This post covers how to add VVD on VxRail vCenter Servers to DellEMC Avamar.
The standard VMware Validated Design (VVD) architecture requires 2 vCenter Server instances. One vCenter to manage the Cloud Management Platform (CMP) and the second vCenter to manage the Tenant Compute Workload.
The following is a high level architecture of Single Region VVD on VxRail, which includes the 2 vCenter instances
For more detailed information, please see VVD on VxRail Deployment Options.
In order for Avamar to provide data protection for all components, management and workload, both vCenter Servers must be added to Avamar.
Before adding the vCenter Servers, we must configure vCenter to Avamar authentication for each vCenter Server, which involves:
- Adding vCenter Authentication Certificate to the Avamar MCS Keystore
- Creating a dedicated vCenter user account for use with Avamar
Adding the vCenter certificate to Avamar is quite straightforward once you have the required vCenter certificate, which is generated using the CertGenVVD Tool.
Once the file is available locally, it can be uploaded to Avamar via the UI (https://avamar_server/aui).
Browse to System, and then under Certificate > Trust Certificate you can add the vCenter certificate.
Provide an alias for the vCenter server, preferably aligned with the VVD naming structure, browse to select the certificate, and click Next
Enter the IP address of the vCenter Server, as well as Port 443, and click Validate. Once successfully validated, click Finish. The newly added vCenter Server will be displayed under Trust Certificate, as shown below:
A dedicated vCenter user account should also be created for all vCenter-Avamar communications, for example we used an AD account email@example.com and assigned it a custom role ‘AvamarRole’.
The minimum required vCenter user account privileges for this Avamar account can be found in the Dell EMC Avamar for VMware User Guide.
The vCenter Server must now be added as and Avamar Client, from the Avamar UI, as follows:
Navigate to the root of Administration, and under Client select Add VMware vCenter
First step is to enter the vCenter Client Name or IP, and to select the desired Client Domain location as required. We used the FQDN of vvdmgmtvc01.cse.lab and left the domain location at default.
Next step is to enter the vCenter information necessary to connect, such as the vCenter User Name and Password, for which we used the dedicated AD user account firstname.lastname@example.org.
We left the Advanced and Optional Information pages as default, and were presented with the Summary page for confirmation:
Click Add to complete the process of adding the new vCenter Client.
When we opted not to configure the Advanced Options page during the setup, it was because we did not want to auto-detect the VMs under vCenter control. This is optional of course, but what it means is that we then needed to manually add the VMs that we wanted to protect.
To manually add the VMs, navigate to the new vCenter Client in Administration, and select New Client. This launches the following window allowing the user to manually select which VMs to include:
We chose to enable CBT (Change Block Tracking) for selected VMs. In this example we added all of the VVD Mgmt components. Once all relevant VMs were selected, click Yes to begin the import.
That is as much as is required to add a new vCenter Client in Avamar, with Image-level protection available for the selected VMs. Keep in mind that other operations are required such as Proxy VM deployment to the ESXi Hosts in that Cluster, as well as creating backup schedules.
Repeat the same steps for the 2nd vCenter Server, managing the Compute Workload as required. If you are a vRA user and interested in Backup as a Service for your Tenant VMs, then take a look at the DellEMC vRealize Automation Data Protection Extension.