Comprehensive Guide to Setting Up Zmanda in Azure

This guide provides step-by-step instructions for setting up a Zmanda hybrid environment in Microsoft Azure. Whether you choose to install Zmanda on the cloud with agents on your on-premise data center or prefer to deploy Zmanda on-premise with agents on the cloud, this guide will help you configure your environment seamlessly.

Scenario 1: Zmanda Installed on the Cloud and Agents Installed on the On-Premise Data Center

Azure Prerequisites:

1. Azure Subscription and Resource Group: Ensure you have an active Azure subscription and a resource group to deploy all the resources.

2. VNet Configuration:

• Create a Virtual Network (VNet) within the resource group, specifying subnets for your server VM. Configure IP ranges for these subnets.

• Ensure the CIDR range of the VNet does not overlap with your on-premises network IP range.

Setting Up Zmanda on Azure VM:

You can set up Zmanda Server on an Azure virtual machine by using the Zmanda backup server image available on Azure Marketplace.

• Log in to Azure console using your credentials.

• In the search bar, look for Virtual Machines. Click on + Create and then choose Azure Virtual Machine at the top left.

• Provide a name, select the subscription and resource group for the VM, and specify the region and availability zone.

• For the base image, select See all images, which will direct you to the Azure Marketplace.

• Search for Zmanda in the marketplace and press enter to see the results, as shown below.

• Click on Select for Zmanda Enterprise Backup Server.

• You can choose the OS disk type and start specifying the size of your data disk. The recommended size is 100 GB, but you can alter it according to your needs.

• Follow the onscreen instructions to create the VM.

• Once the VM is created, go to the Networking tab under the VM settings and make sure to check if the 8002 and 8008 ports are allowed, along with SSH traffic, in the inbound security rules.

• Configure it to allow any traffic from your on-premises subnet.

Note:

• Replace the source with your on-premises subnet range.

• Ensure that ports 10080 and 10081 are enabled on the agent machine to establish connections with the backup server and restore server, respectively.

Setting Up Site-to-Site VPN Connection:

• A Site-to-Site VPN gateway connection is essential for connecting your on-premises network to an Azure virtual network through an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This connection requires a VPN device located on-premises with an externally facing public IP address assigned to it.

• Ensure that you have a compatible VPN device integrated into your on-prem network where the agents are deployed.

• Refer to this link for instructions on configuring the on-prem VPN device: https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#VPNDevice

• Start by creating a virtual network gateway and a local network gateway.

Virtual Network Gateway:

• In the Azure portal, search and select Virtual Network Gateway.

• Create a new virtual network gateway.

• Subscription: Choose the subscription where your VNet is located.

• Resource group: This setting is automatically filled when you select your virtual network.

• The region for the gateway must match the virtual network.

• Gateway type: Select VPN.

• VPN type: Select the appropriate VPN type. Most configurations require a route-based VPN.

• SKU: Choose the SKU type based on your specific requirements.

• Virtual network: From the drop-down menu, select the virtual network where your Zmanda VM is deployed.

• Enter the values for the public IP address.

• Gateway subnet address range: This field only appears if your VNet doesn't have a gateway subnet. It's advisable to specify /27 or a larger range (/26, /25, etc.).

• Click on Review + Create to create the virtual network gateway.

Local Network Gateway:

The local network gateway is a specific entity representing your on-premises location (the site) for routing purposes. Assign a name to the site that Azure can use as a reference, and then provide the IP address of the on-premises VPN device.

• In the Azure portal, search and select Local Network Gateway.

• On the Create local network gateway page, navigate to the Basics tab and provide the necessary values for your local network gateway.

• Choose the appropriate Subscription and Resource group.

• Region: Select the region where the local network gateway object will be created.

• Name: Assign a name for your local network gateway object.

• Endpoint: Choose the endpoint type for the on-premises VPN device, which can either be an IP address or a FQDN (Fully Qualified Domain Name).

• IP address: This represents the public IP address of the VPN device you want the Azure VPN gateway to connect to.

• FQDN: If you have a dynamic public IP address that may change, use a constant DNS name with a Dynamic DNS service to point to your current public IP address of your VPN device.

• Address Space: Ensure the specified ranges here do not overlap with other networks you intend to connect to.

• Here, we provide the address range of the on-premises subnet (where your agent machines and VPN device are deployed) from which it should accept traffic.

• Click on Review + Create to create the local network gateway.

VPN Connection:

• Navigate to your Virtual Network.

• In the VNet page, click on Connected devices. Locate your VPN gateway and click to open it.

• In the gateway page, select Connections.

• At the top of the Connections page, click on + Add to open the Create Connection page.

• On the Create connection page, navigate to the Basics tab and provide the necessary values for your connection.

• For Project details section, select the Subscription and the Resource group where your resources are located.

• For the Instance details section, configure the following settings:

  • Connection Type: Choose Site-to-Site (IPSec).

  • Name: Provide a name for your connection.

  • Region: Select the appropriate region for this connection.

• In the Settings tab, configure the following options:

  • Virtual Network Gateway: Pick the virtual network gateway from the drop-down menu.

  • Local Network Gateway: Select your local network gateway from the drop-down menu.

  • Shared Key: Ensure this value matches the one used for your local on-premises VPN device.

  • Select IKEv2.

  • Do not select Use Azure Private IP Address.

  • Do not select Enable BGP.

  • Do not select FastPath.

  • Review the configuration and create the connection.

