Task:
Recover single file from a VM backup from a UEB appliance.
Steps:
A. Start File Recovery in UEB Appliance Web GUI:
1. Login to the UEB appliance:
- Server: e.g. https://appliancenm.mindwatering.net/
- Enter ID and its Password
2. Click Recover (left menu) --> Backup Catalog (tab - top) --> Open the twistie next to the VM Name from which to recover a file --> Select checkbox next to the backup date/time of the VM backup desired --> click Recovered Files button --> In the Confirmation pop-up dialog, click Confirm to start the recovery image mounting.
Note: This may take a few seconds to a few minutes.
3. Still in the Recover (left menu), switch to the File Level Recover (tab) --> Select checkbox for the VM name and backup date chosen above.
There are two options to restore one or more files:
- The Browse/Download button. If this button works, you'll see a file manager type window, where the file can be downloaded. This seems to never work for Linux-based VMs.
- The Show Details button displays a pop-up with information similar to below:
Name: VMName (VMware VM)
Host/Server: esxhostname.mindwatering.net
Created: 10/16/2023 09:49:15 am
Appliance: ueb-name
CIFS Path: None
iSCSI (Windows): On the machine to which you want to restore files, use the Windows ISCSI Initiator. The iSCSI target identifier includes the VM name at the end
(example:iqn.1995-12.com.unitrends.dpu:flr.12fb.VMNAME).
For details, see Recovering files using iSCSI on windows.
iSCSI (Linux): Login to server or VM to which you want to copy files and download and run the script located at 10.0.10.201/iscsi_flr.
a. If the first option works, use it, and download the file(s) desired to the local workstation/server.
- Skip to the C. Remove the Mounted Recovery Backup instructions further below.
- or -
b. Copy-and-paste the IP with the iscsi_flr path for re-use further below.
(e.g. 10.0.10.201/iscsi_flr)
- Continue to the next step B.
B. Restore the VM File(s) using an ISCSI Initiator Client
Notes:
- Typically, we are restoring file(s) on the same VM as the one that we selected to recover files in step A above. However, this can be done from any other workstation/VM running a compatible OS to mount the disks.
(For example, both MacOS and a Linux OS can mount a recovered Linux VM's ext4 disks.)
- For this example, we are going to SSH into the same VM and restore its own files to a temporary location for review/use. This VM is a RockyOS Linux VM.
1. SSH into the VM and perform the mount of the recovery backup disks:
a. Login and make a mount folder:
$ ssh myadminid@vmname.mindwatering.com
<enter password>
$ cd /home/myadminid/
$ mkdir tmprecover
$ cd tmprecover
$ sudo su -
b. Install the ISCSI tools if not already installed (skip if already installed):
# dnf -y install iscsi-initiator-utils
<wait>
c. Mount the disks of the recovery backup:
Notes:
- The disks are actually mounted INSIDE the tmprecover folder we created above. They syntax of the command needs to take that into account. Use the IP of the UEB appliance written down in step A-3 above.
- If any disks cannot be mounted (e.g. swap, etc), then they will be skipped. Each disk mounted will be a subfolder within the tmprecover/disks/ folder.
# cd /home/myadminid/tmprecover/
# curl 10.0.10.201/iscsi_flr > iscsi_flr
# perl iscsi_flr --server 10.0.10.201 --mountdir /home/smyadminid/tmprecover/disks mount
<make selection e.g. 1. see below>
- The following is a sample output of the command above:
Performing iSCSI target discovery from 10.0.10.201.
1: 10.0.10.201:3260,1 iqn.1995-13.com.unitrends.dpu:flr.40d1.nameofvm
Choose a session to restore from:
- In this example, enter 1 and click <enter>
<wait - if the disks are massive this will take a minute or so>
d. View the files:
# cd /home/myadminid/tmprecover/disks/
# ls -l
<view output>
- Example output:
total 0
drwxr-xr-x 6 root root 54 Oct 17 15:31 partitions
e. Enter the restored dynamic folder (e.g. partitions)
# cd partitions
# ls -l
- Example output:
total 40
drwxr-xr-x 3 root root 4096 Dec 31 1969 sdc1
drwxr-xr-x 2 root root 6 Oct 17 15:31 sdc2
drwxr-xr-x 2 root root 6 Oct 17 15:31 sdc3
drwxr-xr-x 286 notes notes 36864 Oct 15 20:58 sdd1
- Each drive is a folder. In this example we copy a fictional notes mail file:
- - The original file system path in the original VM is: /local/notesdata/mail/mailfilename.nsf
- - In this recovered mounted backup, the file path is: /home/myadminid/tmprecover/disks/partitions/sdd1/mail/mailfilename.nsf
f. Copy the file outside the /local/notesdata for review:
# cp /home/myadminid/tmprecover/disks/partitions/sdd1/mail/mailfilename.nsf /home/myadminid/tmprecover/
# cd /home/myadminid/tmprecover
# ls -l
<confirm the restored file, mailfilename.nsf is there>
e. Unmount the recovery disks:
# cd /home/myadminid/tmprecover/
# perl iscsi_flr --server 10.0.10.201 --mountdir /home/smyadminid/tmprecover/disks unmount
# ls -l
<no files/folders - the mounted disks are unmounted>
C. Remove the Mounted Recovery Backup in UEB:
a. Login to the UEB appliance:
- Server: e.g. https://appliancenm.mindwatering.net/
- Enter ID and its Password
b. Click Recover (left menu) --> File Level Recovery (tab) --> Select checkbox for the VM name and backup date chosen above --> Click the Remove button --> In the Confirm FLR Deletion pop-up dialog, click Confirm to delete the recovery image.
<wait - this will take a second or two>
previous page
|