Post on 16-May-2020
transcript
Symantec Backup Exec™ Blueprints - Agent for Windows 1
Symantec Backup Exec Blueprints Blueprint for Agent for Windows
Backup Exec Technical Services Backup & Recovery Technical Education Services
Symantec Backup Exec™ Blueprints - Agent for Windows 2
Notice
This Backup Exec Blueprint presentation includes example diagrams that contain objects that represent applications and platforms from other companies such as Microsoft and VMware. These diagrams may or may not match or resemble actual implementations found in end user environments. Any likeness or similarity to actual end user environments is completely by coincidence.
The goal of the diagrams included in this blueprint presentation is not to recommend specific ways in which to implement applications and platforms from other companies such as Microsoft and VMware, but rather to illustrate Backup Exec best practices only.
For guidelines and best practices on installing and configuring applications and platforms from other companies, please refer to best practice documentation and other resources provided by those companies.
Symantec Backup Exec Blueprints Preface/disclaimer
Symantec Backup Exec™ Blueprints - Agent for Windows 3
Backup Exec Blueprints: How to Use Getting the most out of Backup Exec blueprints
• These Blueprints are designed to show customer challenges and how Backup Exec solves these challenges.
• Each Blueprint consists of:
‒ Pain Points: what challenges customers face
‒ Whiteboard: Shows how Backup Exec solves the customer challenges
‒ Recommended Configuration: Shows recommended installation
‒ Do’s: Gives detailed configurations suggested by Symantec
‒ Don'ts: What configurations & pitfalls customers should avoid
‒ Advantages: Summarizes the Backup Exec advantages
• Use these Blueprints to:
‒ Understand the customer challenges and how Backup Exec solves them
‒ Present the Backup Exec best practice solution
Pain Points
4 Symantec Backup Exec™ Blueprints - Agent for Windows
Symantec Backup Exec™ Blueprints - Agent for Windows 5
Backup Exec Blueprints: Agent for Windows Agentless backups
1 Network Impact Backup server processes full backup load High network “chatter” between server, client(s) Potential for high network impact Potential performance inhibitor
2 Recovery Obstacles Difficult to recover granular application or file data Commonly requires multiple manual steps Not optimized for recovery
3 Management Headaches Can increase overall cost of ownership Some solutions use “dissolvable” agents during recovery “Dissolvable” agents can impact data integrity Troubleshooting is more complex
Pain Points: Agentless Backup Methods
Introduction
6 Symantec Backup Exec™ Blueprints - Agent for Windows
Symantec Backup Exec™ Blueprints - Agent for Windows 7
• Backup Exec Agent for Windows
– Installs as a separate add-on component
– Enables simplified backup and restore of remote Windows Servers
– Optimizes data protection processes in network environments
– Supports Windows servers and workstations
– Improves performance, reduces network “chatter”
Backup Exec Blueprints: Agent for Windows Introduction
Remote Windows Client
Agent for Windows
Symantec Backup Exec™ Blueprints - Agent for Windows 8
• Performance Optimization – Provides high-performance data protection for remote Windows servers
– NDMP technology performs source-level compression and distributed processing at the client-level
– Support for 32-bit and 64-bit Windows servers
• Open File Protection – Open files protected using built-in Advanced Open File capability
– VSS integration provides Microsoft best-practice alignment
• Powerful Data Deduplication – Client-level data deduplication support built in
– Reduces amount of data sent to backup server
• Simplified Disaster Recovery Technology – Saves time by automating manual, error-prone recovery processes
