Categories
Home Lab Synology

Backup vSphere virtual machines with Synology DSM

As I’ve slowly built out my home lab, I realized that while none of it is mission-critical, I’ve invested a lot of time educating myself and getting everything configured. Therefore – it should be backed up.

I began searching r/homelab for solutions and came across plenty of notable options (GhettoVCB, Veeam, Vertical Backup) until one, almost too obvious, recommendation slapped me in the face: Synology Active Backup for Business. I’ve become quite the fan of Synology products over the past few years. I’ve successfully deployed a fully-automated Synology powered backup solution for my personal and small business use. Admittedly, I’m a borderline fanboy at this point.

Active Backup for Business essentially allows you to backup data that isn’t already on your NAS: PCs, physical servers, file servers, and virtual machines. I’m going walk through backing up virtual machines to avoid loosing immeasurable amounts of time.

As of writing this post, Active Backup for Business supports:

  • VMware vSphere versions: 5.0, 5.1, 5.5, 6.0, 6.5, 6.7
  • VMware editions: 
    • VMware free ESXi
    • VMware vSphere Essentials, VMware vSphere Essentials Plus
    • VMware vSphere Standard, VMware vSphere Advanced
    • VMware vSphere Enterprise, VMware vSphere Enterprise Plus

See the official documentation for an exhaustive list of supported platforms and system requirements.

Before beginning, decide what volume and Share to store virtual machine backups on. I’ve created a new share aptly named “VM Backups.”

Install the Active Backup for Business package.

A window will appear asking to activate using a Synology Account, click Activate. A new window will open, login and complete the process.

Open Active Backup for Business, choose Virtual Machine, on the VMware vSphere Hypervisor tab, click Manage Hypervisor. The Manage Hypervisor window open, click Add. The Add Hypervisor window will open, fill in a vCenter IP address or FDQN, administrator account and password, click Apply.

For best security practices, create a dedicated vSphere role and account with the minimally required permissions to backup and restore a virtual machine. Reference the official Synology documentation here.

If vCenter is configured with a self-signed certificate, click Yes to trust the certificate. Close the Manage Hypervisor window. vSphere virtual machines will now be listed. I’m going to create a backup task for my lab Domain Controller, DC1.

On the VMware vSphere page, click Create Task. The next prompt will be to choose a shared folder to use as a backup destination. Choose a share to send backups to, click Next.

One or more multiple virtual machines can be chosen on the next screen, I’m sticking with one for the sake of this example. Click Next.

The next screen offers a ton of options to configure for the backup task. Read through them and choose the appropriate options for the scenario. The default option leaves Changed Block Tracking enabled, which will keep backup sizes reduced to deltas, saving space. Dig into Advanced Settings to run scripts on the virtual machine pre-freeze or post-thaw.

Click Next when finished.

Schedule the task as appropriate, click Next.

Adjust the retention policy as necessary; bear in mind that more retention means more disk space used. I dialed back the defaults a little, keeping a backup for up to 3 months.

When finished, click Next.

Choose which users have privileges to restore the virtual machine(s), then click Next.

Review all of the settings, click Apply.

Finally, click Yes to backup now or No to wait until the schedule fires the first backup task.

Checking the task log after completion shows a verbose log of the actions taken. Most notably, 14.3 GB, in 22 minutes, averaging 11 MB/s on my gigabit network.

Now to back up the rest and to see how the backup task performs over time. In the future, I’ll be working testing restores and shipping virtual machine backups to a remote Synology RackStation.

Full documentation on Active Backup for Business can be found on Synology’s website.

Categories
Home Lab VMware Horizon

Horizon View Administrator Load Balancing

After setting up load balanced Horizon 7 Connection servers, I was immediately stonewalled at the View Administrator login screen (https://connection-server/admin). Nothing but a blank modal window with the date and time – zero error details.

Thinking it was possibly a quirk with the Flash interface, I tried the new Horizon 7 HTML5 console (https://connection-server/newadmin). To my surprise, it threw an equally as helpful error: Login failed due to: [Not found]

The HTML5 login failure only happened in Chrome (v81). Firefox (v75) worked. Edge (v44) worked. Internet Explorer 11 worked.

A little bit of research revealed that for security purposes, the Horizon 7 View Administration console checks the origin URL of the web request and rejects it if doesn’t match:

https://localhost/admin

or

https://URL_used_in_Secure_Tunnel_URL_Field/admin

The later is necessary for environments configured with Unified Access Gateways (UAGs). While the cause of the issue isn’t immediately obvious, the cause makes sense.

The fix is straight forward; tested on v7.8. Perform the following steps on each load balanced Connection Server:

  1. Edit: C:\Program Files\VMware\VMware View\Server\sslgateway\conf\locked.properties
  2. Add the line: checkOrigin=false
  3. Save, close, and restart the VMware Horizon View Connection Server service.

Official VMware KB article: https://kb.vmware.com/s/article/2144768