HYCU UserGuide
HYCU UserGuide
Version: 2.0.0
Product release date: December 2017
Document release date: December 2017
Legal notices
Copyright notice
© 2017 Comtrade Software. All rights reserved.
Trademarks
Comtrade Software and HYCU logos, names, trademarks and/or service marks and
combinations thereof are the property of Comtrade or its affiliates. Other product names
are the property of their respective trademark or service mark holders and are hereby
acknowledged.
Acropolis and Nutanix are trademarks of Nutanix, Inc. in the United States and/or other
jurisdictions.
Azure®, Internet Explorer®, Microsoft®, Microsoft Edge™, and Windows® are either
registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Red Hat Enterprise Linux is a registered trademark of Red Hat, Inc. or its subsidiaries in the
United States and other countries.
Disclaimer
The details and descriptions contained in this document are believed to have been accurate
and up to date at the time the document was written. The information contained in this
document is subject to change without notice.
Comtrade Software provides this material "as is" and makes no warranty of any kind,
expressed or implied, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. Comtrade shall not be liable for errors
and omissions contained herein. In no event shall Comtrade be liable for any direct,
indirect, consequential, punitive, special or incidental damages, including, without
limitation, damages for loss and profits, loss of anticipated savings, business interruption,
or loss of information arising out of the use or inability to use this document, or any action
taken based on the information contained herein, even if it has been advised of the
possibility of such damages, whether based on warranty, contract, or any other legal
theory.
2
The only warranties for Comtrade Software products and services are set forth in the
express warranty statements accompanying such products and services. Nothing herein
should be construed as constituting an additional warranty.
Notice
This document is provided in connection with Comtrade Software products. Comtrade may
have copyright, patents, patent applications, trademark, or other intellectual property rights
covering the subject matter of this document.
Except as expressly provided in any written license agreement from Comtrade Software,
the furnishing of this document does not give you any license to these patents, trademarks,
copyrights, or other intellectual property on Comtrade Software products. Use of
underlying Comtrade Software product(s) is governed by their respective Software License
and Support Terms.
Important: Please read Software License and Support Terms before using the
accompanying software product(s).
Comtrade Software
www.comtradesoftware.com
3
Contents
1 About HYCU 8
HYCU key features and benefits 9
Firewall settings 13
Logging on to HYCU 18
4
Creating a backup policy 32
4 Protecting data 36
Enabling access to data 38
Backing up applications 41
5 Restoring data 44
Restoring entire virtual machines 44
Viewing events 60
5
Managing backup targets 67
9 Administering 76
Licensing 77
Activating licenses 79
Upgrading HYCU 79
Importing a CA certificate 82
6
Disabling FIPS-compliant mode for HYCU 83
Setting up logging 84
Removing HYCU 87
Snapshot settings 91
Display settings 92
Scheduler settings 92
7
Chapter 1
About HYCU
HYCU is a high performing backup and recovery solution for Nutanix. It is the first data
protection solution that is fully integrated with Nutanix, and makes data protection easy to
deploy and simple to use.
8
1 About HYCU
9
1 About HYCU
The following diagram shows the HYCU environment and its components:
10
Chapter 2
The process of deploying the HYCU virtual appliance consists of several tasks. You must size
the backup infrastructure for HYCU, upload the HYCU virtual machine image to a Nutanix
cluster, create a virtual machine for your HYCU deployment, and configure HYCU on the
virtual machine, as shown in the following flowchart:
11
2 Deploying the HYCU virtual appliance
To deploy HYCU, I
Procedure
need to...
Before you start deploying the HYCU virtual appliance, size the
Prepare a backup backup infrastructure according to the requirements. For
infrastructure for HYCU. details, see “Sizing your backup infrastructure for HYCU”
below.
Configure HYCU on the Configure HYCU on the created virtual machine. For details,
virtual machine. see “Configuring HYCU on the virtual machine” on page 17.
After you successfully deploy the HYCU virtual appliance, you can access HYCU by using a
supported web browser. For details on how to log on to HYCU, see “Logging on to HYCU”
on page 18.
Number of
Size Storage Cores Memory
VMs
12
2 Deploying the HYCU virtual appliance
Number of
Size Storage Cores Memory
VMs
GB
n Note HYCU is designed to work with a screen resolution of at least 1280 × 720
pixels.
Firewall settings
If a firewall is configured in your network infrastructure, make sure that the required ports
are open on the following systems:
Nutanix clusters 9440 (TCP) For accessing Nutanix REST API v3.
13
2 Deploying the HYCU virtual appliance
i Important Make sure to leave out the .qcow2 extension when entering
the HYCU image name.
If you enter the HYCU image name in a different format, you will not be able to use
this image for an upgrade.
b. From the Image Type drop-down menu, select DISK.
c. From the Storage Container drop-down menu, select a container for the image to
be uploaded.
d. In the Image Source section, select one of the following:
l From URL
Specify the location of the image file by using a URL.
l Upload a file
Specify the location of the image file saved on your file system.
5. Click Save.
6. Click Close after the image is successfully uploaded.
14
2 Deploying the HYCU virtual appliance
In this instance, <original_path> is the directory where you uploaded the HYCU
virtual appliance image file and <new_path> is the directory where you want to
clone the image file.
After the image is successfully cloned, close the SSH connection.
15
2 Deploying the HYCU virtual appliance
c. In the Disks section, click Add New Disk, and then, in the Add Disk dialog box,
complete the following information:
i. From the Type drop-down menu, select DISK.
ii. From the Operation drop-down menu, select Clone from Image Service.
iii. From the Bus Type drop-down menu, select SCSI.
iv. From the Image drop-down menu, select the name of the image you uploaded.
v. In the Size (GiB) field, enter the size of the virtual disk.
d. Click Add.
