Skip to main content
All CollectionsEnterprise WorkloadsProtect VMware Virtual MachinesVMware Frequently Asked Questions
How to manually install the VMware backup proxy using the OVA
How to manually install the VMware backup proxy using the OVA

Quick steps to manually install the VMware backup proxy using the OVA

Updated over a week ago

To back up your virtual machines, you must first download and install a backup proxy in your virtual infrastructure environment and then register it from the Management Console. This article describes how to get the backup proxy and activation token and register your servers.

Download OVA to deploy VMware proxy

Download the latest version of the backup proxy from the following location:

Druva Downloads page

Go to http://downloads.druva.com/phoenix/. From the Select Agent drop-down list select VMware.

OR

Register VMware setup wizard

Perform the following steps to download the backup proxy from the Register VMware setup:

  1. Log in to the Management Console.

  2. Select the workload from the Protect menu. Note that if the All Organizations menu is enabled, you have to first select an organization and then select the workload.

  3. Download the appropriate installer to deploy the VMware backup proxy.

Ensure that you download the correct backup proxy from the Downloads page. To register a standalone ESXi server, download the standalone backup proxy. To register a vCenter server, download the vCenter backup proxy.

Select your cloud type as Public Cloud or GovCloud and then download OVA. The following table describes the OVA and packages on the Downloads page.

OVA/Package

Description

Druva Proxy Deployer

Use this proxy deployer tool to deploy the first backup proxy

VMware (Ubuntu Backup Proxy for vCenter)

OVA to deploy proxy on vCenter

VMware (Ubuntu Backup Proxy for standalone ESXi)

OVA to deploy proxy on standalone ESXi host

VMware (Backup Proxy DEB Package)

DEB package to manually upgrade the Ubuntu backup proxy

VMware (RPM for Backup Proxy Upgrade)

RPM package to manually upgrade the CentOS backup proxy

Generate activation token

To register your VMware set up, an activation token is required. Perform the following to generate an activation token.

  1. Log in to the Management Console.

  2. From the top menu bar, select your organization if organizations are enabled. Otherwise, proceed to the next step.

  3. Click Protect > VMware.

  4. Click Register.

  5. From the Register New VMware Setup dialog box, select the Copy Token icon under the Activate Backup Proxy section. The activation token is copied successfully.

    This token is valid for 25 servers and 7 days. This is required for connecting with the Druva Cloud during proxy deployment.

πŸ“ Note
​If this token has expired, click Generate New Token. Enter the required details in the Generate Token dialog box and click Generate. Alternatively, if you have generated an activation token earlier, you can copy it from the Manage Activation Tokens page.

Register vCenter using web client

Before you begin

Before you begin, ensure the following:

  • You have the following information:

    • vCenter credentials

    • Web proxy credentials (If you use a Web proxy in your environment).

    • Activation token. For more information, see Generate activation token.

    • IP settings.

πŸ“ Note
​This process of deploying and configuring the backup proxy using a web client is applicable only for a vCenter host. vCenter has the capability to temporarily store the parameters received during the OVF deployment. For additional help on deploying OVF templates, see the associated VMware documentation depending on the version of your VMware setup. For example, see this article from the vSphere 5 documentation library. You can deploy a backup proxy on a vCenter server whose virtual machines you want to back up. If you have not deployed the vCenter Server, you can deploy a backup proxy on a standalone ESXi host. See, Register a standalone ESXi
You must deploy backup proxy on the same vCenter Server or the ESXi host from where virtual machines are to be backed up. If you use an HTML5 web client for proxy deployment, you'd need to enter 'j.proxy type' in the HTTP field under Web Proxy Settings as a hard value, even if there is no web proxy. The proxy will not power on post-deployment without this value.

Deploy backup proxy

  1. Log into vSphere Web Client.

  2. In the left pane, select the host under Hosts and Clusters.

  3. In the right pane, click Actions and select Deploy OVF Template.
    ​

  4. Select an OVF template from the remote URL or local file system
    ​

  5. Specify a unique name and target location of the virtual machine.
    ​

  6. Select the destination compute resource for this operation.
    ​

  7. Verify the template details, and click Next.
    ​

  8. Click I accept all license agreements and click Next.
    ​

  9. Select the storage for the configuration and disk files. You can select the virtual disk format and VM Storage Policy.
    ​

    You can select from the below provisioning formats:

    • Thick Provisioned Lazy Zeroed: If you select this format, a thick virtual disk is created, and the existing data is lazy zeroed (existing data on the provisioned storage are cleared when the virtual machine writes to the storage for the first time).

