+ All Categories
Page 1: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Cloud Backup and Recovery

User Guide

Issue 04

Date 2020-04-08


Page 2: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without priorwritten consent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei andthe customer. All or part of the products, services and features described in this document may not bewithin the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,information, and recommendations in this document are provided "AS IS" without warranties, guaranteesor representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. i

Page 3: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.


1 Vault Management................................................................................................................. 11.1 Querying a Vault..................................................................................................................................................................... 11.2 Deleting a Vault....................................................................................................................................................................... 41.3 Dissociating a Resource.........................................................................................................................................................51.4 Expanding a Vault................................................................................................................................................................... 61.5 Changing Vault Specifications............................................................................................................................................ 61.6 Replicating a Vault..................................................................................................................................................................71.7 Managing Vault Tags............................................................................................................................................................. 91.8 Managing the Enterprise Projects of Vaults................................................................................................................ 11

2 Backup Management........................................................................................................... 122.1 Querying a Backup............................................................................................................................................................... 122.2 Sharing a Backup.................................................................................................................................................................. 142.3 Deleting a Backup................................................................................................................................................................ 152.4 Using a Backup to Create an Image.............................................................................................................................. 162.5 Using a Backup to Create a Disk..................................................................................................................................... 182.6 Using a Backup to Create a File System....................................................................................................................... 192.7 Replicating a Backup (Across Regions)......................................................................................................................... 202.8 Enabling Application-Consistent Backup...................................................................................................................... 222.8.1 Overview...............................................................................................................................................................................222.8.2 Changing a Security Group............................................................................................................................................ 242.8.3 Installing the Agent.......................................................................................................................................................... 262.8.4 Creating an Application-Consistent Backup.............................................................................................................322.8.5 Uninstalling the Agent.....................................................................................................................................................33

3 Policy Management.............................................................................................................. 353.1 Creating a Backup Policy.................................................................................................................................................... 353.2 Modifying a Policy................................................................................................................................................................ 393.3 Deleting a Policy................................................................................................................................................................... 413.4 Binding a Vault to a Policy................................................................................................................................................ 413.5 Unbinding a Vault from a Policy..................................................................................................................................... 42

4 Restoring Data....................................................................................................................... 444.1 Restoring Data Using a Cloud Server Backup.............................................................................................................444.2 Restoring Data Using a Cloud Disk Backup.................................................................................................................46

Cloud Backup and RecoveryUser Guide Contents

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. ii

Page 4: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

4.3 Restoring Data Using a Hybrid Cloud Backup............................................................................................................ 47

5 Managing Tasks..................................................................................................................... 48

6 Auditing................................................................................................................................... 49

7 Quotas......................................................................................................................................51

A Appendix................................................................................................................................. 53A.1 Agent Security Maintenance............................................................................................................................................ 53A.1.1 Changing the Password of User rdadmin................................................................................................................. 53A.1.2 Changing the Password of the Account for Reporting Alarms (SNMP v3).................................................. 54A.1.3 Replacing the Server Certificate...................................................................................................................................56A.1.4 Replacing CA Certificates............................................................................................................................................... 58A.2 Change History...................................................................................................................................................................... 60

Cloud Backup and RecoveryUser Guide Contents

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. iii

Page 5: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

1 Vault Management

1.1 Querying a VaultYou can set search criteria for querying desired vaults in the vault list.

PrerequisitesA vault has been created.

Viewing Vault Details

Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 View the basic information about the desired vault. Related parameters aredescribed in the following table.

Table 1-1 Basic information parameters

Parameter Description

Name/ID Name and ID of the vault. Click the vault name to viewdetails about the vault.

Type Vault type

Status Vault status. Table 1-2 describes the vault statuses.

Cloud Backup and RecoveryUser Guide 1 Vault Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 1

Page 6: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Parameter Description

Specifications Vault specifications, which can be server backup andapplication-consistent backup● A server backup vault stores backups of common

servers.● An application-consistent backup vault stores backups

of database servers.

Vault Capacity(GB)

Vault capacity, which displays the capacity of the vault andthe capacity used by backups in the vault.For example: If 20/100 is displayed, 20 GB has been usedout of the 100 GB vault capacity.

Associated Servers/File Systems/Disks

Number of servers/file systems/disks associated with thevault. You can click the number to view details of anassociated resource.

Step 3 On any backup page, click the Vaults tab and set filter criteria to view the vaults.

● Select a value from the status drop-down list to query vaults by status. Table1-2 describes the vault statuses.

Table 1-2 Vault statuses

Status StatusAttribute



-- All vaults are displayed if this value is selected.

Available A stablestate

A stable state after a vault task is complete.This state allows various operations.

Locked Anintermediate state

An intermediate state when the capacityexpansion, billing mode change, or specificationschange operation is in progress.In this state, you cannot expand the vaultcapacity, change the billing mode, or change thevault specifications. However, you can performother operations, such as binding policies andassociating servers, file systems, or disks. Afterthe capacity expansion, billing mode change, orspecifications change operation is complete, thevault status becomes Available.

Cloud Backup and RecoveryUser Guide 1 Vault Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 2

Page 7: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Status StatusAttribute


Deleting Anintermediate state

An intermediate state when a vault is beingdeleted.In this state, a progress bar is displayedindicating the deletion progress. If the progressbar remains unchanged for an extended time, anexception has occurred. Contact customerservice.

Frozen A stablestate

If your resources enter a retention period in thecase that your package expires or your account isin arrears, or if the resources do not meetsecurity requirements, a vault is in the Frozenstate.If the resource is frozen due to arrears, the statewill become Available after your account istopped up. Resources can then be used normally.If you do not top up your account in time, thesystem automatically deletes the frozen resourceafter the retention period expires. If the resourceis frozen due to security reasons, contactcustomer service.

Error A stablestate

A vault enters the Error state when an exceptionoccurs during task execution.You can click Tasks in the navigation tree on theleft to view the error cause. If the error persists,contact customer service.

● Search the vault by its name or ID.● Click Search by Tag in the upper right corner to search for vaults by tag.

– On the Search by Tag tab page that is displayed, enter an existing tag

key and value and click . The added tag search criteria are displayedunder the text boxes. Click Search in the lower right corner.

– You can use more than one tag for a combination search. Each time after

a key and a value are entered, click . The added tag search criteria aredisplayed under the text boxes. When more than one tag is added, thetags will be applied together for a combination search. A maximum of 10tags can be added at a time.

– You can click Reset in the lower right corner to reset the search criteria.

Step 4 Click the vault name to view details about the vault.

Cloud Backup and RecoveryUser Guide 1 Vault Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 3

Page 8: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.


For the values of used capacity and backup space, only the integer part is maintained, andthe decimal part is rounded off. For example, the used backup space is displayed as 0 GB,but the backup space that has actually been used might be 0.2 GB.


1.2 Deleting a VaultYou can delete unwanted vaults to reduce space usage and costs.

Only pay-per-use vaults can be deleted. Yearly/monthly vaults need to beunsubscribed.

All backups stored in the vault will be deleted once you delete a vault. Therefore,exercise caution when performing this operation.

Prerequisites● At least one vault exists.● The vault is in the Available or Error state.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 On any backup page, locate the vault to be deleted and choose More > Delete inthe Operation column. See Figure 1-1. All backups stored in the vault will bedeleted once you delete a vault. Exercise caution when performing this operation.

Figure 1-1 Deleting a vault

Cloud Backup and RecoveryUser Guide 1 Vault Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 4

Page 9: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Step 3 Click Yes.


1.3 Dissociating a ResourceIf an associated server or disk does not need to be backed up, you can dissociate itfrom the vault.

After a resource is dissociated from a vault, the automatic backup policies of thevault no longer have any effect on the resource. In addition, all manual andautomatic backups of the resource will be deleted. The deleted backup cannot beused for data restoration. Exercise caution when performing this operation.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 On any backup page, locate the target vault and click the vault name.

Step 3 Click the Associated Servers or Associated Disks tab. Find the target server ordisk and click Dissociate in the Operation column. See Figure 1-2.

After a resource is dissociated from a vault, the automatic backup and replicationpolicies of the vault no longer have any effect on the resource. In addition, allmanual and automatic backups of the resource will be deleted. The deletedbackup cannot be used for data restoration. Exercise caution when performing thisoperation.