4. In the Network Adapters (NIC) section, click Add New NIC, and then, in the Create NIC
dialog box, provide the following information:
a. From the VLAN Name drop-down menu, select a VLAN.
b. Click Add.
5. Click Save.
16
2 Deploying the HYCU virtual appliance
4. In the Select a compute resource context, select the Nutanix cluster running on ESXi.
Click Next.
5. In the Select storage context, select the datastore where the HYCU backup controller
will reside. Click Next.
6. In the Select compatibility context, leave the default values, and then click Next.
7. In the Select a guest OS context, select the Linux guest OS family and the CentOS 7 (64-
bit) guest OS version from the drop-down menus. Click Next.
8. In the Customize hardware context, do the following:
a. Enter the number of CPUs and cores per socket, and a desired amount of RAM.
b. Remove the following hardware: New Hard disk, CD/DVD Drive, and Floppy Drive by
clicking x in the respective string.
c. From the New device drop-down menu, select Existing Hard Disk, and then click
Add. In the Select File dialog box that opens, select the cloned HYCU virtual
appliance image file, and then click OK.
d. In the New Network section, select the network you will use for HYCU.
e. Click Next.
9. In the Ready to complete context, review the settings, and then click Finish.
17
2 Deploying the HYCU virtual appliance
n Note The domain name should begin with a letter and contain one or
more periods. It may also contain only letters, numbers, and hyphens ("-").
b. Click OK.
4. The progress of the HYCU backup controller configuration displays. After the HYCU
backup controller is configured, confirm the summary message by clicking OK.
You can start using HYCU immediately with a prebuilt Instant-on license. This license
expires automatically after 60 days and cannot be reused. Therefore, make sure to obtain a
permanent license within this 60-day period. For instructions, see “Licensing” on page 77.
Logging on to HYCU
After you successfully deploy the HYCU virtual appliance, you can access HYCU by using a
supported web browser. For a list of supported web browsers, see the HYCU Compatibility
Matrix.
https://<server_name>:8443
In this instance, <server_name> is the fully qualified domain name of the HYCU server
(for example, https://hycu.example.com:8443).
2. On the logon page, enter your logon name and password. You can use the default user
name and password for initial access to HYCU:
Password: admin
For security purposes, it is highly recommended that you change the default password.
n Note The level of access depends on your HYCU account. For details, see “Setting
up accounts” on page 74.
You can now start establishing your backup environment to enable data protection. For
more information, see “Establishing a backup environment” on page 19.
After you log on to the HYCU web user interface, you can configure your environment to
use also the HYCU command-line interface (hycli). For more information, see “Using the
command-line interface” on page 87.
18
Chapter 3
Establishing a backup
environment
After you deploy the HYCU virtual appliance and log on to HYCU, you must establish a
backup environment in which data will be effectively protected. Establishing the backup
environment involves adding Nutanix clusters, setting up backup targets, and, if your
environment requires custom policies, creating them.
The following flowchart explains the tasks you need to perform to establish your backup
environment:
19
3 Establishing a backup environment
The tasks that are required to establish a backup environment can be performed only by
Administrators (including the Built-in Administrator), and are as follows:
l “Specifying Nutanix clusters” below
l “Setting up backup targets” below
You can enable data protection by using the predefined backup policies that come with
HYCU. If you do not want to use any of them, make sure that you create your own backup
policies. For details, see “Creating a backup policy” on page 32.
You can also edit any of the existing Nutanix clusters (click Edit and make the required
modifications) or delete the ones that you do not need anymore (click Delete).
20
3 Establishing a backup environment
The approach to set up backup targets is common for different target types. However, there
are specific prerequisites and steps that are required for each target type. Depending on
which backup target you want to set up, see one of the following sections:
l “How to set up an AWS S3/Compatible target” below
l “How to set up an Azure target” on the next page
l “How to set up an NFS target” on page 23
l “How to set up an SMB target” on page 24
l “How to set up an iSCSI target” on page 26
Recommendation
It is recommended that the backup target is dedicated only to a single HYCU backup
controller.
i Important The target that you use for archiving data cannot be used for
backing up data or storing copies of backup data.
21
3 Establishing a backup environment
The backup target is added to the list of targets. For details on managing backup targets,
see “Managing backup targets” on page 67.
Recommendation
It is recommended that the backup target is dedicated only to a single HYCU backup
controller.
i Important The target that you use for archiving data cannot be used for
backing up data or storing copies of backup data.
22
3 Establishing a backup environment
The backup target is added to the list of targets. For details on managing backup targets,
see “Managing backup targets” on page 67.
Recommendation
It is recommended that the backup target is dedicated only to a single HYCU backup
controller.
23
3 Establishing a backup environment
If the backup throughput allows, you can specify that more backup jobs run
concurrently to reduce the duration of backups and the amount of queued backup
jobs.
d. Use the Use for archiving switch if you want this target to be reserved for data
archives.
i Important The target that you use for archiving data cannot be used for
backing up data or storing copies of backup data.
The backup target is added to the list of targets. For details on managing backup targets,
see “Managing backup targets” on page 67.
Recommendation
It is recommended that the backup target is dedicated only to a single HYCU backup
controller.
24
3 Establishing a backup environment
i Important The target that you use for archiving data cannot be used for
backing up data or storing copies of backup data.
25
3 Establishing a backup environment
The backup target is added to the list of targets. For details on managing backup targets,
see “Managing backup targets” on page 67.
l The HYCU iSCSI Initiator secret is added on the iSCSI server if you want to enable
mutual authentication between HYCU and the iSCSI server.
l For improved backup and restore performance, the iSCSI Data Service IP address is
specified on the Nutanix cluster by using the Prism console ( > Cluster Details).
