- Notes, cautions, and warnings
- Preface
- PowerProtect Data Manager Appliance for Virtual Machines Overview
- PowerProtect Data Manager Appliance overview
- Additional information and context
- Supported Internet Protocol versions
- Terminology
- Encryption in-flight
- PowerProtect Data Manager Appliance new deployment overview
- Access the PowerProtect Data Manager Appliance UI
- Security configuration
- Roadmap for virtual machine asset protection
- Enabling Virtual Machine Protection
- About asset sources, assets, and protection storage
- About vCenter server asset sources and virtual assets
- Prerequisites for discovering asset sources
- Enable an asset source
- Adding a vCenter Server asset source
- Protecting virtual machines in a VMware Site Recovery Manager environment
- VM Direct protection engine overview
- Requirements for an external VM Direct Engine
- Protection engine limitations
- Add a VM Direct Engine
- Additional VM Direct actions
- Transparent Snapshots Data Mover protection mechanism
- vSphere Installation Bundle for Transparent Snapshots Data Mover protection
- Install or update the vSphere Installation Bundle
- Disable or re-enable the vSphere Installation Bundle
- Supported versions of VIB and installing PowerProtect Data Manager Appliance update packages
- Migrating assets to use the Transparent Snapshots Data Mover
- Managing Virtual Machine Assets and Protection
- Protection policies for virtual machine protection
- Supported protection policy purposes
- Supported protection policy objectives
- Replication triggers
- Roadmap for planning a protection policy
- Before you add a protection policy for virtual machine protection
- Add a protection policy for virtual machine protection
- Add a service-level agreement
- Managing virtual machine backups
- View available backup copies
- Copy Management
- Add and remove the credentials for virtual machine assets
- Add or remove assets in a protection policy
- Enable or disable Changed Block Tracking (CBT)
- Edit the retention period for asset copies
- Delete virtual machine backup copies
- Snapshot freeze scripts and thaw scripts for virtual machine backups
- Protection rules
- Protection policies for virtual machine protection
- Restoring Virtual Machine Data and Assets
- Prerequisites to restore a virtual machine
- Self-service restores
- View available backup copies for restore
- Restoring a virtual machine or virtual machine disk
- Restoring a virtual machine backup with the storage policy association
- Image-level restores
- Instant Access virtual machine restore
- File-level restores
- File-level restore to the original virtual machine
- File-level restore to alternate virtual machine
- Virtual machine file-level restore from a search
- File level restore as a domain user
- Manually install the VM Direct agent on Linux as a root user from the command line
- Manually install the VM Direct agent on Linux as a non-root user from the command line
- Manually install the VM Direct agent on Windows from the command line
- Restore an application-aware virtual machine backup
- Quick recovery for server DR
- Restore plans
- Protecting Virtual Machines Using the Transparent Snapshots Data Mover
- Overview of Transparent Snapshots Data Mover
- vSphere Installation Bundle monitoring and management
- Transparent snapshots data mover system requirements
- Prerequisites to virtual machine protection with the Transparent Snapshots Data Mover
- Transparent Snapshots Data Mover unsupported features and limitations
- Transparent Snapshots Data Mover performance and scalability
- PowerProtect Functionality Within the vSphere Client
- PowerProtect functionality within the vSphere Client
- Overview of the PowerProtect plug-in for the vSphere Client
- vSphere Client PowerProtect plug-in requirements
- Monitor PowerProtect Data Manager Appliance virtual machine protection copies
- Perform a manual PowerProtect-policy backup in the vSphere Client
- Perform an image-level restore of a PowerProtect backup in the vSphere Client
- File-level restores of a PowerProtect backup in the vSphere Client
- Backing Up and Recovering a vCenter Server
