From the Configure > Appliances page, you can manage your backup appliance and its storage, backup copy targets, and network. This section describes the appliance settings you can configure. Once you have reviewed this information, proceed to Managing appliances for step-by-step configuration instructions.
Before you begin, see the following topics to determine which features to configure, and to gather required information:
During deployment, these network settings were configured for the appliance: IP address, subnet, gateway, primary DNS, hosts file, and port security:
• | The IP address and subnet enable communication between the appliance and other machines on your network. |
• | The gateway enables communication between the appliance and machines on different subnets. |
• | Appliance DNS settings are required: |
– | To connect the appliance to the Internet. |
– | To add assets by using only their hostnames (rather than by fully qualified domain names). |
– | To add backup copy cloud targets to the appliance. |
– | To update your appliance from the UI. |
– | To access the Unitrends Community forums from the UI. |
• | The hosts file contains an entry for the appliance itself. Entries are automatically added when you add an asset to the appliance, or if you configure a secure tunnel connection (for backup copy to the Unitrends Cloud or to another Unitrends appliance). In most cases it is not necessary to modify this file. |
• | The port security setting determines which ports are open and closed on the Unitrends appliance. |
You can modify IP address, gateway, and DNS settings on the General tab of the Configure > Appliances > Edit > Edit Appliance page.
You can modify the hosts file and port security on the Network tab of the Configure > Appliances page.
You can configure the appliance to send system, job, and failure reports by email. To receive email reports, you must configure the appliance to use your SMTP server. You must also define email recipients. Supply the following on the Email tab of the Configure > Appliances > Edit > Edit Appliance page:
• | The fully qualified SMTP server name or its IP address. (If a DNS record has not been configured, you must use the IP address of the SMTP server.) |
• | Username and password credentials if you have an externally-hosted SMTP server that requires authentication. |
Note: When using a non-local mail server or an internal SMTP relay configurations, we recommend using an authenticated mail user to prevent filtering issues (for example, cases where alerts are not sent to specific recipients due to filtering rules applied to unauthenticated connections or defined in the mail domain policy). Use a mail user service account that is exempt from routine password change to prevent email from being blocked or delayed.
• | A valid test email address. |
• | Destination email addresses where reports will be sent. |
The User Interface (UI) manages and monitors Unitrends appliances. To access the UI requires a user account. By default, a superuser named root is created on the appliance, but you can create additional user accounts. You can set up users on the appliance itself or use Active Directory authentication. This section applies to creating users on the appliance. To use AD authentication, see To set up Active Directory authentication.
Each user account is assigned a role that defines the types of operations the user can perform on the appliance. Supported roles are:
Role | Description |
---|---|
Monitor |
A user with this role is only able to view the status of operations, such as jobs, and to run reports. This user cannot create or start jobs or configure the system in any way. |
Manage |
A user with this role can view statuses and reports, start and view backup jobs, and perform other management tasks, such as adding or modifying assets and retention settings. However, this user cannot create or modify users other than modifying his or her own user account password. |
Superuser |
A user with this role, in addition to monitoring and managing systems, can add, edit, or delete users. |
Administrator |
This role is equivalent to the Superuser role. In the future this role will support the ability for a user to have different roles on different appliances. |
Review these additional details before managing users:
• | User accounts can only be used to access the appliance for which they were created. Users are not shared across Unitrends appliances. To log in to another appliance, the user must be created directly on that system. |
• | To modify users, you must be logged in to the UI as a user that has the administrator or superuser role. Users with monitor or manage roles can only see their own user account. |
• | To add a user, you must supply a username, password, and role for the new user. |
• | See the To edit an appliance procedure to add or modify users. |
• | Once you set up users, you can assign them to asset groups to control which assets they can access. For details, see Grouping assets in custom folders. |
During deployment, date and time settings were configured for the appliance. You can edit these settings as needed. You can manually set the date and time or sync to an NTP server. To use an NTP server, you will need to supply its address. Edit these settings from the Date Time tab of the Configure > Appliances > Edit > Edit Appliance page.