This automatically enables the Nutanix load balancing feature during backup and
restore, which eliminates heavy I/O load on the Nutanix cluster and containers. For
details, see Nutanix documentation.
26
3 Establishing a backup environment
d. Use the Use for archiving switch if you want this target to be reserved for data
archives.
i Important The target that you use for archiving data cannot be used for
backing up data or storing copies of backup data.
n Note If data from sources other than HYCU resides on the storage device,
such target cannot be set for HYCU backups.
c. Use the Target encryption switch if you want the data stored on this target to be
encrypted.
n Note If you enable target encryption, you cannot use this backup target for
an internal backup.
4. If the iSCSI server requires CHAP authentication, in the CHAP section, do the following:
a. Use the switch to turn the CHAP authentication option on, and then provide a user
name and the target secret (the security key) for the user's account to access the
iSCSI server.
b. Use the Perform mutual authentication switch if you want the iSCSI target to be
authenticated by HYCU. In this case, the HYCU iSCSI Initiator secret must be
specified on the iSCSI server. For details about setting the iSCSI Initiator secret, see
“Setting the iSCSI Initiator secret” on page 83.
5. Click Save.
The backup target is added to the list of targets. For details on managing backup targets,
see “Managing backup targets” on page 67.
When defining your backup policy strategy, take into account the specific needs of your
environment and consider the following approaches:
27
3 Establishing a backup environment
If you consider one of the predefined or custom backup policies satisfies all data protection
goals of your environment, you can set such a policy as default. This default policy is
assigned to all existing virtual machines and applications that do not have an assigned
policy yet (if there are any), and to all newly discovered virtual machines and applications.
For details, see “Setting a default backup policy” on page 35.
HYCU comes with the following predefined backup policies that you can select from the list
of policies when backing up a virtual machine or an application:
Type of predefined
Description
backup policy
If you want to exclude virtual machines or applications from being backed up, you can use
the Excluded backup policy.
28
3 Establishing a backup environment
You can use backup windows with both predefined backup policies and custom backup
policies.
n Note If you use a backup window, the backup jobs run only during the specified
hours. Make sure that the RPO specified in the affected policy can be achieved within
this backup window. If the RPO is shorter than the largest time frame in which backups
do not run, such RPO cannot be achieved during the hours out of the backup window.
i Important All scheduled backup jobs are run based on the HYCU backup
controller time zone.
The selected time frames are displayed in the Time Frames field. If you want to delete
any of the selected time frames, click x next to it.
5. Click Save.
6. In the Backup Window dialog box, click Close.
You can later edit any of the existing backup windows (click Edit and make the required
modifications) or delete the ones that you do not need anymore (click Delete).
29
3 Establishing a backup environment
Example
You have selected the Bronze policy and specified the time frame for the backup jobs to
be from Monday to Friday from 6 PM to 6 AM, and from Saturday to Sunday all day long.
In this case, the backup jobs will be run every 24 hours at any point of time within the
specified backup window.
Prerequisite
The archive target is reserved only for data archives (no backup data is stored on the
archive target).
30
3 Establishing a backup environment
4. Add any of the desired archiving options to the list of the enabled options by clicking it.
The following options are available:
5. Specify the hour and the minute when the archive job should begin running.
6. Depending on which archiving options you have enabled, do the following:
7. Click Save.
You can later edit any of the existing data archives (click Edit and make the required
modifications) or delete the ones that you do not need anymore (click Delete).
31
3 Establishing a backup environment
Backup
Allows you to select a backup window for backup jobs.
window
Archiving Allows you to store data for a longer period of time. The data is
32
3 Establishing a backup environment
Enabled
Procedure
option
33
3 Establishing a backup environment
Enabled
Procedure
option
To archive data, in the Archiving section, from the Data archive drop-
Archiving down menu, select a data archive. If no data archive is available and
you want to create one, see “Creating a data archive” on page 30.
34
3 Establishing a backup environment
Enabled
Procedure
option
days, hours, or minutes) for snapshots. For example, if you set the
RPO to two days and the snapshot retention period to four days,
you will have two snapshots available on the Nutanix cluster.
5. Click Save.
The custom backup policy is created and added to the list of backup policies. For details on
managing backup policies, see “Managing backup policies” on page 69.
If you later decide not to use this backup policy as the default one, click Clear Default.
35
Chapter 4
Protecting data
With the HYCU backup and recovery solution, you can be confident that your business data
is protected, which means that it is backed up in a consistent state, stored, can be restored,
accessed, and is not corrupted.
HYCU enables you to back up virtual machines residing on Nutanix clusters. After you
establish your backup environment (that is, specify the Nutanix clusters, set up the backup
targets, and, optionally, create the backup policies), you can enable data protection. When
you complete the first backup, you can restore the data that is backed up if it becomes
damaged or corrupted.
Because HYCU is application-aware, when you set credentials for virtual machines, it
discovers if any applications are installed and running on them. In addition, it also detects
details about the discovered applications such as their versions, the hosts where individual
components for the discovered application are installed, and the role of each host. To
ensure application consistency, HYCU provides the application-aware backup and restore.
The approach you choose for backing up your data largely depends on the type of restore
you want to perform. You may want to perform the restore at the virtual machine or
application level, or be able to restore only specific files inside the virtual machines. HYCU
provides different levels of data consistency depending on your restore strategy.
36
4 Protecting data
The following table explains which approach you should use for protecting your data and
provides quick access to the backup instructions:
1. Back up virtual
machines. For
Virtual machine data Basic backup instructions, see
“Backing up virtual
machines ” on page 40.