Figure 1-2 Dissociating a server

Step 4 Confirm the information and click Yes.


Cloud Backup and RecoveryUser Guide 1 Vault Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 5

Page 10: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

1.4 Expanding a VaultYou can expand a vault if its total capacity is insufficient. Vault capacity can beexpanded only, but cannot be reduced.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 On any backup page, locate the target vault and choose More > Expand Capacityin the Operation column. See Figure 1-3.

Figure 1-3 Expanding a vault

Step 3 Enter the capacity to be added. The minimum value is 1.

Step 4 Click Next. Confirm the configuration information and click Submit.

Step 5 Return to the vault list and check that the capacity of the vault has beensuccessfully expanded.


1.5 Changing Vault SpecificationsServer backup vaults have two specifications: those for server backups and thosefor application-consistent backups.

Cloud Backup and RecoveryUser Guide 1 Vault Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 6

Page 11: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

● Server backups are backups of common servers.● Application-consistent backups are backups of servers with databases.

If you need to back up a server that contains a database, change the specificationsof the associated vault from server backup to application-consistent backup. Thissection describes the detailed operations.

You can change the specifications of a vault from server backup to application-consistent backup, but not the other way around.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 On the Cloud Server Backup page, locate the target vault. Choose More >Change Specifications in the Operation column of the vault. See Figure 1-4.

Figure 1-4 Changing specifications

Step 3 Set Backup Type to Application-Consistent Backup. Click Next.

Step 4 Click Submit and complete the payment. The system automatically changes thevault specifications.


1.6 Replicating a VaultCBR allows you to replicate a server backup vault, a hybrid cloud backup vault, ora file system backup vault entirely to a replication vault in another region. Replicasof server backups in the destination region can be used to create images and

Cloud Backup and RecoveryUser Guide 1 Vault Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 7

Page 12: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

provision servers. Replicas of file system backups in the destination region can beused to create file systems.

Two replication modes are available for replicating a vault.

● Select a backup vault and manually replicate it.● Configure a replication policy to periodically replicate backups that have not

been replicated or failed to be replicated to the destination region.

Constraints● The replication rate of a single backup is about 80 MB/s. A maximum of eight

backups can be replicated at a time.● Data can be replicated to vaults in different destination regions. Creating

replica will replicate all backups in the source vault to the destination vault.● A server backup vault can be replicated only when it contains at least one

backup that meets all the following conditions:

a. The backup is an ECS backup.b. The backup contains system disk data.c. The backup is in the Available state.

● Only vaults in the current region can be replicated. Replicas cannot bereplicated again but can be used to create images or file systems.

● A backup vault can be replicated to different destination regions. Thereplication rule varies with the replication method:– Manual replication: Backups can be replicated to the destination region

as long as its replica is deleted from that region.– Policy-driven replication: Once a backup has been successfully replicated

to the destination region, it cannot be replicated to that region again,even if its replica has been deleted.

● Only regions with replication capabilities can be selected as destinationregions.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the Vaults tab and find the target backup vault.

Step 3 Click More > Create Replica in the Operation column of the vault. See Figure1-5.

Cloud Backup and RecoveryUser Guide 1 Vault Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 8

Page 13: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Figure 1-5 Creating a replica

Step 4 In the displayed dialog box, set the parameters as described in Table 1-3.

Table 1-3 Parameter description

Parameter Description


Region to which the vault is replicatedOnly regions that support replication will be displayed.● If the selected region contains only one project, you can

directly select the region name.● If the selected region has multiple projects, the master

project of the region is selected by default. You can selectanother project if needed.


A replication vault in the destination region

Step 5 Click OK.

Step 6 After the replication is complete, you can switch to the destination region to viewgenerated replicas. For details, see Querying a Vault. You can then use replicas tocreate images.


1.7 Managing Vault TagsYou can add tags to a vault as well as edit and delete these tags. Vault tags areused to filter and manage vaults only.

Cloud Backup and RecoveryUser Guide 1 Vault Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 9

Page 14: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the name of a vault and select the Tag tab in the displayed vault informationpage.● Adding a tag

a. Click Add Tag in the upper left corner.b. In the dialog box that is displayed, set the key and value of the new tag.

A tag is represented in the form of a key-value pair. Tags are used toidentify, classify, and search for cloud resources. Vault tags are used tofilter and manage vaults only. A vault can have a maximum of 10 tags.Table 1-4 describes parameters of a tag.

Table 1-4 Tag parameter description

Parameter Description ExampleValue

Key Tag key. Each tag of a vault has a uniquekey. You can customize the key or select thekey of an existing tag created in TMS.The naming rules for a tag key are asfollows:

▪ It contains 1 to 36 Unicode characters.

▪ It can contain only letters, digits, hyphens(-), and underscores (_).


Value A tag value can be repetitive or left blank.The naming rules for a tag value are asfollows:

▪ It contains 0 to 43 Unicode characters.

▪ It can contain only letters, digits, hyphens(-), and underscores (_).


c. Click OK.

● Editing a tag

a. In the Operation column of the tag that you want to edit, click Edit.b. In the Edit Tag dialog box that is displayed, modify the tag value. Table

1-4 describes the parameters.

Cloud Backup and RecoveryUser Guide 1 Vault Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 10

Page 15: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

c. Click OK.● Deleting a tag

a. In the Operation column of the tag that you want to delete, click Delete.b. In the dialog box that is displayed, confirm the deletion information.c. Click OK.


1.8 Managing the Enterprise Projects of VaultsIf you need to modify the enterprise project of a vault, go to the EnterpriseManagement page to move the vault from the original enterprise project to anew one.


Step 1 Click Enterprise on the upper right of console page. By default, the Overviewpage of Enterprise Management is displayed.

Step 2 In the navigation pane of the Enterprise Management page, choose EnterpriseProject Management.

Step 3 Locate the enterprise project from which the vault will be removed. Click ViewResources in the Operation column. The Resources tab page is displayed. Youcan view resources in the current enterprise project.

Step 4 Select Single Resource for the removal mode.

Step 5 Select the destination enterprise project to which the vault is to be added and clickOK.

After the vault is removed from the enterprise project, you can view it in theresource list of the destination enterprise project.


Cloud Backup and RecoveryUser Guide 1 Vault Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 11

Page 16: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

2 Backup Management

2.1 Querying a BackupWhen a backup task is running or completed, you can set search criteria to filterbackups from the backup list and view backup details.


A backup task has been created.

Viewing Backup Details

Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.

3. Choose Storage > Cloud Backup and Recovery. Select a tab from the leftnavigation pane.

Step 2 On any backup page, click the Backups tab and set filter criteria to view thebackups.

● You can search for backups by selecting a state from the All statuses drop-down list in the upper right corner of the backup list. Table 2-1 describes thebackup states.

Table 2-1 Backup states

Status StatusAttribute



-- All backups are displayed if this value isselected.

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 12

Page 17: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Status StatusAttribute


Available A stablestate

A stable state of a backup after the backup iscreatedThis state allows various operations.

Creating Anintermediate state

An intermediate state of a backup from thestart of a backup job to the completion of thebackup job.In the Tasks list, a progress bar is displayed fora backup task in this state. If the progress barremains unchanged for an extended time, anexception has occurred. Contact customerservice.

Restoring Anintermediate state

An intermediate state when using the backup torestore data.In the Tasks list, a progress bar is displayed fora backup task in this state. If the progress barremains unchanged for an extended time, anexception has occurred. Contact customerservice.

Deleting Anintermediate state

An intermediate state from the start of deletingthe backup to the completion of deleting thebackup.In the Tasks list, a progress bar is displayed fora backup task in this state. If the progress barremains unchanged for an extended time, anexception has occurred. Contact customerservice.

Error A stablestate

A backup enters the Error state when anexception occurs.A backup in this state cannot be used forrestoration, and must be deleted manually. Ifmanual deletion fails, contact customer service.

● You can search for backups by clicking Advanced Search in the upper right

corner of the backup list.You can search by backup status, backup name, backup ID, server name,server ID, server type, and the creation date.

