type of backup (master, differential, selective), size in Megabytes, how many files in the backup, the device name that it was backed up to, and the workstation name it belongs to. To display the files included in a particular backup, select the Show Files checkbox. Restore options tab This tab allows you to specify options for the restore operation. Set Target Directory – Enables restoring a backup into a directory that is different from the original source directory from which the backup was made. This new directory can be on the same system or another system. Keep a local Catalog – When selected, creates a local listing of the entire restore session. This file is located in the catalog directory setup in the Preference dialog. The Catalog menu choice can be used to view any of the Catalogs recorded locally on your system. Newer Files Only – Setting this option restores only those files that are newer than the ones already present on the system. Non Destructive Restore – Setting this option disables overwriting of files that are already present on a system during a restore operation. Restore advanced options This tab allows you to set advanced options for the restore process. Run this local command before - When selected, allows you to enter a command that will be run prior to starting the restore. Run this local command after - When selected, allows you to enter a command that will be run after the restore is complete and possibly verified. Verifying or comparing a backup The verify or compare function is used to read the backup from the server and compare it to the hard disk as if a restore was taking place. Each bit is compared to make sure it was not corrupted during the backup, while writing to the media, or during transmission to the client machine. Once the verify is started from the server, click on the agent item in the task tray to view the verify process. If files are found to be corrupt, a detail log is written in the catalog directory entitled changes.cmp. To increase the number of not backed up files to allow before the system considers a backup as failed and does not perform a verify, edit the value for VerifyIncompleteFileCnt in the master.ini file under Configuration > Settings > Media information. Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 857 Options and other functions There are several other functions available on the client through the Options menu. Some of the more specific options are discussed in the remainder of this section. Skip file-in-use option The skip file-in-use option is used to specify those files that are commonly in use by other programs and will not be accessible. The agent will be aware of these files and will not flag this as an error. Otherwise, files that are in use because they are accessed by other programs are flagged as an error resulting in a failed backup. Regardless of what settings are chosen, files that are not accessible due to disk blocks, permissions, or any other reason than being in use by other programs continue to be flagged as error. If using the ODM (Open File Data Manager), all files that are in use by other programs can be accessed and thus are backed up without difficulty. In this case, select the choice labeled No files below. A valid license must be obtained to use the Open File Data Manager and can only be used for Windows 2000 computers. All files: If this option is enabled, the agent is aware of these files and will not flag them with an error. Files selected from list below: If this option is enabled, files that are in use because they are accessed by other programs will be flagged as an error resulting in a failed backup. No files: If you are using ODM (Open File Data Manager), all files that are in use by other programs can be accessed and thus are backed up without difficulty. Snapshot properties option Once the client is installed, make sure snapshots are enabled by selecting Options > Snapshot Properties within the client interface. The hot bare metal backup will only run after the snapshot is enabled. Test protocol option This feature tests the communication protocol used by the agent and the server. The needed protocol requests are tested to be sure that both sides have versions of the software that are fully compatible. The protocol test also sends artificially generated data to the server and this transfer is timed. Based on this, the maximum transfer rate can be determined. Most of the time, a value during backup of approximately 90% of this number should be seen. Generally, if you able to do a protocol test and register the workstation to the server, you are able to perform backup actions. Register client option When the protection software is first installed, it needs to be registered to the server that will be servicing it. This can be done from the backup system or the client. On the client, use Options > Register Client to register the client to the server. Once this is done you should not have to do it again unless the server is changed or the registration on the server is lost. Choose server/device option This option allows the user to select a server and disk device to use for the current set of operations. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 858 Add a Server to Hosts File This dialog allows you to add a server (a server that is running and is accessible by the client) and IP address pair to the hosts file on the client system. After entering the Server Name and Server IP address, click Add. The specified IP address is tested to see if it is a valid, functioning server. If it is, then the Server Name\IP Address pair is added to the hosts file. If the name chosen already exists in the host file, a warning displays. Test a server connection option You can explicitly test a particular server to check if it is valid and usable. To do this, either select a server from the list box or type in the server’s IP address. Upon clicking Test, a test is performed to check if the server is valid and usable. Bare metal optimizer option Note: The Bare metal optimizer is no longer used on Windows 2000 and above systems with a snapshot driver. This option is useful when using the add-on bare metal product installed on the server. It performs a snapshot backup of the PC which differs from the normal master/differential backups. With this type of backup, recovery from crashed Windows environments can be done easily. This option allows for the optimization of a system so that the bare metal backups perform at peak speed and size. This is normally run the first time a bare metal backup is scheduled from the server, and can be turned on from the server as well. But this option is present so it can also be performed locally. It can take several minutes to complete. PC’s should be optimized about every 6 months. Settings file option The settings file is called the master.ini file and resides in the directory C:\PCBP. It contains the settings used by the backup system agent. It includes an extensive debugging section that Customer Support personnel can use to uncover problems. It is not recommended to change this file manually. Following are the frequently used options that are present in the settings file. [BProfessional] ResetArchiveBit When this is set to True the DOS archive bit is reset when the file is backed up. When this is set to False it is not reset. If you experience problems with applications that do not like their attributes changed, then you should set this. By default this value is set to True. Inettime This value is used by the agent. It defines the amount of milliseconds between each listen to incoming connections. If a slowdown is experienced when the application is not running, then the agent may be the cause. By increasing this value to 3,000 you should see an improvement. BackupProperties This value enables backup of file and folder properties (security information, alternative data streams, extended attributes, etc.). This is for Windows NT4 systems and above (NTFS volumes only). By default this value is set to True. Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 859 BackupRegSec This enables backup of registry security information. This is for Windows 2000 systems and above (NTFS volumes only). By default this value is set to True (registry security information is backed up). EnableAutomaticRestart At the end of a restore process, if a restart is required, a dialog box is presented you choose to restart or cancel. If the dialog box times out, this flag determines whether the engine should restart the system or not. If this flag is enabled, the engine restarts the system. This is for all Windows systems. By default the setting is False meaning the engine does not restart the system if the restart dialog box times out. DetectHungFiles If this flag is set, then catalog and log files are synchronously flushed to the disk after every write. This is for all Windows systems. The default value is False. SystemStateUsingNtBackup For systems with Active Directory, this setting enables (if set to True) the use of NTBackup to backup the Windows system state. The default value is True. NtBackupKeepAlive This setting is the number of seconds to wait for NTBackup to complete and is used if SystemStateUsingNtBackup is set to True. The default value is 600. NTBackupLocation This setting dictates where to place the system state dump file created when NTBackup runs. [usnap] USnapEnable This setting dictates whether or not snapshot technology is used. The default setting is True for Microsoft 2003 clients, but is False for Microsoft Windows XP and Microsoft Windows 2000 clients. For Microsoft Windows XP and Microsoft Windows 2000 clients, snapshots are created using the Unitrends Snapshot driver and can be enabled or disabled from the client in the Options > Snapshot Properties menu. USnapDisable2K3 This setting dictates whether the Unitrends Snapshot driver or Microsoft VSS is used to create snapshots during a backup. The default setting is True for Microsoft 2003 clients and up, indicating that Microsoft VSS will be used to create snapshots. This setting is not used with Microsoft Windows 2000 clients. Legacy SQL Server agent The SQL Server agent allows for the fast, flexible, and reliable archive and restore of Microsoft SQL Server databases. This feature allows system and database administrators the ability to backup and restore mission-critical databases, manually or automatically, while ensuring business continuity. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 860 The SQL Server Browser service must be running for proper execution of the SQL agent. The following SQL Server agent versions have been tested and certified with Server environments running Windows 2000 or Windows 2003 and Microsoft SQL Desktop Engine (MSDE) 2000: • • • Microsoft SQL Server Express 2005 Microsoft SQL Server 2000 Microsoft SQL Server 2005 The following SQL Server Agent versions have been tested and certified with Server environments running Windows 2003 or 2008: • • Microsoft SQL Server 2005 Microsoft SQL Server 2008 The following requirements must be fulfilled before installation of the legacy SQL Server agent: • SQL 2000 Service Pack 4 • SQL 2005 Backward Compatibility Update For Microsoft SQL Servers configured for failover clustering, Unitrends recommends using Microsoft SQL maintenance plans for database backups. Microsoft SQL maintenance plans should be directed to a local disk and scheduled prior to a Unitrends file-level backup. Unitrends file-level backups can subsequently protect these database backup files and provide online retention. The SQL Server agent contains the following functionality: • • Ability to determine database backup strategies based on user supplied recovery requirements. • Availability of default database backup templates consisting of some of the most common backup practices. • • • • • • Simplified restore process allowing for the restore of a single database or multiple databases. Ability to generate database backup schedules using a wide variety of frequency options to accommodate daily, weekly and monthly backups. Support for point-in-time recovery. Support for restoring a database to an alternate database name. Support for full, differential, or transaction log backups. Ability to view backup and restore history. Support for restoring a database to an alternate location. Note: When using the SQL Agent to backup up databases, other backup applications should not be used to backup databases. This will cause problems when restoring the database, especially when restoring transaction logs. Please do not use the Unitrends SQL Server agent to backup SQL Server 2000 databases using fulltext catalogs and indexes. Launching the legacy SQL Server agent The SQL Server agent is launched from the main menu of the appliance agent. To access the SQL Server Agent, follow the instructions provided in this manual for