- Backing up and recovering a vCenter server
- vCenter deployments overview
- Protecting an embedded PSC
- Protecting external deployment models
- vCenter Server Appliance with one external PSC where PSC fails
- vCenter Server Appliance is lost but the PSC remains
- vCenter Server Appliance with multiple PSCs where one PSC is lost but one remains
- vCenter Server Appliance remains but all PSCs fail
- vCenter Server Appliance remains but multiple PSCs fail
- vCenter Server Appliance fails
- vCenter server restore workflow
- Platform Services Controller restore workflow
- Additional considerations
- Command reference
- Virtual Machine Best Practices
- Software and hardware requirements
- Scalability limits for vCenter server, VM Direct Engine, and DD systems
- PowerProtect Data Manager Appliance resource requirements in a VMware environment
- Best practices and additional considerations for the VM Direct Engine
- VM Direct Engine performance and scalability
- Transport mode considerations
- Configuring a backup to support vSAN datastores
- Configuration checklist for common issues
- Adjust the VMDM connection timeout and read timeout default values when network latency issues occur
- Steps required prior to updating to PowerProtect Data Manager Appliance 5.13 and later when VMDM is running with increased heap memory
- Uninstalling the VM Direct agent
- Updating the Microsoft Application Agent and VM Direct agent software
- Supported file-level restore platforms and OS versions
- File-level restore and SQL restore requirements and limitations
- Virtual disk types not supported
- Virtual machine data change rate
- VM Direct Engine data ingestion rate
- VM Direct Engine limitations and unsupported features
- VM Direct Engine selection with virtual networks (VLANs)
- Deploying a VM Direct Engine to a datastore cluster is unsupported
- Best practices for vCenter server backup and restore
- Replacing security certificates
- Support for backup and restore of encrypted virtual machines
- Virtual Machine Troubleshooting
- Troubleshooting network setup issues
- Troubleshooting virtual machine storage-policy changes
- Troubleshooting virtual machine backup issues
- Backup completes with a non-quiesced snapshot warning
- Backup fails when names include special characters
- Backup fails with an ABV0006 error
- Deleting vCenter asset sources or moving ESXi to another vCenter server
- Failed to lock virtual machine for backup: Another vProxy operation 'Backup' is active on VM
- Lock placed on virtual machine during backup and recovery operations continues for 24 hours if VM Direct Engine fails
- Managing command execution for VM Direct agent operations on Linux
- PowerProtect plug-in and portlet for vSphere display errors after replacing security certificates
- SQL Server application-consistent backups fail with error "Unable to find VSS metadata files in directory"
- TSDM backup fails with an ABV0016 error
- Troubleshooting virtual machine restore issues
- Troubleshoot virtual machine SQL application consistent policy issues
- Troubleshooting vSphere Plugin deployments
- VMware knowledge base articles and product documentation
- Glossary
PowerProtect Data Manager Appliance 5.16.0.0 Virtual Machine User Guide
Specify the required privileges for a dedicated vCenter user account
You can use the vSphere Client to specify the required privileges for the dedicated vCenter user account, or you can use the PowerCLI, which is an interface for managing vSphere.
The following table includes the privileges required for this user.
NOTE:This table includes the additional privileges required when using the Transparent Snapshots Data Mover (TSDM) protection mechanism for virtual machine crash-consistent and SQL application aware data protection, which are specified in the section
Additional privileges required for a dedicated vCenter user account to use Transparent Snapshots Data Mover.
| Setting | vCenter 6.7 and later required privileges | PowerCLI equivalent required privileges |
|---|---|---|
| Alarms |
|