    • Thick Provisioned Eager Zeroed: If you select this format, a thick virtual disk is created, and the existing data is eager zeroed (existing data on the provisioned storage is overwritten with zeroes at the time of creating the virtual machine).

    • Thin Provisioned: If you select this format, a thin virtual disk is created.
      ​

  10. Select a destination network for each source network, and click Next.
    ​

    πŸ“ Note
    ​The backup proxy uses the default network mapping settings of the vCenter Server or ESXi hypervisor.

  11. On the Properties screen, expand the inventory and provide the following details:
    ​

    • Network Settings :

      Druva backup proxy provides two network interface cards for configuration.

      Select the Static IP box and provide the following details:

      • IP Address

      • Netmask

      • Gateway

      • Primary DNS

      • Secondary DNS

      • Domain (Optional)
        ​

      πŸ“ Note
      ​ Adding a secondary NIC is optional

    • Hostname: Provide the hostname. Ensure that the hostname does not contain any special characters or a space.

    • vCenter/ESXi details :

      Provide the following vCenter details on which your backup proxy resides:

      • vCenter or ESXi FQDN

      • Username

      • Password
        ​
        Ensure that you provide a format that you have used to log in to the vCenter using the Web vSphere Client. For example, if your vCenter is connected to a domain, you should provide the username in the following format:
        ​<domain\username>
        ​

      • Secure VC connection

      • Certificate Type

      • Third-party (CA)

      • In-house CA/Self-Signed

      • CA Bundle Path

      • Network Share Username

      • Network Share Password

      • VMC
        ​
        For enhanced security, provide the certificate path and credentials if you want to use certificate verification.
        ​

        ​
        Select the Secure VC connection option and provide the certificate path in the CA Bundle Path.
        If a self-signed certificate is used, the CA bundle path must be specified along with the Network Share Username and Network Share Password.
        You must download the certificate and provide its location in the CA Bundle Path. For more information, see Download Certificate.

    • Web proxy settings (Optional) :

      πŸ“ Note
      ​You need to configure the Web proxy settings only when you have a network proxy in your environment. If you don't have a proxy in your environment, keep these settings blank.

      You can configure a web proxy for your environment. To set up the web proxy, select the Use Web Proxy checkbox and provide the following details:

      • Auth Type:

        • None

        • Basic

        • Kerberos
          If you select Kerberos authentication method, provide the following details:

          • Enter KDC server name: Provide the FQDN of the Key Distribution Center (KDC) server.

          • Enter KDC user name: Provide a user name that the KDC can authenticate.

          • Enter KDC Password: Provide the user's password in the KDC user name field.

          • Enter KDC port: Provide the KDC port.

          • Enter FQDN of DNS Server Name: Provide the FQDN of the DNS server.

          • Enter DNS Server User Name: Provide a DNS server user name to let the backup proxy virtual machine use the domain you provided in the DNS Server Name field.

          • Enter DNS Server User Password: Provide the user's password in the DNS Server User Name field.

            πŸ“ Note
            ​ Ensure that the FQDNs of the KDC, DNS server, and the web proxy host resolve to the appropriate servers. If the FQDNs do not resolve, add the FQDNs and the respective IP addresses in the /etc/hosts file of the backup proxy virtual machine.

      • Proxy Type: Druva supports the following proxy types:

        • http

        • socks4

        • socks5

      • Proxy Server Name: Valid FQDN of the proxy server.

      • Proxy Port: Respective proxy port number.

      • Username: Valid proxy username. For a proxy that does not require authentication, enter *.

      • Password: Valid proxy password. For a proxy that does not require authentication, enter *.
        ​

    • Activation :

      • Activation Token: The activation token that you have received while registering the VMware setup.

      • Cloud Type: Select the type of cloud. The values are Mainline, Gov, Fedramp.

      • Time Zone: from the drop-down list, select the required time zone.

      • Job Id: Keep this field blank.

  12. Click Next.

  13. Verify the summary, and click Finish.
    ​


    You can see the backup proxy on the Druva user interface.

Download Certificate

You must download the certificate as follows and provide its location in the CA Bundle Path:

  1. Navigate to vCenter.

  2. Download the certificate file from vCenter and unzip it to obtain the files.

  3. From the "certs/lin" folder, create a single text file with the extension ".pem" by combining all files with the ".0" extension.

  4. Copy and store this file at the remote location.

Register a standalone ESXi

πŸ“ Note
​For additional help on deploying OVF templates, see the associated VMware documentation depending on the version of your VMware setup. For example, see Deploying OVF Templates from the vSphere 5 documentation library. You can deploy a backup proxy on a vCenter server whose virtual machines you want to back up. If you have not deployed a vCenter server, you can deploy a backup proxy on a standalone ESXi host. You must deploy backup proxy on the same vCenter server or the ESXi host from where virtual machines are to be backed up.

Deploy backup proxy

  1. Log on to ESXi using vSphere Client.

  2. Click Virtual Machines in the left pane, and then click Create / Register VM.
    ​

  3. Under Select creation type, select Deploy a virtual machine from an OVF or OVA file option. Click Next.
    ​

  4. Select the OVF and VMDK files you would like to deploy. Enter the name of the virtual machine. In the box, click to select file or drag/drop the file.
    ​​

  5. Select a datastore for the virtual machine configuration files and all the virtual disks.
    ​

  6. Click I agree to accept the License Agreement, and click Next.
    ​

  7. Select the deployment options. Select the network mappings and Disk provisioning options.
    ​

    πŸ“ Note
    ​The backup proxy uses the default network mapping settings of the vCenter Server or ESXi hypervisor.

    To start the virtual machine after deployment, select Power on automatically.

  8. Review your settings selection before finishing the wizard.
    ​

    Before configuring the backup proxy, ensure that:

  • You have the ESXi root credentials handy. You can either set the fully qualified domain name (FQDN) or the IP address of ESXi Server.

    πŸ“ Note
    ​ Backup proxy stores these credentials in an encrypted format.

  • Ensure port 443 on ESXi host is configured for http/https traffic. ESXi host is configured for http/https traffic. The backup proxy communicates with the registered ESXi host on port 443.

πŸ“ Note
​You can configure backup proxy settings for Standalone ESXi only through CLI. The process of configuring backup proxy through vCenter is applicable only through vCenter web client and not in the case of standalone ESXi because vCenter has the capability to temporarily store the parameters received during the OVF deployment.

How to configure or reconfigure backup proxy

If your VMware backup proxy is not activated using the above method, you can manually activate and configure it by running the ProxyConf command in the proxy CLI. The ProxyConf utility can be found at /opt/Druva/EnterpriseWorkloads/bin/ProxyConf.

  1. From the vSphere Client console, start the backup proxy virtual machine. Alternatively, if you know the IP address of the proxy VM, you can log in to it from any CLI using the credentials provided in the note below.

  2. Log on to the virtual machine with the username and password.

    πŸ“ Note
    ​ The default username is root, and the default password is druvaphoenix. If you are configuring the backup proxy for the first time, reset the password and use it for all subsequent logins.

  3. On the Welcome screen, select Public Cloud or GovCloud.

    proxyconf1.png

  4. On the type of VMware setup page, select VMware on-premise.

    proxyconf2.png

  5. On the Backup Proxy settings page, enter the required page number and provide the following details:

    πŸ“ Note
    ​​For VMware proxy version prior to 7.0.0, perform the steps based on the following screen.

    proxyconf3.png

    πŸ“ Note
    For VMware proxy version 7.0.0 and later, perform the steps based on the following screen. For more details, refer to the below steps.

    ​

    • 1. Network Configuration:

      Druva backup proxy provides two network interface cards for configuration. When you select a card for configuration, the backup proxy provides an option to enable it. After you enable the card, you can configure the network settings.

      Configure the network settings (Static/DHCP).

      • If you select the Static IP, provide the following details:

        • IP Address

        • Netmask

        • Gateway

        • Primary DNS Secondary DNS Domain

        • Secondary DNS

        • Domain

      • If you select DHCP, the DHCP IP is set.

