Applications

vPlus can protect Applications and others likes:

Main concepts

There are 2 main concepts that vPlus uses to execute backups:

• Command Execution Configuration

• Application Definition

Command Execution Configuration

This describes how to perform a backup operation. That is how to execute a command that produces a backup artefact which vPlus later stores in a backup provider. Multiple Application definitions share Command Execution Configuration but with different parameter values.

Command Execution Configuration properties come in several sections:

1. General:

   • Name - Name of your configuration

   • Execution type:

     • Node - execute this command directly on the node

     • Remote SSH - execute this command over SSH using credentials provided in the Application definition

   • Timeout - fail execution if a command doesn't complete within the time given

     • if you think that your backup should take longer, increase this value

     • this timeout is for whole command execution - if you have several steps in your script and you need additional timeouts for these steps - add them to your script

2. Command arguments:

   • add arguments that contain spaces as separate arguments

   • the first argument is the path to your executable

   • make sure this command is accessible on the remote host, and vPlus credentials will suffice to execute it

   • remote commands (over SSH) will invoke shell so you can use bash-style expressions (built-in commands such as echo, environmental variables or redirections) within the command argument

   • commands executed on the node are executed natively by OS, so if you want to use bash-style expressions (built-in commands such as echo, environmental variables or redirections) you need to split your command at least into 3 arguments: /bin/bash, -c and your command > with some redirections

3. Data export:

   • Export data - when enabled, vPlus will expect artefacts to be collected as a result of a command

   • Source type:

     • FILE - result will be a file, directory or path with * wildcard

     • STREAM - output of your command

   • Source path:

     • path to your artefacts that need to be collected

     • file, directory or path with * wildcard - more than 1 file on the source will result in files being stored as a single tar archive

   • Remove files after export:

     • if artefacts (files or source directory) need to be removed once exported

     • be careful when providing a path in the source directory, the whole directory will be removed when this setting is enabled

4. Applications:

   • select which applications will use this command execution config

5. Parameters:

   • this section allows you to define the parameters that will be expected to be entered in each application definition

   • each parameter will eventually become an environment variable in the application definition

   • each parameter has several properties

     • Name - Name of the resulting environmental variable

     • User-friendly hint - a hint what this parameter is to be shown later in the application definition

     • Default value - the default value, entered during initialization in the application definition form

     • Show in UI - if the value should be shown as dotted or not - useful for passwords

     • Obligatory - if we expect that its value should always be provided in the application definition form

6. Error handling

   • Standard error output stream handling (when non-empty):

     • Don't ignore it - will fail if anything is in the standard error output

     • Ignore without warning - will ignore it silently

     • Ignore with a warning - will ignore it but a warning indicator in the backup history will contain this output

   • Ignored Exit Codes:

     • error codes that should be ignored and not treated by vPlus as errors

     • by default, only 0 is assumed as a success

Application Definition

Once you have your command execution configuration defined (or you choose to use the predefined ones provided with vPlus), you should define the instances of your application.

There are a few parameters for application definition that come in several sections:

1. General:

   • Name - Name of your application instance

   • Choose node - which node is going to execute this command

   • Backup policy - optionally set policy for scheduled backups

   • Command execution configuration

     • configuration of your command used for this application

     • Note: when you create a definition for the first time, you select a configuration and click Save - you will be redirected to the Settings tab for additional details

2. Environment variables

   • shown only when the definition has been saved on the Settings tab

   • defines a list of environment variables that will be passed to your command/script during its invocation

   • parameters from the command execution config will be populated automatically

   • each parameter has several properties:

     • Key - name of the environmental variable

     • Value - Value of the environment variable

     • Show - if the value should be shown as dotted or not - useful for passwords

3. SSH access:

   • shown when Remote SSH is chosen as the execution type in command execution configuration

   • parameters:

     • SSH host - host where the command will be executed

     • SSH port - port on which the SSH service is running (by default 22)

     • SSH user - user used to connect via SSH

     • SSH key path:

       • path to your key - needs to be a file only accessible by vPlus with 400 permissions

       • alternatively, you can use the password access method

4. Password:

   • shown when Remote SSH is chosen as the execution type in command execution configuration

   • set your SSH password here if you're not using the public-key authentication method

Enabling WinRM on Windows machines

The Windows Remote Management (a.k.a. WinRM) interface is a network service that allows remote management access to computers via the network. It's used to allow remote management of computers via PowerShell. As a result, WinRM is not enabled by default on Windows Server.

There is an enable_winrm.ps1 script in the /opt/vprotect/scripts/winrm directory

A Power Shell script performs the following steps:

• Automatically starts the WinRM service

• Adds all addresses to trusted hosts. This can be changed in line 7, replacing the aseterix symbol with the appropriate address, e.g.

Add all computers to the TrustedHosts list

Set-Item WSMan:\localhost\Client\TrustedHosts -Value *

Add all domain computers to the TrustedHosts list

Set-Item WSMan:\localhost\Client\TrustedHosts *.yourdomain.com

Add specific computers to the TrustedHosts list

Set-Item WSMan:\localhost\Client\TrustedHosts -Value DESKTOP-R88J8V5, MacBookPro19

Add computers to the TrustedHosts list using the IP address

Set-Item WSMan:\localhost\Client\TrustedHosts -Value 192.168.100.69

• Adds an exception in Windows Firewall, which is used by WinRm over HTTPS (port 5986).

• Creates a self-signed certificate and creates Create HTTPS listener.

The enable_winrm.ps1 script must be run on the Hyper-V server in the PowerShell console.

After the correct installation, we can test the connection. On Linux, run PowerShell with the pwsh command.

Then we connect to the Hyper-V server:

Enter-PSSession -ComputerName IP_ADDRESS -UseSSL -SessionOption (New-PSSessionOption -SkipCNCheck -SkipCACheck) -Authentication Basic -Credential (Get-Credential)

After providing the correct credentials, the PowerShell console will start on the remote machine. We end the session with the "exit" command. We can also try a test PowerShell script on a remote machine:

Invoke-Command -Session (New-PSSession -ComputerName SERVER_ADDRESS -UseSSL -SessionOption (New-PSSessionOption -SkipCNCheck -SkipCACheck) -Authentication Basic -Credential (Get-Credential)) -ScriptBlock {Get-ChildItem Env:}

or

Enter-PSSession -ComputerName SERVER_ADDRESS -UseSSL -SessionOption (New-PSSessionOption -SkipCNCheck -SkipCACheck) -Authentication Basic -Credential (Get-Credential)