installing, configuring, and Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 861 registering the appliance agent. Log in to legacy SQL Server agent Logging in to SQL Server is accomplished by clicking Login To SQL Server on the View/Assign Database Backup Profiles screen. Full functionality of the SQL Server agent requires authentication to a SQL Server instance. The SQL Server agent connects to a Microsoft SQL Server instance. This connection must be established before the SQL Server agent can obtain information regarding your existing SQL Server database or before a backup or restore can be performed. There are two possible authentication methods available. One is to log in to the SQL Server instance using Standard authentication, for which a valid SQL Server login and password need to be supplied. Alternatively, log in to the SQL Server instance using Windows authentication, whereby a connection is made to the SQL Server instance using the Windows login information. To enable Windows authentication, select the Use Windows Authentication checkbox on the SQL Server log in screen. The SQL Server log in interface displays a list of operating SQL Server instances on the system. Named SQL Server instances are displayed using the format: \\ComputerName\InstanceName. Features of the legacy SQL Server agent Assign a schedule strategy to a database – Assign either a user-defined database backup schedule to a database or choose one of the default schedules provided for you. Immediately backup one or more selected databases – Select one or multiple databases for ondemand backup. Your database selection list is comprised of all databases that exist on the SQL Server instance to which you are connected. Restore one or more selected databases – Select one or multiple databases for restore. Your database selection list consists only of the databases that have been backed up to the server to which you are connected. View backup history – View the status of database backups performed on your system. View restore history – View the status of database restores performed on your system. View information in error log files – View information regarding errors that may have occurred during backup/restore operations. View information in audit log files – View audit information regarding operations performed during backup and restore. Creating or modifying a legacy SQL backup schedule You can create a customized database backup schedule or modify an existing one. The SQL Server agent manages the steps necessary to successfully create or modify a database backup schedule. Note: Modifying database backup profiles can temporarily affect the ability to perform a database recovery. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 862 To create or modify a schedule 1 Select Backup > Create Backup Schedule from the SQL Server agent’s main menu. 2 If a new profile is being created, select Create a New Template Profile and provide a name for the profile. If an existing profile is being modified, select Modify an Existing Template Profile and select a name from the list of currently existing user-defined backup profiles. 3 One of the features of the SQL Server agent is to allow a means to easily develop backup profiles based on specific database recovery requirements. The next step in creating a backup profile gathers the requirements that will be used to formulate a customized backup strategy. Click Next to continue. Legacy SQL backup plan optimization This option enables you to specify whether to optimize the backup process for quick backups, quick recovery, or to minimize the disk space used by the backup. Allow for point-in-time recovery should be checked if you want to restore a database to a given point in time. This option must be checked during profile creation. Point in time is only available for restoring a single database. When this option is selected, transaction log backups are performed by default. When the desired recovery requirements have been entered, specify a backup type and decide on a backup time for the schedule to execute. Enter the desired backup schedule time. The default is the 24-hour time format. The time that is denoted applies to all backup types included in the schedule. Legacy SQL backup types and schedules Based on the information provided in the previous screen, one or more backup types may have been pre-selected. For each of the selected backup types, click Modify Schedule to assign a backup frequency. The available backup frequencies are: Recurring: This option allows the specifications of database backups on an hourly basis. The number of hours between two backups can be set between a time interval indicated by the Start time and End time or it can be done starting at the Schedule time. The designated time is denoted on a 24-hour clock. Performing backups at an hourly rate immensely reduces the possibility of data loss. For example, a schedule with a Start Time of 15:57, an End Time of 23:57, and a recurring value of 1 hour illustrate that the selected database backup will every hour between the times of 15:57 and 23:57. Recurring frequencies can be assigned for full, differential, and transaction log backups. • • • Daily – Establishes the backup to run once a day. Weekly – Establishes the backup to run once a week on a specific day. Monthly – Establishes the backup to run once a month on a specific date. In general, a full backup should precede a differential and transaction log backup. Therefore, if differential backup type is selected, the SQL Server agent first confirms that a full backup was previously performed. If a full backup was not performed, the SQL Server Agent launches a full Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 863 backup. If a full backup has already been performed, the SQL Server agent launches the requested differential backup. The final step in creating or modifying the schedule is to save the profile. Newly created or modified profiles must be saved before they can be assigned to a database. If any changes are made to a profile after it has been assigned to a database, the profile must be removed and reassigned to the database in order for the changes to take effect. When Save is clicked, the SQL Server agent saves the profile and enables the print functionality. Clicking Close returns to the main SQL Server agent interface. Assigning or removing a legacy SQL backup schedule When the task of creating the backup schedule has been completed, assign it to a database. Assign either a user-defined backup schedule to the database or a default schedule profile. The SQL Server agent limits only one profile per database at a given time. Multiple databases cannot be scheduled to the same profile at one time. However, the same backup schedule can be assigned to multiple databases individually. Click Remove to delete already assigned profiles. Clicking Remove deletes the backup schedule’s association to the database and removes the backup schedule from the server. This action does not remove the backup schedule from the client, therefore the schedule can be assigned to the same database or a different one. Backup schedules for SQL Server databases are launched via the SQL Server agent only. There are a number of available default database backup schedules available for your use. The default schedules are listed along with your user-defined schedules in the Available Template Profile drop-down list. • • • Daily Full Backups - Executes once per day at 2:00am. • • Weekly Full Backups - Executes weekly on Sunday at 2:00am. • Weekly Full Backups/Daily Transaction Log Backups - Executes weekly on Sunday at 2:00am and once per day at 2:00am. Monthly Full Backups - Executes monthly on the first day at 2:00am. Monthly Full Backups/Weekly Differential Backups/Daily Transaction Log Backups - Executes monthly on the first day at 2:00am, weekly on Saturday at 2:00am, and once per day at 2:00am. Weekly Full Backups/Daily Differential Backups - Executes weekly on Sunday at 2:00am and once per day at 2:00am. Legacy SQL on-demand backups In addition to scheduled backups, you can perform manual on-demand backups of a single database or multiple databases. These manual backups might be deemed necessary prior to system maintenance or system upgrade. The on-demand transaction always performs a full backup. Differential or transaction log backups cannot be specified when utilizing this feature. Log in to the appropriate SQL Server instance by clicking Login To SQL Server and selecting the desired Backup Server Name (backup system) and the Backup Device Name (disk device) where the backup files are to be saved. Select a single database or multiple databases for backup by clicking on one or more database name(s). If all databases are to be included, use Select All. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 864 Clicking Submit Backup Job submits the requested backup jobs to the backup system, but execution begins upon availability of the system’s resources. The status of the requested backups can be viewed via the View Backup History interface. Note: SQL agent on-demand and scheduled backups fail in single user mode when launched from the command line but they work successfully when invoked in single user mode from the SQL Server. The SQL agent supports backup of the Master database in single user mode. Legacy SQL restore options Options available from the Restore menu include the ability to restore database(s) and to view restore history. Use of these options is described below. Note: For Replicating Systems. The procedures in this section apply to Legacy SQL backups on the source system only. Restore of replicated Legacy SQL backups is supported during disaster recovery of the source system only. Restoring a legacy SQL Server database The SQL Server agent manages the process of restoring one or more databases. Databases can be restored either locally or remotely. The local SQL Server database restore functionality allows the restore of a single database or multiple databases onto the same SQL Server from which the database backup was performed. For example, a backup of Database A is performed on SQL Server A and Database A is subsequently restored onto SQL Server A. The remote SQL Server database restore operation provides the capability to restore a single database or multiple databases onto the currently logged in to SQL Server from a different SQL Server in the network. For example, a backup of Database A is performed on SQL Server A and Database A is subsequently restored onto SQL Server B. Remote SQL Server database restores require that each SQL Server agent be registered on the selected backup system. In addition, the registered SQL Server agent must contain SQL Server database backups on the backup system. As long as different clients backup their databases to the same system, they can be restored locally or from different clients. Note: While restoring a database make sure that no backup process for the same database is running at that time. This can cause the restore to fail. • Local SQL Server Restore – This option allows the local restore of a SQL Server database backup. The database can be restored to an alternate location on the same machine (different drive or different directory) or to the default location. If this option is chosen, the list of database backups for the selected SQL Server instance is populated. Highlight a single database or multiple databases to restore and click Next to continue. • Remote SQL Server Restore – This option initiates the remote restore of a SQL Server database. Remote database restores can be performed to an alternate location or to the default location. • Selecting the Remote SQL Server Restore option launches the remote SQL Server database process. Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 865 Both clients (the computer that is being backed up from and the computer that is being backed up to) must be registered to the backup system that contains the client database backup. You need to queue the restores from the client machine to which the database needs to be restored. The Select SQL Server interface is displayed on clicking on Remote SQL Server Restore. On the System Supervisor Log in interface, enter the System Supervisor Override username in the Supervisor field and the System Supervisor Override password in the Password field. The Supervisor login and password is the authentication that the administrator provided at the time the backup system was installed. If the administrator had chosen default settings at installation time, these fields can also be set on the backup system from the Task Manager window by going to Setup > Supervisor Override. Since databases will be restored from an alternate server, it is necessary that you provide authentication. Once you have successfully logged in to the backup system, select a remote SQL Server machine name from the Restore SQL Server drop-down list and the appropriate SQL Server instance from the SQL Server Instance drop-down list. Once completed, a list of database backups meeting the selected criteria display on the database restore interface. Highlight a single database or multiple databases to restore and click Next to continue. The SQL Server agent automatically determines the latest possible time for which a database can be restored. You have two options for restoring the database. One is to Restore the database up to the latest possible time and the other to Restore to a specific point-in-time. The Restore to a specific point-in-time option is available only when a single database is selected. The option to Kill all database connections before recovery should be selected before restoring your SQL Server database. Enabling this option terminates active database connections, therefore preserving database integrity during the restore process. The Database Restore Location field allows the input of an alternate name to which the database will be restored. Restoring the database to an alternate name is useful for performing troubleshooting or optimization tasks without affecting the current live database. If the name that is entered into the Database Restore Location field already exists, you have an opportunity to continue with the restore and overwrite the database name or to enter a different name. The value in this field defaults to the current name of the database to be restored. If multiple databases are selected to be restored, this feature is disabled. When Submit Restore Job is clicked, the restore request is queued on the server simultaneously, and will run upon availability of the server’s resources. Review the status of the requested database restores via the backup system’s Job Status screen. Restoring to an alternate server has a few restrictions. These are as follows: • A remote restore of SQL Server 2005 databases cannot be done to SQL Server 2000. The 2005 database design has some additional features that cannot be interpreted by the SQL 2000 server. • Only administrators are allowed to perform restores. The administrator must be aware of the backup system’s supervisor login. It is recommended to set this information on the backup system, else the defaults would be used as login information which may be insecure. • Remote restore from a tape device is not supported. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 866 Legacy SQL Server point in time restore The point-in-time restore allows you to restore a database to a given point in time. In order to perform a point-in-time restore for a database, the recovery model for that database must be of type Full. This model type maintains the transaction logs for that database. At the time of profile creation using the SQL agent, you can select the point-in-time restore option. With this option selected the transaction log backups are performed by default. For a point-in-time restore through the SQL agent, you are required to provide the time up to which the database is to be restored. If there are any valid backups performed before the given time, the restore is queued to the server once the job is submitted. If there are no valid backups before the given time an error message is displayed to check the available backups for the particular database. The exact time of backups can be seen using the Backup Times button. This helps you know the exact time to which you can recover the database. When a restore job for the SQL database is submitted, the closest full backup, differential backup, and all transaction logs within the point-intime gets queued to the server. Enter the desired options in the SQL agent restore interface to perform a point-in-time restore. Note: The point-in-time option is only available for restoring a single database. Viewing legacy SQL backup and restore history The SQL Server agent provides a mechanism for viewing the backup and restore history of operations performed on the client. The differential and transaction log backup and restore records are displayed, along with their corresponding full backup and restore log records. Legacy SQL Server audit and error logs The SQL Server agent offers the ability to view audit and error logs. These logs can be printed for reference or deleted. They are used primarily for troubleshooting purposes. Testing Legacy SQL Server database restore Test your backup strategy for each database by restoring a copy of the database to a test system. Testing and documenting database recovery in your environment ensures quick response and successful restore in the event a production database needs to be recovered. Legacy Exchange agent This section contains instructions and guidelines to assist with the installation and operation of the Unitrends backup and restore tool for Microsoft Exchange server, referred to as the Legacy Exchange agent. If using the VSS Exchange agent, see the "Microsoft Exchange Protection" chapter. The Exchange agent extends protection to the Microsoft Exchange server databases and database objects. It enables remote management of the Microsoft Exchange server database, mailbox, and public folder backups. The powerful combination of the Exchange agent and the backup system’s Schedule interface allows for flexible scheduling capabilities as well as an efficient way to back up Exchange information stores. Total Exchange information store protection is accomplished through Exchange Info Store Recovery (EIR) and Exchange Quantum Recovery (EQR). With the combination of EIR Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 867 and EQR, an entire Exchange information store or single items can be recovered from a single backup solution, therefore preventing unnecessary duplication of data. EIR provides Exchange store-level protection. EIR allows for entire Exchange information stores to be restored from an Exchange store-level backup to the active Microsoft Exchange server. EQR works with EIR to provide complete protection of your Exchange information store. Unitrends scheduling provides hourly Exchange information store backups to allow for more frequent restore points and more efficient restores. EQR also offers item-level recovery, the foundation of which is Kroll’s Ontrack PowerControls™. Unitrends has formed a strategic alliance with Kroll Ontrack to offer Ontrack PowerControls™ through Unitrends. EQR works by using the Ontrack PowerControls™ ExtractWizard to first extract an Exchange store-level backup from the Samba share on the backup system to a staging area on a workstation where Kroll Ontrack PowerControls™ is installed. Ontrack PowerControlsT™ then allows the search and recovery of individual mail items, as well as entire mailboxes and folders, back to the active Microsoft Exchange server database. EQR is a separately licensed technology. In addition, the legacy Exchange agent is integrated with Unitrends legacy vaulting solution. The vault is a disk-based data repository that enables businesses to safeguard an unlimited number of networked systems at multiple locations. The vault serves as a centralized, highly available off-site storage center for Unitrends’ backup systems, which provide fast disk-to-disk backup and bare metal recovery for systems at local sites. On-site systems are linked to the vault by the vaulting software. The vaulting software synchronizes data at a block level and funnels the changed data into a master backup. Legacy Exchange information store setup The Legacy Exchange agent is supported on the following operating systems: • • • Microsoft Windows 2000 Microsoft Windows Server 2003 with Service Pack 2 Microsoft Windows 2003 Release 2 The following versions of Microsoft Exchange Server are supported for use with the Legacy Exchange agent: • • Microsoft Exchange version 2003 with Service Pack 2 Microsoft Exchange 2007 for Exchange store level backup only Note: Windows Server 2008 and 2012, unlike past Windows Server releases, do not include support at the utility level for Exchange aware backups, therefore the legacy agent is not supported on these platforms. Use the Exchange VSS agent for these platforms. The following backup agents provide full functionality, but do not capture the last master or last differential of the Exchange agent: • • Protection software for Microsoft Windows v4.x Protection software for Microsoft Windows Server 2008 v4.1 See "About Exchange 2007/2003 backup" on page 520 for more information. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 868 CAUTION! The circular logging option must be disabled on the Exchange Server in order to achieve successful differential backups. If circular logging has not disabled, differential backups will fail. Legacy Exchange agent setup By default, the Microsoft Exchange application backup is allowed 10 hours or 36000 seconds to complete. If the Exchange application backups exceed 10 hours, it may be necessary to increase this number. The timeout setting may be adjusted by following these instructions: 1 On the Microsoft Exchange server workstation, edit C:\PCBP\master.ini. 2 Change the value of the parameter BeforeCmdWaitTime to the desired time in seconds. Legacy Exchange client registration The client must be registered to the backup system. You can register the client from either the agent application or from the backup system. To register from the Exchange client 1 Launch the client application. 2 Select Options > Register Client from the main menu To register the client from the backup system, see "About adding clients" on page 69. Legacy Exchange and Active Directory The Exchange agent accesses the Microsoft Exchange server via the Active Directory service. To ensure proper execution, log in to the Exchange server domain and confirm that the Exchange server is accessible. If log in to the Exchange server domain is not performed, the Exchange agent functionality is limited to the backup and restore of system state data only. Legacy Exchange and the Samba share The Exchange agent places all backup files and configuration information on the Samba share located on the backup system. Therefore, it is necessary for the Samba share to exist, and contain the appropriate permissions to ensure proper functionality. If the Samba share does not exist on the server, perform the following steps to create it: 1 From the Console or through a VNC session, launch a shell prompt on the backup system (Admin > Configuration > Terminal). 2 Type: dpu update 3 Type: dpu samba A subdirectory is created in the Samba share with the name of the Exchange server by default, or the name you entered on the configuration page. The client folder is the location where all Exchange agent backups, profiles, and log files are stored. The backup directory naming scheme for storelevel backup and restore operations is: year_month_day_hour_minutes_seconds_backuptype Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 869 Working with Legacy Exchange information stores To launch the information store interface: 1 From the Exchange server, launch the agent by selecting start > All Programs > Unitrends Agent > Unitrends Agent Menu. 2 Select Agents > Microsoft Exchange Backup/Restore > Store Level. Legacy Exchange store level log in Select the Store Level sub-menu option from the Exchange Agent menu to initiate the log in process that facilitates the connection to the desired backup system’s Samba share. After successful log in, Exchange backups and restores can be initiated. If the System Host drop-down list does not display an entry for the desired backup system, use Locate BP Servers to manually search for new servers on the network or to add a server manually. When Locate BPServers is pressed, a list displays of all servers on the network that are included in the local hosts file and are running the Unitrends backup software. Legacy Exchange Quantum Recovery setup EQR is a separately licensed technology, the foundation of which is the Kroll Ontrack data recovery software. Unitrends has a strategic alliance with Kroll Ontrack to offer this software through Unitrends. Unitrends has certified this software in our labs and provides direct support for Ontrack PowerControls™, as well as documentation and training. EQR works by using the Ontrack PowerControls™ software to first extract the EIR-produced backup from the Samba share on the backup system to a staging area on the workstation from which Ontrack PowerControls™ is invoked.EQR then allows the search and recovery of individual mail items, as well as entire mailboxes and folders, back to the active Exchange server database. Legacy Exchange EQR system requirements This section covers system requirements for Ontrack PowerControls™ 5.0 and 5.1. For additional information regarding the Ontrack PowerControls™ installation requirements, refer to the Ontrack PowerControls™ User Guide which can be downloaded from