You can add or modify the appliance license as needed.
Note: Applying a license stops all running jobs.
Licensing procedures for physical Recovery-Series appliances differ from those for virtual UEB appliances:
• | Recovery-Series appliances ship fully licensed. It is likely you will never need to modify this license unless directed to do so by Unitrends Support. If you need to update a license, apply the license you receive from Unitrends. |
• | UEB appliances deploy without a license. After deploying the appliance, you must register and license it. Register the appliance as described in the applicable deployment guide: UEB Deployment Guide for VMware, UEB Deployment Guide for Hyper-V, or UEB Deployment Guide for Citrix XenServer. Then apply the license you receive from Unitrends. |
• | UEB Installable Software deploys without a license. After deploying, register the appliance as described in the UEB Deployment Guide for Installable Software. Then apply the license you receive from Unitrends. |
• | See the To edit an appliance procedure to add or modify the appliance license. |
You can configure the appliance as a backup copy target to store backups copied from another Unitrends appliance. Be aware that the appliance's backup storage is used to store the backup copies, so on-appliance retention of local backups will be impacted. For details, see Backup copy targets.
Note: You can use UEB on Hyper-V, UEB on VMware, and UEB on Citrix XenServer appliances either as a backup appliance or as a backup copy target. These appliances cannot perform both roles. You can use Recovery-Series and UEB installable software appliances as both a backup appliance and a backup copy target.
Use encryption to protect data from unauthorized access and theft. All data remains encrypted until a request is made to recover the data. If the correct passphrases are in place, recovery proceeds without administrator involvement.
Unitrends encryption provides:
• | Encryption at the asset level |
• | The ability to manage and change passphrases |
• | Backup, backup copy, and recovery of encrypted data |
See the To edit an appliance procedure to set up encryption.
The following encryption limitations apply:
• | Encryption slightly degrades performance for backups, backup copies, and recovery. Use encryption only if you really need to hide your data. |
• | Make sure to keep the passphrase secure. If you forget the passphrase, there is no way to recover it or recover any encrypted backups. |
• | Once you have enabled encryption for an asset, that asset’s subsequent backups are encrypted. Encryption takes place during backup jobs. When unencrypted backups run on an appliance before you configure encryption, those backups remain unencrypted. |
• | Small Form Factors (SFF) do not support encryption. |
• | The following backup types are not encrypted: |
– | Legacy MS Exchange Information Store backups |
– | CEP brick-level backups |
– | Any data stored on the appliance via Samba or NFS |
In most cases, you use the main UI pages (Dashboard, Protect, Recover, Jobs, Reports, and Configure) for appliance administration tasks. In some cases, you may need to access additional information, such as log files, lists of running processes and services, or disk status. The Support Toolbox provides an easy way to access this lower-level appliance information and perform related tasks.
Access the Support Toolbox from the Advanced tab of the Configure > Appliances > Edit > Edit Appliance page. Scroll through the toolbox to find the information or task you are interested in. Hover over the options to see descriptions and helpful tips.
The appliance is automatically configured to use the best settings for the appliance model and other factors in your environment. In most cases you will never need to modify these settings. If you are an advanced user and want to adjust deep configuration settings, such as MaxBlockSize and QuickSeek, you can edit these settings. Do not modify these settings if you are not familiar with how the change will impact appliance performance and on-appliance retention.
To access these settings, click General Configuration on the Advanced tab of the Configure > Appliances > Edit > Edit Appliance page.
In most cases, you access the appliance through the UI by entering UI user and password credentials. If you are an advanced user and need command line access, you can use a terminal emulator, such as PuTTY, to connect to the appliance using operating system account credentials. Use caution when performing tasks from the appliance command line. Before using the command line, check the Support Toolbox. Many lower-level appliance tasks can be run from this handy interface.
