To back up your virtual machines, you must first download and install a backup proxy in your virtual infrastructure environment and then register it from the Management Console. This article describes how to get the backup proxy and activation token and register your servers.
Download OVA to deploy VMware proxy
Download the latest version of the backup proxy from the following location:
Druva Downloads page
Go to http://downloads.druva.com/phoenix/. From the Select Agent drop-down list select VMware.
OR
Register VMware setup wizard
Perform the following steps to download the backup proxy from the Register VMware setup:
Log in to the Management Console.
Select the workload from the Protect menu. Note that if the All Organizations menu is enabled, you have to first select an organization and then select the workload.
Download the appropriate installer to deploy the VMware backup proxy.
Ensure that you download the correct backup proxy from the Downloads page. To register a standalone ESXi server, download the standalone backup proxy. To register a vCenter server, download the vCenter backup proxy.
Select your cloud type as Public Cloud or GovCloud and then download OVA. The following table describes the OVA and packages on the Downloads page.
OVA/Package | Description |
Druva Proxy Deployer | Use this proxy deployer tool to deploy the first backup proxy |
VMware (Ubuntu Backup Proxy for vCenter) | OVA to deploy proxy on vCenter |
VMware (Ubuntu Backup Proxy for standalone ESXi) | OVA to deploy proxy on standalone ESXi host |
VMware (Backup Proxy DEB Package) | DEB package to manually upgrade the Ubuntu backup proxy |
VMware (RPM for Backup Proxy Upgrade) | RPM package to manually upgrade the CentOS backup proxy |
Generate activation token
To register your VMware set up, an activation token is required. Perform the following to generate an activation token.
Log in to the Management Console.
From the top menu bar, select your organization if organizations are enabled. Otherwise, proceed to the next step.
Click Protect > VMware.
Click Register.
From the Register New VMware Setup dialog box, select the Copy Token icon under the Activate Backup Proxy section. The activation token is copied successfully.
This token is valid for 25 servers and 7 days. This is required for connecting with the Druva Cloud during proxy deployment.
π Note
βIf this token has expired, click Generate New Token. Enter the required details in the Generate Token dialog box and click Generate. Alternatively, if you have generated an activation token earlier, you can copy it from the Manage Activation Tokens page.
Register vCenter using web client
Before you begin
Before you begin, ensure the following:
You have the following information:
vCenter credentials
Web proxy credentials (If you use a Web proxy in your environment).
Activation token. For more information, see Generate activation token.
IP settings.
π Note
βThis process of deploying and configuring the backup proxy using a web client is applicable only for a vCenter host. vCenter has the capability to temporarily store the parameters received during the OVF deployment. For additional help on deploying OVF templates, see the associated VMware documentation depending on the version of your VMware setup. For example, see this article from the vSphere 5 documentation library. You can deploy a backup proxy on a vCenter server whose virtual machines you want to back up. If you have not deployed the vCenter Server, you can deploy a backup proxy on a standalone ESXi host. See, Register a standalone ESXi
You must deploy backup proxy on the same vCenter Server or the ESXi host from where virtual machines are to be backed up. If you use an HTML5 web client for proxy deployment, you'd need to enter 'j.proxy type' in the HTTP field under Web Proxy Settings as a hard value, even if there is no web proxy. The proxy will not power on post-deployment without this value.
Deploy backup proxy
Log into vSphere Web Client.
In the left pane, select the host under Hosts and Clusters.
In the right pane, click Actions and select Deploy OVF Template.
βSelect an OVF template from the remote URL or local file system
βSpecify a unique name and target location of the virtual machine.
βSelect the destination compute resource for this operation.
βVerify the template details, and click Next.
βClick I accept all license agreements and click Next.
βSelect the storage for the configuration and disk files. You can select the virtual disk format and VM Storage Policy.
βYou can select from the below provisioning formats:
Thick Provisioned Lazy Zeroed: If you select this format, a thick virtual disk is created, and the existing data is lazy zeroed (existing data on the provisioned storage are cleared when the virtual machine writes to the storage for the first time).
Thick Provisioned Eager Zeroed: If you select this format, a thick virtual disk is created, and the existing data is eager zeroed (existing data on the provisioned storage is overwritten with zeroes at the time of creating the virtual machine).
Thin Provisioned: If you select this format, a thin virtual disk is created.
β
Select a destination network for each source network, and click Next.
βπ Note
βThe backup proxy uses the default network mapping settings of the vCenter Server or ESXi hypervisor.On the Properties screen, expand the inventory and provide the following details:
βNetwork Settings :
Druva backup proxy provides two network interface cards for configuration.