$privileges = @( 'System.Anonymous', 'System.View', 'System.Read', 'Alarm.Create', 'Alarm.Edit', 'Authorization.ModifyPermissions', 'Cryptographer.AddDisk', 'Cryptographer.Access', 'Cryptographer.Encrypt', 'Cryptographer.Migrate', 'Cryptographer.RegisterVM', 'Datastore.Rename', 'Datastore.Move', 'Datastore.Delete', 'Datastore.Browse', 'Datastore.DeleteFile', 'Datastore.FileManagement', 'Datastore.AllocateSpace', 'Datastore.Config', 'Extension.Register', 'Extension.Unregister', 'Extension.Update', 'Folder.Create', 'Global.ManageCustomFields', 'Global.SetCustomField', 'Global.LogEvent', 'Global.CancelTask', 'Global.Licenses', 'Global.Settings', 'Global.DisableMethods', 'Global.EnableMethods', 'Host.Config.Patch', 'Host.Config.Image', 'Host.Config.NetService', 'Host.Config.Storage', 'InventoryService.Tagging.AttachTag', 'InventoryService.Tagging.ObjectAttachable', 'InventoryService.Tagging.CreateTag', 'InventoryService.Tagging.CreateCategory', 'Network.Config', 'Network.Assign', 'Resource.AssignVMToPool', 'Resource.HotMigrate', 'Resource.ColdMigrate', 'Sessions.ImpersonateUser', 'Sessions.Message', 'Sessions.ValidateSession', 'Sessions.ViewandStopSessions', 'StorageProfile.Update', 'StorageProfile.View', 'System.Read', 'Task.Create', 'Task.Update', 'VApp.ApplicationConfig', 'VApp.Export', 'VApp.Import', 'vSphereDataProtection.Protection', 'vSphereDataProtection.Recovery', 'VirtualMachine.Config.Rename', 'VirtualMachine.Config.Annotation', 'VirtualMachine.Config.AddExistingDisk', 'VirtualMachine.Config.AddNewDisk', 'VirtualMachine.Config.RemoveDisk', 'VirtualMachine.Config.RawDevice', 'VirtualMachine.Config.HostUSBDevice', 'VirtualMachine.Config.CPUCount', 'VirtualMachine.Config.Memory', 'VirtualMachine.Config.AddRemoveDevice', 'VirtualMachine.Config.EditDevice', 'VirtualMachine.Config.Settings', 'VirtualMachine.Config.Resource', 'VirtualMachine.Config.UpgradeVirtualHardware', 'VirtualMachine.Config.ResetGuestInfo', 'VirtualMachine.Config.AdvancedConfig', 'VirtualMachine.Config.DiskLease', 'VirtualMachine.Config.SwapPlacement', 'VirtualMachine.Config.DiskExtend', 'VirtualMachine.Config.ChangeTracking', 'VirtualMachine.Config.ReloadFromPath', 'VirtualMachine.Config.ManagedBy', 'VirtualMachine.GuestOperations.Query', 'VirtualMachine.GuestOperations.Modify', 'VirtualMachine.GuestOperations.Execute', 'VirtualMachine.Interact.PowerOn', 'VirtualMachine.Interact.PowerOff', 'VirtualMachine.Interact.Reset', 'VirtualMachine.Interact.ConsoleInteract', 'VirtualMachine.Interact.DeviceConnection', 'VirtualMachine.Interact.SetCDMedia', 'VirtualMachine.Interact.ToolsInstall', 'VirtualMachine.Interact.GuestControl', 'VirtualMachine.Inventory.Create', 'VirtualMachine.Inventory.Register', 'VirtualMachine.Inventory.Delete', 'VirtualMachine.Inventory.Unregister', 'VirtualMachine.Provisioning.DiskRandomAccess', 'VirtualMachine.Provisioning.DiskRandomRead', 'VirtualMachine.Provisioning.GetVmFiles', 'VirtualMachine.Provisioning.MarkAsTemplate', 'VirtualMachine.State.CreateSnapshot', 'VirtualMachine.State.RevertToSnapshot', 'VirtualMachine.State.RemoveSnapshot', 'VirtualMachine.State.RenameSnapshot', ) New-VIRole -Name 'PowerProtect' -Privilege (Get-VIPrivilege -Id $privileges) |
| Cryptographic operations |
|
|
| Datastore |
|
|
| Extension |
|
|
| Folder |
|
|
| Global |
|
|
| Host |
|
|
| Network |
|
|
| Permissions |
|
|
| Profile-driven storage
(for SPBM policy restore in vCenter versions 7.0 U3 and earlier) |
|
|
| VM storage policies
(for SPBM policy restore in vCenter versions 8.0 and later) |
|
|
| Resource |
|
|
| Sessions |
|
|
| System |
|
|
| Tasks |
|
|
| vApp |
|
|
| vSphere Data Protection |
NOTE:These privileges are required to use TSDM for virtual machine protection operations. The privileges are not visible in the
vSphere Client client, but are automatically assigned when a new role is created with the client. If PowerCLI is used for privilege assignment, the privileges must be explicitly assigned.
|
|
| vSphere Tagging |
|
|
| Virtual Machine | ||
| Change Configuration |
|
|
| Edit Inventory |
|
|
| Guest operations |
|
|
| Interaction |
|
|
| Provisioning |
|
|
| Snapshot Management |
|
|
| VM Storage Policies |
|
|
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\