Backup Exec Blueprints: Agent for Windows Overview
Whiteboards and Diagrams
9 Symantec Backup Exec™ Blueprints - Agent for Windows
Symantec Backup Exec™ Blueprints - Agent for Windows 10
Backup Exec Blueprints: Agent for Windows Installation Requirements
Network
Backup Exec
Agent for Windows
Windows Client
• Windows 2012/R2
• Windows 8/8.1
• Windows 2008 SP2/R2
• Windows 2008 Core /R2
• Windows SBS 2008/2011
• Windows EBS 2008
• Windows 2003 SP2/R2
• Windows Vista
• Windows 7
OS
Intel Pentium, Xeon, AMD, or compatible
Processor
512 MB RAM
RAM
188 MB
Hard Disk Space
Local administrator rights
Privileges
Application/Platforms
Microsoft .NET 2.0 SP2, MSXML 6.0
A list of compatible platforms and applications can be found here: http://entsupport.symantec.com/umi/V-269-1
Backup Exec Blueprints: Agent for Windows Operational capabilities
Symantec Backup Exec™ Blueprints - Agent for Windows 11
Agent for Windows
Backup Exec
Beremote.exe
Media Server
Bengine.exe
Agent for Windows:
• Gathers data
• Compresses the data into Microsoft Tape Format (MTF)
• Provides software compression
• Provides software encryption
Windows Server
Agent for Windows
Backup Exec Blueprints: Agent for Windows Media Server Architecture
Symantec Backup Exec™ Blueprints - Agent for Windows 12
Backup Exec
User Interface
Agent for Windows:
• Provides “browse interface” for Backup Exec Interface
• Data source and sink for backup and restore
• An NDMP Data Server (sort of)
• NDMP = Network Data Management Protocol
• The protocol is greatly extended
• Used on both a media server and application servers
BE Console BEMCLI
Configuration & Control
Management Service and BESERVER BEDB
Data Mover
BENGINE
Tap
e Fo
rmat
Cat
alo
gs
Catalog Files
BE Remote
NTF
S
Agent
SQL
SPS
OR
AC
LE
DB
2
EV
Lotu
s
……
….
Applications
SQL Exchange SharePoint
Backup Exec Blueprints: Agent for Windows Data Browse and Job Definition
Symantec Backup Exec™ Blueprints - Agent for Windows 13
Backup Exec
User Interface
BE Console
Configuration & Control
Management Service and BESERVER BEDB
Data Mover
BENGINE
Tap
e Fo
rmat
Cat
alo
gs
Catalog Files
BE Remote
NTF
S
Agent
SQL
SPS
OR
AC
LE
DB
2
EV
Lotu
s
……
….
Applications
SQL Exchange SharePoint
BE Remote
NTF
S
Agent
SQL
SPS
OR
AC
LE
DB
2
EV
Lotu
s
……
….
Applications
Exchange
User Interface connects to Management Service
Management Service connects to Agent on the Media Server
Agent on the Media Server connects to the Agent on the Remote Server to browse backup
User Interface saves job definition to BESERVER
BESERVER saves configuration to BEDB
1
2
3
4
5
1
2
3
4
5
Windows Server
Backup Exec Blueprints: Agent for Windows Backup to Disk
Symantec Backup Exec™ Blueprints - Agent for Windows 14
Backup Exec
User Interface
BE Console
Configuration & Control
Management Service and BESERVER BEDB
Data Mover
BENGINE
Tap
e Fo
rmat
Cat
alo
gs
Catalog Files
BE Remote
NTF
S
Agent
SQL
SPS
OR
AC
LE
DB
2
EV
Lotu
s
……
….
Applications
SQL Exchange SharePoint
BE Remote
NTF
S
Agent
SQL
SPS
OR
AC
LE
DB
2
EV
Lotu
s
Exch
ange
Applications
Exchange
Job to backup remote sever is set up on the Media Server
BE SERVER sends job to BENGINE
BENGINE connects to Media Server Agent
Media Server Agent sends data to BENGINE
BENGINE connects to Remote Server Agent
Remote Server Agent sends data to Machine A BE Remote (for GRT)
1
2
3
4
5
1
2
3 4
5
PDI Files
6
6
Windows Server
Backup Exec Blueprints: Agent for Windows Restore Workflow
Symantec Backup Exec™ Blueprints - Agent for Windows 15
Backup Exec
User Interface
BE Console
Configuration & Control
Management Service and BESERVER BEDB
Data Mover
BENGINE
Tap
e Fo
rmat
Cat
alo
gs
Catalog Files
BE Remote
NTF
S
Agent
SQL
SPS
OR
AC
LE
DB
2
EV
Lotu
s
……
….
Applications
SQL Exchange SharePoint
BE Remote
NTF
S
Agent
SQL
SPS
OR
AC
LE
DB
2
EV
Lotu
s
……
….