● You can search for backups by selecting a project from the All projects drop-down list in the upper right corner of the backup list.

Step 3 Click the backup name to view details about the backup.


Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 13

Page 18: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

2.2 Sharing a BackupYou can share a server or disk backup with other projects. The shared backups canbe used to create servers.

ContextBackups can be shared only among users in the same region.

A backup recipient can choose whether to accept the backup. After accepting thebackup, the recipient can use the backup to create a new server.

Encrypted backups cannot be shared. Backups cannot be shared across regions.Projects to which a backup is shared must be in the same region as the backup.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 On the cloud server backup page, click the Backups tab and set filter criteria toview the backups.

Step 3 Choose More > Share Backup in the Operation column of the target backup.

The backup name, server name, backup ID, and backup type are displayed.

● Adding a share

Figure 2-1 Sharing a backup

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 14

Page 19: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

1. Click the Share Backup tab.

2. Enter the account name of the tenant to whom the backup is to be shared.

3. Click Add in the dialog box. The account name and project to be added aredisplayed on the list. You can continue to add accounts. A backup can beshared to a maximum of ten projects.

4. Click OK.

● Canceling a share

1. Choose More > Share Backup in the Operation column of the target backup.

2. On the displayed dialog box, click the Cancel Sharing tab and select thebackup that no longer needs to be shared. Then, click OK. See Figure 2-2.

Figure 2-2 Canceling a share


2.3 Deleting a BackupYou can delete unwanted backups to reduce space usage and costs.


CBR supports manual deletion of backups and automatic deletion of expiredbackups. The latter is implemented based on the backup retention rule in thebackup policy. For details, see Creating a Backup Policy.

Prerequisites● At least one backup exists.

● The backup to be deleted is in the Available or Error state.

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 15

Page 20: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 On any backup page, click the Backups tab and locate the desired backup. Fordetails, see Querying a Backup.

Step 3 In the row of the backup, choose More > Delete. See Figure 2-3. Alternatively,select the backups you want to delete and click Delete in the upper left corner todelete them in a batch.

Figure 2-3 Deleting a backup

Step 4 Click Yes.


Follow-up ProcedureWhen you use CBR to back up a disk, all data, including those invisible data, onthe disk, will be backed up. If frequent addition, deletion, and modificationoperations have been performed on the disk before each backup task, a largeamount of vault space will still be occupied even after some backups are deleted.For details on how to reduce occupied vault space, see How Do I Reduce theVault Space Occupied by Backups?.

2.4 Using a Backup to Create an ImageCBR allows you to create images using ECS backups. You can use the images toprovision ECSs to rapidly restore service operating environments.

Prerequisites● Confirm that the following operations have been performed before you use

an ECS's backup to create an image:

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 16

Page 21: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

– You have optimized the Linux ECS (referring to Optimizing a LinuxPrivate Image) and installed Cloud-Init (referring to Installing Cloud-Init).

– You have optimized the Windows ECS (referring to Optimizing aWindows Private Image) and installed Cloudbase-Init (referring toInstalling Cloudbase-Init).

● A backup can be used to create an image in either of the following scenarios:1. The backup is in the Available state. 2. The backup is in the Creating statewhich is marked with Image can be created.


Once a backup creation starts, the backup enters the Creating state. After a period oftime, a message stating "Image can be created" is displayed under Creating. In thiscase, the backup can be used for creating an image, even though it is still beingcreated and cannot be used for restoration.

● The backup you want to use to create an image contains the system diskdata.

● Only ECS backups can be used for creating images.

Function Description● Images created using a backup are the same, so CBR allows you to use a

backup to create only one full-ECS image that contains the whole data of theECS's system disk and data disks, in order to save the image quota. After animage is created, you can use the image to provision multiple ECSs in a batch.

● A backup with an image created cannot be directly deleted. If you want todelete such a backup, delete its image first. If a backup is automaticallygenerated based on a backup policy and the backup has been used to createan image, the backup will not be counted as a retained backup and will notbe deleted automatically.

● A backup is compressed when it is used to create an image. Therefore, thesize of the generated image is smaller than that of the backup.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.

3. Choose Storage > Cloud Backup and Recovery. Select a tab from the leftnavigation pane.

Step 2 Click the Backups tab. Locate the desired backup. For details, see Querying aBackup.

Step 3 In the row of the backup, choose More > Create Image.

Step 4 Create an image by referring to Creating a Full-ECS Image Using a Cloud ServerBackup in the Image Management Service User Guide.

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 17

Page 22: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Step 5 If you want to use an image to provision ECSs, see Creating ECSs Using an Imagein the Image Management Service User Guide.


2.5 Using a Backup to Create a DiskYou can use a disk backup to create a disk. After the disk is created, data on thenew disk is the same as that in the disk backup.

After a new disk is created using the backup data of a system disk, the new diskcan only be mounted to the cloud server as a data disk and cannot be mounted asa system disk.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the Backups tab. Locate the desired backup. For details, see Querying aBackup.

Step 3 If the status of the target backup is Available, click Create Disk in the Operationcolumn of the backup.

Step 4 Set the disk parameters.


For details about these parameters, see the parameter description table in the section"Purchasing an EVS Disk" of the Elastic Volume Service User Guide.

Note the following items when setting disk parameters:

● You can choose the AZ to which the backup source disk belongs, or you can choose adifferent AZ.

● The capacity of a newly created disk cannot be smaller than that of the backup sourcedisk.

If the capacity of the new disk is greater than that of the backup source disk, initializethe disk by following the steps provided in section "EVS Disk Initialization (Linux)" ofthe Elastic Volume Service User Guide.

● You can create a disk of any type regardless of the backup's disk type.

● Disks cannot be created in batches using backups. This parameter must be set to 1.

Step 5 Click Next.


You can choose Pay-per-use or Yearly/Monthly as your Billing Mode. The fees you paywill depend on the billing mode you choose. The following steps use the Yearly/Monthlybilling mode as an example.

Step 6 Confirm the disk information and click Submit.

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 18

Page 23: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Step 7 Pay the fees as prompted and click OK.

Step 8 Go back to the disk list. Check whether the disk is successfully created.

This disk status changes in the sequence of Creating, Available, Restoring, andAvailable. If Instant Restore is enabled, you may not notice the Restoring statebecause the restoration is so fast. After the state has changed from Creating toAvailable, the disk has been successfully created. After the state has changedfrom Restoring to Available, backup data has been successfully restored to thecreated disk.


2.6 Using a Backup to Create a File SystemYou can use a file system backup to create a new file system. After it is created,data on the new file system is the same as that in the backup.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the Backups tab. Locate the desired backup. For details, see Querying aBackup.

Step 3 If the status of the target backup is Available, click Create File System in theOperation column of the backup.

Step 4 Set the file system parameters.


For details about these parameters, see the parameter description table under "Creating anSFS Turbo File System" in section "Creating an SFS File System" of Scalable File System UserGuide.

Step 5 Click Next.


You can choose Pay-per-use or Yearly/Monthly as your Billing Mode. The fees you paywill depend on the billing mode you choose. The following steps use the Yearly/Monthlybilling mode as an example.

Step 6 Confirm the file system information and click Submit.

Step 7 Pay the fees as prompted and click OK.

Step 8 Go back to the file system list and check whether the file system is successfullycreated.

This file system status changes in the sequence of Creating, Available, Restoring,and Available. If Instant Restore is enabled, you may not notice the Restoring

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 19

Page 24: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

state because the restoration is so fast. After the state has changed from Creatingto Available, the file system has been successfully created. After the state haschanged from Restoring to Available, backup data has been successfully restoredto the created file system.


2.7 Replicating a Backup (Across Regions)CBR enables you to replicate server backups and file system backups from oneregion to another. Replicas of server backups in the destination region can be usedto create images and provision servers. Replicas of file system backups in thedestination region can be used to create file systems. With backup replication, youcan quickly deploy services in a different region. The state of the new resource inthe destination region is the same as that of the source resource at the backuptime point in the source region.

CBR Console provides the following methods for replication:

● Select a backup from the backup list and perform one-off replicationmanually.

● Select a backup vault and manually replicate it. Configure a replication policyto periodically replicate backups that have not been replicated or failed to bereplicated to the destination region.