37
4 Protecting data
Prerequisites
Before you start enabling access to data, make sure the following prerequisites are met:
l On Windows 7 and 2008 R2, Windows PowerShell 3.0 is installed. For an application-
aware backup, the Windows PowerShell Script Execution Policy (Set-
ExecutionPolicy) is set to RemoteSigned.
l On Windows 7, 8, and 10, and Windows Server 2008 R2, WinRM is enabled and
configured by using the winrm quickconfig command.
l Windows user account with WinRM permissions exists. For an application-aware
backup, this account should have access to the application.
l On Linux, port 22 is open and the SSH daemon is running.
l For the Nutanix cluster running on ESXi: VMware Tools is installed on the client virtual
machine. For detailed information about installing VMware Tools, see VMware
documentation.
38
4 Protecting data
To enable access to files and applications residing on the virtual machines, follow these
steps:
1. For a file-level backup, provide access to files inside the virtual machines. For details,
see “Assigning credentials to virtual machines” below.
2. For an SQL Server or Exchange Server application-aware backup, also provide access to
application data if the discovered applications do not use virtual machine credentials.
For details, see “Assigning credentials to applications” on the next page.
You can also edit any of the existing credentials (click Edit and make the required
modifications) or delete the ones that you do not need anymore (click Delete).
i Important You can unassign or delete credentials from a virtual machine only if
the discovered applications running on it do not have assigned policies or available
restore points. Therefore, before unassigning or deleting credentials, make sure to
unassign policies or mark restore points as expired.
Application discovery
The process of application discovery starts automatically after you assign credentials to
virtual machines. HYCU can discover the following applications that are running on virtual
machines:
l SQL Server
l Active Directory
n Note The following roles are supported for Active Directory: Active Directory
Domain Services, Active Directory Lightweight Directory Services, Active Directory
39
4 Protecting data
Certificate Services, Active Directory Federation Services, and Active Directory Rights
Management Services.
l Exchange Server
For a list of supported application versions, see the HYCU Compatibility Matrix.
When the application discovery job completes, the discovered applications are listed in the
Applications panel.
i Important SQL Server only. The specified account must have sysadmin role on
the SQL Server application instance. The SQL Server account that connects by using
SQL Server Authentication is not supported.
5. Click Save.
40
4 Protecting data
Limitation
Only a backup of local fixed disks is supported. When backing up a virtual machine with
remote volumes (for example, iSCSI, disk arrays, mapped network disks), such volumes are
not included in the snapshot and are consequently not backed up.
t Tip You can update the list of virtual machines running in the selected Nutanix
cluster or clusters by clicking Synchronize. To narrow down the list of displayed
virtual machines, you can use the filtering options described in “Filtering data in
panels” on page 62.
After you assign the backup policy, the backup is scheduled according to the values that
you defined for your backup policy.
n Note If required, you can also perform a manual backup at any time. For details,
see “Performing a manual backup” on page 43.
Backing up applications
An application-aware backup allows a consistent backup of the SQL Server, Active Directory,
and Exchange Server applications.
Prerequisites
Before you start backing up applications, the following prerequisites must be met:
41
4 Protecting data
Limitations
Before you start backing up applications, keep in mind the following application-specific
limitations:
You can protect data only for stand-alone Exchange Servers. Backing
up an Exchange Server Database Availability Group (DAG) is not
Exchange Server
supported. Consequently, assigning policies to such instances is not
possible.
n Note If Active Directory and Exchange Server applications are running on the same
42
4 Protecting data
virtual machine and you plan to use the same approach for protecting both
applications, you can assign a backup policy only to the Exchange Server application. In
this case, the state of Active Directory application is backup consistent state and it is
backed up together with Exchange Server automatically.
After you make sure that all the prerequisites are met and that you are familiar with all the
limitations, you can continue with backing up applications.
t Tip To narrow down the list of all displayed applications, you can use the
filtering options described in “Filtering data in panels” on page 62.
After you assign the backup policy to the selected applications, the backup is scheduled
according to the values that you defined for your backup policy.
n Note If required, you can also perform a manual backup of any application at any
time. For details, see “Performing a manual backup” below.
t Tip In the navigation pane, click Jobs to check the overall progress of the
backup.
43
Chapter 5
Restoring data
You can start restoring data when at least one successful backup is performed. Depending
on the approach you used for backing up your data, you can perform different types of
restore.
i Important The Details section appears only if you click a virtual machine.
Selecting the check box before the name of the virtual machine will not open the
Details section.
2. In the Details section that appears at the bottom of the screen, select the desired
restore point.
44
5 Restoring data
Restore virtual a. Click Restore VM Disk Files, and then click Next.
machine disk files
i Important During the restore of virtual machine
disk files, no additional restores or expiring backups
can be performed for this virtual machine.
45
5 Restoring data
5. Click Restore.
n Note Because the minimum RAM required for restoring a virtual machine is 256
MB, any virtual machine with less RAM is automatically set to 256 MB during restore.
46
5 Restoring data
Prerequisites
l You have performed a file-level backup. For details, see “Protecting data” on page 36.
l One of the following file systems is used:
On Windows: NTFS, FAT, or FAT32
On Linux: xfs, ext4/ext3/ext2, reiserfs, or btrfs
Limitation
Performing a file-level restore on dual-boot systems is not supported.
i Important The Details section appears only if you click a virtual machine.
Selecting the check box before the name of the virtual machine will not open the
Details section.
2. In the Details section that appears at the bottom of the screen, select the desired
restore point.
3. Depending on whether the snapshot for the selected restore point is online, do one of
the following:
l If the snapshot is online, the Restore Files option is available and you can start
the procedure for restoring the files by clicking it.
l If the snapshot is not online, you first need to prepare the files for the restore:
a. Click Prepare for Restore Files. The Prepare for Restore Files dialog box
appears.
b. Use the Restore with original settings switch if you want to enable or disable
restoring data with original settings.
If you choose to use different settings for restoring data, select a container.
c. Click Prepare.
The Restore Files option becomes available and you can start the procedure for
restoring the files by clicking it.