Applications
Exchange
User Interface connects to catalogs via Management Service
Catalogs connects to Agent on the Media Server
Agent opens PDI files for browse
User Interface saves job definition to BESERVER
BESERVER saves configuration to BEDB
BE SERVER sends job to BENGINE
BENGINE connects to Agent on the Media Server
BENGINE connects to Agent on the Remote Server
Agent on the Media Server sends data to the Agent on the Remote Server (for GRT restore)
1
2
3
4
5
1
2
3
5
PDI Files
4
6
7
8
9
6
7
8
9
Windows Server
Backup Exec Blueprints: Agent for Windows Pre-Backup Exec 2010 R3 Connections
Symantec Backup Exec™ Blueprints - Agent for Windows 16
Backup Exec
Original Data Connection
MITM Connection
Media Server
Job Engine
Bengine.exe
Remote Server
AWS
Beremote.exe
MITM = Man in the Middle
Attacker
Windows Server
Backup Exec Blueprints: Agent for Windows Secured Connections with SSL encryption in BE 2010 R3 and onwards
Symantec Backup Exec™ Blueprints - Agent for Windows 17
Backup Exec
Data Connection
Control Connection
Media Server
Job Engine
Bengine.exe
Remote Server
AWS
Beremote.exe
The control connection between the Media Server and remote agent is encrypted
• Supplements existing data encryption, does not replace it
• Does not encrypt the data connection
• If data connection encryption is desired, select software based encryption in the job options
Each Backup Exec media server is its own Certificate Authority (CA)
• A CA has the power to sign certificates, thereby establishing identity and trust for media servers and remote agents.
Windows Server
Backup Exec Blueprints: Agent for Windows Secured Connections with SSL encryption: TLS trust establishment
Symantec Backup Exec™ Blueprints - Agent for Windows 18
Backup Exec
TLS Connection
When a Media Server is installed, it will automatically generate a public/private key pair then create and sign a root certificate for itself.
It will then generate another public/private key pair to use for secure connections. Using this, it will ask its own CA to sign a new certificate made from this public key. This is called the TLS certificate.
The first time a Media Server talks to a remote agent, a TLS connection is attempted and fails because the remote agent doesn’t have a TLS certificate that is signed by the media server’s CA.
The user is asked to physically validate that the remote agent is in fact the computer he wishes to contact.
Once affirmed, the remote agent will generate a public/private key pair, followed by a Certificate Signing Request (CSR) that contains the remote agent’s identification info and public key. The Media Server will sign this and return the result as a TLS certificate for the agent.
When a remote agent is push-installed from a media server, the installer generates the agent certificates, gets them signed by the media server’s CA, and installs them into the certificate store of the agent.
1
2
3
4
5
6
1 2
3
4
Certificate Authority [CA]
5
6
Windows Server
Backup Exec Blueprints: Agent for Windows VSS Requestor
Symantec Backup Exec™ Blueprints - Agent for Windows
Writers Volume Shadow Copy Service Requestor
Provider Exchange
SQL
Active Directory
SharePoint
Operating System, Storage Array or System Provider
……………………..
Backup Network (10 Gigabit)
Production Network (10 Gigabit)
Backup Exec Windows Server
19
Backup Exec Blueprints: Agent for Windows Port and firewalls
Symantec Backup Exec™ Blueprints - Agent for Windows 20
Backup Exec
Firewall
• When a Backup Exec server connects to a remote system, the connection is initiated on port 10000.
o By default, AWS listens for connections on this port.
• AWS initiates control connections and data connections.
o This can be adjusted to use a specific range of ports to isolate traffic.
Windows Server
Backup Exec Blueprints: Agent for Windows Agentless or Agent-based protection – You Decide
Symantec Backup Exec™ Blueprints - Agent for Windows 21
Use an Agent
• For all Physical Windows Server • On any virtual machines on which you
want to use GRT • Unless true agent-based backup method is
being used, Simplified Disaster Recovery and related features do not apply to virtual backups
• Little or no I/O impact • Optimize for recoverability
• Restore an entire guest • Restore granular data • Restore granular application data
Go Agentless
Windows Server
• Optimized for virtual performance • Restore an entire virtual guest • Integrated Management View with
vStorage API • Virtual Machines Usually Protected
Through Image-based Backups (Agent-less)
Backup Exec Blueprints: Agent for Windows Agent installation on VM’s - Simplified
Symantec Backup Exec™ Blueprints - Agent for Windows
• New mechanism that allows users to enumerate available virtual machines on an ESX or Hyper V host and install AWS on them in bulk
• Note: VMWare Tools should be installed before you install the Agent for Windows on a guest virtual machine if you intend to use the Backup Exec VSS provider
22
Do…
23 Symantec Backup Exec™ Blueprints - Agent for Windows
Symantec Backup Exec™ Blueprints - Agent for Windows 24
Best Practices: Agent for Windows Do the following…
• Use the Update feature on the Backup and Restore tab to update the Agent for Windows on remote computers with the same patches that were installed on the Backup Exec server
– Option to Run immediately or with a schedule
– LiveUpdate does not update the Agent for Windows on remote computers.