Select the Static IP box and provide the following details:
IP Address
Netmask
Gateway
Primary DNS
Secondary DNS
Domain (Optional)
β
π Note
β Adding a secondary NIC is optionalHostname: Provide the hostname. Ensure that the hostname does not contain any special characters or a space.
vCenter/ESXi details :
Provide the following vCenter details on which your backup proxy resides:
vCenter or ESXi FQDN
Username
Password
β
Ensure that you provide a format that you have used to log in to the vCenter using the Web vSphere Client. For example, if your vCenter is connected to a domain, you should provide the username in the following format:
β<domain\username>
βSecure VC connection
Certificate Type
Third-party (CA)
In-house CA/Self-Signed
CA Bundle Path
Network Share Username
Network Share Password
VMC
β
For enhanced security, provide the certificate path and credentials if you want to use certificate verification.
ββ
Select the Secure VC connection option and provide the certificate path in the CA Bundle Path.
If a self-signed certificate is used, the CA bundle path must be specified along with the Network Share Username and Network Share Password.
You must download the certificate and provide its location in the CA Bundle Path. For more information, see Download Certificate.
Web proxy settings (Optional) :
π Note
βYou need to configure the Web proxy settings only when you have a network proxy in your environment. If you don't have a proxy in your environment, keep these settings blank.You can configure a web proxy for your environment. To set up the web proxy, select the Use Web Proxy checkbox and provide the following details:
Auth Type:
None
Basic
Kerberos
If you select Kerberos authentication method, provide the following details:Enter KDC server name: Provide the FQDN of the Key Distribution Center (KDC) server.
Enter KDC user name: Provide a user name that the KDC can authenticate.
Enter KDC Password: Provide the user's password in the KDC user name field.
Enter KDC port: Provide the KDC port.
Enter FQDN of DNS Server Name: Provide the FQDN of the DNS server.
Enter DNS Server User Name: Provide a DNS server user name to let the backup proxy virtual machine use the domain you provided in the DNS Server Name field.
Enter DNS Server User Password: Provide the user's password in the DNS Server User Name field.
π Note
β Ensure that the FQDNs of the KDC, DNS server, and the web proxy host resolve to the appropriate servers. If the FQDNs do not resolve, add the FQDNs and the respective IP addresses in the/etc/hosts
file of the backup proxy virtual machine.
Proxy Type: Druva supports the following proxy types:
http
socks4
socks5
Proxy Server Name: Valid FQDN of the proxy server.
Proxy Port: Respective proxy port number.
Username: Valid proxy username. For a proxy that does not require authentication, enter *.
Password: Valid proxy password. For a proxy that does not require authentication, enter *.
β
Activation :
Activation Token: The activation token that you have received while registering the VMware setup.
Cloud Type: Select the type of cloud. The values are Mainline, Gov, Fedramp.
Time Zone: from the drop-down list, select the required time zone.
Job Id: Keep this field blank.
Click Next.
Verify the summary, and click Finish.
β
You can see the backup proxy on the Druva user interface.
Download Certificate
You must download the certificate as follows and provide its location in the CA Bundle Path:
Navigate to vCenter.
Download the certificate file from vCenter and unzip it to obtain the files.
From the "certs/lin" folder, create a single text file with the extension ".pem" by combining all files with the ".0" extension.
Copy and store this file at the remote location.
π Note
βFor enhanced data protection, the first boot script will now execute only once with the latest OVAs. If the deployment fails, you can access and configure the proxy using the ProxyConf tool.
Register a standalone ESXi
π Note
βFor additional help on deploying OVF templates, see the associated VMware documentation depending on the version of your VMware setup. For example, see Deploying OVF Templates from the vSphere 5 documentation library. You can deploy a backup proxy on a vCenter server whose virtual machines you want to back up. If you have not deployed a vCenter server, you can deploy a backup proxy on a standalone ESXi host. You must deploy backup proxy on the same vCenter server or the ESXi host from where virtual machines are to be backed up.
Deploy backup proxy
Log on to ESXi using vSphere Client.
Click Virtual Machines in the left pane, and then click Create / Register VM.
βUnder Select creation type, select Deploy a virtual machine from an OVF or OVA file option. Click Next.
βSelect the OVF and VMDK files you would like to deploy. Enter the name of the virtual machine. In the box, click to select file or drag/drop the file.
ββSelect a datastore for the virtual machine configuration files and all the virtual disks.
βClick I agree to accept the License Agreement, and click Next.
βSelect the deployment options. Select the network mappings and Disk provisioning options.
βπ Note
βThe backup proxy uses the default network mapping settings of the vCenter Server or ESXi hypervisor.To start the virtual machine after deployment, select Power on automatically.
Review your settings selection before finishing the wizard.