4. In the Restore Files dialog box, from the list of available files, select the ones that you
want to restore, and then click Next.
t Tip If there are too many files to be displayed on one page, you can move
between the pages by clicking and .
You can also search for a file or a folder by entering its name and then pressing
Enter in the Search field.
47
5 Restoring data
C:\<path>
\\server\<path>
6. Click Restore.
48
5 Restoring data
restore the disk files of the virtual machine on which the application is running to a shared
location.
C Caution When you are restoring the application to the original location, the
restored data overrides the data in the original location. To avoid data loss, make sure
that you back up the potentially unprotected data—the data that appeared between the
last successful backup and the restore. To start a manual backup, see “Performing a
manual backup” on page 43.
SQL Server limitation
Restoring the SQL Server application to another SQL Server application instance is
supported only if you are restoring to the same or higher version of the application.
i Important If the backup status for the selected restore point shows that the
backup is crash consistent, you cannot use this restore point for restoring the
application.
49
5 Restoring data
50
5 Restoring data
6. Click Restore. During the restore of the application, the original application instance is
offline and not accessible.
Limitations
l The restore of discovered applications is available for the NTFS, FAT, and FAT32 file
systems.
l Exchange Server application items cannot be restored to a different application
instance.
l Restoring SQL Server application items to another SQL Server application instance is
supported only if you are restoring to the same or higher version of the application.
51
5 Restoring data
i Important If the backup status for the selected restore point shows that the
backup is crash consistent, you cannot use this restore point for restoring the
application items.
8. Click Restore.
52
Chapter 6
HYCU provides an internal backup as a disaster protection strategy for your HYCU backup
controller virtual machine. If a disaster with the HYCU backup controller occurs (for
example, if it is deleted by accident or if the Nutanix cluster on which it is running goes
down), use this strategy to successfully protect and recover the HYCU backup controller.
n Note HYCU uses synthetic full backups for backing up the HYCU backup controller.
This means that each backup represents a consolidation of the full backup and a
number of incremental backups. After the new backup is created, all old backups are
marked as expired.
To improve protection of your HYCU backup controller and increase its invulnerability, it is
highly recommended to combine the internal backup strategy with the native Nutanix data
protection strategy (for example, by including the HYCU backup controller to the Nutanix
protection domain). For detailed instructions on how to implement data protection for
virtual machines in Nutanix, see Nutanix documentation.
Limitation
For an internal backup, you can use only NFS, SMB, and iSCSI targets that are not
encrypted.
i Important Make sure that your backup policy has only one backup target
53
6 Protecting the HYCU backup controller
selected (NFS, SMB, or iSCSI) and that it does not have the Archiving and Copy
options enabled. Otherwise, assigning the backup policy to the HYCU backup
controller will not be possible.
For detailed information about backup policies, see “Defining your backup policy
strategy” on page 27.
4. Click Assign to assign the backup policy to the HYCU backup controller.
If you change the backup policy in any of the following ways after assigning it to the HYCU
backup controller, keep in mind the following:
l If you add multiple targets as backup targets to the policy (or automatic selection is
enabled), a new full backup will be performed every time the target changes.
l If you add one or more backup copy targets, every backup copy size will be equal to the
size of the full backup.
In this instance, <controllerUuid> is the HYCU backup controller UUID, which you can
see in the Licensing dialog box, in the Controller string. To access the Licensing dialog
box, click Administration, and then select Licensing.
t Tip Keep note of the target and the location of the backup.
l Every time the target is changed, the information in the Events panel is updated and
shows a message about the new location of the backup files.
54
6 Protecting the HYCU backup controller
t Tip The easiest way for you to locate the disk image file in the
/bkpctrl/controllerUuid folder would be to search for the largest file.
55
6 Protecting the HYCU backup controller
i. Log on to the HYCU backup controller console, and then run the nmtui
command.
ii. In the NetworkManager TUI dialog box, click Edit a connection, select a
currently active connection, and then enter the network properties of the
original HYCU backup controller.
56
Chapter 7
Track tasks that are running in my environment and “Checking the status of jobs” on
get an insight into the specific task status. page 59
View the backup status of virtual machines and “Viewing virtual machine and
applications. application details ” on page 60
In case of the recognized problems in the Nutanix environment that can degrade the
efficiency and reliability of data protection (for example, when storage, vCPU, or memory
utilization is exceeded), you can make adjustments to better meet your data protection
goals. For details, see “Adjusting the HYCU virtual machine resources” on page 71.
57
7 Performing daily tasks
protection activity and to quickly identify areas that need your attention. You can use this
dashboard as a starting point for your everyday tasks because it enables you to easily
access the area of interest by simply clicking the corresponding widget.
i Important Your account permissions define which widgets you are allowed to
see and access.
The following table describes what kind of information you can find within each widget:
Shows the percentage of policies that are compliant, and the exact
number of compliant and incompliant policies. A policy is
considered compliant if all virtual machines and applications
Policies
within this policy are compliant with the policy settings. For
detailed information about policies, see “Defining your backup
policy strategy” on page 27.
58
7 Performing daily tasks
Backups Shows the backup job success rate for the last seven days.
59
7 Performing daily tasks
l Generate a report about a specific job by selecting it, and then clicking Report. To
copy the report to the clipboard, in the Job Report dialog box that opens, click Copy to
clipboard.
l Cancel a currently running job by selecting it, and then clicking Abort Job.
Viewing events
The Events panel enables you to view all events that occurred in your environment, to check
details about the selected event, and to list events that match the specified filter.
To open the Details section where you can find the event summary and more details about
the event, click the desired event.
60
7 Performing daily tasks
You can view the following information about each restore point:
l Date and time when the restore point was created.
l Full or Incremental: Shows the type of backup.
