Archive:SEP sesam backup client for VMware ESX Server

From SEPsesam
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Icon archived docs.png THE CONTENT OF THIS PAGE IS OUTDATED
SEP AG has discontinued support for obsolete SEP sesam versions. Instructions are still available for these SEP sesam products, however, SEP AG accepts no responsibility or liability for any errors or inaccuracies in the instructions or for the incorrect operation of obsolete SEP sesam software. It is strongly recommended that you update your SEP sesam software to the latest version. For the latest version of SEP sesam documentation, see documentation home.

Template:Copyright SEP AG en


Introduction

The SEP sesam online extension for ESX Servers provides hot backups of Virtual Machines (VMs) running on a VMware ESX server. Consistent backups are achieved by creating a snapshot of the virtual machine. After the snapshot the virtual disk (VMDK) files are transferred to a SEP sesam backup medium. The ESX backup client will be installed directly on the ESX server.

Advantages

  • No proxy server is necessary
  • Virtual machines do not need to be on a SAN storage device

Disadvantages

  • Higher load on the ESX server
  • No file system backup of Windows guests

System Requirements

For a SEP sesam RDS installation the mt-st RPM package is required. This is not on the ESX install medium but you can use RPM for RHEL 4 or Fedora 3 which can be found e.g. here:

ftp://ftp.tu-ilmenau.de/Mirrors/centos/4.7/os/i386/CentOS/RPMS/mt-st-0.8-1.i386.rpm

Installation

SEP sesam backup client must be installed directly on each ESX server.

  • Login as root user
  • Install Sesam Linux backup client, using SEP sesam RPM package for RHEL4 (For Vsphere (ESX) 4.0 Please install the RHEL5 Package for 64 Bit Systems RHEL5)
  • Install Sesam ESX Client RPM package


 #> cd /tmp
 #> rpm -U sesam_cli-3.4.1-41.RHEL.i386.rpm
 #> rpm -U sesam-esx-3.4.1-41.i386.rpm

Configuration

Firewall

On each ESX server an active firewall is running by default. We recommend to switch it off during configuration of the SEP sesam ESX online module.

   esxcfg-firewall --allowIncoming --allowOutgoing
Attention

After the successful configuration the firewall can be switched on again.

   esxcfg-firewall --blockIncoming --blockOutgoing

Don't forget to open the required SEP sesam ports by using the ESX server command esxcfg-firewall.


Example:

In this example you can see the configuration of the ESX firewall for the ESX host and the the available Virtual Machines. The SEP sesam control communication will be processed by a single port (port 11301) in the client configuration. Besides the initial port (port 11001) you must configure 2 ports per simultaneous backup on the ESX firewall (e.g. 11002-11007 for 3 parallel backups). Further information regarding firewall settings for a ESX server in sesam are stored in our user manual within Components > Topology.


On the ESX console interface the configuration has to execute line per line (or as a batch):

esxcfg-firewall -o 11301,tcp,in,SesamCtrl
esxcfg-firewall -o 11301,tcp,out,SesamCtrl
esxcfg-firewall -o 11001,tcp,in,SesamData
esxcfg-firewall -o 11001,tcp,out,SesamData
esxcfg-firewall -o 11002,tcp,in,SesamData
esxcfg-firewall -o 11002,tcp,out,SesamData
esxcfg-firewall -o 11003,tcp,in,SesamData
esxcfg-firewall -o 11003,tcp,out,SesamData
esxcfg-firewall -o 11004,tcp,in,SesamData
esxcfg-firewall -o 11004,tcp,out,SesamData
esxcfg-firewall -o 11005,tcp,in,SesamData
esxcfg-firewall -o 11005,tcp,out,SesamData
esxcfg-firewall -o 11006,tcp,in,SesamData
esxcfg-firewall -o 11006,tcp,out,SesamData
esxcfg-firewall -o 11007,tcp,in,SesamData
esxcfg-firewall -o 11007,tcp,out,SesamData


After all ESX firewall commands are executed the configuration can be checked by esxcfg-firewall -q.

Adoption of backup tools config

adopt VCHOST, USERNAME and PASSWORD in /etc/vmware/backuptools.conf file

 ...
 VCHOST=esix.sep.de
 #
 # Username to use for VC SDK authentication
 USERNAME=root
 # Password to user for VC SDK authentication
 PASSWORD=secret
Attention

Please use the user and password of your own environment.

Configuration in the SEP sesam GUI

Configure the ESX server in SEP sesam GUI as a UNIX client. As operating system you can choose ESX-Server.

Create a new client


In the SEP sesam GUI create a new backup task with task type ESX-Server. As backup source specify the display name of the virtual machine.

The VM can be selected by the client file system browser under VMware. You can also get the display name from VMware Virtual Center or on the ESX-Server CLI by executing the command:

 vcbVmName -s Any:


Choose backup type "ESX Server"


If the backup source is set to ALL, all VMs on the ESX Server are saved. To exclude specific VMs put their names into the exclude list.
Attention: SEP sesam exclude list are regular expressions.


Client File View (expanded) and select the required VM on the ESX Server

Remote Device Server

Instead of installing a SEP sesam client you can install the Remote Device Server (RDS) package. By doing this VMDKs can be saved LAN Free to any storage device connected to the ESX server.

Restore

Restore is quite similar to a regular file system restore. In the SEP sesam restore wizard you can choose between VMware and file system view. In the VMware view files are grouped by VM even if the files belonging to a VM are on different storage locations. In file system view you can see all files as they are stored on disk.

Restore Wizard tab Tasks


Restore Wizard tab Files


Restore Wizard tab Start

Restore options

Original tree structure
If set, all files are restored in the same directory hierarchy as they were saved. If not set, all files are restored into the selected target path without their directory names. This option can be useful if you want to restore a VM spanning over several storage locations into one place.

Attention: In this case you will need to adopt VM config file (*.vmx) before you can start the restore.

Recover after restore
Register the VM after restore on ESX Server and with it in Virtual Center
Recover and online
Register and start the VM and bring it online


Check the current state of VM

Before and during restore no checks are made if an existing VM in the restore area is online. You have to check the current state before you start the restore.

Troubleshooting

Problem

VMWare vSphere Farm in the Sesam GUI not browsable

  • STATUS=ERROR MSG=Error: VI SDK invoke exception:java.security.AccessControlException: access denied ("java.net.SocketPermission" "server.local.tld:443" "connect,resolve") type:RemoteException

Reason

  • VMware vCenter can't communicate with SEP sesam over Port 443. Missing port permissions in the file "<sesam_install_dir>/var/ini/sm_java.policy".

Solution

  • Edit the file "<sesam_install_dir>/var/ini/sm_java.policy" and add the line in //NET section:
 // NET
 permission java.net.SocketPermission "*:443", "connect,accept,resolve";


Connect a SCSI device to a VM

  • Enable Passthrough at Configuration -> Advanced Settings and restart the ESX server.


Attention: *** IMPORTANT ***
If Passthrough is grayed out and not selectable, either the passthrough function of PCI devices in BIOS has to be enabled or the mainboard does not support this feature. The following should be checked in BIOS:
  • Intel VT for Directed I/O -> Enab.
  • Interrupt Remapping -> Enab.
  • Coherency Support -> Disab.
  • ATS Support -> Enab.
  • Pass-trough DMA-Support -> Enab.


Attention: *** IMPORTANT ***
!!Paravirtualization is not supported!!

Finally, you have to do the following steps:

  1. Add a new PCI device in config of the VM.
  2. The passthrough adapter should be selectable now and has to be chosen.
  3. Now the controller with all connected devices is going to be passed through to the VM.
  4. The native driver of the controller has to be installed at the guest OS.


Attention
  • The SCSI controller can only be used once with the passthrough method.
  • Additionally, be aware that no more snapshots my be created for this VM.

Further Links/Literature