βBefore configuring the backup proxy, ensure that:
You have the ESXi root credentials handy. You can either set the fully qualified domain name (FQDN) or the IP address of ESXi Server.
π Note
β Backup proxy stores these credentials in an encrypted format.Ensure port 443 on ESXi host is configured for http/https traffic. ESXi host is configured for http/https traffic. The backup proxy communicates with the registered ESXi host on port 443.
π Note
βYou can configure backup proxy settings for Standalone ESXi only through CLI. The process of configuring backup proxy through vCenter is applicable only through vCenter web client and not in the case of standalone ESXi because vCenter has the capability to temporarily store the parameters received during the OVF deployment.
How to configure or reconfigure backup proxy
If your VMware backup proxy is not activated using the above method, you can manually activate and configure it by running the ProxyConf command in the proxy CLI. The ProxyConf utility can be found at /opt/Druva/EnterpriseWorkloads/bin/ProxyConf
.
From the vSphere Client console, start the backup proxy virtual machine. Alternatively, if you know the IP address of the proxy VM, you can log in to it from any CLI using the credentials provided in the note below.
Log on to the virtual machine with the username and password.
π Note
β The default username is root, and the default password is druvaphoenix. If you are configuring the backup proxy for the first time, reset the password and use it for all subsequent logins.On the Welcome screen, select Public Cloud or GovCloud.
On the type of VMware setup page, select VMware on-premise.
On the Backup Proxy settings page, enter the required page number and provide the following details:
π Note
ββFor VMware proxy version prior to 7.0.0, perform the steps based on the following screen.π Note
For VMware proxy version 7.0.0 and later, perform the steps based on the following screen. For more details, refer to the below steps.β
1. Network Configuration:
Druva backup proxy provides two network interface cards for configuration. When you select a card for configuration, the backup proxy provides an option to enable it. After you enable the card, you can configure the network settings.
Configure the network settings (Static/DHCP).
If you select the Static IP, provide the following details:
IP Address
Netmask
Gateway
Primary DNS Secondary DNS Domain
Secondary DNS
Domain
If you select DHCP, the DHCP IP is set.
π Note
β Before selectingthe DHCP setting, verify that no dhclient is running on the backup proxy.2. Change hostname: After the network configuration completes, you can choose to change the hostname.
To change the hostname, provide the new hostname when prompted.
To leave the hostname unchanged, only press Enter.
Ensure you do not enter a special character in the hostname or space.
3. Provide vCenter/ESXi FQDN (or IP address) and credentials: When prompted, provide the FQDN or IP address of the ESXi server.
βπ Note
βFor VMware proxy version 7.0.0 and later, refer to the sequence of steps in the above screenshot. Provide the network proxy settings, followed by the activation token, and then vCenter/ESXi FQDN (or IP address) and credentials.4. Network Proxy Settings:
If you are using a web proxy in your environment, enter Yes when you are prompted with Do you want to use Network Proxy Setting. To continue without using a proxy, enter No.
If you enter Yes, provide the following details:
Choose one of the following authentication methods. Enter:
β 0 for None
1 for Kerberos
2 for Basic
If you select Kerberos authentication method, provide the following details:Enter FQDN of DNS Server Name: Enter the FQDN of the DNS server.
Enter DNS Server User Name: Enter a DNS server user name to let the backup proxy virtual machine use the domain you provided in the DNS Server Name field.
Enter DNS Server User Password: Enter the user password in the DNS Server User Name field.
After you provide the DNS server details, the Druva backup proxy attempts to connect to the DNS server. If the connection is successful, provide the following details.Enter KDC server name: Enter the FQDN of the Key Distribution Center (KDC) server.
Enter KDC port: Enter the KDC port.
Enter KDC user name: Enter a user name that the KDC can authenticate.
Enter KDC Password: Enter the user password in the KDC user name field.
After you provide the KDC server details, the Druva backup proxy tries to connect to the KDC server and generate an authentication ticket. If the ticket is generated successfully, the Druva backup proxy can connect to the web proxy.
Proxy Type: Druva supports the following proxy types:
http
socks4
socks5
Enter one of the supported proxy types.
Proxy Server: Enter the valid proxy server FQDN.
Proxy port: Enter the corresponding proxy port number.
Username: Enter a valid proxy username. For a proxy that does not require authentication, enter *.
Password: Enter the valid proxy password. For a proxy that does not require authentication, enter *.
π Note
βEnsure that the FQDNs of the DNS server, KDC server, and the web proxy host resolve to the appropriate servers. If the FQDNs do not resolve, add the FQDNs and the respective IP addresses in the/etc/hosts
file of the backup proxy virtual machine.5. Provide activation token:
At the prompt, type the activation token that Druva generated while registering the VMware setup. Wait until the virtual machine synchronizes with the NTP server. By default, the Druva backup proxy synchronizes with the CentOS NTP servers. To configure custom NTP server, see Configuring custom NTP server.