This section uses the first way to describe how to replicate a backup. For detailsabout the second method, see Replicating a Vault.


The following constraints apply to both replication methods.

Constraints● The replication rate of a single backup is about 80 MB/s. A maximum of eight

backups can be replicated at a time.● A server backup can be replicated only when it meets all the following


a. It is an ECS backup.b. It contains system disk data.c. It is in the Available state.

● Only backups and vaults in the current region can be replicated. Replicascannot be replicated again but can be used to create images or file systems.

● A backup can be replicated to multiple destination regions but can have onlyone replica in each destination region. The replication rule varies with thereplication method:– Manual replication: A backup can be replicated to the destination region

as long as it has no replica in the destination region. A backup can bereplicated again if its replica has been deleted in the destination region.

– Policy-driven replication: Once a backup has been successfully replicatedto the destination region, it cannot be replicated to that region again,even if its replica has been deleted.

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 20

Page 25: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

● Only regions with replication capabilities can be selected as destinationregions.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the Backups tab. Locate the desired backup. For details, see Querying aBackup.

Step 3 Choose More > Create Replica in the row of the desired backup. See Figure 2-4.

Figure 2-4 Creating a replica

Step 4 In the displayed dialog box, set the parameters as described in Table 2-2.

Table 2-2 Parameter description

Parameter Description

Name Replica nameA name is a string of 1 to 255 characters that can contain onlydigits, letters, underscores (_), and hyphens (-).

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 21

Page 26: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Parameter Description

Description Replica descriptionCannot exceed 255 characters.


Region to which the vault is replicatedOnly regions that support replication will be displayed.● If the selected region contains only one project, you can

directly select the region name.● If the selected region has multiple projects, the master

project of the region is selected by default. You can selectanother project if needed.


A replication vault in the destination region.You can replicate backups to vaults in multiple destinationregions. Creating replica will replicate all backups in the sourcevault to the destination vault.


The traffic for cross-region replication is the size of the replicated backup.

Step 5 Click OK.

Step 6 After the replication is complete, you can switch to the destination region to viewgenerated replicas. For details, see Querying a Backup. You can then use replicasto create images.


2.8 Enabling Application-Consistent Backup

2.8.1 OverviewThere are three backup types in terms of backup consistency:

● Inconsistent backup: Files and disks are backed up at different points in time.CBR's server backup uses the consistency snapshot technology for disks toprotect data of ECSs and BMSs. If you back up multiple EVS disks separately,the backup time points of the EVS disks are different. As a result, the backupdata of the EVS disks is inconsistent.

● Crash-consistent backup captures data existing on disks upon backup andbacks up files or disks at the same point in time, without backing up memorydata and quieting application systems. Backup consistency of applicationsystems is not ensured. Though application consistency is not ensured, disks,such as chkdsk, will be checked upon operating system restart to restoredamaged data, and log rollback will be performed on databases to keep dataconsistent.

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 22

Page 27: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

● Application-consistent backup: Files and disks are backed up at the samepoint in time, including memory data, to ensure application systemconsistency.

CBR supports both crash-consistent backup and application-consistent backup(also called database backup).

If a MySQL or SAP HANA database is deployed on a server, you can use theapplication-consistent backup function of CBR to back up the server data andapplication cache. Crash-consistent backup backs up only data and someapplication caches without interrupting services. When a system fails or data lossoccurs, you can use an application-consistent backup to quickly restart services. Acrash-consistent backup, however, may fail to restore some applicationconfigurations.

Figure 2-5 shows the application-consistent backup process.

Figure 2-5 Application-consistent backup flowchart

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 23

Page 28: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.


● Change the security group: Before performing an application-consistent backup task,change the security group of the server you want to back up. For details, see Changinga Security Group.

● Install the agent: Change the security group and install the agent in any sequence. Justmake sure that the two operations are completed before backing up the desired server.For details, see Installing the Agent.

● Creating an application-consistent backup: After creating a server backup vault forstoring application-consistent backups, associate it with the desired database server andthen create an application-consistent backup. For details, see Creating an Application-Consistent Backup.

● Modify or compile a custom script: After backing up a database server on CBR Console,modify or compile a custom script on the database of the server. For details, see Using aCustom Script to Implement Application-Consistent Backup.

● Verify the backup result after the application-consistent backup is implemented by usinga custom script. For details, see Verifying the Application-Consistent Backup Result.

● Use the backup to restore server data: Use the application-consistent backup to restoreserver data. The restored database applications and data are the same as those at thebackup point in time. For details, see Restoring Data Using a Cloud Server Backup.

2.8.2 Changing a Security Group

ContextA security group is a collection of access control rules for ECSs that have the samesecurity protection requirements and are mutually trusted in a VPC. After asecurity group is created, you can create different access rules for the securitygroup to protect the ECSs that are added to this security group. The defaultsecurity group rule allows all outgoing data packets. ECSs in a security group canaccess each other without the need to add rules. The system creates a securitygroup for each cloud account by default. You can also create custom securitygroups by yourself.

When creating a security group, you must add the inbound and outbound accessrules and enable the ports required for application-consistent backup to preventapplication-consistent backup failures.

ProcedureBefore using the application-consistent backup function, you need to change thesecurity group. To ensure network security, CBR has not set the inbound directionof a security group, so you need to manually configure it.

In the outbound direction of the security group, ports 1 to 65535 on the100.125.0.0/16 network segment must be configured. In the inbound direction,ports 59526 to 59528 on the network segment must be configured.The default outbound rule is, that is, all data packets are permitted. Ifthe default rule in the outbound direction is not modified, you do not need toconfigure the outbound direction.


Step 1 Log in to the ECS console.

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 24

Page 29: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Under Computing, click Elastic Cloud Server.

Step 2 In the navigation tree on the left, choose Elastic Cloud Server or Bare MetalServer. On the page displayed, select the target server. Go to the target serverdetails page.

Step 3 Click the Security Groups tab and select the target security group. On the right ofthe ECS page, click Modify Security Group Rule for an ECS. Click ChangeSecurity Group for a BMS. In the dialog box displayed, click Manage SecurityGroup.

Step 4 On the Security Groups page, click the Inbound Rules tab, and then click AddRule. The Add Inbound Rule dialog box is displayed, as shown in Figure 2-6.Select TCP for Protocol/Application, enter 59526-59528 in Port & Source, selectIP address for Source and enter After supplementing thedescription, click OK to complete the setting of the inbound rule.

Figure 2-6 Adding an inbound rule

Step 5 Click the Outbound Rules tab, and then click Add Rule. The Add Outbound Ruledialog box is displayed, as shown in Figure 2-7. Select TCP for Protocol/Application, enter 1-65535 in Port & Source, select IP address for Source andenter After supplementing the description, click OK to completethe setting of the outbound rule.

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 25

Page 30: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Figure 2-7 Adding an outbound rule


2.8.3 Installing the Agent

Procedure● Before enabling application-consistent backup, change the security group and

install the Agent on your ECSs. This section guides you on how to downloadand install the Agent.

● During the Agent installation, the system requires the rdadmin user'spermissions to run the installation program. To improve O&M security, changethe user rdadmin's password of the Agent OS regularly and disable this user'sremote login permission. For details, see Changing the Password of Userrdadmin.

● Table 2-3 lists OSs that support installation of the Agent.

Table 2-3 OSs that support installation of the Agent


OS Version

SQL Server2008/2012

Windows Windows Server 2008, 2008 R2, 2012, and 2012R2 for x86_64

SQL Server2014/2016/EE

Windows Windows Server 2012, 2012 R2, and 2016Datacenter for x86_64


Red Hat Red Hat Enterprise Linux 6 and 7 for x86_64

SUSE SUSE Linux Enterprise Server 11 and 12 forx86_64

CentOS CentOS 6 and 7 for x86_64

EulerOS EulerOS 2.2 and 2.3 for x86_64

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 26

Page 31: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.


OS Version


SUSE SUSE Linux Enterprise Server 12 for x86_64


To install the Agent, the system will open the firewall of a port from 59526 to59528 of the ECS. When port 59526 is occupied, the firewall of port 59527 isenabled, and so on.