http://www.ontrackpowercontrols.com/support/user-guide/. For support on any of the EQR functions including Ontrack PowerControls™, contact the Unitrends Support Center as described in "Contacting Unitrends Support" on page 40. Ontrack PowerControls™ must run on one of the following operating systems: • • • • • • • Microsoft Windows 2000 Microsoft Windows 2000 Professional Microsoft Windows XP Professional Microsoft Windows Server 2003 Microsoft Windows Server 2008 Standard Microsoft Windows Server 2008 Data Center Microsoft Windows Server 2008 Enterprise 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 870 • • • • • • Microsoft Windows Server 2012 Standard Microsoft Windows Server 2012 Datacenter Microsoft Windows Server 2012 Essentials Microsoft Windows Vista Business Microsoft Windows Vista Ultimate Microsoft Windows Vista Enterprise The operating systems listed above are required to have the latest service packs installed. For Windows server 2012, the 64-bit operating system is supported. For all other operating systems, both 32-bit and 64-bit versions are supported. Note: Ontrack PowerControls™ in Vista can only be run by users with administrative privileges and in administrative mode. The following virtual environments are supported: • • • • • VMware Server 1.0x VMware Workstation for Microsoft Windows v6.0x Microsoft Virtual Server 2005 R2 Microsoft Hyper-V Microsoft Virtual PC 2007 Ontrack PowerControls™ is designed to run from a Windows workstation and uses native Microsoft Messaging APIs (MAPI) to communicate to the Exchange server, ensuring reliable and consistent operation of your server. For MAPI to initialize properly, Microsoft Outlook must be installed and configured on the workstation to connect to a Microsoft Exchange server. The workstation or virtual machine on which the Ontrack PowerControls™ software is run must have Outlook 2000 or greater installed, and Outlook must have been run at least once to configure Outlook’s settings. Additionally, those versions of Outlook that make a distinction between Internet Email and Corporate Email need to be configured for the latter. For Exchange server 2000 and Exchange server 2003, Microsoft Outlook 2000 or later is required. For Exchange server 2007, Microsoft Outlook 2003 or Outlook 2007 is required. Note: The operating systems and Microsoft Outlook are required to have the latest service packs installed. Other requirements include: • • • • Microsoft .NET 2.0 framework • Monitor with 800 x 600 or higher screen resolution. Intel Pentium compatible processor 1024 MB RAM minimum 200 MB of free hard disk space for the installation. More disk space will be needed for processing log files when opening an EDB file. Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 871 Note: While Ontrack PowerControls™ is designed to run from a Windows workstation, Microsoft Exchange server 2007 installation configuration is supported. If running Ontrack PowerControls™ on Exchange server 2007, Microsoft Outlook 2003 or Microsoft Outlook 2007 must be installed and configured on the Exchange server. Ontrack PowerControls™ does not support other Exchange server installation configurations. Installing Ontrack PowerControls on legacy Exchange Follow these steps to install Ontrack PowerControls™: 1 Microsoft Outlook should be installed and configured prior to installing Ontrack PowerControls™: See "Legacy Exchange EQR system requirements" on page 869 for specific Outlook version information. 2 Turn off any disk utility or antivirus program running in the background. 3 Download a copy of Ontrack PowerControls™ from http://www.unitrends.com/support/latestagent-releases.html 4 Extract the PC502_Universal.exe executable. Three files are extracted to the directory in which PC502_Universal.exe resides. 5 Double click Setup.exe to run the installation executable, then follow the on-screen instructions. 6 When you invoke Ontrack PowerControls™ you are prompted to apply a valid license. Contact Unitrends Support to obtain a valid license as instructed below. Licensing Ontrack PowerControls for legacy Exchange To obtain an Ontrack PowerControls™ license, two pieces of information are required: • The total number of mailboxes for all protected Microsoft Exchange servers. This count must include ALL Public, Private, Shared, Active, Inactive, and Administrative mailboxes as any/all of these may be restored through Ontrack PowerControls™. • The Microsoft Exchange server(s) NetBIOS name(s). To obtain the Exchange server NetBIOS name 1 Open Microsoft Outlook and click Tools > Account Settings. 2 On the Email tab, click Change: The NetBIOS name is listed next to Microsoft Exchange server: After gathering these two pieces of information, contact Unitrends Support (see "Contacting Unitrends Support" on page 40) to obtain an Ontrack PowerControls™ license. To apply the Ontrack PowerControls™ license 1 Open Ontrack PowerControls™. You are prompted to apply a valid license. 2 To apply the license, simply copy the license.ini you receive from Unitrends Support into the Ontrack PowerControls™ install directory. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 872 About the Ontrack PowerControls license All Ontrack PowerControls™ editions require a license file. This file determines the features you are able to use with your installation of PowerControls™. Before Ontrack PowerControls™ is enabled, it checks the .ini file for these things: • The license file must be valid for Ontrack PowerControls™ 5.0. • • Mailbox limit, if applicable. • Subscription length, if applicable. • Enabled Agents (Ontrack PowerControls™ ExtractWizard Agents, Ontrack PowerControls™ Agents) Server name enforcement, if applicable. Allows you to open EDB files only from the licensed server names. Note: If you have the Ontrack PowerControls™ Standard Edition (100 mailboxes), and you attempt to open an EDB file with 101 mailboxes, Ontrack PowerControls™ does not open the file. Example Ontrack PowerControls™ license file - Standard Edition ;======================================================== ;Kroll Ontrack Inc. License File; Any modification will invalidate this file; Copyright© 2007 Kroll Ontrack Inc. ;======================================================== [Product] Product=Ontrack PowerControls 5.0 [Edition] Standard 0x5203=Mb0tLhF7bt0qqycXmnoiuxsyyMvnCbDYE49gHoBZ5hE= [SLN] SLN=Ontrack PowerControlsTM5.0 Standard Edition [Licensed Mailboxes] 100=U71pLkB7AN0= [Licensed Agents] PCA50D2-FCB8KM=Mr0aLjF7Nd1+qwIX2npru30yu8vdCb3Yao8dHrNZ PCA50E2-BEC69X=Mr0aLjF7Nd1+qwMX2npru3kyvcvcCbPYGI8IHrNZ PCA5092-CEB7ZE=Mr0aLjF7Nd1+q38X2npru3gyvcvdCbLYe48VHrNZ PCA50F2-58DEZY=Mr0aLjF7Nd1+qwAX2npruw4ywMvbCcDYe48JHrNZ PCA5032-EFXAPH=Mr0aLjF7Nd1+q3UX2npru34yvsvHCcTYcY8YHrNZ PCA5072-A33FDL=Mr0aLjF7Nd1+q3EX2npru3oyy8usCcPYZY8cHrNZ ;PCA50D2-FCB8KM = Agent for Advanced Searching ;PCA50F2-58DEZY = Agent for Administrative Services ;PCA50E2-BEC69X = Agent for Content Analysis ;PCA5092-CEB7ZE = Agent for PST as Source ;PCA5032-EFXAPH = Agent for NT Backup ; [Licensed Servers] 1. ExchangeServer1=U713LlB7Rd02qyUXgHonu1Uyn8v6CdbYRI8iHsVZgxGcg7HCVyk= ; [AUTHENTICATION] Checksum=b422 Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 873 Note: While the license file may appear to be a normal text file, if the file is opened and saved, it is rendered invalid and the Ontrack PowerControls™ software will no longer function. Legacy Exchange store level functionality When the Exchange agent has been successfully connected to the backup system, the default store profile is loaded. The actions you can perform are: • File – The File menu option permits the loading or saving of an Exchange agent profile. In addition, select this menu option to log in to a different server or Samba share via the Change Workspace option. • Profile – Select the Profile menu option to configure backups and restores or to view application statistics. • Backup – Select the Backup menu option to launch either a master or differential store-level backup of the Exchange information store. • • • Restore – Select the Restore menu option to launch the EIR restore interface. • Help – Select the Help menu option to receive information on the use of the Exchange agent. History – The History option displays the history of Exchange server backups and restores. Purge – Utilize the Purge menu option to manually purge backups with a successful, failed, or cancelled status. Legacy Exchange information store level security The security setup described in this section is necessary when configuring and executing storelevel backups. To guarantee proper execution of store-level backups and restores, assign the local system account as the user to launch the BPAgent service. To assign the local system account to the BPAgent service 1 Launch the system’s control panel. 2 Select Services. 3 Locate the agent in the Name column. 4 Right- click on agent and select Properties. 5 Select Logon. 6 Select the radio button labeled Local System account. 7 Select Apply. Legacy Exchange backup and purge options Use this short-cut to specify backup preferences for system state data and to configure purge options. The System State Backup Configuration section provides the opportunity to specify whether the system state data is included with the master or differential backup. This option is enabled only if Active Directory is installed on the Microsoft Exchange server workstation. System state data contains most of the elements of a system’s configuration, but it might not include all of the information that is required to recover a system from a failure. System state data can only be 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 874 restored on a local computer and requires the system to be in Directory Services Restore mode. The system state data of a remote computer cannot be restored. Note: Do not perform a system state backup when performing an Exchange 2007 information store backup on a Windows Server 2008 or 2012 system. The Purge Configuration section of the interface allows you to specify the number of master and differential backups that should be maintained before backup purging is initiated. The Use Hostname option sets the name of the directory where Exchange information store backups are kept within the Samba share on the backup system. Legacy Exchange define information store level items Select this option to identify the information store backup configuration. The Information Stores display renders a tree-view of the Microsoft Exchange server stores that are available for backup. Select a group or an individual store to backup. The Default backup option backs up the storage group and all of its stores. The actual file name for the default backup option is default.bkf. The Group backup option allows you to select multiple individual stores to back up. One .bkf file is used to back up each group. The Single backup option is used to back up a single Exchange information store. Differential backups and restores can only be performed at the group level. The backup or restore operation is not permitted for a differential backup consisting of a single store. Legacy Exchange launch information store level master This option launches the interface for initiating an information store master backup. When a master backup is performed, the Exchange agent backs up all of the associated Exchange data. Use the Exchange agent to back up and restore data on FAT16, FAT32, or NTFS volumes. However, if data has been backed up from an NTFS volume, it is recommended that the data be restored to an NTFS volume of the same version to prevent loss of data. Some file systems might not support all of the features of other file systems. The column labeled Backup File on the Backup Batch screen displays the file name of the selected backup. The column labeled Server identifies the server where the files will be backed up. The Storage Group column provides the name of the storage group that has been selected for backup, and the information in the Storage column lists the individual stores available for backup. The status of the backup will be one of the following: Pending, Running, Done, or Cancelled. Clicking Start Backup initiates the backup process. For group backups, note that the individual stores composing the group are initiated one at a time. To view a log of the backup, click View Log. Legacy Exchange launch information store level differential This option launches the interface for initiating an information store differential backup. When a differential backup is performed, only the data that has changed since the last successful master backup is stored. To create or modify store level profiles 1 Select File > Load Profile from the main menu to select a profile. 2 Select File > Save Profile to save the current profile to the same file name. Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 875 3 Select File > Save Profile As to save the current profile to a different file name. The profiles are saved to a subdirectory on the Samba share. The name of this subdirectory is the same as the client machine or the name you specified in hostname. Use the Change Workspace option to connect to a different backup system or Samba share without having to exit the Exchange agent. Legacy Exchange store level history The History option on the Exchange Agent main menu is the mechanism for viewing the history of the Microsoft Exchange server backup and restore transactions. To view the history of an operation, select an item in the Daily Backup Batches window, then select View Details. If the master or differential backup type is selected, the history interface displays. Legacy Exchange store level purge The Exchange agent automatically purges outdated backups after a successful backup has occurred. When the Purge option is selected from the Exchange Agent main menu, elect to manually purge backups that have a status of successful, failed, or cancelled. EIR and EQR backup schedules The backup system provides the ability to schedule Exchange backups. Scheduling for Exchange applications is handled by incorporating the Exchange agent command line options into the server schedule feature. This may be done using pre-defined calendars and pre-defined option lists. Prior to executing Microsoft Exchange server schedules, perform the following procedures: 1 From the Exchange server, launch the Exchange Agent and connect to the backup system’s Samba share. 2 Initiate an Exchange store backup of choice. The backup forces the creation of a subdirectory beneath the Samba share on the backup system. The subdirectory has the same name as the client, or the named specified as the hostname on the configuration page. The presence of the subdirectory is required for proper execution of the Exchange schedules. 3 Before exiting the Exchange Agent, save the profile. The profile is saved to the subdirectory under the Samba share on the backup system. The existence of a profile is also necessary for successful execution of the Exchange schedule. 4 In order to ensure that all subdirectories and files located on the Samba share have the correct permissions, change the permissions of the Samba share on the backup system using the recursive (-R) option as follows: • From the Console or through a VNC session, launch a shell prompt on the backup system (Admin > Configuration > Terminal) • Change directories to the Samba share area: cd /backups/samba • Set the recursive file permissions: chmod -R 777 samba 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 876 Legacy Exchange information store scheduling This section describes the process for creating a schedule to back up Exchange information stores only. 1 On the backup system, create calendars for the Exchange information store backups. The following pre-defined calendars are available. • • Exchange Weekly Master Calendar – Exchange Master backup on Saturday at midnight • • Exchange Daily Master Calendar – Exchange Master backup run daily at midnight Exchange Daily Differential Calendar – Exchange Differential backup run daily Sunday through Friday at midnight Exchange Hourly Differential Calendar – Exchange Differential backup run hourly between 6 am and midnight Unitrends recommend that the Exchange Weekly Master Calendar and Exchange Daily Differential Calendar be used for an Exchange InfoStore Recovery (EIR) strategy. When Exchange Quantum Recovery (EQR) strategy is used, Unitrends recommends the Exchange Daily Master Calendar and the Exchange Hourly Differential Calendar to provide more granularity in item level recovery. This allows for more restore points and better efficiency when performing an item level restore. Custom calendars may also be used. We recommend copying the pre-defined calendar and altering the copy as desired. Note: 2 Calendars have built in fault tolerance. Exchange information store masters backups override Exchange information store differential backups. Exchange information store differential backups are prevented from overlapping. If an override is performed, the following message displays in the backup output: "Another backup of higher priority has been started or is currently running. This backup has been cancelled." Create two selective schedules as described in "To delete an Enterprise backup schedule" on page 197. One schedule will be for the Exchange master backup and the other for the Exchange differential backup. The Exchange master backup schedule will use the Exchange Weekly Master calendar, the Exchange Daily Master calendar, or a custom calendar you created. The Exchange differential backup schedule will use the Exchange Daily Differential calendar, the Exchange Hourly Differential calendar, or the custom calendar you created. We recommend using two separate selective schedules, but a single schedule using the split list option is acceptable also. The split lists option will allow you to use a unique options list for the master and differential backups within the same schedule. 3 Create and apply a unique inclusion selection list for your Microsoft Exchange server to each Exchange schedule. See "To create a selection list" on page 183 and "To apply a selection list or option to one client" on page 194 for details. We recommend using the file C:/PCBP/Exchange.dir/BPExchange.ini as your selected file. This will allow for minimal file data to be backed up in this schedule. 4 Apply backup options to each schedule. See "To apply a selection list or option to one client" on page 194 for details. Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 877 Two pre-defined options are provided for your Exchange information store backups. The Exchange Master Option will be for your master Exchange backup and the Exchange Differential Option will be used for your differential backup. Each option list is configured with pre-backup commands to launch the information store backup on the Exchange server. A custom option may also be used. We recommend copying the pre-defined options and altering the copy as desired. As provided in the pre-defined options, Exchange information store backups require pre-backup commands. The master backup will use c:/pcbp/Exchange.dir/ExchMaster.bat as a pre-backup command. The options list for your differential backup will use c:/pcbp/Exchange.dir/ExchDiffer.bat as a pre-backup command. This completes the process for creating Exchange information store schedules. Legacy Exchange master or differential schedule When creating a new schedule or using an existing schedule to perform a master or differential backup of the server that will not include the active database, a number of files that are specific to the Microsoft Exchange server must be excluded. When creating a new master or differential schedule, be sure to exclude all files with the *.edb or *.stm extension. Additionally, when modifying an existing master or differential schedule, be certain to modify the schedule to exclude all files with the *.edb or *.stm extension. Legacy Exchange recovery options From the Exchange server, launch the Exchange agent and select Launch Restore. The Exchange InfoStore Recovery interface allows restore of an entire information store (see "Legacy Exchange Quantum Recovery" on page 878 for item level recovery). The Exchange agent restores a system to the state it was in prior to the system’s most recent backup. To begin the restore process, select a date from the calendar located on the Restore interface. Next, select a backup from the Daily Backup Batches display and click Restore Batch. The days that are displayed in bold font on the calendar indicate that a backup was performed on that day. When a date is selected on the calendar, it becomes highlighted to indicate the current selection. The restore process varies slightly depending on the type of backup selected. If a master or differential backup type is selected and Restore Batch is selected, the Restore Master dialog box displays. Select the item to be restored form the Backup File list, then click Restore Selected to start the restore. Cancel will interrupt the restore transaction. Performing a restore requires that the Exchange information store is not mounted. Only un-mounted storages can be successfully restored to their original location. Therefore, if an information store is mounted, the Unmount option is enabled to indicate that the store should be unmounted prior to being restored. Select Overwrite to overwrite an existing store. The Exchange agent utilizes the NTBackup Restore Wizard to accomplish the store level restore functionality. The Exchange agent allows the restore of any combination of drives, folders, or files. However, in order to ensure precise synchronization of the Exchange server restore operation, we highly 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 878 recommend that the backup of an information store’s storage group and the restore of an information store’s storage group be coordinated. Therefore, if a backup has been performed of all storage groups in a specific information store, we advise that all storage groups be selected for restore as well. Follow the instructions on the Restore Wizard dialog to continue. The Exchange backup files are first restored to the temporary location that is specified in the Temporary location for log and patch files field. This field defaults to the Microsoft Windows temporary folder, but it can be changed to another location. Confirm that the selected restore settings are correct and select Finish to continue with the restore. To specify advanced settings for the restore operation, select Advanced and proceed with the interactive wizard. Legacy Exchange Quantum Recovery The Exchange database consists of the following files: .edb file (rich text database file) contains data placed in the store through the Messaging Application Programming Interface (MAPI), as well as all the database tables that define mailboxes, messages, folders, and attachments. .stm file (streaming database file) contains common Internet formatted content, such as Multipurpose Internet Mail Extensions (MIME) content, that protocols other than the MAPI protocol place in the store. .log files (transaction logs) are history files recording server activity. These files are useful in restoring and backing up Exchange data. Transaction logs for Microsoft Exchange server 2000 and 2003 are 5 MB in size. Transaction logs for Microsoft Exchange server 2007 are 1 MB in size. Each storage group uses its own set of transaction log files. For example, if a storage group contains five stores, all transactions for all five stores are recorded in a single series of transaction log files. You can determine where to locate the transaction log files for each storage group. .chk (check) files are checkpoint files used for recovering (playing) data from transaction logs into EDB files. The checkpoint is the place marker in the EDB.CHK file that indicates which transactions have been committed. Whenever data is written to an EDB file from the transaction log, the EDB.CHK file is updated with information specifying that the transaction was successfully committed to the respective EDB file. Separate Exx.chk files are maintained for each storage group using ESE (Extensible Storage Engine). Legacy Exchange directories for Ontrack PowerControls For best results when using an online differential or differential backup: Put the .edb, .stm, and .pat files in one directory. Put the associated log files (e.g., .log, .chk) in one directory. Note: The two directories can be different. Ontrack PowerControls™ does not require .stm or .log files, but you should include them to ensure that all email data is recovered. You may get corruption errors if these files are not present. If you are using an offline backup, you need to use the .edb and .stm files for offline backups. To ensure that Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 879 all email data is recovered, you should also include all .log files, as well as .pat and .chk files if they exist. Ontrack PowerControls™ performs its own verification process and includes the .log and .pat files to determine if it needs them to recover the data. Using the Ontrack PowerControls ExtractWizard The Ontrack PowerControls™ ExtractWizard extracts both private and public Exchange information store data from disk backups to any alternate location (e.g., machine, volume, folder), thereby eliminating the need for a recovery server. The Exchange backup from which you will be extracting the information store data is stored in the Samba share on the backup system. Unitrends uses the Direct Method of extracting backed-up Exchange data from the backup .bkf file. Once the information store files are extracted, you are able to restore items to your active Microsoft Exchange server. The Ontrack PowerControls™ ExtractWizard steps you through the extracting process of both private and public Exchange information store data from tape and disk backups to any alternate location. See these topics for details: • • "To extract data" on page 879 "To select information store files to extract" on page 880 To extract data 1 On the Kroll workstation, launch the ExtractWizard by selecting Start > Programs > Kroll Ontrack > Ontrack PowerControls > Ontrack PowerControls™ ExtractWizard. The first page describes the wizard. 