Restore point l Snapshot: Visible only if the Nutanix cluster contains a local
snapshot that enables you to perform a fast restore.
l Copy: Visible only if the Copy policy option is enabled.
l Archive: Visible only if the Archiving policy option is enabled.
Backup status For details, see “Viewing the backup status of VMs and APPs ” below.
(Success) h h h
(Success with warnings) h h ha
(Success with errors) hb hc hd
(Error) x x x
a You cannot specify a point in time to which you want to restore data. This backup status
may occur because disk mapping failed or a virtual machine does not have an NIC, or, in
61
7 Performing daily tasks
case of applications, at least one database log backup failed (whereas all other databases
are in a consistent state).
b Because not all virtual machine disk files were backed up successfully, the virtual machine
can be partially restored. It may not be possible to turn it on if one of the system disks was
not backed up.
c Because not all virtual machine disk files were backed up successfully, the individual files
can be partially restored—only the files that are displayed in the Restore Files dialog box
can be restored.
d An application can be partially restored—only the databases that are displayed in the
Depending on the panel the contents of which you want to filter, see one of the following
sections for the details about available filtering options:
l “Filtering options in the Applications panel” on the next page
l “Filtering options in the Virtual Machines panel” on the next page
l “Filtering options in the Policies panel” on page 64
l “Filtering options in the Targets panel” on page 65
l “Filtering options in the Jobs panel” on page 65
l “Filtering options in the Events panel” on page 66
l “Filtering options in the Self-Service panel” on page 66
62
7 Performing daily tasks
Search Enter a search term. You can filter by the name of the application.
From the drop-down menu, select the clusters that host the virtual
Clusters
machines on which the applications are running.
From the drop-down menu, select the backup policies that are
Policies assigned to the virtual machines on which the applications are
running.
From the drop-down menu, select the owners that are assigned to
Owners
the virtual machines on which the applications are running.
Application types From the drop-down menu, select the application types.
Search Enter a search term. You can filter by the virtual machine name,
63
7 Performing daily tasks
From the drop-down menu, select the clusters that host the virtual
Clusters
machines.
From the drop-down menu, select the credentials for the virtual
Credential groups
machines.
From the drop-down menu, select the backup policies that are
Policies
assigned to the virtual machines.
From the drop-down menu, select the owners that are assigned to
Owners
the virtual machines.
Enter a search term. You can filter by the name of the backup
Search
policy.
Compliancy Select one or more check boxes to filter by the compliancy status:
64
7 Performing daily tasks
l Success
l Failure
l Undefined
Enter a search term. You can filter by the name of the backup
Search
target.
Select one or more check boxes to filter by the status of the target:
l Ok
Status l Warning
l Error
l Undefined
Enter a search term. You can filter by the job name or the job
Search
UUID.
Select one or more check boxes to filter by the status of the job:
l Ok
l Warning
Status
l Failed
l Queued
l Executing
65
7 Performing daily tasks
l Aborted
Enter a text string to filter the list to include only the messages with
Message
the specified string.
Enter a text string to filter the list to include only the categories with
Category
the specified string.
Severity l Success
l Warning
l Failed
Select one of the following check boxes to filter by the status of the
user (that is, which users are allowed to log on to HYCU and which
Status are not):
l Active
l Inactive
66
7 Performing daily tasks
Backup target
Description
information
Type Type of backup target (AWS S3/Compatible, Azure, SMB, NFS, or iSCSI).
Percentage of the specified backup target size that is already used for
Utilization
storing protected data.
67
7 Performing daily tasks
Backup target
Description
information
l Read/Write: You can use this backup target for backing up and
restoring data.
l Read Only: You can use this backup target only for restoring data.
For details on how to change the status of the backup target, see
“Activating or deactivating a backup target” below.
To open the Details section where you can find the backup target summary and more
details about the backup target, click the desired backup target.
C Caution Making any changes to the target location may result in data loss.
Therefore, before specifying a new target location, make sure you have already
moved the existing backup data to this new location on the same or a different
server.
3. Click Save.
68
7 Performing daily tasks
Prerequisites
l The size of the backup target has been increased on the iSCSI server.
l No backup or restore job is in progress on the selected backup target.
l No other maintenance task is already running on the selected backup target (such as
editing the backup target and updating the iSCSI Initiator secret or resetting mutual
CHAP authentication sessions for the backup targets with CHAP authentication
enabled).
l No other size increase of the selected backup target has already been started.
You will receive a message that indicates whether increasing the size of the iSCSI backup
target completed successfully.
69
7 Performing daily tasks
Backup policy
Description
information
Total number of virtual machines that have the particular backup policy
VM Count
assigned to them.
Description of the backup policy (how often backup and restore jobs
Description
are performed).
To open the Details section where you can find the backup policy summary and more
details about the backup policy, click the desired backup policy.
When editing a backup policy that is assigned to several virtual machines, one of which is
the HYCU backup controller, make sure that the backup policy remains applicable for an
internal backup. For details on protecting the HYCU backup controller, see “Protecting the
HYCU backup controller” on page 53.
70
7 Performing daily tasks
Depending on whether you want to expire virtual machine or application backups, access
one of the following panels:
i Important Any subsequent incremental backups until the next full backup is
performed will also be marked as expired.
After you mark a recovery point as expired, the HYCU cleaning process removes expired
backups from the backup target.
71
7 Performing daily tasks
1. Log on to Nutanix Prism. For details about the Prism web console, see Nutanix
documentation.
2. In the menu bar, click Home, and then select VM.
3. Click the Table tab to display the VM Overview view.
4. From the list of virtual machines, select your HYCU virtual machine, and then click
Power Off Actions to shut down the virtual machine.
i Important Wait a moment for the virtual machine to shut down completely.