For Ubuntu, see Configuring custom NTP server for Druva Ubuntu proxy.
π Note
β If you choose to activate the backup proxy at a later time, press the Enter key thrice to exit the configuration. To activate the backup proxy later, see perform a standalone activation of backup proxy.6. Change the time zone:
You can change the time zone on your system:
Type yes, to change the time zone.
From the displayed list of continents and oceans, type the number corresponding to the server location.
From the displayed list of countries, type the number corresponding to the country in which the server is located.
Type 1, to set the selected time zone.
The backup proxy will reboot after you change the time zone.
Type no, to keep the default time zone.
π Note
β You can also manually set the time zone.7. Exit: Wait for the synchronization to complete and exit.
π Note
βAfter you reset the default password of the backup proxy virtual machine, the ProxyConf utility available at /opt/Druva/Phoenix/bin/ is invoked. The ProxyConf utility prompts you for inputs while performing tasks 4 through 6, thus completing the backup proxy configuration.
Perform a standalone activation of backup proxy
If your VMware backup proxy is not activated or if you want to activate the backup proxy at a later stage, use the following steps for activation:
From the vSphere Client console, click VMs and Templates, and start the backup proxy virtual machine.
Log on to the virtual machine with the default username and the changed password.
Run the following command to activate the backup proxy:
PhoenixActivate <token>
(for VMware backup proxy version 7.0.0 or earlier)EnterpriseWorkloadsAgent vmware activate -t <token>
(for VMware backup proxy version 7.0.0 and later)
Configuring custom NTP server for CentOS proxy
You can configure Druva VMware backup proxy to use custom NTP server. The NTP requests are serviced through a pool of NTP servers. Currently, the backup proxy uses the
*.centos.pool.ntp.org pool
Open the
/etc/ntp.conf
file to configure your NTP server.
The NTP server configuration file contains NTP server entries in the following format:βserver <ntp_server_fqdn> [options]
For example:
server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst
Comment the existing NTP server entries and add the following entry to the
/etc/ntp.conf
file.server <internal_ntp_server_fqdn> iburst
Restart the ntpd service using the following command:
service ntpd restart
Verify that the
/var/log/messages
file now synchronizes with the new NTP server without any errors.
Configuring custom NTP server for Ubuntu proxy
π Note
βFor Ubuntu, the proxy time is synchronized to ntp.ubuntu.com
, by default. For more information on the same, refer to https://ubuntu.com/server/docs/network-ntp.
You can configure the Druva VMware backup proxy to use a custom NTP server. The NTP requests are serviced through a pool of NTP servers.
Check if the NTP server is installed.
βservice ntp status
If the NTP server is installed, continue with step 2. Otherwise, run the following command to install the NTP.
βsudo apt install ntp
Open the NTP configuration file
The NTP configuration file is located at/etc/ntp.conf
. To edit this file, use a text editor such as vi, nano, or vim.
βsudo vi /etc/ntp.conf
Understand the NTP server entries. In the
/etc/ntp.conf
file, the NTP servers are defined using the server directive. The format is as follows:server <ntp_server_fqdn> [options]
<ntp_server_fqdn>
: This is the Fully Qualified Domain Name (FQDN) or the IP address of the NTP server.[options]
: These are optional parameters that modify the behavior of the NTP request. Common options include:iburst: Sends a burst of packets if the server is unreachable, which helps to quickly synchronize the time.
The following is an example of an existing NTP server entry:
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org
Comment out the existing entries. To comment out the existing the NTP server entries, place a # at the beginning of each line:
# server 0.centos.pool.ntp.org
# server 1.centos.pool.ntp.org
# server 2.centos.pool.ntp.org
Add your internal NTP server. For example, if your internal NTP server's FQDN is
ntp.company.local
, your configuration will be:
βserver ntp.company.local iburst
Restart the NTP service. After editing the configuration file, you need to restart the NTP daemon (ntpd) to apply the changes:
βsudo service ntp restart
Alternatively, on systems using systemd, use the following command:
βsudo systemctl restart ntp
Verify the synchronization. To ensure that your system is synchronizing time correctly with the new the NTP server, check the system logs. You can use the following command to view the log file:
βsudo tail -f /var/log/dmesg
Check for entries that indicate successful synchronization with the NTP server. For example:
βntpd[1234]: synchronized to 192.168.1.100, stratum 2
This indicates that the NTP daemon is now syncing time with the internal server at 192.168.1.100.