2 Click Next. 3 Select Direct Method and click Next. Ontrack PowerControls™ offers two methods of extracting backed-up Exchange data: direct and advanced. The direct method reads the backup file directly and extracts the items to the location specified. The direct method requires that the machine on which PowerControls™ is installed has access to the Samba share on the backup system. 4 Select the Exchange Information Store extraction Source. 5 Select Extract from Disk, enter the extraction Source file, and click Next. Enter the path by typing, using the history drop-down menu, or browsing to it. 6 Select the option to Catalog online Exchange backup datasets only, and click Next. The offline cataloging is used for file system and non-Exchange data. 7 The Catalog Progress page displays the progression of the cataloging process and the time remaining until completion. 8 The Ontrack PowerControls™ ExtractWizard catalogs the disk or tape and locates the information store data. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 880 If desired, you can click Cancel to stop the catalog process. If you click Cancel, the catalog displays all files that it found to that point. 9 When the catalog is completed, click Next and proceed to "To select information store files to extract" on page 880. To select information store files to extract On the Exchange Information Store File Selection page, you select the private and public Exchange information store files that you want to extract from an Exchange backup. 1 On the left side of the window, click the plus sign (+) next to a backup set to view its volumes. 2 Select a volume (select its name, not its check box) to display the Exchange information store files on the right side of the window. 3 Select the files you want to extract. 4 • To extract the last full backup, select the .edb, .stm, and .log files, as well as .pat files, if they exist. • To extract the last full online and the last differential backup, select all of the files (e.g., .edb, .log, .stm, .pat) from the last full online (normal) backup, plus the .log files from the last differential backup. Save a catalog file. • Select the Save Ontrack PowerControls™ ExtractWizard Catalog File check box. • • Browse to the desired location, type a file name, and click Save. Click Next to save the catalog file. Note: 5 The catalog file saves all the information that the ExtractWizard needs to extract from a backup disk or tape. Saving a catalog file means that the next time you extract from that tape or backup disk, you can skip the catalog process. On the Exchange Information Store Destination Folder page, specify a location for the extracted data. Enter the path by typing, using the history drop-down menu, or browsing to it. (The Browse window lets you create a new folder on the Target volume.) 6 Click Next. The ExtractWizard verifies that you have enough disk space as well as access rights to create files and directories and starts the extraction. 7 The Exchange Information Store Copy Progress page shows the progress of the ExtractWizard extracting the Exchange information store data to the destination folder. This process may take some time. The top bar indicates the progress for the file that is currently being extracted. The bottom bar indicates the progress for all files. 8 Once extraction completes, a list displays of all successfully extracted files. If you are satisfied with the results, click Finish. Setting up Ontrack PowerControls ™for legacy Exchange The first time you start Ontrack PowerControls™, the Data Wizard starts. The Data Wizard guides you through the loading of the Exchange Database (EDB), PST files, or content analysis store Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 881 (CAS) files into Ontrack PowerControls™, and shows you how to specify the Target PST file or Microsoft Exchange server. To set up Ontrack PowerControls™for legacy Exchange 1 On the Kroll workstation, launch the Data Wizard by selecting Start > Programs > Kroll Ontrack > Ontrack PowerControls . 2 If you do not want to run the Data Wizard every time you start Ontrack PowerControls™, deselect the Run On Startup check box. 3 Click Next. 4 On the Source Path Selection page, specify the Source EDB file path along with its log file path and temporary file path, or specify the Source PST file or CAS file path. If you do not want to open a Source EDB, PST, or CAS file at this time, click Skip. Note: Due to the database nature of the PST file and MAPI subsystem, PSTs opened as Source are modified. To specify a source file: • In the Source File box, click Browse to find the Source EDB file, Source PST file, or Source CAS file. If you specified a PST or CAS file path, proceed to step 5 below. PST files do not require log file or temporary file paths. • In the Log File Path box, click Browse to find the log files associated with the Source EDB file. IMPORTANT! After you select an EDB file, the Log File Path box defaults to the Source EDB file path, even if the log files are not in the same directory as the Source EDB file. Therefore, make sure you enter the correct log file path in the Log File Path box. • In the Temporary File Path box, accept the default location for .idx and .dat files, or specify a new location if they require more hard drive space. • For more information, see "Guidelines for selecting a legacy Exchange database" on page 882. 5 Click Next. 6 On the Target Type and Path Selection page, specify the type and path of the target file you are using as the container for your restored data. You have these choices: • • Specify a PST file as the target for restored data. • Specify a Microsoft Exchange server all mailboxes connection as the target for restored data. • Specify a Content Analysis Store (CAS) file as the target for creation or processing. Specify a Microsoft Exchange server single mailbox connection as the target for restored data. An option to open Public Folders is available upon connection to a Microsoft Exchange server. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 882 In our example, we will specify a Microsoft Exchange server as the target for restored data for all mailboxes: • Select Connect to Microsoft Exchange server (All Mailboxes). For Domain Controller and Server Name boxes, the domain controller and server names autopopulate. 7 • The Connect to Public Folders check box is selected by default. This feature allows you to open public folders as a target for restoring public folders or messages. If you do not want to restore to public folders, deselect this check box. • If you are not connected to a domain, the Enter Password window appears. In this window, type a user name that has full rights to the mailbox, a password, and a domain name. Then click OK. If this window displays again, reenter this information. • Click Next. The Now Processing Data File page reports processing of the EDB file in three stages: prescanning the log files (integrity check), scanning the log files (i.e., playing the log files), and hashing the EDB file (building a folder hierarchy). When processing is complete, Ontrack PowerControls™ automatically proceeds to the next page. Note: 8 If Ontrack PowerControls™ encounters bad or missing log files during log playing, you are given the option to continue without playing the logs. If you choose to continue, Ontrack PowerControls™ processes the EDB without logs. On the last page of the Data Wizard, click Finish. This page lists the source file results and the target file results. Guidelines for selecting a legacy Exchange database For the best results when using an online differential or differential backup: • • • Put the .edb, .stm, and .pat files in one directory. Put the associated log files (e.g., .log, .chk) in one directory. The two directories can be different. Note: Ontrack PowerControls™ does not require .stm or .log files, but you should include them to ensure that all email data is recovered. For best results when specifying a temporary file path for .idx and .dat files, make sure you have a sufficient amount of hard drive space for .dat and .idx files. These files may require hard drive space equal to the size of the .log files. Therefore, you may need to change the default file path for .idx and .dat files if you need more space. Ontrack PowerControls™ never modify an .edb file or its associated files (e.g., .log, .stm, .pat, .chk). However, it does create .dat and .idx files the first time you open an .edb file from a directory that contains log files. Each time you reopen the .edb file, Ontrack PowerControls™ uses the information in the .dat and .idx files to open the .edb file more quickly. Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 883 Restoring legacy Exchange data via Ontrack PowerControls™ Restoring data from a Source EDB, PST, or CAS file to a target destination is a simple process. Just drag and drop or use the Copy and Paste/Paste Special commands. If you copy an EDB file, a PST file, a mailbox, or a folder from the Source pane and paste it to any Target destination, Ontrack PowerControls™ preserves the directory structure of all restored messages. When restoring individual messages, you must use the Paste Special command to preserve their directory structure. Restoring Exchange messages via Ontrack PowerControls™ To restore using copy and paste 1 In the Source pane or Find in Source window, copy messages from the message list. 2 In the Target pane (lower left), paste the messages into a folder. 3 In the Copy Progress window, verify that your messages were successfully copied, and click Close. To restore using copy and paste special 1 In the Source pane or Find in Source window, copy messages from the message list. 2 In the Target pane (lower left), use Paste Special to paste the messages into a folder, mailbox, PST root, or Microsoft Exchange server root. Note: 3 Use the Paste Special command to retain the directory structure of messages copied from the Find in Source or Find in Exchange Target window, because messages in this window often come from several Source locations. In the Copy Progress window, verify that your messages were successfully copied, and click Close. To restore a folder, a mailbox, an EDB file, a CAS file, or a PST file 1 In the Source pane, copy a folder, a mailbox, an EDB file, a CAS file, or a PST file. 2 In the Target pane (lower left), paste the copied item into a folder, mailbox, PST root, or Microsoft Exchange server root. 3 In the Copy Progress window, verify that your messages were successfully copied, and click Close. Note: You cannot open the same PST as a Source and Target. In addition, you cannot restore messages from a PST file to a Microsoft Exchange server root node. To restore data even faster, use drag-and-drop. Example: To restore an entire EDB file, drag it to the Target Microsoft Exchange server root. To restore messages to a Microsoft Exchange server You must have sufficient access rights to all of the Exchange mailboxes you are trying to restore messages to. Keep in mind that you can connect to only one mailbox at a time. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 884 To restore messages to Microsoft Exchange server 2000/2003/2007 In Microsoft Exchange server 2000/2003/2007, the permission that controls whether or not any mailbox can be copied to is Full Mailbox Access. You must have Full Mailbox Access set to Allow in order to copy to a mailbox other than the one you logged in under. Each time you attempt to restore messages to the Target pane, the Copy Progress window appears. This window displays the following information about the copy operation: • • • Time of copy operation • Mailboxes that Ontrack PowerControls™ connected to or failed to connect to when copying to a Microsoft Exchange server • Copy results Number of messages, associated messages, and folders Errors, if any Note: Viewing the copy results in the Copy Progress window is especially important when attempting to restore multiple mailboxes to a Microsoft Exchange server root node. That is because Ontrack PowerControls™ displays only one mailbox at a time in the Target pane. Therefore, the only way you will know if all of the mailboxes were successfully copied to the Microsoft Exchange server is to look at the copy results listed in this window. If you do not have full access rights to the mailboxes you are trying to restore messages to, Ontrack PowerControls™ is unable to connect to the mailboxes. Legacy Exchange command line options Below is a complete list of the legacy Exchange command line options: • • /c – Invokes command line mode. • /n{local path} – e.g. C:\backup_folder. Enter the full path, including disk drive, where the Exchange backups will be located. Make certain that this path already exists. • • • • • • • • • • Edit the ExchMaster.bat file to include the /n . /n {system share net path} – e.g. \\System2\Samba. If hostname is omitted, the hostname for the primary backup system will be used. When connected, save the profile. /p {profile name} – Allows use of specified profile instead of the default. /l {logfile} – An additional log file is created. /m – Sets the backup type as Master. This is the default. /d – Sets the backup type as Differential. /l0 – Sets log level to 0, only FATAL errors logged. /l1 – Sets log level to 1, all ERRORs logged. /l2 – Sets log level to 2, WARNINGs and ERRORs logged. /l3 – Sets log level to 3, INFO messages logged. This is the default. Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 885 • • • • /l4 – Sets log level to 4, DEBUG mode, all messages logged. /netuser [domain\user] – Allows specification of domain name and user name. /netpasswd [password] – Allows specification of the network share password. /h, /? – help Example: C:\PCBP\EXCHANGE.DIR\BPEXCH.EXE /c /l %TEMP%\bpexch.log In this example, the Exchange agent (bpexch.exe) is executed in command-line mode (/c). The transaction log is written to the specified log file (%TEMP%\bpexch.log). Testing the legacy Exchange agent setup While backing up, the Microsoft Exchange server does not interfere with Exchange users and email, but it will add significant activity to the local area network. Therefore, we recommend that an optimal time to execute Exchange backups be identified. Performing a test of the configuration during nonpeak hours will help to determine the best time to plan Microsoft Exchange server backups. We recommend that a master backup be performed after each restore operation prior to performing a differential backup. Testing legacy Exchange information store backups Please test your backup strategy for Exchange information stores by performing a restore of the information store to a test system or an Exchange Recovery Storage Group. Testing and documenting an Exchange information store restore in your environment will ensure quick response and successful information store recovery when required. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 886 Legacy Recovery-Series and UEB Administrator's Guide Appendix A: Windows Legacy Operations 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 887 Appendix B: Storage Footprint Reporting Unitrends provides you with the ability to configure replication from multiple backup systems to a single target, and with the storage footprint reporting feature (release 7.5 and higher), you can schedule monthly reports indicating the “footprint” or amount of space each source uses on the replication target. The data consumption indicated in each footprint report includes deduplicated and non-deduplicated data, providing an accurate record of the amount of physical space each source uses on the target (rather than simply reporting the total amount of protected content). The storage foot print reporting feature enables you to know exactly how much space each source is using on a replication target and provides Managed Service Provides (MSPs) with the ability to charge customers for the amount of space used in a multi-tenancy environment. For details and instructions, see the following topics: • • • "About storage footprint reporting" on page 887 "Scheduling and managing footprint reports" on page 889 "Viewing footprint reports" on page 895 About storage footprint reporting Footprint reports are scheduled and managed from the replication target using the command line utility footprintReportUtil. When a report completes, the appliance sends it in an email to the addresses you specified when enabling email reports during the initial setup of the appliance. (For details, see "About configuring notifications" on page 62.) The appliance stores the thirteen most recent reports. You can monitor the progress of reports from the appliance console or from the Administrator Interface. See the following topics for details: • • • • "Features of storage footprint reporting" on page 887 "Footprint report description" on page 888 "Prerequisites and considerations for storage footprint reporting" on page 888 "Computing the footprint of a source" on page 889 Features of storage footprint reporting By compiling deduplicated and non-deduplicated data for each source, the footprint report provides the following: • • Ability to determine the amount of physical space each source is using on the target. Basis for MSPs to charge customers based on the amount of space used on the target. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix B: Storage Footprint Reporting 888 Footprint report description A footprint report contains the following information: • • • Hostname of the replication target Time and date when the report operation started Amount of data each source is using on the target The figure below contains an example of an email report. Reports viewed within the command console contain the same information in a slightly different format. Prerequisites and considerations for storage footprint reporting • Footprint reports can be run only from a replication target system running software version 7.5 or higher. The feature is not supported for legacy vaulting systems, and vaulted data is not included in footprint reports. • Replication must be set up on the target for reports to run. For instructions on setting up replication, see "Replication setup" on page 283. • Reports can be scheduled and managed only from the command line of the appliance. To access the command line, see "Accessing the command line of a replication target" on page 890. • Run only supported commands when using the storage footprint reporting feature. Running other commands can have undesirable results. For a list of supported commands, see "Supported commands for footprint reports" on page 889. • The queries required to compute a source’s footprint can be intensive, so reports should run only once a month at a time when the system load is expected to be low. To avoid overburdening an appliance, the report utility monitors the system load before running queries, and if system load is high, report tasks are postponed until the system load decreases. • When a report runs, one task is created per replicating source. You can monitor the progress from the console or the Administrator Interface. For details, see "Monitoring a running report" on page 894. • Each report includes the footprints for all sources replicating to the target. A footprint report cannot be run for an individual source. Legacy Recovery-Series and UEB Administrator's Guide Appendix B: Storage Footprint Reporting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 889 • When the report completes, the appliance emails it to the addresses you entered in the System Report Mailing List when configuring notifications. If you need to set up email reporting, see "About configuring notifications" on page 62. • The thirteen most recent reports are stored on the replication target appliance from which the reports are run. Computing the footprint of a source The footprint report utility calculates the footprint of a replicating source by adding the amount of deduplicated and non-deduplicated data. Deduplicated data is counted once per replicating source regardless of how many backups reference it. The non-deduplicated data can include data that cannot be deduplicated in addition to metadata representing the deduplicated content. Scheduling and managing footprint reports Footprint reports are scheduled and managed from the command line of a replication target system. To access the command line, see "Accessing the command line of a replication target" on page 890. Replication must be set up on the target for reports to run. For instructions on setting up replication, see "Replication setup" on page 283. CAUTION! Run only supported commands when using the storage footprint reporting feature. Running other commands can have undesirable results. For a list of supported commands, see "Supported commands for footprint reports" on page 889. For details, see the following topics: • • • "Supported commands for footprint reports" on page 889 "Scheduling footprint reports" on page 890 "Managing footprint reports" on page 893 Supported commands for footprint reports Commands must be run from the following directory: /usr/bp/bin. Command Description ./footprintReportUtil Displays a list of commands with descriptions. ./footprintReportUtil Displays the report status. Indicates whether a schedule is enabled, -s whether a task is running, and the scheduled start time for the monthly report. For details, see "To view the status of a footprint report" on page 893. ./footprintReportUtil Enables or disables the monthly report. Valid arguments are “yes” or “no.” -e For details, see "To enable or disable a footprint report schedule" on page 892. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix B: Storage Footprint Reporting 890 Command Description ./footprintReportUtil Schedules the monthly report. For details, see "Scheduling footprint -t reports" on page 890. ./footprintReportUtil Terminates active report tasks. For details, see "To terminate active -c footprint report tasks from the command line" on page 895. ./footprintReportUtil Lists the available reports stored on the replication target. For details, see -l "Viewing footprint reports" on page 895. ./footprintReportUtil Displays the contents of a report. For details, see "Viewing footprint -p reports" on page 895. Accessing the command line of a replication target CAUTION! Run only supported commands when using the storage footprint reporting feature. Running other commands can have undesirable results. For a list of supported commands, see "Supported commands for footprint reports" on page 889. You can access the command line from a Windows machine using a terminal emulator such as PuTTY, a Secure Shell telnet client. From a Linux or Macintosh machine, you can access the appliance’s command line from a terminal using SSH. See the procedure described below for instructions. To access the command line of a Unitrends appliance 1 Open a terminal or terminal emulator, such as PuTTY, and connect to the replication target by entering the following information: • • • 2 IP address: Port: 22 Connection type: SSH Log in as a user with root privileges. Scheduling footprint reports This section provides instructions for scheduling footprint reports. It is recommended that you read the considerations scheduling reports. See the following for details: • • • • • "Considerations for scheduling footprint reports" on page 890 "Examples of date and time entries for footprint reports" on page 891 "To enable the default footprint report schedule" on page 891 "To create and enable a custom footprint report schedule" on page 892 "To enable or disable a footprint report schedule" on page 892 Considerations for scheduling footprint reports Consider the following when scheduling footprint reports: Legacy Recovery-Series and UEB Administrator's Guide Appendix B: Storage Footprint Reporting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 891 • The queries required to compute a source’s footprint can be intensive, so you should schedule footprint reports to run only once a month at a time when the system load is expected to be low. • To schedule a report, you can simply enable the default schedule or set a custom schedule. If you enable the default schedule, the report runs at 11 p.m. on the last day of each month. • To set a custom schedule, you must specify the minute, hour, and day when you would like the report to run each month. Use the 24-hour format. For example, to run the report to run at 3 a.m. on the 15th day of every month, enter the following: 00:03:15. For more examples, see "Examples of date and time entries for footprint reports" on page 891. • When you specify a day, the appliance interprets 29, 30, and 31 as the last day of the month regardless of how many days are actually in the month. For example, if you specify the day as 30, the report for February will run on the 28th. For more examples, see "Examples of date and time entries for footprint reports" on page 891. • When the report completes, the appliance emails it to the addresses you entered in the System Report Mailing List when configuring notifications. If you need to set up email reporting, see "About configuring notifications" on page 62. • The thirteen most recent reports are stored on the replication target appliance from which the reports are run. Examples of date and time entries for footprint reports Date and time entry Description 30:23:10 Report runs at 11:30 p.m. on the 10th day of every month. 00:00:29 Report runs at 12:00 a.m. on the last day of every month. 15:17:01 Report runs at 5:15 p.m. on the first day of every month. To enable the default footprint report schedule When you enable the default schedule, the report runs at 11 p.m. on the last day of every month. It is recommended that you read the "Considerations for scheduling footprint reports" on page 890 before running the procedure described here. Note: 1 The procedure described here enables the default schedule only if you have never set a custom schedule. If you have set a custom schedule, this procedure enables the custom schedule. Open a terminal or terminal emulator, such as PuTTY, and connect to the replication target by entering the following information: • • • IP address: Port: 22 Connection type: SSH 2 Log in as a user with root privileges. 3 Run the following command to access the directory containing the footprint report utility: 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix B: Storage Footprint Reporting 892 cd /usr/bp/bin Note: 4 After accessing this directory, you can display a list of supported commands by running the following command: ./footprintReportUtil Run the following command to enable the default schedule: ./footprintReportUtil -e yes To create and enable a custom footprint report schedule Use this procedure to create and enable a custom report schedule. It is recommended that you read the "Considerations for scheduling footprint reports" on page 890 before running the procedure described here. 1 Open a terminal or terminal emulator, such as PuTTY, and connect to the replication target by entering the following information: • • • IP address: Port: 22 Connection type: SSH 2 Log in as a user with root privileges. 3 Run the following command to access the directory containing the footprint report utility: cd /usr/bp/bin Note: 4 After accessing this directory, you can display a list of supported commands by running the following command: ./footprintReportUtil Create the schedule and enable it by running the command below. For the date and time, use the mm:hh:dd format, where mm is minutes, hh is hours, and dd is day. ./footprintReportUtil -t -e yes For examples of date and time entries, see "Examples of date and time entries for footprint reports" on page 891. 5 The report runs as scheduled each month. When the report completes, the appliance emails it to the addresses you entered when configuring system notifications. For details about managing your reports, see "Managing footprint reports" on page 893. To enable or disable a footprint report schedule 1 Open a terminal or terminal emulator, such as PuTTY, and connect to the replication target by entering the following information: • • • 2 IP address: Port: 22 Connection type: SSH Log in as a user with root privileges. Legacy Recovery-Series and UEB Administrator's Guide Appendix B: Storage Footprint Reporting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 893 3 Run the following command to access the directory containing the footprint report utility: cd /usr/bp/bin Note: 4 After accessing this directory, you can display a list of supported commands by running the following command: ./footprintReportUtil Run one of the following commands depending on whether you want to enable or disable the schedule: • To enable a schedule: ./footprintReportUtil -e yes • To disable a schedule: ./footprintReportUtil -e no Managing footprint reports After creating a schedule for footprint reports, you can perform the following managements tasks: • View the status of a report to determine whether a schedule is enabled, whether a task is running, and the scheduled start time for the monthly report. For instructions, see "To view the status of a footprint report" on page 893. • • Monitor a running report. For instructions, see "Monitoring a running report" on page 894. • Terminate active report tasks. For instructions, see "Terminating footprint report tasks" on page 894. • Change the date or time for a scheduled report. To enter the new date or time, use the procedure for scheduling a report. For instructions, see "To create and enable a custom footprint report schedule" on page 892. Enable or disable a schedule. For instructions, see "To enable or disable a footprint report schedule" on page 892. For instructions on viewing reports, see "Viewing footprint reports" on page 895. To view the status of a footprint report You can use the procedure described here to determine whether a report schedule is enabled, whether a task is running, and the scheduled start time for the monthly report. 1 Open a terminal or terminal emulator, such as PuTTY, and connect to the replication target by entering the following information: • • • IP address: Port: 22 Connection type: SSH 2 Log in as a user with root privileges. 3 Run the following command to access the directory containing the footprint report utility: cd /usr/bp/bin 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix B: Storage Footprint Reporting 894 Note: 4 After accessing this directory, you can display a list of supported commands by running the following command: ./footprintReportUtil Run the following command to display the report status: ./footprintReportUtil -s The following information displays: • • • Task Enabled: Yes/No Task Status: Running/Not Running Task Configured Start Time (mm:hh:dd) Monitoring a running report You can monitor a running report from the Administrator Interface of the replication target or from the console. See the following topics for instructions: • "To monitor a running report from the Administrator Interface" on page 894 • "To monitor a running report from the console" on page 894 To monitor a running report from the Administrator Interface You can view the status of a running report from the Administrator Interface by selecting Settings > System Monitoring > Processes. One task runs per replicating source. The appliance displays the number of running, pending, and completed tasks. To monitor a running report from the console You can monitor the status of a running report from the console using the instructions described in "To view the status of a footprint report" on page 893. The console displays the number of running, pending, and completed tasks. Terminating footprint report tasks You can terminate footprint report tasks from the Administrator Interface or the command line of the replication target. Terminating a report cancels only the active tasks. Future reports run as scheduled. To prevent future reports from running, disable the report schedule (see "Scheduling and managing footprint reports" on page 889 for details). For instructions, see the following topics: • • "To terminate active footprint report tasks from the Administrator Interface" on page 894 "To terminate active footprint report tasks from the command line" on page 895 To terminate active footprint report tasks from the Administrator Interface 1 Enter the IP address for the replication target in a browser, and log in to the appliance. 2 Select Settings > System Monitoring > Processes. 3 Highlight the report in the list of running processes. 4 Click Terminate Process in the lower right corner of the screen. If any report tasks complete before you terminate the report operation, the partial report is stored on the appliance, but it does not count against the total report count. It is deleted when the next report completes. Partial reports are not sent via email. Legacy Recovery-Series and UEB Administrator's Guide Appendix B: Storage Footprint Reporting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 895 To terminate active footprint report tasks from the command line 1 Open a terminal or terminal emulator, such as PuTTY, and connect to the replication target by entering the following information: • • • IP address: Port: 22 Connection type: SSH 2 Log in as a user with root privileges. 3 Run the following command to access the directory containing the footprint report utility: cd /usr/bp/bin Note: 4 After accessing this directory, you can display a list of supported commands by running the following command: ./footprintReportUtil Run this command to terminate the tasks: ./footprintReportUtil -c If any report tasks complete before you terminate the report operation, the partial report is stored on the appliance, but it does not count against the total report count. It is deleted when the next report completes. Partial reports are not sent via email. Viewing footprint reports Completed footprint reports are emailed to the addresses you entered when configuring system notifications, and the thirteen most recent reports are stored on the replication target. If you need to set up email reporting, see "About configuring notifications" on page 62. This section provides instructions for accessing and viewing the reports stored on the replication target. For details about the contents of footprint reports, see "Footprint report description" on page 888. You have the following options when viewing the contents of a report: • • • View the contents of the most recent report View the contents of a specific report View the contents of all available reports Use the procedure described below for each of these options. To view footprint reports 1 Open a terminal or terminal emulator, such as PuTTY, and connect to the replication target by entering the following information: • • • 2 IP address: Port: 22 Connection type: SSH Log in as a user with root privileges. 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix B: Storage Footprint Reporting 896 3 Run the following command to access the directory containing the footprint report utility: cd /usr/bp/bin Note: 4 After accessing this directory, you can display a list of supported commands by running the following command: ./footprintReportUtil Run the following command to view a list of the available reports: ./footprintReportUtil -l A list of reports displays with the date and time each report started. An underscore before the date and time indicates an incomplete report. You will see an incomplete report only if active report tasks were terminated. Incomplete reports do not count against the total report count and are deleted after the next report completes. 5 Run one of the following commands depending on which report or reports you want to view: • To view the most recent report: ./footprintReportUtil -p • To view a specified report: ./footprintReportUtil -p • To view all available reports: ./footprintReportUtil -p all Legacy Recovery-Series and UEB Administrator's Guide Appendix B: Storage Footprint Reporting 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com 897 Appendix C: Unitrends Open Source Compliance The software in this product contains certain open source components that are copyrighted as described below. The license for the components can be accessed as defined in the table below. You may obtain the complete corresponding source code of the component from us for a period of three years after our last shipment of this product. Open source component Version Open Source license License path Cent OS 5.x, 6.x GPL http://www.gnu.org/licenses/gpl-2.0.html PostgreSQL database 8.x, 9.x PostgreSQL license http://www.postgresql.org/about/licence/ Glibc 2.x LGPL http://www.gnu.org/licenses/lgpl.html Zlib 1.x ZLIB license http://www.gzip.org/zlib/zlib_license.html Openssl 0.9, 1.x BSD http://opensource.org/licenses/BSD-3Clause OpenVPN 2.x GPL http://www.gnu.org/licenses/gpl-2.0.html Apache (httpd) 2.x Apache Software License http://www.apache.org/licenses/LICENSE2.0.html PHP 5.x PHP license http://www.php.net/license/3_01.txt Wkhtmltopdf 0.9.6 GPLv3+ http://gnu.org/licenses/gpl.html KVM / Qemu 0.14 GPL and LGPL and BSD http://opensource.org/licenses/BSD-3Clause http://www.gnu.org/licenses/gpl-2.0.html http://www.gnu.org/licenses/lgpl.html Linux kernel 2.6.xx GPL http://www.gnu.org/licenses/gpl-2.0.html Qlogic Fibre driver 8.02.14 GPL http://www.gnu.org/licenses/gpl-2.0.html 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com Legacy Recovery-Series and UEB Administrator's Guide Appendix C: Unitrends Open Source Compliance 898 Open source component Version Open Source license License path 3ware 9650 RAID controller driver 9.5.4 GPL http://www.gnu.org/licenses/gpl-2.0.html Hyper-V integration Services 2.x GPL http://www.gnu.org/licenses/gpl-2.0.html VMware tools integration services 5.x GPL http://www.gnu.org/licenses/gpl-2.0.html Please send inquiries to: Unitrends 200 Wheeler Road North Tower, 2nd Floor Burlington, MA 01803 USA This offer is valid to anyone in receipt of this information. Legacy Recovery-Series and UEB Administrator's Guide Appendix C: Unitrends Open Source Compliance 200 Wheeler Road, Burlington, MA 01803 www.unitrends.com