5. Click Update, and then, in the Update VM dialog box, modify the configuration as
required, and click Save.
6. Click Power on to turn on the virtual machine.
72
Chapter 8
There are two kinds of HYCU accounts, the administrator account and the self-service
account. Each of these accounts includes a different type of protection service with a
specified collection of permissions and the scope of available tasks:
Protection
Description
service
73
8 Managing HYCU accounts
Protection
Description
service
Setting up accounts
Setting up accounts enables you to add new accounts, edit the existing ones, delete the
ones that you do not require anymore, and activate or deactivate them.
You can also edit any of the existing accounts (click Edit and make the required
modifications) or delete the ones that you do not need anymore (click Delete).
If you created a self-service account, you need to assign virtual machines to it. For details,
see “Setting ownership for virtual machines” on the next page.
74
8 Managing HYCU accounts
l If the status of the selected account is Inactive and you want to activate it, click
Activate.
2. Select which account you want to assign as an owner of the selected virtual machines,
and then click Assign.
75
Chapter 9
Administering
After you deploy HYCU, you can perform various tasks to administer and customize HYCU
for your data protection environment.
Access the HYCU backup controller virtual “Accessing the HYCU backup controller
machine by using SSH. virtual machine by using SSH” on page 85
76
9 Administering
If for whatever reason you decide that you no longer want to use HYCU for protecting your
data, you can easily remove it from your system. For details, see “Removing HYCU” on
page 87.
Licensing
After you deploy the HYCU virtual appliance, you can start using it immediately with a
prebuilt Instant-on license. This license expires automatically after 45 days and cannot be
reused. Therefore, make sure to obtain a permanent license within this 45-day period.
The HYCU license is linked to the HYCU backup controller and is based on the number of
CPU sockets on all Nutanix clusters. You should determine the total number of CPU sockets
on all the Nutanix clusters that you plan to protect by using HYCU, so that you purchase the
required number of licenses.
n Note If you use HYCU with Nutanix Community Edition (CE) environment, you do
not require to purchase HYCU licenses.
After you purchase the required number of HYCU licenses, perform the following tasks:
1. Buy a needed number of HYCU licenses. To discuss the options, contact your Sales
representative.
2. Create a license request. For details, see “Creating a license request” below.
3. Request and obtain licenses from the web licensing portal. For details, see “Requesting
and retrieving licenses” on the next page.
4. Activate the licenses to start using HYCU. For details, see “Activating licenses” on page 79.
Prerequisites
l You bought the required number of HYCU licenses and have an entitlement order
number.
l You added Nutanix clusters that you want to protect to the HYCU environment. For
instructions, see “Specifying Nutanix clusters” on page 20.
Example
77
9 Administering
CN myCompany
PID nutanixbackup
ND C0F90A56-3FCC-4437-A49C-EFBA9B
NRP 3
VER V1N
HSUD FA8A5061C61F6BA5CE5A9B2C007EE
NEXT NODE
Example
license.dat license file:
CN myCompany
PID nutanixbackup
ND C0F90A56-3FCC-4437-A49C-EFBA9BD8FC0F
NRP 3
EXP 02.08.2017
VER V1N
LK D29CB215357FED55304012B02143CA9437ED5D8FC556
NEXT NODE
Activating licenses
After you submit your license request for the HYCU licenses to the web licensing portal, you
get an email with a product license file attached. Activate the licenses as follows:
78
9 Administering
After the licenses are activated, the licensing related information is updated.
n Note You can always add new licenses for your grown environment. Contact your
HYCU Sales Representative.
You can check the licensing related information at any time. The following license related
information is displayed in the Licensing dialog box:
l License type
l Backup controller ID
l Status
l Actual number of sockets
l Licensed number of sockets
Upgrading HYCU
You can upgrade HYCU when a new software version is available. Because the upgrade
process aborts all currently running jobs, make sure that the jobs you do not want to be
aborted are finished and targets are deactivated before you start the upgrade.
79
9 Administering
i. From URL
Specify the location of the image file by using a URL.
ii. Upload a file
Specify the location of the image file saved on your file system.
e. Click Save.
f. Click Close after the image is successfully uploaded.
2. Log on to HYCU. For details, see “Logging on to HYCU” on page 18.
3. Access the Upgrade Software dialog box. To do so, click Administration, and then
select Upgrade Software.
4. In the Upgrade Software dialog box, check the current version of HYCU and all available
versions.
5. From the list of the available versions, select the one to which you want to upgrade
HYCU, and then click Upgrade.
i Important Make sure that the IP address is set correctly so that it accurately
reflects your network environment.
2. In the DNS Addresses tab, click Add to add a new DNS address.
If you want to delete any DNS address, click Delete to the right of it.
3. In the Domains tab, click Add to add a new domain.
If you want to delete any existing domain, click Delete to the right of it.
4. Click Save.
80
9 Administering
Management Port.
To change the listening port number of the HYCU web user interface, follow these steps:
1. In the Management Port dialog box, change the existing port number to the desired
one.
i Important Make sure that the port you choose is not used by any other
process.
2. Click Save.
In the SSL Certificate dialog box that appears, you can view the information about your SSL
certificate, such as the certificate holder's name, the certificate's expiry date, and the
strength of the certificate keys.
n Note It is recommended that you replace the default self-signed certificate with a
CA signed certificate.
Importing a CA certificate
You can import only CA certificates that are compliant with the PKCS#7 standard and
encoded in the DER or PEM format. The HYCU backup controller holds only one custom
SSL certificate. When you import a new certificate, the previous certificate is discarded.
n Note If the certificate that you want to import uses a wildcard for the Common
Name (CN), make sure that the Certificate Subject Alt Name field exists and contains the
81
9 Administering
list of all possible host names or FQDNs, and their corresponding IP addresses.