Prerequisites● You have obtained a username and its password for logging in to the

management console.● The security group has been configured.● The Agent Status of the ECS is Not installed.● If you use Internet Explorer, you need to add the websites you will use to

trusted sites.

Installing the Agent for a Linux OS (Method 1)Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the Agent Installation tab.

Figure 2-8 Installation screen for Linux

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 27

Page 32: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Step 3 In method 1, select the corresponding Agent version as required, and copy theinstallation command in step 2.

Step 4 On the ECS page, select the target server and click Remote Login in theOperation column to log in to the ECS.

Step 5 Paste the installation command in step 2 to the server and run the command asthe root user. If the execution fails, run the yum install -y bind-utils command toinstall the dig module. If the installation still fails, use method 2 to install theAgent for a Linux OS.

Step 6 After the Agent for Linux is installed, see the best practices of application-consistent backup to modify or compile a custom script to implement consistentbackup for MySQL, SAP HANA, or other database types.


Installing the Agent for a Linux OS (Method 2)

Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the Agent Installation tab to go to the Agent Installation tab page.

Figure 2-9 Installation page for Linux

Step 3 In method 2, click Download. On the displayed download client dialog box, selectthe version to be downloaded based on the operating system type of the targetECS, and click OK. See Figure 2-10.

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 28

Page 33: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Figure 2-10 Downloading the Agent

Step 4 After downloading the Agent, use a file transfer tool, such as Xftp, SecureFX, orWinSCP, to upload the Agent installation package to your ECS.

Step 5 After the upload, go to the ECS page. Select the target server and click RemoteLogin in the Operation column to log in to the ECS.

Step 6 Run the tar -zxvf command to decompress the Agent installation package to anydirectory and run the following command to go to the bin directory:

cd save directory of the installation package

Step 7 Run the following command to run the installation script:

sh agent_install_ebk.sh

Step 8 The system displays a message indicating that the client is installed successfully.See Figure 2-11.

Figure 2-11 Successful client installation for Linux

Step 9 If the MySQL or SAP HANA database has been installed on the ECS, run thefollowing command to encrypt the password for logging in to the MySQL or SAPHANA database:

/home/rdadmin/Agent/bin/agentcli encpwd

Step 10 Use the encrypted password in Step 9 to replace the database login password inthe script in /home/rdadmin/Agent/bin/thirdparty/ebk_user/.

Step 11 After the Agent for Linux is installed, see the best practices of application-consistent backup to modify or compile a custom script to implement consistentbackup for MySQL, SAP HANA, or other database types.


Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 29

Page 34: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Installing the Agent for a Windows OS (Method 1)

Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the Agent Installation tab.

Figure 2-12 Installation screen for Windows

Step 3 In method 1, click Download. Save the downloaded installation package to a localdirectory.

Step 4 After downloading the Agent, use a file transfer tool, such as Xftp, SecureFX, orWinSCP, to upload the Agent installation package to your ECS.

Step 5 Log in to the console and then log in to the ECS as the administrator.

Step 6 Decompress the installation package to any directory and go to the Installationpath\bin directory.

Step 7 Double-click the agent_install_ebk.bat script to start the installation.

Step 8 The system displays a message indicating that the client is installed successfully,as shown in Figure 2-13.

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 30

Page 35: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Figure 2-13 Successful client installation for Windows


Installing the Agent for a Windows OS (Method 2)Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the Agent Installation tab.

Figure 2-14 Installation page for Windows

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 31

Page 36: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Step 3 On the ECS page, select the target server and click Remote Login in theOperation column to log in to the ECS as the administrator.

Step 4 Copy the installation commands in step 2 of method 2 to the server and run thecommand in the CMD window.

Step 5 Copy any IP address in the response name, paste it in the address box of thebrowser, and replace in the following address with the address. Replace ap-southeast-1 with the actual region. The following command uses ap-southeast-1as an example. Then, press Enter in the browser to download the installationpackage. Server Backup Agent-WIN64.zip

Step 6 Decompress the file to obtain the installation file. Decompress the installationpackage to any directory and go to the Installation path\bin directory.

Step 7 Double-click the agent_install_ebk.bat script to start the installation.

Step 8 The system displays a message indicating that the client is installed successfully,as shown in Figure 2-15.

Figure 2-15 Successful client installation for Windows


2.8.4 Creating an Application-Consistent BackupCBR supports application-consistent backup in addition to crash-consistentbackup. Application-consistent backup ensures the consistency of applicationsbetween the file/disk data and the backup data. This backup mode suits scenariossuch as backing up ECSs with MySQL or SAP HANA databases.

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 32

Page 37: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Constraints● Application-consistent backup for clusters, for example, MySQL clusters, is not

supported. Application-consistent backup is supported only for a single server.● You are advised to perform application-consistent backup in off-peak hours.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Create a vault for application-consistent backups by referring to Purchasing aCloud Server Backup Vault.

Step 3 Create a cloud server backup by referring to Creating a Cloud Server Backup.Before creating a cloud server backup, you need to install the Agent. If anapplication-consistent backup fails to be created, the system automatically createsa server backup and stores the backup in the vault.

Step 4 Return to the cloud server backup page as prompted. If the execution fails, rectifythe fault based on the failure details on the creation result page.


Follow-up ProcedureIf data is lost due to virus intrusion or database faults, you can restore the data byfollowing instructions in Restoring Data Using a Cloud Server Backup and Usinga Backup to Create an Image.

2.8.5 Uninstalling the Agent

ScenariosThis section describes how to uninstall the Agent when application-consistentbackup is no longer needed.

PrerequisitesThe username and password for logging in to an ECS have been obtained.

Uninstalling the Agent for Linux

Step 1 Log in to the ECS and run the su -root command to switch to user root.

Step 2 In the home/rdadmin/Agent/bin directory, run the following command touninstall the Agent. Figure 2-16 displays an example. If the word successfully ingreen is displayed, the Agent is uninstalled successfully.

sh agent_uninstall_ebk.sh

Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 33

Page 38: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Figure 2-16 Agent uninstalled successfully from Linux


Uninstalling the Agent for Windows

Step 1 Log in to the ECS.

Step 2 In the Installation path/bin directory, double-click agent_uninstall_ebk.bat. Thewindow for uninstalling the Agent is displayed.

After the uninstallation is complete and successful, the window will beautomatically closed. See Figure 2-17.

Figure 2-17 Agent uninstalled successfully from Windows


Cloud Backup and RecoveryUser Guide 2 Backup Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 34

Page 39: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

3 Policy Management

3.1 Creating a Backup PolicyA backup policy allows the vault to automatically execute backup tasks at aspecified interval. Periodic backups can be used to restore data quickly againstdata corruption or loss.

To implement periodic backup, you need to create a backup policy first. CBR willthen periodically perform backups according to the execution time specified in thebackup policy. You can choose to use the default backup policy provided by CBR orcreate one as needed.

You can set backup policies for server backup vaults, file system backup vaults,and disk backup vaults.

Context● After a backup policy is enabled, CBR automatically backs up resources

associated with the vaults that have been bound to the policy and periodicallydeletes expired backups.

● Each account can create a maximum of 32 backup policies.● Automatic deletion of expired backups does not apply to manual backups.● Only servers in the Running or Stopped state can be backed up.● Only disks in the Available or In-use state can be backed up.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the Backup Policies tab and then Create Policy in the upper right corner tocreate a user-defined policy. See Figure 3-1.

Cloud Backup and RecoveryUser Guide 3 Policy Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 35

Page 40: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Figure 3-1 Creating a backup policy

Step 3 Set the backup policy parameters. Table 3-1 describes the parameters.

Table 3-1 Backup policy parameter description

Parameter Description Example Value

Type Select a policy type. This section usescreating a backup policy as anexample.

Backup policy

Name Backup policy nameA name is a string of 1 to 64 characterscontaining digits, letters, underscores(_), or hyphens (-).


Status Whether to enable the backup policy.

● Enabled:

● Disabled:

Only after a backuppolicy is enabled willCBR automatically backup servers and disksassociated with thevaults that have beenbound to the policy anddelete expired backups.

Cloud Backup and RecoveryUser Guide 3 Policy Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 36

Page 41: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Parameter Description Example Value


Execution timeBackups can be scheduled at thebeginning of each hour. Multipleselections are supported.

00:00, 02:00It is recommended thatbackups be performedduring off-peak hours orwhen there are noservices running.

Time zone Specifies the time zone for the backupexecution time. By default, the timezone where you are located is selected.You can select a different one from thedrop-down list.



Dates for performing backups● Week-based cycle

Specifies on which days of eachweek the backup task will beexecuted. You can select multipledays.

● Custom cycleSpecifies the interval (every 1 to 30days) for executing the backup task.

Every dayIf you select Customcycle, the first backuptime is supposed to beon the day the backuppolicy is created. If thecreation time of thebackup policy is laterthan the latest executiontime, the initial backupwill be performed in thenext backup cycle.It is recommended thatbackups be performedduring off-peak hours orwhen there are noservices running.

Cloud Backup and RecoveryUser Guide 3 Policy Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 37

Page 42: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Parameter Description Example Value


Rule that specifies how backups will beretained

● Time periodYou can choose to retain backupsfor one month, three months, sixmonths, one year, or for any desirednumber (2 to 99999) of days.

● Backup quantitySpecifies the maximum allowednumber of backups for a single ECS.The value ranges from 2 to 99999.

You can also set long-term retentionrules. Long-term retention rules canbe effective together with quantity-based retention rules.

– The value range for daily backupretention is 0 to 100.

– The value range for weeklybackup retention is 0 to 100.

– The value range for monthlybackup retention is 0 to 100.

– The value range for yearlybackup retention is 0 to 100.

For example, if you select dailybackup, the system retains the latestbackup every day. Although the diskis backed up for multiple times in aday, only the last backup of thecurrent day is retained. If you setthe retention number to 5, thelatest five daily backups areretained. If there are more than fivebackup files, the systemautomatically deletes the earliestbackups. If the daily backup, weeklybackup, monthly backup, and yearlybackup are all configured, the unionbackups are selected for retention.For example, if the number ofretained daily backups is set to 5and the number of retained weeklybackups is set to 1, five backups willbe retained. The long-term retentionrule and the quantity-basedretention rule can be effective at thesame time.

● Permanent

6 months

Cloud Backup and RecoveryUser Guide 3 Policy Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 38

Page 43: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Parameter Description Example Value

NOTE– When the number of retained

backups exceeds the preset value,the system automatically deletes theearliest backups. When the retentionperiods of retained backups exceedthe preset value, the systemautomatically deletes all expiredbackups. By default, the systemautomatically clears data everyother day. The deleted backup doesnot affect other backups forrestoration.

– This parameter applies only tobackups generated based on ascheduled backup policy. Manualbackups are not affected by thisparameter and will not beautomatically deleted. You canmanually delete them from thebackup list.

– After a backup is used to create animage, the backup will not becounted as a retained backup andwill not be deleted automatically.

– A maximum of 10 backups areretained for failed periodic backuptasks. They are retained for onemonth and can be manually deleted.


More frequent backup intervals create more backups or retain backups for a longer time,protecting data to a greater extent but occupying more storage space. Set an appropriatebackup cycle as needed.

Step 4 Click OK.

Step 5 Locate the target vault and choose More > Bind Backup Policy to bind it to thecreated backup policy. You can view the configured backup policy in the vaultdetails.

After the binding is successful, data is periodically backed up to the vault based onthe backup policy.


3.2 Modifying a PolicyThis section describes how to modify a policy.

Cloud Backup and RecoveryUser Guide 3 Policy Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 39

Page 44: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.


You have created at least one policy.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.

3. Choose Storage > Cloud Backup and Recovery. Select a tab from the leftnavigation pane.

Step 2 On any backup page, find the target vault and click the vault name to view thevault details.

Step 3 In the Policies area, click Edit in the row of a policy to open the policy editingpage. See Figure 3-2.

Figure 3-2 Editing a backup policy

Related parameters are described in Table 3-1.

Step 4 Click OK.

After the policy is modified, the retention rule takes effect only for new backups.For details, see Why Does the Retention Rule Not Take Effect After BeingModified?.

Cloud Backup and RecoveryUser Guide 3 Policy Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 40

Page 45: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Step 5 Alternatively, you can select Policies from the navigation tree on the left and editthe desired policy.


3.3 Deleting a PolicyYou can delete backup and replication policies if needed.


You have created at least one policy.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the Backup Policies tab, and then click Delete in the row where the policyto be deleted is located.


Deleting a policy will not delete backups generated based on the policy. You can manuallydelete unwanted backups.

Step 3 Confirm the information and click Yes.


3.4 Binding a Vault to a PolicyA backup policy allows the vault to automatically execute backup tasks at aspecified interval. Periodic backups can be used to restore data quickly againstdata corruption or loss.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 On any backup page, find the target vault and choose More > Bind BackupPolicy. See Figure 3-3.

Cloud Backup and RecoveryUser Guide 3 Policy Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 41

Page 46: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Figure 3-3 Setting a backup policy

Step 3 You can select an existing backup policy from the drop-down list or create a newone. For details about how to create a policy, see Creating a Backup Policy.

Step 4 After the policy is successfully bound, you can view the binding details in thePolicies area on the vault details page.


3.5 Unbinding a Vault from a PolicyIf a vault bound to a policy no longer needs to perform backup tasks, you canunbind it from the policy.

PrerequisitesA policy has been bound to the vault.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 On any backup page, find the target vault and click the vault name to view thevault details.

Step 3 In the Policies area, click Unbind Policy. See Figure 3-4.

Cloud Backup and RecoveryUser Guide 3 Policy Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 42

Page 47: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Figure 3-4 Unbinding a policy


● If a backup task is being executed for a resource in the vault, the policy can be unboundnormally. However, the backup task will continue and backups will be generated.

● After the policy is unbound, backups generated based on the policy will not be deleted.You can manually delete unwanted backups.

Step 4 Click Yes. The vault will no longer execute tasks as specified in this policy.


Cloud Backup and RecoveryUser Guide 3 Policy Management

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 43

Page 48: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

4 Restoring Data

4.1 Restoring Data Using a Cloud Server BackupWhen disks on a server are faulty or server data is lost due to misoperations, youcan use a backup to restore the server.

Context● Data on data disks cannot be restored to system disks.● Data cannot be restored to servers in the Faulty state.

Prerequisites● Disks on the server whose data needs to be restored are running properly.● The server whose data needs to be restored has at least one Available



Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the Backups tab. Locate the desired backup. For details, see Querying aBackup.

Step 3 In the row of the backup, click Restore Server. See Figure 4-1.


The historical data at the backup point in time will overwrite the current serverdata. The restoration cannot be undone.

Cloud Backup and RecoveryUser Guide 4 Restoring Data

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 44

Page 49: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Figure 4-1 Restoring a server

Step 4 (Optional) Deselect Start the server immediately after restoration.

If you deselect Start the server immediately after restoration, manually startthe server after the restoration is complete.


Servers are shut down during restoration. It is therefore recommended that youperform restoration operations during off-peak hours.

Step 5 In the Specified Disk drop-down list, select the target disk to which the backupwill be restored.


● If the server has only one disk, the backup is restored to the disk by default.● If the server has multiple disks, the backup is respectively restored to the original disks

by default. You can also restore the backup to another disk on the backup server byselecting the disk from the drop-down list. However, the capacity of the specified diskmust not be smaller than that of the backup source disk.

● Data on data disks cannot be restored to system disks.


If the number of disks to be restored is greater than the number of disks that arebacked up, restoration may cause data inconsistency.For example, if the data of Oracle is scattered across multiple disks and only someof them are restored, data inconsistency occurs after the restoration and theapplication may unable to start.

Cloud Backup and RecoveryUser Guide 4 Restoring Data

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 45

Page 50: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Step 6 Click Yes and confirm the restoration is successful.

In the backup list, view the restoration status. When the backup enters theAvailable state and no new failed restoration tasks exist in Tasks, the restorationis successful.

For details about how to view failed restoration tasks, see Managing Tasks.


If a Windows server is restored, data disks may fail to be displayed due toWindows limitations.After you use a cloud server backup to restore a logical volume group, the logicalvolume group needs to be attached again.You need to manually set these data disks to be online. For details, see Data DisksAre Not Displayed After a Windows Server Is Restored.


