Protecting multiple machines manually
The protecting procedure requires the following tasks be completed before you begin:
- The Rapid Recovery Agent has been deployed and installed on the machine you want to protect.
- The machine you want to protect was restarted after the Agent installation.
- A repository has been created and is accessible from the Rapid Recovery Core.
Use this procedure to manually specify details for multiple machines that you want to protect simultaneously using the Agent software. The details identify each machine on the network uniquely, and include connection information and credentials. This approach is often used when protecting Linux machines. However, using this process, you can protect only Windows machines, only Linux machines, or a combination of both.
- From the Rapid Recovery Core Console button bar, click the Protect drop-down menu, and then select Protect Multiple Machines.
The Protect Multiple Machines Wizard opens.
- On the Welcome page, select one of the follow installation options:
- Click Next.
- On the Connection page of the wizard, from the Source drop-down list, select Manually.
- Click Next.
- On the Select Machines page, for each machine you want to protect, enter the machine details in the dialog box. Press Enter to separate information for each machine you want to add. Use the format
hostname::username::password::port. The port setting is optional. The default port for installing Agent on Windows machines is 8006. For Linux machines, the default port is number 22 (SSH port). Examples include:
- Click Next.
If the Protection page appears next in the Protect Multiple Machines Wizard, skip to step 11.
If the Agent software is not yet deployed to the machines you want to protect, or if any of the machines you specified cannot be protected for another reason, then the selected machines appear on the Warnings page.
- Optionally, on the Machines Warnings page, you can verify any machine by selecting the machine and then clicking Verify in the toolbar.
- Optionally, on the Machines Warnings page, select After Agent installation, restart the machines automatically.
Caution: Quest recommends this option. You must restart agent machines before they can be protected. Restarting ensures that the Agent service is running, and that proper kernel module is used to protect the machine, if relevant.
- If the status indicates that the machine is reachable, click Next to install the Agent software.
The Protection page appears.
- Optionally, on the Protection page, if you want a name other than the IP address to display in the Rapid Recovery Core Console for this protected machine, then in the Display name field, type a name in the dialog box.
You can enter up to 64 characters. Do not use the special characters described in the topic prohibited characters. Additionally, do not begin the display name with any of the character combinations described in the topic prohibited phrases.
- Select the appropriate protection schedule settings as described below:
- To use the default protection schedule, in the Schedule Settings option, select Default protection (hourly snapshots of all volumes).
With a default protection schedule, the Core will take snapshots of all volumes on the protected machine once every hour. To change the protection settings at any time after you close the wizard, including choosing which volumes to protect, go to the Summary page for the specific protected machine.
- To define a different protection schedule, in the Schedule Settings option, select Custom protection.
Schedule options are added to the wizard workflow.
- Proceed with your configuration as follows:
- If you selected a Typical configuration for the Protect Machine Wizard in step 2 and specified default protection, then click Finish to confirm your choices, close the wizard, and protect the machine you specified.
- If you selected Advanced configuration for the Protect Machine Wizard in step 2, and default protection, then click Next to see repository and encryption options.
- If you selected a Typical configuration for the Protect Machine Wizard and specified custom protection, then click Next and continue to step 14 to choose which volumes to protect.
- If you selected Advanced configuration for the Protect Machine Wizard in step 2, and default protection, then click Next and proceed to step 16 to see repository and encryption options.
- On the Protection Volumes page, select which volumes you want to protect. If any volumes are listed that you do not want to include in protection, click in the Check column to clear the selection. Then click Next.
NOTE: Typically, it is good practice to protect, at minimum, the System Reserved volume and the volume with the operating system (typically the C drive).
- On the Protection Schedule page, define a custom protection schedule and then click Next. For details on defining a custom protection schedule, see Creating custom protection schedules in Simple Mode.
- On the Repository page, select the repository you want to use to store recovery points for this machine, and then click Next.
- On the Encryption page, do one of the following:
- If you want to use encryption keys for data stored in the repository, select Encrypt the data at rest in a repository, and then do one of the following:
- To select an existing encryption key to apply to all new data stored in your repository, select Encrypt data using Core-based encryption with an existing key, and from the Select encryption key drop-down menu, select the encryption key.
- To define a new encryption key at this time to apply to all future data stored in your repository, select Encrypt data using Core-based encryption with a new key, and then enter information about the key as described in the table below:
Table 64: Define new encryption key
||Enter a name for the encryption key.
Encryption key names must contain between 1 and 64 alphanumeric characters. Do not use prohibited characters or prohibited phrases.
||Enter a descriptive comment for the encryption key. This information appears in the Description field when viewing a list of encryption keys in the Rapid Recovery. Descriptions may contain up to 254 characters.
Best practice is to avoid using prohibited characters and prohibited phrases.
||Enter a passphrase used to control access.
Best practice is to avoid using prohibited characters.
Record the passphrase in a secure location. Quest Data Protection Support cannot recover a passphrase. Once you create an encryption key and apply it to one or more protected machines, you cannot recover data if you lose the passphrase.
||Re-enter the passphrase. It is used to confirm the passphrase entry. |
- If you want to encrypt all data that transports over a network, select Encrypt the data in transport over a network.
NOTE: This option is enabled by default, so if you do not want to encrypt data in this fashion, clear this option.