Otherwise, the certificate may be recognized as invalid by your browser or hyCLI.
To import a CA certificate, do the following:
1. Click Import. The Import dialog box appears.
2. Browse for the following imported files:
l Private key: Click Browse to select the private key associated with the certificate to
be imported.
The private key should be created by using RSA or DSA algorithm and be compliant
with the PKCS#1 or PKCS#8 standard.
l Public certificate: Click Browse to select the signed public part of the server
certificate corresponding to the private key.
l CA certificate/chain: This field is optional, if the public certificate contains CA
certificate/chain. Click Browse to select the certificate or chain of the signing
authority for the public certificate.
3. Click Import.
i Important Any changes that you make to your SSL certificate will result in an
automatic logoff.
Depending on the nature of your business, you can either enable or disable FIPS-compliant
mode for HYCU.
Limitation
When FIPS-compliant mode is enabled, you cannot assign credentials to Linux virtual
machines, and consequently restore individual files.
82
9 Administering
To enable FIPS-compliant mode for HYCU, as the root user or by using sudo, do the
following:
1. Stop the HYCU web server:
/opt/grizzly/bin/enable_fips.sh
/opt/grizzly/bin/enable_fips.sh -d
If you want to configure mutual CHAP authentication between the iSCSI Initiator and the
iSCSI target, you must specify the iSCSI Initiator secret (the security key). For details on how
to enable mutual authentication, see “Setting up backup targets” on page 20.
83
9 Administering
To export the encryption key to a file, in the Encryption dialog box, click Export.
All currently running jobs are allowed to complete normally. All jobs
Suspend
that are in the queue will start when the HYCU backup controller is
resumed. While activities are paused, you cannot start any new jobs.
Setting up logging
This section describes the steps you must perform if you want to set up logging to help you
analyze and troubleshoot the entire HYCU operation and the backup and restore
functionality.
84
9 Administering
3. When required, you can download log files by clicking Download Logs. After you
extract the log.zip file, check the log files at the following location:
/opt/grizzly/logs/
4. Click Save.
i Important Using SSH to perform any tasks other than restarting the HYCU web
server or the entire appliance is not recommended.
After you deploy the HYCU virtual appliance, you can use the following default credentials to
access the HYCU backup controller virtual machine by using SSH:
Password: hycu/4u
ssh hycu@<HYCU_backup_controller_IP_address>
85
9 Administering
passwd
When requested, enter the default password again, and then enter and verify your new
password.
ssh hycu@<HYCU_backup_controller_IP_address>
After performing this procedure, your SSH connection will be disabled. To re-enable SSH,
you need to connect to the HYCU backup controller virtual machine through the Nutanix
Prism web console.
ssh hycu@<HYCU_backup_controller_IP_address>
86
9 Administering
1. Download the hycli.zip package. To do so, click at the upper right of the screen,
and then select Download hyCLI.
2. Save and extract the hyCLI.zip file to any location on your system.
3. Add the directory containing the extracted files to the PATH environment variable.
n Note hyCLI log files are located at .Hycu/log in the user's home directory. You can
change logging settings for hyCLI in the logging.properties and log4j.properties
files located in the directory containing the extracted files.
For detailed information about hyCLI, see the README.txt file that you can find in the
directory containing the extracted files.
For more information on the hyCLI structure, commands, and usage, run the hycli help
command.
Removing HYCU
When you remove HYCU from your environment, you also need to perform additional
cleanup tasks.
87
9 Administering
i Important By running this command, you will also remove all third-party
snapshots created by using Nutanix REST API v3, not only those created by HYCU.
3. Log on to the Nutanix Prism web console by using your Nutanix logon credentials.
Delete the HYCU backup controller virtual machine as follows:
a. In the menu bar, click Home, and then select VM.
b. Click the Table tab, and then, from the list of virtual machines, select the HYCU
backup controller virtual machine.
c. Click Delete. In the dialog box that appears, click Delete to confirm that you want
to delete the HYCU backup controller virtual machine.
88
Appendix A
Customizing HYCU
configuration settings
You can customize the configuration settings in the config.properties file to meet your
specific HYCU environment needs and provide optimal performance. You can find the
config.properties file in the /opt/grizzly folder on your HYCU backup controller.
Depending on which configuration settings you want to customize, see one of the following
sections:
l “Email notification settings” on the next page
l “Snapshot settings” on page 91
l “Utilization threshold settings” on page 91
l “Display settings” on page 92
l “Scheduler settings” on page 92
l “SQL Server application settings” on page 92
l “Settings for aborting jobs” on page 92
ssh hycu@<HYCU_backup_controller_IP_address>
sudo vi /opt/grizzly/config.properties
89
A Customizing HYCU configuration settings
n Note Because you will use the vi console text editor to customize HYCU
configuration settings, basic knowledge of using the editor is required.
:wq!
5. Restart the HYCU web server (the Grizzly server) for the changes to take effect:
Setting Description
90
A Customizing HYCU configuration settings
Setting Description
Snapshot settings
You can customize the maximum number of snapshots to be retained by adjusting these
settings:
Setting Description
Setting Description
91
A Customizing HYCU configuration settings
For detailed information about the health status of the backup target, see “Viewing backup
target information” on page 67.
Display settings
You can use the following settings to customize the maximum number of displayed items:
Setting Description
Scheduler settings
You can use the following setting to customize the behavior of the HYCU scheduler:
Setting Description
Setting Description
Setting Description
92
A Customizing HYCU configuration settings
Setting Description
Time interval (in minutes) at which all jobs that have the
Executing status are retrieved and stopped if they have
jobs.abort.interval.minutes
been in this status longer than specified in the
jobs.abort.deadline.minutes setting. The default value is 15.
93
Provide feedback
For any suggestions and comments regarding this product or its documentation, send us
an e-mail to: