- Notes, cautions, and warnings
- Preface
- Getting Started
- Managing Users
- Managing Storage
- Using the PowerProtect Search Engine
- Managing Assets
- Managing Protection Policies
- Protection policies
- Before you create a protection policy
- Supported enhanced VMware topologies for virtual-machine protection
- Add a protection policy for virtual-machine protection
- Add a Cloud Tier schedule to a protection policy
- Manual backups of protected assets
- Manual replication of protected assets
- Manual Cloud Tiering of protected assets
- Editing a protection policy
- View assets assigned to a protection policy
- Extended retention
- Edit the retention period for backup copies
- Delete backup copies
- Removing expired backup copies
- Removing assets from PowerProtect Data Manager
- Export protection
- Disable a protection policy
- Delete a protection policy
- Add a Service Level Agreement
- Export Asset Compliance
- Protection rules
- Restoring Data and Assets
- View backup copies available for restore
- Restoring a virtual machine or VMDK
- Restoring a virtual machine backup with the storage policy association
- Prerequisites to restore a virtual machine
- Restore to the original virtual machine
- Restore individual virtual disks
- Restore to a new virtual machine
- Instant access virtual machine restore
- File level restore to original virtual machine
- File level restore to alternate virtual machine
- Direct restore to ESXi
- Restore an application-aware virtual machine backup
- Restore the PowerProtect Data Manager server
- Restore Cloud Tier backups to protection storage
- Preparing for and Recovering From a Disaster
- Managing system backups for server disaster recovery
- Prepare the DD system recovery target (NFS)
- Configure PowerProtect Data Manager server DR backups
- Record settings for server DR
- Manage PowerProtect Data Manager server DR backups
- Restore PowerProtect Data Manager from server DR backups
- Troubleshooting NFS backup configuration issues
- Troubleshoot recovery of PowerProtect Data Manager
- Quick recovery
- Recover a failed PowerProtect Data Manager backup
- Managing Alerts, Jobs, and Tasks
- Modifying the System Settings
- System settings
- System Support
- Configuring SupportAssist for PowerProtect Data Manager
- Telemetry Collector
- CloudIQ reporting
- Set up the email server
- Add AutoSupport
- Enabling automatic update package checks and downloads
- Add a log bundle
- Audit logging and monitoring system activity
- Monitor system state and system health
- Access the open source software package information
- Security certificates
- Modifying the PowerProtect Data Manager virtual machine disk settings
- Memory optimization
- Configure the DD system
- Virtual networks (VLANs)
- Protecting Virtual Machines using the Transparent Snapshot Data Mover
- Overview of transparent snapshots for virtual machine protection
- VIB installation monitoring and management
- Transparent snapshot data mover system requirements
- Prerequisites to virtual machine protection with the Transparent Snapshot Data Mover
- Virtual machine transparent snapshot unsupported features and limitations
- Transparent Snapshot Performance and Scalability
- PowerProtect Functionality Within the vSphere Client
- PowerProtect functionality within the vSphere Client
- Overview of the PowerProtect plug-in for the vSphere Client
- Prerequisites for enabling the vSphere Client PowerProtect plug-in
- Monitor PowerProtect Data Manager virtual machine protection copies
- Manual PowerProtect policy backup in the vSphere Client
- Image-level restore of a PowerProtect backup in the vSphere Client
- File-level restore of a PowerProtect backup in the vSphere Client
- Overview of VASA and VMware Storage Policy Based Management
- VMware Cloud (VMC) on Amazon Web Services (AWS)
- PowerProtect Data Manager image backup and recovery
- Supported PowerProtect Data Manager and DDVE deployment configurations
- Deployment and configuration best practices and requirements
- Configuring the VMC-on-AWS portal
- Interoperability with PowerProtect Data Manager features
- vCenter server inventory requirements
- Creating a dedicated cloud-based vCenter user account
- Add a VM Direct Engine
- Unsupported operations
- Azure VMware Solution (AVS) on Microsoft Azure
- PowerProtect Data Manager image backup and recovery
- Supported PowerProtect Data Manager and DDVE deployment configurations
- Deployment and configuration best practices and requirements
- Configuring the AVS-on-Azure portal
- vCenter server inventory requirements
- Creating a dedicated cloud-based vCenter user account
- Add a VM Direct Engine
- Unsupported operations
- Google Cloud VMware Engine (GCVE) on Google Cloud Product (GCP)
- PowerProtect Data Manager image backup and recovery
- Supported PowerProtect Data Manager and DDVE deployment configurations
- Deployment and configuration best practices and requirements
- Configuring the GCVE-on-GCP portal
- vCenter server inventory requirements
- Creating a dedicated cloud-based vCenter user account
- Add a VM Direct Engine
- Unsupported operations
- Performing Updates
- Configuring and Managing the PowerProtect Agent Service
- Backing Up and Recovering a vCenter Server
- Backing up and recovering a vCenter server
- vCenter deployments overview
- Protecting an embedded PSC
- Protecting external deployment models
- vCenter server appliance(s) with one external PSC where PSC fails
- vCenter server appliance is lost but the PSC remains
- vCenter server appliance with multiple PSCs where one PSC is lost, one remains
- vCenter server appliance remains but all PSCs fail
- vCenter server appliance remains but multiple PSCs fail
- vCenter server appliance fails
- vCenter server restore workflow
- Platform Services Controller restore workfow
- Additional considerations
- Command reference
- Backing Up VMware Cloud Foundation (VCF) on VxRail
- Backing up VCF on VxRail
- VCF and VxRail overview
- VCF components and backup methods
- Check VMware certification
- Backup prerequisites
- The backup script
- Quick protection
- Selective protection: SDDC and NSX-T Managers
- Selective protection: vCenter servers
- Selective protection: vRSLCM, VxRail Manager, Workspace ONE Access, and vRealize Suite virtual machines
- SFTP password change: SDDC and NSX-T Managers
- SFTP password change: vCenter servers
- Backup-script troubleshooting
- Best Practices and Troubleshooting
- Base 10 standard used for size calculations in the PowerProtect Data Manager UI
- Best practices and additional considerations for the VM Direct Engine
- Change the limit of instant access sessions
- Configuring a backup to support vSAN datastores
- Configuration checklist for common issues
- Disable vCenter SSL certificate validation
- File-level restore and SQL restore limitations
- FLR Agent for virtual machine file level restore
- FLR-supported platform and OS versions for virtual machine restores
- PowerProtect Data Manager resource requirements in a VMware environment
- Software and hardware requirements
- Support for backup and restore of encrypted virtual machines
- Transport mode considerations
- Virtual disk types supported
- Virtual machine data change rate
- VM Direct Engine data ingestion rate
- VM Direct Engine limitations and unsupported features
- VM Direct Engine performance and scalability
- VM Direct Engine selection with virtual networks (VLANs)
- Best practices for vCenter Server backup and restore
- Changing the vCenter server FQDN
- Monitoring storage capacity thresholds
- Replacing security certificates
- Restarting PowerProtect Data Manager
- Scalability limits for vCenter Server, VM Direct Engine and DD systems
- Troubleshooting network setup issues
- Troubleshooting PowerProtect agent service installations
- Troubleshooting PowerProtect agent service operations
- Troubleshooting PowerProtect Data Manager software updates
- Troubleshooting storage units
- Troubleshooting virtual machine backup issues
- Backup completes with a non-quiesced snapshot warning
- Backup fails when names include special characters
- Deleting vCenter asset sources or moving ESXi to another vCenter
- Failed to lock Virtual Machine for backup: Another EMC vProxy operation 'Backup' is active on VM
- Lock placed on virtual machine during backup and recovery operations continues for 24 hours if VM Direct appliance fails
- Managing command execution for VM Proxy Agent operations on Linux
- PowerProtect plug-in and portlet for vSphere display errors after replacing security certificates
- SQL databases skipped during virtual machine transaction log backup
- SQL Server application-aware backup displays an error about disk.EnableUUID variable
- SQL Server application-consistent backups fail with error "Unable to find VSS metadata files in directory"
- Trailing spaces not supported in SQL database names
- VMware knowledge base articles and product documentation
- Troubleshooting virtual machine restore issues
- Troubleshooting vSphere Plugin deployments
PowerProtect Data Manager 19.9 Administration and User Guide
Backup and restore encryption
You can encrypt backup or restore data that is in transit for centralized and self-service operations with DD Boost encryption, using TLS. Encryption of backup and restore data in-flight is available for application assets and NAS assets only.
By default, PowerProtect Data Manager supports an encryption strength of HIGH and uses DD Boost anonymous authentication mode. The DD Boost encryption software uses the ADH-AES256-SHA cipher suite. The DD Boost for OpenStorage Administration Guide provides more information about the cipher suite for high encryption.
The following table lists the workloads and operations that support encryption of data in-flight:
NOTE Refer to the agent user guides for more information about the centralized and self-service operations that are supported.
| Workload | Centralized backup | Centralized restore | Self-service backup | Self-service restore |
|---|---|---|---|---|
| File System with Application Direct | Yes | Yes (image-level restore only) | Yes | Yes (image-level restore only) |
| Microsoft SQL with Application Direct | Yes | Yes (database-level restore only) | Yes | Yes (database-level restore only) |
| Microsoft Exchange with Application Direct | Yes | N/A | Yes | Yes |
| Oracle with Application Direct | Yes | N/A | Yes | Yes |
| SAP HANA with Application Direct | Yes | N/A | Yes | Yes |
| Network attached storage (NAS) | Yes | Yes | N/A | N/A |
Enabling encryption imposes additional overhead. Backup and restore performance for any client could be affected by 5-20% with encryption enabled.
You can enable or disable backup and restore encryption in the PowerProtect Data Manager UI.
PowerProtect Data Manager supports backup and restore encryption for all supported DD Boost and DDOS versions. The most up-to-date software compatibility information for PowerProtect Data Manager is provided in the eLab Navigator.
NOTE You do not need to enable in-flight encryption on connected
DD systems. If
DD encryption settings exist, the higher setting takes precedence.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\