2. Prerequisites

2.1. A suitable "proxy" machine

This can be installed on the vSphere infrastructure that you are planning to back up. The machine needs to be running Windows 7 or 2008R2 and will need at least 2 GB of RAM. You will also need to have version 4 of the .NET Framework installed to run the installer. A suitable version is included in the TSM for VE distribution package.

2.2. Firewall configuration

When setting up TSM for VE on a proxy machine, several ports are used for communication between the proxy machine and the vCenter server or vice-versa. These ports need to be open in any host-based or dedicated firewall between the two machines and are listed in Table 1. Firewall configuration for TSM for VE.

Table 1. Firewall configuration for TSM for VE
Source hostDestination portDestination hostUseRequired?
Proxy machine 443 vCenter server Communication between the proxy machine and the vCenter server. Yes
Proxy machine 902 vCenter server Used for NBD (Network Block Disk) transport. If proxy machine is not a VM.
vCenter server 1527 Proxy Machine Used for the vCenter plugin. Required if installing vCenter plugin. If installing vCenter plugin.
VMs 3260 Proxy Machine Default iSCSI port. If using iSCSI file-level restore.
Proxy machine 3400 dsmdd1.hfs.ox.ac.uk TSM backup traffic Yes
vCenter server 9080 Proxy Machine Used for the vCenter plugin. If installing vCenter plugin.

2.3. vCenter server and backup user

TSM for VE communicates with a vCenter server to perform VM backups. The user required for this needs some elevated privileges but does not need to be a full administrator. It is recommended that you set up a new vCenter user specifically for TSM backup and restore. To add a new role suitable for backup and restore operations, perform the following steps:

  1. Log into the vCenter server with the vSphere client.

  2. Navigate to [Home] > [Roles] and click Add Role.

  3. The Add New Role dialog box is displayed:

    Screenshot of the vCenter Add New Role dialog box.
    Figure 1. vCenter Add New Role dialog box
  4. Choose a name for the new role, e.g. "HFS Backup".

  5. Add the following permissions to the role:

    Datastore
    Allocate space
    Browse datastore
    Low level file operations
    Global
    Licenses
    Network
    Assign Network
    Resource
    Assign virtual machine to resource pool
    vApp
    Add virtual machine
    Assign resource pool
    Create
    Virtual machine > Guest Operations
    [Only if you are using the Data Protection for VMware feature to protect Microsoft Exchange Server or Microsoft SQL Server applications that run inside virtual machine guests. This is only available with vSphere 5. Contact the HFS team if you would like to use this.]
    Guest Operation Modifications
    Guest Operation Program Execution
    Guest Operation Queries (vSphere 5)
    Virtual machine > configuration
    Add existing disk
    Add new disk
    Add or Remove device
    Advanced
    Change CPU count
    Change resource
    Disk change tracking
    Disk Lease
    Host USB device
    Memory
    Modify device setting
    Raw device
    Reload from path
    Remove disk
    Rename
    Reset guest information
    Settings
    Swapfile placement
    Upgrade virtual hardware / Upgrade virtual machine compatibility
    Virtual machine > Inventory
    Create new
    Register
    Remove
    Unregister
    Virtual machine > Provisioning
    Allow disk access
    Allow read-only disk access
    Allow virtual machine download
    Virtual machine > State (vSphere 4 only)
    Create snapshot
    Remove snapshot
    Revert to snapshot
    Virtual machine > Snapshot management (vSphere 5 only)
    Create snapshot
    Remove snapshot
    Revert to snapshot
  6. Create a new user in your vSphere infrastructure. How you do this depends on your local authentication setup.

  7. Navigate to [Home] > [Inventory] > [VMs and Templates].

  8. Right-click on the vCenter server in the list on the left and choose Add Permission.... The Assign Permission dialog box is displayed:

    Screenshot of the vCenter Assign Permissions dialog box
    Figure 2. vCenter Assign Permissions dialog box
  9. Click Add.... The Select Users and Groups dialog is displayed:

    Screenshot of the vCenter Select Users and Groups dialog box
    Figure 3. vCenter Select Users and Groups dialog box
  10. Choose the newly created user from the list and click Add. Click OK.

  11. Choose the HFS backup role created earlier from the Assigned Role drop down in the Assign Permissions dialog box.

  12. Ensure Propogate to Child Objects is checked and click OK.

  13. You can check that the permission has been assigned correctly by choosing the vCenter server from the navigation pane and then choosing the Permissions tab. You should see the new permission listed.

Up: Contents Previous: 1. Introduction Next: 3. Installation