Platform Requirements

Software Requirements

Operating Systems

RedHat Enterprise Linux

Versions: 7.x, 8.x
Minimal install (Basic functionality)

CentOS

Versions: 7.x, 8.x and Stream
Minimal install (Basic functionality)

External packages

vProtect server:

MariaDB 10.4 (installed from the official MariaDB repository)
If you need to install MariaDB packages without accessing external repository during vProtect installation you also can download RPMs and install them manually as described in here

Hardware Requirements

Minimum requirements for all-in-one installation (vProtect server and node on the same machine):

CPU: 4 cores
RAM: 8 GB
HDD1: 20 GB for OS, and vProtect installation
HDD2: X GB for staging, where X = size_of_biggest_VM * number_of_parallel_backups - optionally can be skipped, when staging space is configured to be directly on external backup destination (eg. NFS-shared file system)

Minimum requirements for installation in the separated model - vProtect Server:

CPU: 2 cores
RAM: 6 GB
HDD1: 20 GB for OS, and vProtect installation

Minimum requirements for installation in the separated model - vProtect Node:

CPU: 2 cores
RAM: 4 GB
HDD1: 20 GB for OS, and vProtect installation
HDD2: X GB for staging, where X = size_of_biggest_VM * number_of_parallel_backups - optionally can be skipped, when staging space is configured to be directly on external backup destination (eg. NFS-shared file system)

Network Requirements

  • Critical for data transfer, understand which paths are used for backups as in many cases you are going to use LAN. Depending on where the node is located you need to verify if data is not going to pass via low-bandwidth links.
  • Internet generally not required, but during the installation yum needs to fetch packages from the repositories, so you need at least access to your internal repositories.
  • Node needs access to the Server (ports 443 and/or 8181 depending on the setup).
  • Node needs connectivity with backup providers (if they are external, such as Power Protect DD).
  • Node needs connectivity with the Hypervisor or Hypervisor Manager.
  • If netcat transfer is used for Red Hat Virtualization/oVirt/Oracle Linux VM/Proxmox VE/KVM stand-alone environments - 16000-16999 ports must be reachable from the hypervisors to the node which is responsible for those hypervisors.

General

Source
Destination
Ports
Description
Node
Server
443/tcp (or 8181/tcp)
Main Node-Server communication over HTTPS (443, 8181)
Server
Node
111/tcp, 111/UDP, 2049/tcp, 2049/UDP, ports specified in /etc/sysconfig/nfs - variables MOUNTD_PORT (TCP and UDP), STATD_PORT (TCP and UDP), LOCKD_TCPPORT (TCP), LOCKD_UDPPORT (UDP)
NFS access to browse mountable backups and logs from UI (using IP that is detected as the source IP - shown in the Node list in UI)

Nutanix AHV

Disk attachment

Connection URL: https://PRISM_HOST:9440/api/nutanix/v3 (Prism Central or Prism Elements)
Note: when connecting via Prism Central, the same credentials will be used to access all Prism Elements
Source
Destination
Ports
Description
Node
Prism Elements (and optionally Prism Central if used)
9440/tcp
API access to the Nutanix manager

OpenStack

Disk attachment

Connection URL: https://KEYSTONE_HOST:5000/v3
Source
Destination
Ports
Description
Node
Keystone, Nova, Glance, Cinder
ports that were defined in endpoints for OpenStack services
API access to the OpenStack management services - using endpoint type that has been specified in hypervisor manager details
Node
Ceph monitors
3300/tcp, 6789/tcp
if Ceph RBD is used as the backend storage - used to collect changed-blocks lists from Ceph

SSH transfer

Connection URL: https://KEYSTONE_HOST:5000/v3
Note: you also must provide SSH credentials to all hypervisors that have been detected during inventory sync
Source
Destination
Ports
Description
Node
Hypervisor
22/tcp
SSH access
Hypervisor
Node
netcat port range defined in node configuration - by default 16000-16999/tcp
optional netcat access for data transfer
Node
Ceph monitors
3300/tcp, 6789/tcp, 10809/tcp
if Ceph RBD is used as the backend storage - used for data transfer over NBD

oVirt/RHV/OLVM

Export storage domain

Connection URL: https://RHV_MGR_HOST/ovirt-engine/api
Source
Destination
Ports
Description
Node
oVirt/RHV/OLVM manager
443/tcp
oVirt/RHV/OLVM API access
oVirt/RHV/OLVM host selected in export storage domain configuration
Node
If Node is hosting staging space: 111/tcp, 111/UDP, 2049/tcp, 2049/UDP, ports specified in /etc/sysconfig/nfs - variables MOUNTD_PORT (TCP and UDP), STATD_PORT (TCP and UDP), LOCKD_TCPPORT (TCP), LOCKD_UDPPORT (UDP), otherwise please check the documentation of your NFS storage provider
if staging space (export storage domain) is hosted on the Node - NFS access
Node and oVirt/RHV/OLVM host selected in export storage domain configuration
shared NFS storage
please check the documentation of your NFS storage provider
if staging space (export storage domain) is hosted on the shared storage - NFS access

Disk attachment

Connection URL: https://MANAGER_HOST/ovirt-engine/api
Source
Destination
Ports
Description
Node
oVirt/RHV/OLVM manager
443/tcp
oVirt/RHV/OLVM API access