4.2 Restoring Data Using a Cloud Disk BackupYou can use a cloud disk backup to restore a disk to the state at a given backuppoint in time.

Prerequisites● The status of the disk to be restored must be Available.● Before restoring the disk data, stop the server to which the disk is attached

and detach the disk from the server. After the disk data is restored, attach thedisk to the server and start the server.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery. Select a tab from the left

navigation pane.

Step 2 Click the Backups tab. Locate the desired backup. For details, see Querying aBackup.

Step 3 In the row of the backup, click Restore Disk. See Figure 4-2.


The historical data at the backup point in time will overwrite the current disk data.The restoration cannot be undone.

Cloud Backup and RecoveryUser Guide 4 Restoring Data

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 46

Page 51: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Figure 4-2 Restoring a disk

Step 4 Click Yes. You can check whether the data is successfully restored on the Backupstab page of disk backup.

When the status of the backup changes to Available, the restoration is successful.

Step 5 After the restoration is complete, re-attach the disk to the server. For details, seeAttaching an Existing Non-Shared Disk.


4.3 Restoring Data Using a Hybrid Cloud BackupAfter backups are successfully synchronized to a hybrid cloud backup vault, youcan use the backups to restore to servers on the cloud for disaster recovery, servicemigration, development, and testing.

Restoring Data Using a Storage BackupYou can synchronize the backup data of the offline backup software OceanStorBCManager and restore to other servers using the backup data. For details, seeRestoring Data Using a Storage Backup.

Restoring Data Using a VMware BackupYou can synchronize the backup data of offline VMware VMs and restore to otherservers using the backups. Configure security groups before the restoration.Otherwise, the restoration may fail. For details, see Restoring to In-Cloud ServersUsing VMware Backups.

Cloud Backup and RecoveryUser Guide 4 Restoring Data

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 47

Page 52: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

5 Managing Tasks

This section describes how to view tasks. The Tasks list can show policy-drivenbackup tasks that have been executed in the past 30 days.

PrerequisitesAt least one failed task exists.


Step 1 Log in to CBR Console.

1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.3. Choose Storage > Cloud Backup and Recovery > Tasks.

Step 2 You can filter tasks by project, task type, task status, task ID, resource ID, resourcename, vault ID, vault name, and time.

Step 3 Click in front of the task to view the task details.

If a task fails, you can view the failure cause in the task details.


Cloud Backup and RecoveryUser Guide 5 Managing Tasks

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 48

Page 53: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

6 Auditing

You can use Cloud Trace Service (CTS) to trace operations in CBR.


CTS has been enabled.

Key Operations Recorded by CTS

Table 6-1 CBR operations that can be recorded by CTS

Operation Resource Type Trace Name

Creating a policy policy createPolicy

Updating a policy policy updatePolicy

Deleting a policy policy deletePolicy

Setting a vault policy vault associatePolicy

Unbinding a vault policy vault dissociatePolicy

Creating a vault vault createVault

Modifying a vault vault updateVault

Deleting a vault vault deleteVault

Removing resources vault removeResources

Adding resources vault addResources

Performing a backup vault createVaultBackup

Creating a backup backup createBackup

Deleting a backup backup deleteBackup

Synchronizing a backup backup syncBackup

Restoring a backup backup restoreBackup

Cloud Backup and RecoveryUser Guide 6 Auditing

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 49

Page 54: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Viewing Audit LogsTo view audit logs, see section "Querying Real-Time Traces" in the Cloud TraceService User Guide.

Disabling or Enabling a TrackerThe following procedure illustrates how to disable an existing tracker on the CTSconsole. After the tracker is disabled, the system will stop recording operations,but you can still view existing operation records.

Step 1 Log in to the management console.

Step 2 In the upper left corner of the page, click and select the desired region andproject.

Step 3 Click Service List and choose Management & Deployment > Cloud TraceService.

Step 4 Click Trackers in the left navigation pane.

Step 5 In the tracker list, click Disable in the Operation column.

Step 6 Click Yes.

Step 7 After the tracker is disabled, the available operation changes from Disable toEnable. To enable the tracker again, click Enable and then click Yes. The systemwill start recording operations again.


Cloud Backup and RecoveryUser Guide 6 Auditing

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 50

Page 55: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

7 Quotas

What Is Quota?

Quotas are enforced for service resources on the platform to prevent unforeseenspikes in resource usage. Quotas can limit the number or amount of resourcesavailable to users, such as the maximum number of ECSs or EVS disks that can becreated.

If the existing resource quota cannot meet your service requirements, you canapply for a higher quota.

How Do I View My Quotas?1. Log in to the management console.

2. Click in the upper left corner and select the desired region and project.

3. In the upper right corner of the page, choose Resources > My Quotas.

The Service Quota page is displayed.

Figure 7-1 My Quotas

4. View the used and total quota of each type of resources on the displayedpage.

If a quota cannot meet service requirements, apply for a higher quota.

Cloud Backup and RecoveryUser Guide 7 Quotas

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 51

Page 56: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

How Do I Apply for a Higher Quota?1. Log in to the management console.2. In the upper right corner of the page, choose Resources > My Quotas.

The Service Quota page is displayed.

Figure 7-2 My Quotas

3. Click Increase Quota.4. On the Create Service Ticket page, configure parameters as required.

In Problem Description area, fill in the content and reason for adjustment.5. After all necessary parameters are configured, select I have read and agree

to the Tenant Authorization Letter and Privacy Statement and clickSubmit.

Cloud Backup and RecoveryUser Guide 7 Quotas

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 52

Page 57: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

A Appendix

A.1 Agent Security Maintenance

A.1.1 Changing the Password of User rdadmin

Procedure● For O&M security purposes, you are advised to change the user rdadmin's

password of the Agent OS regularly and disable this user's remote loginpermission.

● In Linux, user rdadmin has no password; in Windows, the default password ofuser rdadmin is Huawei@123.

● This section describes how to change the password of user rdadmin inWindows 2012. For other versions, change the password according to actualsituation.

Prerequisites● You have obtained a username and its password for logging in to the

management console.● The username and password for logging in to a Windows ECS have been



Step 1 Go to the ECS console and log in to the Windows ECS.

Step 2 Choose Start > Control Panel. In the Control Panel window, click User Accounts.

Step 3 Click User Accounts. The User Account Control dialog box is displayed. Selectrdadmin and click Reset Password.

Step 4 Enter the new password and click OK.

Step 5 In Task Manager, click the Services tab and then click Open Service.

Cloud Backup and RecoveryUser Guide A Appendix

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 53

Page 58: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Step 6 Select RdMonitor and RdNginx respectively. In the displayed dialog box, selectLogin, change the password to the one entered in Step 4, and click OK.


A.1.2 Changing the Password of the Account for ReportingAlarms (SNMP v3)

To enhance the system O&M security, you are advised to change the password ofthe account for reporting alarms.

Prerequisites● You have obtained a username and its password for logging in to the

management console.● The username and password for logging in to a server have been obtained.

ContextThis section introduces the procedures in Windows and Linux.


If the authentication password and data encryption password for SNMP v3 of theAgent are the same, security risks exist. To ensure system security, you are advisedto set different passwords for authentication and data encryption.

The initial authentication password is BCM@DataProtect6 and the initial dataencryption password is BCM@DataProtect8.


The password must meet the following complexity requirements:● Contains 8 to 16 characters.● Contains at least one of the following special characters: `~!@#$%^&*()-_=+\|

[{}];:'",<.>/?● Contains at least two of the following types of characters:

● Uppercase letters● Lowercase letters● Numeric characters

● Cannot be the same as the username or the username in reverse order.● Cannot be the same as the old passwords.● Cannot contain spaces.

Procedure (Windows)

Step 1 Log in to the server where the Agent is installed.

Step 2 Open the CLI and go to the installation path\bin directory.

Step 3 Run the agentcli.exe chgsnmp command. Type the login password of the Agentand press Enter.