Symantec Backup Exec™ Blueprints - Agent for Windows 25
Best Practices: Agent for Windows Do the following…
• Purchase the Agent for Windows separately, and it must be running on the remote computer to perform disaster recovery of the remote computer
• Install the Backup Exec Agent for Windows on any virtual machines on which you want to use Backup Exec's Granular Recovery Technology (GRT)
– Install the VMware Tools before you install the Agent for Windows on the guest virtual machine to use GRT
• Promote remote systems with larger data footprints to Media Servers that:
– Use locally attached storage devices
– Keep data loads off the network
Symantec Backup Exec™ Blueprints - Agent for Windows 26
Best Practices: Agent for Windows Do the following…
• Subdivide the remote computers that are enabled for direct access sharing among the servers that host the deduplication disk storage folders to best optimize several managed Backup Exec servers at a single site
– For example, a large site with two managed Backup Exec servers and 10 remote computers should split the remote computers evenly between the managed Backup Exec servers
• Limit the sharing of remote computers that are enabled for direct access sharing with other Backup Exec servers that use deduplication disk storage
– This prevents duplicate data from being hosted on multiple backup servers
• Update the Backup Exec Agent Utility whenever Oracle database instance information changes
– If credential information is not updated, you may receive an Unable to attach to a resource... error during backup
Symantec Backup Exec™ Blueprints - Agent for Windows 27
Best Practices: Agent for Windows Do the following…
• Windows Resource Protection (WRP) prevents backup and restore jobs from functioning normally on computers that run Windows Vista/Server 2008/8/8.1/2012/2012 R2
– Although Backup Exec can complete backup and restore jobs, performance may suffer. Refer to the following Microsoft article for more information and to obtain a hot fix that resolves this issue:
http://support.microsoft.com/kb/935606
– Because WRP affects the Windows Installer, you should install the hot fix before you install Backup Exec agents or options on a computer that runs Windows Vista.
Do not…
28 Symantec Backup Exec™ Blueprints - Agent for Windows
Symantec Backup Exec™ Blueprints - Agent for Windows 29
Best Practices: Agent for Windows Do not do the following…
• Do Not install the Agent for Windows on a volume that has been enabled for deduplication in Windows
– Microsoft does not support this configuration. However, if you install the Agent for Windows on a volume and then enable it for deduplication in Windows, Backup Exec functions normally.
• Do Not install the Agent for Windows on a ReFS volume
– Microsoft does not support this configuration. However, if you install the Agent for Windows on a volume and then convert it to ReFS, Backup Exec functions normally.
• Don’t push-install the Agent for Windows when the remote computer is in the ForceGuest configuration
• Symantec recommends that you do not install a Backup Exec server or the Agent for Windows on a Cluster Shared Volume
– These configurations are not support
• Push-installation by mapped drives is not supported; install using a UNC path
Symantec Backup Exec™ Blueprints - Agent for Windows 30
Backup Exec Blueprints: Final Thoughts Four powerful technologies wrapped into one agent
Backup Network (10 Gigabit)
Production Network (10 Gigabit)
Backup Exec
Agent for Windows
Windows Server
• Provides high-performance data protection for remote Windows servers and includes Open File protection and Simplified Disaster Recovery
• Optimizes data transfers for 32-bit and 64-bit remote Windows servers with exclusive NDMP technology that provides source-level compression and distributed processing at the client
• Open files are protected with the Advanced Open File capability built into the Agent for Windows
– Integrates with VSS to protect open files in multiple volumes and ensures files on local or remote servers are protected while in use
• Provides Simplified Disaster Recovery feature which saves time by automating the traditional manual, error-prone process of system recovery
• With four powerful technologies wrapped into one agent, users truly have complete data and system protection for every remote Windows server
Symantec Backup Exec™ Blueprints - Agent for Windows 31
Thank You!
Backup Exec Product Management