      πŸ“ Note
      ​ Before selectingthe DHCP setting, verify that no dhclient is running on the backup proxy.

    • 2. Change hostname: After the network configuration completes, you can choose to change the hostname.

      • To change the hostname, provide the new hostname when prompted.

      • To leave the hostname unchanged, only press Enter.

      • Ensure you do not enter a special character in the hostname or space.

    • 3. Provide vCenter/ESXi FQDN (or IP address) and credentials: When prompted, provide the FQDN or IP address of the ESXi server.
      ​

      πŸ“ Note
      ​For VMware proxy version 7.0.0 and later, refer to the sequence of steps in the above screenshot. Provide the network proxy settings, followed by the activation token, and then vCenter/ESXi FQDN (or IP address) and credentials.

    • 4. Network Proxy Settings:

      If you are using a web proxy in your environment, enter Yes when you are prompted with Do you want to use Network Proxy Setting. To continue without using a proxy, enter No.

      If you enter Yes, provide the following details:

      • Choose one of the following authentication methods. Enter:
        ​ 0 for None
        1         for Kerberos
        2         for Basic
        If you select Kerberos authentication method, provide the following details:

        • Enter FQDN of DNS Server Name: Enter the FQDN of the DNS server.

        • Enter DNS Server User Name: Enter a DNS server user name to let the backup proxy virtual machine use the domain you provided in the DNS Server Name field.

        • Enter DNS Server User Password: Enter the user password in the DNS Server User Name field.
          After you provide the DNS server details, the Druva backup proxy attempts to connect to the DNS server. If the connection is successful, provide the following details.

        • Enter KDC server name: Enter the FQDN of the Key Distribution Center (KDC) server.

        • Enter KDC port: Enter the KDC port.

        • Enter KDC user name: Enter a user name that the KDC can authenticate.

        • Enter KDC Password: Enter the user password in the KDC user name field.
          After you provide the KDC server details, the Druva backup proxy tries to connect to the KDC server and generate an authentication ticket. If the ticket is generated successfully, the Druva backup proxy can connect to the web proxy.

      • Proxy Type: Druva supports the following proxy types:

        • http

        • socks4

        • socks5
          Enter one of the supported proxy types.

      • Proxy Server: Enter the valid proxy server FQDN.

      • Proxy port: Enter the corresponding proxy port number.

      • Username: Enter a valid proxy username. For a proxy that does not require authentication, enter *.

      • Password: Enter the valid proxy password. For a proxy that does not require authentication, enter *.

      πŸ“ Note
      ​Ensure that the FQDNs of the DNS server, KDC server, and the web proxy host resolve to the appropriate servers. If the FQDNs do not resolve, add the FQDNs and the respective IP addresses in the /etc/hosts file of the backup proxy virtual machine.

    • 5. Provide activation token:

      At the prompt, type the activation token that Druva generated while registering the VMware setup. Wait until the virtual machine synchronizes with the NTP server. By default, the Druva backup proxy synchronizes with the CentOS NTP servers. To configure custom NTP server, see Configuring custom NTP server.

      For Ubuntu, see Configuring custom NTP server for Druva Ubuntu proxy.

      πŸ“ Note
      ​ If you choose to activate the backup proxy at a later time, press the Enter key thrice to exit the configuration. To activate the backup proxy later, see perform a standalone activation of backup proxy.

    • 6. Change the time zone:

      You can change the time zone on your system:

      Type yes, to change the time zone.

      1. From the displayed list of continents and oceans, type the number corresponding to the server location.

      2. From the displayed list of countries, type the number corresponding to the country in which the server is located.

      3. Type 1, to set the selected time zone.

      The backup proxy will reboot after you change the time zone.

      Type no, to keep the default time zone.

      πŸ“ Note
      ​ You can also manually set the time zone.

    • 7. Exit: Wait for the synchronization to complete and exit.

πŸ“ Note
​After you reset the default password of the backup proxy virtual machine, the ProxyConf utility available at /opt/Druva/Phoenix/bin/ is invoked. The ProxyConf utility prompts you for inputs while performing tasks 4 through 6, thus completing the backup proxy configuration.