The appliance is deployed with these default operating system credentials:
• | User root |
• | Password unitrends1 |
To change this password, click OS Password on the Advanced tab of the Configure > Appliances > Edit > Edit Appliance page.
Unitrends supports Challenge Handshake Authentication Protocol (CHAP) for iSCSI connections to external storage:
Note: CHAP authentication is used for iSCSI connections to external backup storage and backup copy targets only. CHAP is NOT used to recover files from host-level backups over iSCSI.
• | You can configure the iSCSI connection with CHAP before configuring CHAP on the target storage. Once the target is configured, CHAP authentication is enforced. |
• | If CHAP has not been configured on the target storage, the appliance detects this and gains access without CHAP authentication, even if CHAP has been enabled on the Unitrends appliance. |
• | If CHAP has been configured on the storage target, you must enable CHAP authentication on the Unitrends appliance. If not, any attempt to add the target to or access the target from the Unitrends appliance fails. |
• | A single CHAP username and password is used by the Unitrends appliance. Therefore, all of its CHAP-enabled iSCSI targets must be configured with this username and password. |
• | CHAP is supported from the initiator (Unitrends appliance) to the target only. Mutual (bi-directional) CHAP is not supported. |
• | CHAP authentication occurs upon first log in to the target. Subsequent operations on the target succeed, without further authentication, for the duration of the iSCSI session or until the target sends a random challenge request. |
• | For setup procedure, see To configure iSCSI CHAP authentication. |
You can configure your appliance to send system and application-specific alerts to your network management server using the SNMP protocol. Alerts are delivered as incoming trap messages to the network management application. This enables you to quickly identify and respond to hardware or software conditions that require action.
Through the use of the Unitrends SNMP agent and MIB, you can configure alerts to be sent to your own Remote Monitoring and Management (RMM) software.
SNMP agent requirements
To use the Unitrends agent:
• | The appliance must be running version 9.0.0-12 or higher. |
• | The Unitrends SNMP agent supports SNMP gets with SNMP version 1, 2c, and 3. |
For setup procedure, see To set up SNMP trap notifications.
When deployed, the UEB database is located in the same partition as stored backups. You now have the option to configure a separate partition to house the UEB database. With this configuration, the database resides in its own partition on a separate logical volume than the backups themselves. Use this option to increase backup performance and stability by using faster performing storage for the database and lower-tier storage for the backup data itself. This is great when:
• | You are using slower backup storage that communicates with UEB over NFS or CIFS protocols. |
• | You are using third-party deduplicated storage that is not designed to process database workloads. |
By moving the database to a different location than the stored backups, you add hardware. This introduces additional potential points of failure. Be sure to:
– | Implement proper measures to ensure hardware reliability of all storage. |
– | Store copies of your backups on secondary storage to avoid losing backup data in the event of a hardware failure. For details, see Backup copies. |
These requirements must be met to create a separate database partition:
• | The appliance must be a UEB appliances. |
• | To create a separate database partition, you must first add a disk to the UEB appliance. |
• | The disk you add must be at least 100GB or twice the running database size, whichever is greater. |
• | To create the database disk, Unitrends recommends that you add a disk in the same way you added the initial backup storage during UEB deployment. For example, if you created the initial backup storage using direct attached storage (DAS), use DAS for the database partition. For details, see the applicable UEB deployment guide: |
– | Determining your storage strategy in the UEB Deployment Guide for VMware |
– | Determining your storage strategy in the UEB Deployment Guide for Hyper-V |
– | Determining your storage strategy in the UEB Deployment Guide for Citrix XenServer |
– | Disk and network configuration in the UEB Deployment Guide for Installable Software |
Warning! Unitrends strongly recommends that all UEB storage is either direct attached storage (DAS, internal to the hypervisor) or resides on one external storage array. If you configure storage across multiple storage arrays and one becomes unavailable, all backup data ends up corrupted, resulting in total data loss.
Once the above requirements have been met and you have added the database disk to your UEB appliance, see To create a separate database partition on your UEB appliance to set up the partition and migrate the database.