Deploying VMware Virtual Appliance

NAKIVO Backup & Replication offers the following VA deployment options:

  • Full Solution
  • Full Solution without Backup Repository
  • Transporter-only
  • Transporter with Backup Repository
  • Multi-tenant Director  

The Virtual Appliance (VA) has two disks: the first (30 GB) contains a Linux OS with NAKIVO Backup & Replication, and the second (500 GB) is used as a Backup Repository. If you deploy the Virtual Appliance disks using the Thin Provision option, then the disks will not reserve space on your datastore and will only consume space when actual data (such as your backups) is written to disks.

Deploying Virtual Appliance with vSphere Web Client

  1. Download NAKIVO Backup & Replication VA

  2. Log in to your vSphere vCenter with the vSphere Web Client.

  3. Select Deploy OVF Template from the Actions menu. Note that the Client Integration Plug-in must be installed to enable OVF functionality. 

  4. On the Select an OVF template page of the Deploy OVF Template wizard, select Local file and upload the VA file (.ova) you've downloaded. Click Next

  5. On the Select a name and folder page, specify a unique name and target location for the Virtual Appliance. Click Next.

  6. On the Select a computer resource page, select the resource pool within which you would like to deploy the Virtual Appliance and click Next.

  7. On the Review details page, review the template details and click Next.

  8. On the License agreements page, read the end-user license agreement (EULA). If you agree to its terms, select I accept all license agreements and then click Next.

  9. On the Select storage page, select a datastore in which you would like to keep the Virtual Appliance disk, virtual disk format (Thin Provisioning is recommended), VM storage policy and click Next.

    Important
    If you use thick provisioning instead of thin provisioning, keep in mind that NAKIVO Backup & Replication can take up to 0,5 TB of data. Check to see if it is 0,5 TB by default for all cases.

  10. On the Select networks page, select a network to which the Virtual Appliance will be connected. Opting for a network with DHCP and Internet access is recommended. Click Next.

  11. On the Ready to complete page, review the summary of the setups you have configured and click Finish to complete deployment.

    After the Virtual Appliance is deployed, you may need to configure it.

    Important
    If you plan to expose the Virtual Appliance to the Internet, change the default credentials and set up a login and password for the Web interface

Deploying Virtual Appliance with vSphere Client

  1. Download NAKIVO Backup & Replication VA

  2. Log in to your vSphere vCenter with the vSphere Client, go to File in the top menu and select Deploy OVF Template.

  3. On the Source page of the Deploy OVF Template wizard, select and locate the file with the template. Click Next.


  4. On the OVF Template Details page, review the template details and click Next.

  5. On the End User License Agreement page, read the license agreement. If you agree to its terms, click Accept and then click Next.

  6. On the Name and Location page, specify a name and location for the deployed VA and click Next.

  7. On the Host/Cluster page, select the host or cluster on which you wish to run the deployed template and click Next.

  8. On the Storage page, select a datastore where you would like to keep the VA disk and click Next.

  9. On the Disk Format page, select a virtual disk format (Thin Provision is recommended) and click Next.

    Important
    If you wish to select one of the Thick Provision options instead of Thin Provision, keep in mind that NAKIVO Backup & Replication can take 0,5 TB of data. Check to see if it is 0,5 TB by default for all cases.


  10. On the Network Mapping page, select a network to which the VA will be connected. It is recommended that you choose a network with DHCP and Internet access. Click Next.

  11. On the Ready to Complete page, review the summary of the options you have configured and select the Power on after deployment option.

  12. Click Finish to complete the deployment.

  13. After the Virtual Appliance is deployed, configure it if necessary.

Virtual Appliance OS, Credentials, and Security

The appliance runs Ubuntu 20.04, 64-bit. Use the following credentials to log in to the appliance:

  • Username: nkvuser

  • Password: QExS-6b%3D

For the versions of NAKIVO Backup & Replication older than 7.2, the password is root.

 

Important

  • If you plan to expose the Virtual Appliance to the Internet, change the default VA credentials and set up a login and password for the Web interface.

  • It is recommended to run an update on all packages in your Virtual Appliance at least once a month.

 

To enable Backup Immutability for Amazon S3 or Local Folder type of Backup Repository deployed as part of virtual appliance, NAKIVO Backup & Replication does the following:

  • Creates a new user for all administrative needs and adds it to the sudo group.

  • Disables root user.

  • Changes default SSH port to 2221.

  • Configure the following kernel parameters via sysctl.conf:

    • Limits network-transmitted configuration for IPv4/IPv6

    • Prevents the common 'syn flood attack'

    • Turns on source IP address verification

    • Prevents a cracker from using a spoofing attack against the IP address of the server.

    • Logs several types of suspicious packets, such as spoofed packets, source-routed packets, and redirects.

    • Configures swap. Sets vm.swappiness to 15

    • Sets kernel.unprivileged_bpf_disabled to 1

    • Sets kernel.core_pattern to /tmp/%e.%p.core

    • Sets kernel.core_uses_pid to 1

    • Sets kernel.dmesg_restrict to 1

    • Sets kernel.kptr_restrict to 2

    • Sets kernel.sysrq to 0

  • Secures /tmp and /var/tmp

  • Secures Shared Memory

  • Installs and configures fail2ban

 

Notes

  • After fail2ban is installed on the hardened VA, the user IP can be banned for 10 minutes if mistakes are made during login procedure.

  • Any additional packages installed manually on the system can cause a security breach.

 

Web Interface Login

Open the following URL to access the product's web interface of the VA: https://Appliance_VM_IP:4443.

Refer to the  Getting Started section to better understand how to continue working with NAKIVO Backup & Replication.