Prerequisites for deploying VMware backup proxy
Druva does not support ESXi hypervisor passwords that contain the character @ (at sign). If the password for an ESXi hypervisor on which a backup proxy is deployed contains "@", change the password to remove this sign before you register and configure the backup proxy.
The user setting up the proxy server must have Cloud Administrator for Enterprise workloads privileges.
ESXi/vCenter must have a valid license. See the article to verify if the ESXi/vSphere host has a valid license.
The vCenter/ESXi credentials must have the required user permissions.
The vCenter certificate must be valid.
The IP address / Network being provided to the Druva Backup Proxy must be able to communicate to Cloud on port 443.
Configure your antivirus and any third-party encryption programs to authorize the latest Druva applications and Druva and S3 URLs.
There must not be an SSL terminating proxy in the network.
The backup proxy must be deployed to a datastore that has a minimum 110 GB free space.
You must have the Web Proxy credentials (If you use a Web proxy in your environment).
You must have the IP settings details.
The backup proxy is deployed in the same cluster where the virtual machines being backed up reside.
Backup proxy is deployed through an OVA and is an Ubuntu (version 22.04) VM that resides in your VMware infrastructure.
Prerequisites for Druva Proxy Deployer
The Druva Proxy Deployer is supported in the following operating system:
macOS 10.14 or later (Mojave)
macOS 10.15 or later (Catalina),
Windows 8 and later
For Windows 8, if you face any issues, you need to install the Windows update.
The Druva Proxy Deployer by default uses the port 20020. In case you want to use a different port, follow the steps:
Close the Druva Proxy Deployer.
Go to <install_location>\Druva-Proxy-Deployer\resources\service
Open the ServiceConfiguration.json file.
Update the port number in the srvRestPort field.
The local system must have a minimum of 7 GB space on the download location.
Ensure that the English language pack is installed on the hosts with a certified operating system that is localized to a language other than English. If the English language pack is not installed, Druva is unable to assign a static IP. To add the English language pack on Windows, see Available Language Packs for Windows. [External link to Microsoft documentation].
Prerequisites for VMC
Ensure VMC SDDC firewall rules are configured to enable http/https traffic over port 443 and NTP port 123 for the communication through Compute and Management Gateways.
The backup proxy communicates with Druva on port 443. The communication is outbound only and you need to create an inbound traffic rule. The backup proxy also communicates with the vCenter on port 443 to understand the VMware hierarchy and communicates with the virtual machines to perform backups and restores. The backup proxy also uses port 123 outbound connection to synchronize time with NTP server.
Compute Gateway settings
Create the following rules on the Compute Gateway:
Source: Druva-Proxy -> Destination: vCenter with Port: 443
Source: Druva-Proxy -> Destination: Any with Port: 443 applied to: internet interface
Management Gateway settings
Open Port 443 for inbound and outbound communication.
Druva only needs access to the Internet (only Druva provided IP addresses on port 443) and to the vCenter, so you can restrict all other communication.
Distributed Firewall settings (Optional step)
The following steps are applicable only if your organization is using Distributed Firewall.
Ensure that the environment is set to blacklist and create the following rules:
Open the internet traffic, allowing the https traffic to the backup proxy. Create the following rule:
Source: Druva-Proxy -> Destination: is not! RFC1918 with Service 443 -> Allow
Allow vCenter outbound and inbound traffic. Create the following rules:
Source: Druva-Proxy -> Destination: vCenter with Service 443 -> Allow
Optionally, you can add ICMP
Source: vCenter -> Destination: Druva-Proxy with Service 443 -> Allow
Prerequisite for VMC on Dell EMC
For VMware Cloud on Dell EMC, configure the Fully Qualified Domain Name (FQDN) to resolve to a vCenter private IP address. Ensure the FQDN Access is set to Via internal network only in the VMware Cloud Services Console.
For DR failback on Windows, ensure that the virtual machines on the VMware Cloud can access the AWS instance data using the SMB protocol.