Download VPN Device Configuration Script:

• Depending on your VPN device, you may have the option to download a VPN device configuration script.

• Navigate to the Virtual Network Gateway you created.

• Under the Virtual Gateway, navigate to the Connections section.

• Select the site-to-site connection you created earlier.

• Click on Download configuration.

• Choose the model family and firmware version for your VPN device, then click the Download configuration button.

• Provide this file to your network team, who will use it to configure the on-premises firewall settings.

• Once the deployment is complete, you can monitor the connection status on the Connections page of the virtual network gateway. The status will change from Unknown to Connecting, and finally to Succeeded.

Scenario 2: Zmanda Installed on the On-Premise Data Center and Agents Installed on the Cloud

Azure Prerequisites:

1. Azure Subscription and Resource Group: Ensure you have an active Azure subscription and a resource group to deploy all the resources.

2. VNet Configuration:

• Create a Virtual Network (VNet) within the resource group, specifying subnets for your server VM. Configure IP ranges for these subnets.

• Ensure the CIDR range of the VNet does not overlap with your on-premises network IP range.

Defining Inbound Security Group Rules:

The agent VMs should have the following rules enabled to communicate with the backup and restore server.

Note:

• Replace the source with your on-premises subnet range.

Setting Up Site-to-Site VPN Connection:

• A Site-to-Site VPN gateway connection is essential for connecting your on-premises network to an Azure virtual network through an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This connection requires a VPN device located on-premises with an externally facing public IP address assigned to it.

• Ensure that you have a compatible VPN device integrated into your on-prem network where the agents are deployed.

• Refer to this link for instructions on configuring the on-prem VPN device: https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#VPNDevice

• Start by creating a virtual network gateway and a local network gateway.

Virtual Network Gateway:

• In the Azure portal, search and select Virtual Network Gateway.

• Create a new virtual network gateway.

• Subscription: Choose the subscription where your VNet is located.

• Resource group: This setting is automatically filled when you select your virtual network.

• The region for the gateway must match the virtual network.

• Gateway type: Select VPN.

• VPN type: Select the appropriate VPN type. Most configurations require a route-based VPN.

• SKU: Choose the SKU type based on your specific requirements.

• Virtual network: From the drop-down menu, select the virtual network where your Zmanda VM is deployed.

• Enter the values for the public IP address.

• Gateway subnet address range: This field only appears if your VNet doesn't have a gateway subnet. It's advisable to specify /27 or a larger range (/26, /25, etc.).

• Click on Review + Create to create the virtual network gateway.

Local Network Gateway:

The local network gateway is a specific entity representing your on-premises location (the site) for routing purposes. Assign a name to the site that Azure can use as a reference, and then provide the IP address of the on-premises VPN device.

• In the Azure portal, search and select Local Network Gateway.

• On the Create local network gateway page, navigate to the Basics tab and provide the necessary values for your local network gateway.

• Choose the appropriate Subscription and Resource group.

• Region: Select the region where the local network gateway object will be created.

• Name: Assign a name for your local network gateway object.

• Endpoint: Choose the endpoint type for the on-premises VPN device, which can either be an IP address or a FQDN (Fully Qualified Domain Name).

• IP address: This represents the public IP address of the VPN device you want the Azure VPN gateway to connect to.

• FQDN: If you have a dynamic public IP address that may change, use a constant DNS name with a Dynamic DNS service to point to your current public IP address of your VPN device.

• Address Space: Ensure the specified ranges here do not overlap with other networks you intend to connect to.

• Here, we provide the address range of the on-premises subnet (where your agent machines and VPN device are deployed) from which it should accept traffic.

• Click on Review + Create to create the local network gateway.

VPN Connection:

• Navigate to your Virtual Network.

• In the VNet page, click on Connected devices. Locate your VPN gateway and click to open it.

• In the gateway page, select Connections.

• At the top of the Connections page, click on + Add to open the Create Connection page.

• On the Create connection page, navigate to the Basics tab and provide the necessary values for your connection.

• For Project details section, select the Subscription and the Resource group where your resources are located.

• For the Instance details section, configure the following settings:

  • Connection Type: Choose Site-to-Site (IPSec).

  • Name: Provide a name for your connection.

  • Region: Select the appropriate region for this connection.

• In the Settings tab, configure the following options:

  • Virtual Network Gateway: Pick the virtual network gateway from the drop-down menu.

  • Local Network Gateway: Select your local network gateway from the drop-down menu.

  • Shared Key: Ensure this value matches the one used for your local on-premises VPN device.

  • Select IKEv2.

  • Do not select Use Azure Private IP Address.

  • Do not select Enable BGP.

  • Do not select FastPath.

  • Review the configuration and create the connection.

Download VPN Device Configuration Script:

• Depending on your VPN device, you may have the option to download a VPN device configuration script.

• Navigate to the Virtual Network Gateway you created.

• Under the Virtual Gateway, navigate to the Connections section.

• Select the site-to-site connection you created earlier.

• Click on Download configuration.

• Choose the model family and firmware version for your VPN device, then click the Download configuration button.

• Provide this file to your network team, who will use it to configure the on-premises firewall settings.

• Once the deployment is complete, you can monitor the connection status on the Connections page of the virtual network gateway. The status will change from Unknown to Connecting, and finally to Succeeded.

By following these steps, you can successfully configure Zmanda in two distinct scenarios, allowing you to create a seamless and efficient deployment customized to your specific requirements.