Perform a standalone activation of backup proxy

If your VMware backup proxy is not activated or if you want to activate the backup proxy at a later stage, use the following steps for activation:

  1. From the vSphere Client console, click VMs and Templates, and start the backup proxy virtual machine.

  2. Log on to the virtual machine with the default username and the changed password.

  3. Run the following command to activate the backup proxy:

    • PhoenixActivate <token> (for VMware backup proxy version 7.0.0 or earlier)

    • EnterpriseWorkloadsAgent vmware activate -t <token> (for VMware backup proxy version 7.0.0 and later)

Configuring custom NTP server for CentOS proxy

You can configure Druva VMware backup proxy to use custom NTP server. The NTP requests are serviced through a pool of NTP servers. Currently, the backup proxy uses the

*.centos.pool.ntp.org pool

  1. Open the /etc/ntp.conf file to configure your NTP server.
    The NTP server configuration file contains NTP server entries in the following format:​

    server <ntp_server_fqdn> [options]

    For example:

    server 0.centos.pool.ntp.org iburst
        server 1.centos.pool.ntp.org iburst
        server 2.centos.pool.ntp.org iburst
        server 3.centos.pool.ntp.org iburst

  2. Comment the existing NTP server entries and add the following entry to the /etc/ntp.conf file.

    server <internal_ntp_server_fqdn> iburst

  3. Restart the ntpd service using the following command:

    service ntpd restart

  4. Verify that the /var/log/messages file now synchronizes with the new NTP server without any errors.

Configuring custom NTP server for Ubuntu proxy

πŸ“ Note
​For Ubuntu, the proxy time is synchronized to ntp.ubuntu.com, by default. For more information on the same, refer to https://ubuntu.com/server/docs/network-ntp.

You can configure the Druva VMware backup proxy to use a custom NTP server. The NTP requests are serviced through a pool of NTP servers.

  1. Check if the NTP server is installed.
    ​service ntp status

    If the NTP server is installed, continue with step 2. Otherwise, run the following command to install the NTP.
    ​sudo apt install ntp

  2. Open the NTP configuration file
    The NTP configuration file is located at /etc/ntp.conf. To edit this file, use a text editor such as vi, nano, or vim.
    ​sudo vi /etc/ntp.conf

  3. Understand the NTP server entries. In the /etc/ntp.conf file, the NTP servers are defined using the server directive. The format is as follows:

    server <ntp_server_fqdn> [options]

    • <ntp_server_fqdn>: This is the Fully Qualified Domain Name (FQDN) or the IP address of the NTP server.

    • [options]: These are optional parameters that modify the behavior of the NTP request. Common options include:

      • iburst: Sends a burst of packets if the server is unreachable, which helps to quickly synchronize the time.

    The following is an example of an existing NTP server entry:

    server 0.centos.pool.ntp.org

    server 1.centos.pool.ntp.org

    server 2.centos.pool.ntp.org

  4. Comment out the existing entries. To comment out the existing the NTP server entries, place a # at the beginning of each line:

    # server 0.centos.pool.ntp.org

    # server 1.centos.pool.ntp.org

    # server 2.centos.pool.ntp.org

  5. Add your internal NTP server. For example, if your internal NTP server's FQDN is ntp.company.local, your configuration will be:
    ​server ntp.company.local iburst

  6. Restart the NTP service. After editing the configuration file, you need to restart the NTP daemon (ntpd) to apply the changes:
    ​sudo service ntp restart
    Alternatively, on systems using systemd, use the following command:
    ​sudo systemctl restart ntp

  7. Verify the synchronization. To ensure that your system is synchronizing time correctly with the new the NTP server, check the system logs. You can use the following command to view the log file:
    ​sudo tail -f /var/log/dmesg
    Check for entries that indicate successful synchronization with the NTP server. For example:
    ​ntpd[1234]: synchronized to 192.168.1.100, stratum 2
    This indicates that the NTP daemon is now syncing time with the internal server at 192.168.1.100.

Related Articles
How to deploy the first backup proxy and register the VMware setup
How to deploy additional VMware backup proxies
How to migrate VMware backup proxy from CentOS to new Ubuntu proxy
Reconfigure Nutanix AHV Backup Proxy settings
How to reconfigure VMware backup proxy settings
Did this answer your question?