Barracuda Backup uses the VMware vSphere Storage APIs–Data Protection to perform image-level backups of VMware vSphere virtual machines (VMs). If a vCenter server is managing the VMware environment, it is recommended to configure the data source with the IP address or FQDN of the vCenter server. Configuring the data source using individual ESXi hosts should only be done if a host is standalone or there is no vCenter server managing the environment.
VMware Recovery Licenses
This section describes VMware recovery licenses.
Licenses Required for vStorage APIs for Data Protection
The vStorage APIs for Data Protection (VADP) are included with all licensed vSphere editions including Standard, Enterprise, and Enterprise Plus.
Understanding vStorage APIs for Data Protection
Barracuda Backup can use VADP to back up vSphere VMs without requiring the Backup Agent or processing to be done inside each guest VM on the ESX host. This offloads the backup processing from ESX hosts and reduces cost by allowing each ESX host to run more VMs.
VADP leverages the snapshot capabilities of vSphere, enabling backup across a storage area network (SAN) without requiring VM downtime. This allows backups to be performed at any time without disrupting the VMs or requiring extended backup windows and application downtime.
VMware Data Recovery Backup and Restore Permissions
The tables in this section describe the VMware data recovery backup and restore permissions.
ESX/ESXi Host Machine Permissions
At a minimum, you must have the following permissions assigned to the user role on an ESX/ESXi VM:
Table 1. ESX/ESXi User Role Permissions.
System | Configuration | Disk Change Tracking |
---|---|---|
VM | Provisioning |
|
VM | Snapshot Management |
|
Global |
|
If you are using SCSI hot-adding on an ESX/ESXi VM, the user role must have the following permissions:
All of the permissions listed in Table 1, and
The Barracuda Backup must have all of the permissions listed in Table 2
Table 2. Barracuda Backup Minimum Permissions.
System | Configuration | Permissions |
Datastore |
| |
VM | Configuration |
|
vCenter Server Role for Backup and Recovery
If you wish to assign privileges to a vCenter Server user or a user in Active Directory (AD), you can create a new user with the VMware vCenter roles.
To create a vCenter Server role for backup and recovery operations, log in to the vCenter Server using the vSphere Client, and add the permissions listed in Table 3:
Table 3. vCenter Server Role Permissions.
Location | Configuration | Permissions |
---|---|---|
Datastore |
| |
Global |
| |
Guest Operations(1,2)
|
| |
Network |
| |
Resource |
| |
vApp |
| |
VM | Configuration
|
|
VM | Inventory |
|
VM | Provisioning |
|
VM (2) | Snapshot Management (2) > State (2) |
|
VM (3) | State(3) |
|
Notes: |
vCenter Server Role for Scheduled Backup Operations Permissions
To add a vCenter Server role for backup operations only, add a role using the vSphere Client, and add the permissions listed in Table 4.
Table 4. vCenter Server Role for Backup Operations Permissions.
Location | Configuration | Permissions |
---|---|---|
Global |
| |
Guest Operations(1)(2)
|
| |
VM | Configuration |
|
VM | Provisioning |
|
VM (2) | Snapshot Management(2) > State(2) |
|
VM (3) | State(3) |
|
Notes: |
Barracuda Backup Set Up and Restore Permissions
To set up and restore a VMware VM as a data source in the Barracuda Backup web interface, you must have administrator privileges to the VM. Once your credentials are verified and the data source is set up and backups are enabled, use the Restore page to restore a VM. For more information on this VMware requirement, refer to the VMware Data Recovery Administration Guide available on the VMware website.
Understanding Which Ports to Open for VMware Accessibility
In order for the Barracuda Backup appliance to access VMware servers, you must open the ports listed in the following tables:
Table 1. Data Recovery.
Port | Details |
---|---|
902 | TCP Data Recovery Appliance ESX Host VDR to ESX Communication |
22024 | TCP Data Recovery vSphere Client Plug-in Data Recovery Appliance Data Recovery Management |
Table 2. Ports Related to Non-Data Recovery Features.
Port | Details |
---|---|
22 | TCP User VDP ssh (for debugging) |
53 | UDP VDP DNS server DNS |
80 | TCP User VDP http |
111 | TCP, UDP VDP ESXi/ESX rpcbind |
443 | TCP User VDP https |
700 | TCP VDP, LDAP Active Directory Loginmgr tool |
7778 | TCP vCenter VDP VDP, RMI |
7779 | TCP vCenter VDP VDP, RMI |
8509 | TCP vCenter VDP Tomcat AJP Connector |
8543 | TCP User VDP Redirect for Tomcat |
8580 | TCP vCenter VDP VDP Downloader |
9443 | TCP vCenter VDP VDP Web Services |
27000 | TCP VDP vCenter Licensing communication |
VMware Support Statement
Barracuda Networks supports Barracuda Backup customers irrespective of whether they are protecting VMware environments. Barracuda Networks supports operating systems, not specific hardware configurations. VMware operates as a hardware abstraction layer.
VMware supports a set of certified operating systems and hardware, and the customer and VMware are responsible for any interactions or issues that arise at the hardware or operating system layer as a result of the customer’s use of VMware.
Barracuda Networks does not require customers to recreate and troubleshoot every issue in a non-VMware environment, however, Barracuda Networks does reserve the right to request customers to diagnose certain issues in a native-certified operating system environment, operating without the virtual environment. Barracuda Networks will only make this request when there is reason to believe that the virtual environment is a contributing factor to the issue.
Any time spent on investigation of problems that may, in the sole opinion of Barracuda Networks, be related to VMware, will be handled in the following fashion:
If a problem is encountered backing up a VMware environment, the customer may be required to recreate the problem on a non-VMware server, at which time Barracuda Networks will provide regular support.
Regardless of the problem type or source, if the problem is determined to be a non-VMware related issue, time spent on investigation and resolution will be covered as part of regular maintenance, and support will be provided as usual.
Please note that Barracuda Networks only provides technical support to customers who maintain the requisite subscriptions.