Enabling Remote Installation for Firewalled Environments

For the first application-aware backup of a virtual machine, the backup must be able to access the virtual machine to install required components. In a firewalled environment with restricted network settings or where WMI ports are not open, you must ensure that the workflow that performs the remote installation can access all virtual machines that run applications.


Set default tunnel port configurations at the client level. If a client has a default tunnel port configuration set at the group level, running an application-aware backup removes that configuration.


  1. Enable remote installations during application-aware backups.

    For VMware, you can perform the following tasks before running an application-aware backup:

    • Install VMware Tools on guest VMs.

    • Configure a remote software cache on the VSA proxy that will used for the application-aware backup. Include packages for MediaAgent and any applications that should be protected using application-aware backups.

    If VMware Tools are installed on guest VMs, you do not need to install the File System Core package manually (step 3). The first application-aware backup uses VMware Tools to push the File System Core package into the guest VM, and then CVD is used to push an application plug-in into the guest VM.

  2. Create one or more VM groups with application-aware backups enabled, and add the virtual machines to be backed up as content for each VM group.

  3. From the CommCell Console, perform the following steps:

    1. For each subclient that corresponds to a VM group that is configured for application-aware backups, right-click the subclient, and then select Create VM Clients.

    2. After the VM clients are created, modify the hostname for each VM client to use the same hostname that is used to install Commvault software on the VM client.

  4. Create a server group that contains all the VMs that you want to back up with application-aware backups.

  5. Define a network topology.

    You can use a predefined network topology. For information, see Configuring Network Routes.

  6. On each of the virtual machines that were included in the server group for application-aware backups, perform a local installation or a remote installation of the File System Core package.

    During the installation, enter a fully qualified domain name (FQDN) as the client name for the application client. The client that is created contains host information for the guest VM or instance.

    For Amazon EC2 guest instances, in the client properties, verify that the Host Name box contains the public DNS name for the Amazon EC2 instance. For example, ec2-00-000-00-00.compute-0.amazonaws.com.

    The client name must be 62 or fewer characters. If the VM is part of vCloud, the VM name, including the VM GUID, must also be 62 or fewer characters.

  7. Perform an application-aware backup.

    During the first application-aware backup for a guest VM, the application-aware backup workflow pushes an application plug-in into the guest VM. For information, see Performing an Application-Aware Backup.

    During an application-aware backup, the VSAAppAwareBackupWorkflow tries to connect to virtual machines using WMI methods. If the WMI connection cannot be established, the workflow detects the presence of applications and application plug-ins that are supported for application-aware backups, and continues with any remaining configuration that is needed to complete the application-aware backup successfully.