Cloud Backup and RecoveryUser Guide A Appendix

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 54

Page 59: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Please choose operation: 1: Change authentication password 2: Change private password 3: Change authentication protocol 4: Change private protocol 5: Change security name 6: Change security Level 7: Change security model 8: Change context engine ID 9: Change context name Other: Quit Please choose:


admin is the username configured during the Agent installation.

Step 4 Select the SN of the authorization password or data encryption password that youwant to change and press Enter.

Step 5 Type the old password and press Enter.

Step 6 Type a new password and press Enter.

Step 7 Type the new password again and press Enter. The password is changed.


Procedure (Linux)

Step 1 Log in to the Linux server using the server password.

Step 2 Run the TMOUT=0 command to prevent PuTTY from exiting due to sessiontimeout.


After the preceding command is executed, the system remains running even when nooperation is performed, which results in security risks. For security purposes, run the exitcommand to exit the system after you finish performing operations.

Step 3 Run the su - rdadmin command to switch to user rdadmin.

Step 4 Run the /home/rdadmin/Agent/bin/agentcli chgsnmp command. Type the loginpassword of the Agent and press Enter.


The installation path of the Agent is /home/rdadmin/Agent.Please choose operation: 1: Change authentication password 2: Change private password 3: Change authentication protocol 4: Change private protocol 5: Change security name 6: Change security Level 7: Change security model 8: Change context engine ID 9: Change context name Other: Quit Please choose:

Step 5 Select the SN of the authorization password or data encryption password that youwant to change and press Enter.

Cloud Backup and RecoveryUser Guide A Appendix

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 55

Page 60: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

Step 6 Type the old password and press Enter.

Step 7 Type a new password and press Enter.

Step 8 Type the new password again and press Enter. The password is changed.


A.1.3 Replacing the Server CertificateFor security purposes, you may want to use a Secure Socket Layer (SSL) certificateissued by a third-party certification authority. The Agent allows you to replaceauthentication certificates and private key files as long as you provide theauthentication certificates and private-public key pairs. The update to thecertificate can take effect only after the Agent is restarted, hence you are advisedto update the certificate during off-peak hours.

Prerequisites● You have obtained a username and its password for logging in to the

management console.● The username and password for logging in to a server have been obtained.● New certificates in the X.509v3 format have been obtained.

Context● The Agent is pre-deployed with the Agent AC certificate bcmagentca, private

key file of the CA certificate server.key (), and authentication certificateserver.crt. All these files are saved in /home/rdadmin/Agent/bin/nginx/conf(if you use Linux) or \bin\nginx\conf (if you use Windows).

● You need to restart the Agent after replacing a certificate to make thecertificate effective.

Procedure (Linux)

Step 1 Log in the Linux server with the Agent installed.

Step 2 Run the TMOUT=0 command to prevent PuTTY from exiting due to sessiontimeout.


After the preceding command is executed, the system remains running even when nooperation is performed, which results in security risks. For security purposes, run the exitcommand to exit the system after you finish performing operations.

Step 3 Run the su - rdadmin command to switch to user rdadmin.

Step 4 Run the cd /home/rdadmin/Agent/bin command to go to the script path.


The installation path of the Agent is /home/rdadmin/Agent.

Step 5 Run the sh agent_stop.sh command to stop the Agent running.

Step 6 Place the new certificates and private key files in the specified directory.

Cloud Backup and RecoveryUser Guide A Appendix

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 56

Page 61: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.


Place new certificates in the /home/rdadmin/Agent/bin/nginx/conf directory.

Step 7 Run the /home/rdadmin/Agent/bin/agentcli chgkey command.

The following information is displayed:Enter password of admin:


admin is the username configured during the Agent installation.

Step 8 Type the login password of the Agent and press Enter.

The following information is displayed:

Change certificate file name:

Step 9 Enter a name for the new certificate and press Enter.


If the private key and the certificate are the same file, names of the private key and thecertificate are identical.

The following information is displayed:

Change certificate key file name:

Step 10 Enter a name for the new private key file and press Enter.

The following information is displayed:

Enter new password: Enter the new password again:

Step 11 Enter the protection password of the private key file twice. The certificate is thensuccessfully replaced.

Step 12 Run the sh agent_start.sh command to start the Agent.


Procedure (Windows)

Step 1 Log in to the Windows server with the Agent installed.

Step 2 Open the CLI and go to the installation path\bin directory.

Step 3 Run the agent_stop.bat command to stop the Agent running.

Step 4 Place the new certificates and private key files in the specified directory.


Place new certificates in the installation path\bin\nginx\conf directory.

Step 5 Run the agentcli.exe chgkey command.

The following information is displayed:

Enter password of admin:

Cloud Backup and RecoveryUser Guide A Appendix

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 57

Page 62: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.


admin is the username configured during the Agent installation.

Step 6 Enter a name for the new certificate and press Enter.


If the private key and the certificate are the same file, names of the private key and thecertificate are identical.

The following information is displayed:Change certificate key file name:

Step 7 Enter a name for the new private key file and press Enter.

The following information is displayed:

Enter new password: Enter the new password again:

Step 8 Enter the protection password of the private key file twice. The certificate is thensuccessfully replaced.

Step 9 Run the agent_start.bat command to start the Agent.


A.1.4 Replacing CA Certificates

ScenariosA CA certificate is a digital file signed and issued by an authentication authority. Itcontains the public key, information about the owner of the public key,information about the issuer, validity period, and certain extension information. Itis used to set up a secure information transfer channel between the Agent and theserver.

If the CA certificate does not comply with the security requirements or hasexpired, replace it for security purposes.

Prerequisites● The username and password for logging in to an ECS have been obtained.● A new CA certificate is ready.

Procedure (Linux)

Step 1 Log in the Linux server with the Agent installed.

Step 2 Run the following command to prevent logout due to system timeout:


Step 3 Run the following command to switch to user rdadmin:

su - rdadmin

Step 4 Run the following command to go to the path to the Agent start/stop script:

Cloud Backup and RecoveryUser Guide A Appendix

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 58

Page 63: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

cd /home/rdadmin/Agent/bin

Step 5 Run the following command to stop the Agent running:

sh agent_stop.sh

Step 6 Run the following command to go to the path to the CA certificate:

cd /home/rdadmin/Agent/bin/nginx/conf

Step 7 Run the following command to delete the existing CA certificate:

rm bcmagentca.crt

Step 8 Copy the new CA certificate file into the /home/rdadmin/Agent/bin/nginx/confdirectory and rename the file bcmagentca.crt.

Step 9 Run the following command to change the owner of the CA certificate:

chown rdadmin:rdadmin bcmagentca.crt

Step 10 Run the following command to modify the permissions on the CA certificate:

chmod 400 bcmagentca.crt

Step 11 Run the following command to go to the path to the Agent start/stop script:

cd /home/rdadmin/Agent/bin

Step 12 Run the following command to start the Agent:

sh agent_start.sh


Procedure (Windows)

Step 1 Log in to the ECS with the Agent installed.

Step 2 Go to the Installation path\bin directory.

Step 3 Run the agent_stop.bat script to stop the Agent.

Step 4 Go to the Installation path\nginx\conf directory.

Step 5 Delete the bcmagentca.crt certificate file.

Step 6 Copy the new CA certificate file into the Installation path\nginx\conf directoryand rename the file bcmagentca.crt.

Step 7 Go to the Installation path\bin directory.

Step 8 Run the agent_stop.bat script to service.


Cloud Backup and RecoveryUser Guide A Appendix

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 59

Page 64: User Guide - Huawei · Cloud Backup and Recovery User Guide Issue 04 Date 2020-04-08 HUAWEI TECHNOLOGIES CO., LTD.

A.2 Change HistoryReleasedOn

What's New

2020-04-08 This issue is the fourth official release.This issue incorporates the following changes:Added the content of file system backup.

2020-02-25 This issue is the third official release.This issue incorporates the following changes:Moved section "Hybrid Cloud Backup" into a new documentationtitled Hybrid Cloud Backup Feature Guide.

2019-08-27 This issue is the second official release.This issue incorporates the following changes:● Deleted description about cross-region replication and BMS


2019-07-31 This issue is the first official release.

Cloud Backup and RecoveryUser Guide A Appendix

Issue 04 (2020-04-08) Copyright © Huawei Technologies Co., Ltd. 60

Top Related