Disk Image Transfer

Connection URL: https://MANAGER_HOST/ovirt-engine/api
Source
Destination
Ports
Description
Node
oVirt/RHV/OLVM manager
443/tcp
oVirt/RHV/OLVM API access
Node
oVirt/RHV/OLVM hypervisor
54322/tcp, 54323/tcp
oVirt/RHV/OLVM ImageIO services - for data transfer (primary source)
Node
oVirt/RHV/OLVM manager
54322/tcp, 54323/tcp
oVirt/RHV/OLVM ImageIO services - for data transfer (fallback to ImageIO Proxy)

SSH Transfer

Connection URL: https://MANAGER_HOST/ovirt-engine/api
Note: you also must provide SSH credentials to all hypervisors that have been detected during inventory sync
Source
Destination
Ports
Description
Node
oVirt/RHV/OLVM manager
443/tcp
oVirt/RHV/OLVM API access
Node
oVirt/RHV/OLVM hypervisor
22/tcp
SSH access for data transfer
oVirt/RHV/OLVM hypervisor
Node
netcat port range defined in node configuration - by default 16000-16999/tcp
optional netcat access for data transfer

Change-Block Tracking

Connection URL: https://MANAGER_HOST/ovirt-engine/api
Source
Destination
Ports
Description
Node
oVirt/RHV/OLVM manager
443/tcp
oVirt/RHV/OLVM API access
Node
oVirt/RHV/OLVM hypervisor
54322/tcp, 54323/tcp
oVirt/RHV/OLVM ImageIO services - for data transfer
Node
oVirt/RHV/OLVM manager
54322/tcp, 54323/tcp
oVirt/RHV/OLVM ImageIO services - for data transfer

Oracle VM

Export storage domain

Connection URL: https://MANAGER_HOST:7002
Source
Destination
Ports
Description
Node
OVM manager
7002/tcp
OVM API access
Hypervisor
Node
If Node is hosting staging space: 111/tcp, 111/UDP, 2049/tcp, 2049/UDP, ports specified in /etc/sysconfig/nfs - variables MOUNTD_PORT (TCP and UDP), STATD_PORT (TCP and UDP), LOCKD_TCPPORT (TCP), LOCKD_UDPPORT (UDP), otherwise please check the documentation of your NFS storage provider
if staging space (export storage repository) is hosted on the Node - NFS access
Node and hypervisor
shared NFS storage
please check the documentation of your NFS storage provider
if staging space (export storage repository) is hosted on the shared storage - NFS access

Citrix XenServer/xcp-ng

Note: all hosts in the pool must be defined

Single image (XVA-based)

Source
Destination
Ports
Description
Node
Hypervisor
443/tcp
API access (for data transfer management IP is used, unless transfer NIC parameter is configured in hypervisor details)

Changed-Block Tracking

Source
Destination
Ports
Description
Node
Hypervisor
443/tcp
API access (for data transfer management IP is used, unless transfer NIC parameter is configured in hypervisor details)
Node
Hypervisor
10809/tcp
NBD access (data transfer IP is returned by hypervisor)

KVM/Xen stand-alone

SSH transfer

Source
Destination
Ports
Description
Node
Hypervisor
22/tcp
SSH access
Hypervisor
Node
netcat port range defined in node configuration - by default 16000-16999/tcp
optional netcat access for data transfer
Node
Ceph monitors
3300/tcp, 6789/tcp, 10809/tcp
if Ceph RBD is used as the backend storage - used for data transfer over NBD

Proxmox VE

Export storage repository

Source
Destination
Ports
Description
Node
Hypervisor
22/tcp
SSH access
Hypervisor
Node
If Node is hosting staging space: 111/tcp, 111/UDP, 2049/tcp, 2049/UDP, ports specified in /etc/sysconfig/nfs - variables MOUNTD_PORT (TCP and UDP), STATD_PORT (TCP and UDP), LOCKD_TCPPORT (TCP), LOCKD_UDPPORT (UDP), otherwise please check the documentation of your NFS storage provider
if staging space (export storage domain) is hosted on the Node - NFS access
Node and hypervisor
shared NFS storage
please check the documentation of your NFS storage provider
if staging space (export storage domain) is hosted on the shared storage - NFS access

SSH transfer

Source
Destination
Ports
Description
Node
Hypervisor
22/tcp
SSH access
Hypervisor
Node
netcat port range defined in node configuration - by default 16000-16999/tcp
optional netcat access for data transfer

Security Requirements

User Permissions

User vprotect must be a member of group "disk".
Sudo privileges are required for the following commands:
vProtect Node:
  • /usr/bin/targetcli
  • /usr/sbin/exportfs
  • /usr/sbin/kpartx
  • /usr/sbin/dmsetup
  • /usr/bin/qemu-nbd
  • /usr/bin/guestmount
  • /usr/bin/fusermount
  • /bin/mount
  • /bin/umount
  • /usr/sbin/parted
  • /usr/sbin/nbd-client
  • /usr/bin/tee
  • /opt/vprotect/scripts/vs/privileged.sh
  • /usr/bin/yum
  • /usr/sbin/mkfs.xfs
  • /usr/sbin/fstrim
  • /usr/sbin/xfs_growfs
  • /usr/bin/docker
  • /usr/bin/rbd
  • /usr/bin/chown
  • /usr/sbin/nvme
  • /bin/cp
  • /sbin/depmod
  • /usr/sbin/modprobe
  • /bin/bash
  • /usr/local/sbin/nbd-client
  • /bin/make
vProtect server:
  • /opt/vprotect/scripts/application/vp_license.sh
  • /bin/umount
  • /bin/mount

SELinux

PERMISSIVE - currently it interferes with the mountable backups (file-level restore) mechanism. Optionally can be changed to ENFORCING if file-level restore is not required.