- Click Finish to save and apply your settings.
NOTE: The first time protection is added for a machine, a base image (that is, a snapshot of all the data in the protected volumes) transfers to the repository indicated in your Rapid Recovery Core following the schedule you defined, unless you specified that the Core should initially pause protection. For information on pausing and resuming protection, see Pausing and resuming protection.
The Rapid Recovery Agent software is deployed to the specified machines, if necessary, and the machines are added to protection on the Core.
Monitoring the protection of multiple machines
You can monitor the progress as Rapid Recovery applies the protection polices and schedules to the machines.
- In the Rapid Recovery Core Console, navigate to the Rapid Recovery Home page and then click (Events).
The Events page displays, broken down by Tasks, Alerts, and Events. As volumes are transferred, the status, start times, and end times display in the Tasks pane.
You can also filter tasks by status (active, waiting, completed, queued, and failed). For more information, see Viewing tasks.
NOTE: To only see tasks that are waiting to be performed, make sure that you select the (Waiting Tasks) icon.
As each protected machine is added, an alert is logged, which lists whether the operation was successful or if errors were logged. For more information, see Viewing alerts.
For information on viewing all events, see Viewing a journal of all logged events.
Enabling application support
After a VM has been placed under agentless protection, you can support the Exchange or SQL application installed on that machine.
Before you begin, the following prerequisites must be in place.
- Protect the VM with the Rapid Recovery Core. The option to enable application support is not available during the protection process. The button to enable this capability is displayed on multiple pages in the UI after the SQL or Exchange machine is placed under protection. For more information, see Protecting vCenter/ESXi virtual machines using agentless protection or Protecting Hyper-V virtual machines using host-based protection.
- Enable remote WMI access. To allow WMI access, you must install and configure Windows Remote Management on the target virtual machine (VM). For more information, see the Microsoft knowledge base article at https://msdn.microsoft.com/en-us/library/aa384372(v=vs.85).aspx.
- Grant administrative rights remotely to local users. Configure LocalAccountTokenFilterPolicy by running the following administrative command prompt:
- Obtain WMI root namespace access authorization. For the Core to connect to applications without the Agent, the VM must allow incoming network traffic on TCP ports 135 and 445, and to dynamically assigned ports 1024 to 1034.
- Allow remote access to SQL Server and Exchange. This prerequisite varies depending on the application you want to support.
- SQL: Configure the Windows Firewall by opening ports 1433 and 1434.
- Exchange: Open the TCP and UDP 389 ports.
- Integrate the guest with the host. Integration is done by installing the optimization package specific to the hypervisor:
- For ESXi VMs, use VMware Tools, which are required for agentless ESXi VM protection.
- For Hyper-V, use the Integration Services bundle, which is preinstalled on most Windows Server operating systems.
Complete the following steps to enable application support for agentlessly protected VMs.
- From the Core Console, go to the Machines page.
- Complete one of the following actions:
- To enable application support for single VM, click the Actions menu for that VM, and then click Enable application support.
- To enable application support for multiple VMs simultaneously, select the VMs, click the Application Support drop-down, and then click Enable application support.
- In the Edit Application Support dialog, enter the credentials for the VM.
A green icon is displayed next to the name of the protected machine for which application support is enabled.
If you want to add application credentials, you can do so by clicking SQL or Exchange at the top of the Summary page for the specific machine.
Settings and functions for protected Exchange servers
If you are protecting a Microsoft Exchange Server in your Core, there are additional settings you can configure in the Rapid Recovery Core Console, and there are additional functions you can perform.
A single setting, Enable automatic mountability check, is available in the Core Console related to Exchange Server. If enabled, Exchange server mountability checks are conducted automatically. This setting is available when the status for the protected machine is green (active) or yellow (paused).
For more information, see About Exchange database mountability checks.
You can also perform a mountability check on demand, from the Recovery Points pane on a protected Exchange server machine. For more information, see Forcing a mountability check of an Exchange database.
Following are functions you can perform for an Exchange server protected by the Core.
- Specify Exchange server credentials. Rapid Recovery Core lets you set credentials so the Core can authenticate to the Exchange server to obtain information.
For more information about setting credentials for Exchange servers, see Setting credentials for an Exchange server machine.
- Truncate Exchange logs. When you force log truncation of Exchange server logs, this process identifies the available space and reclaims space on the protected Exchange server.
For more information about truncating Exchange server logs on demand, see Forcing log truncation for an Exchange machine. This process can also be performed as part of the nightly jobs.
- Force a mountability check of an Exchange database. This function checks that Exchange databases are mountable, to detect corruption and alert administrators so that all data on the Exchange server can be recovered successfully.
For more information about forcing a mountability check on demand, see Forcing a mountability check of an Exchange database.
You can also force a mountability check to occur automatically after each snapshot. For more information about mountability checks, see About Exchange database mountability checks.
- Force a checksum check of Exchange Server recovery points. This function checks the integrity of recovery points containing Exchange database files.
For more information about forcing a checksum check on demand, see Forcing a checksum check of Exchange database files.
You can truncate Exchange logs and force a checksum check as part of nightly jobs. For more information about the tasks you can schedule as nightly jobs, see Understanding nightly jobs. For information on configuring nightly jobs, see Configuring nightly jobs for the Core.