Enabling access to data

HYCU for Google Cloud uses the following default parameters to connect to instances:

Guest OS Authority user name Network service protocol Port Transport protocol
Linux

<UserName>a

SSH 22 N/A

Windowsb

hycu WinRM 5986 HTTPS

a The email address of the authority that is running the task in HYCU for Google Cloud is <UserName>@<DomainName>.
b HYCU for Google Cloud automatically configures a credential group
named auto-<InstanceName> and assigns it to the instance.

The default connection parameters are suitable for the majority of data protection scenarios. However, in the following cases, you must manually enable access to the instances by assigning credential groups to them in HYCU for Google Cloud:

Guest OS Data protection scenario

any

  • You plan to restore individual files using a user account that you specify.

  • You plan to use a specified user account for the restore, either to reuse an already existing user account or to comply with policies that impose restrictions on the utilized user names and passwords.

Linux

  • You plan to protect SAP HANA applications.

  • You plan to use pre‑snapshot or post‑snapshot scripts and run them with a user account that you specify.

  • The SSH server is configured to use a non‑default TCP port.

  • The SSH server is configured to use public key authentication.

  • OS Login is enabled on the instance in Google Compute Engine.

    For more information on OS Login as the access method, see Google Cloud documentation.

Windows

  • You plan to use pre‑snapshot or post‑snapshot scripts.

  • The WinRM server is configured to use the HTTP transport protocol or a non‑default TCP port.

Configuring and assigning credential groups manually

Prerequisites

  • A user account with sufficient privileges is configured within each instance. For details on how to do this, see Google Cloud documentation.

  • For Linux instances:

    • Only if the Authentication option in HYCU for Google Cloud is set to either Password authentication or Public key authentication: Ensure the following within the instance:

      • The specified user account is a member of the sudo user group.

      • The following line is included in the /etc/sudoers file:

        <UserName> ALL=(ALL) NOPASSWD: /bin/lsblk, /bin/ls, /bin/mkdir, 
        /bin/mv, /bin/umount, /bin/cp, /bin/rm, /bin/mount
    • Only if you want HYCU for Google Cloud to access the instance by using a specific user account with password authentication. The SSH server is configured to allow password authentication for signing-in on to the instance.

    • For Ubuntu 22.04 instances that have RSA key-based authentication configured:

      You must add the PubkeyAcceptedKeyTypes=+ssh-rsa parameter to the /etc/ssh/sshd_config file, and then restart the SSH service by running the systemctl restart ssh.service command.

Limitation

Only if you use the SSH protocol with public key authentication. If keys are generated with PuttyKeyGen or ssh-keygen using the legacy PEM format, only DSA and RSA keys are supported.

Procedure

  1. In the Instances panel, select the instance to which you want to assign a credential group.

  2. Click  Credentials. The Credential Groups dialog box opens.

  3. Click  New.

  4. In the Credential group name field, enter a name for the credential group.

  5. From the Protocol drop-down menu, select one the following protocol options:

    Protocol option Instructions
    Automatic

    Select this option if you want HYCU for Google Cloud to automatically select a protocol for accessing the instance—the SSH protocol (TCP port 22) or the WinRM protocol (TCP port 5985, HTTP transport)—, and then enter the user name and password of a user account that has required permissions to access the instance.

    Use the following format for the user name:

    • Linux: <LocalOrDomainUserName>

    • Windows: <LocalUserName>, <Domain>\<DomainUserName>, <DomainUserName>@<Domain>

    SSH

    Select this option if you want to use the SSH protocol for accessing the instance, and then do the following:

    1. In the Port field, enter the SSH server port number.
    2. From the Authentication drop-down menu, select the type of authentication you want to be used, and then provide the required information:

      Automatic

      This option provides the same behavior as if no credential group is assigned to the instance, but adds the possibility to adjust the port number used when accessing to the instance.

      i Important  Do not select this option if OS Login is enabled on your instance.

      Password authentication

      Enter the user name (in the <LocalOrDomainUserName> format) and password of a user account that has required permissions to access the instance.

      Public key authentication

      Do the following:

      1. Enter the user name (in the <LocalOrDomainUserName> format) and password of a user account that has required permissions to access the instance.
      2. Click Browse. Browse for and then select the file with the private key, and click Open.

        For information on how to obtain the private key, see Google Cloud documentation.

      3. Only if the private key is encrypted. Enter the private key passphrase.

      i Important  This selection is mandatory for utilization of the OS Login access method in Google Compute Engine connection to an instance in which the SSH server is configured to use public key authentication. For more information, see Google Cloud documentation.

    WinRM

    Select this option to use the WinRM protocol for instance access and to enable the credential group adjustment for the actual WinRM server configuration.

    1. From the Transport drop-down menu, select the transport protocol of the WinRM server in the instance.

    2. In the Port field, enter the WinRM server port number.

    3. Enter the user name (in the <LocalOrDomainUserName> format) and password of a user account that has required permissions to access the instance.
  6. Click Save.

  7. Click Assign.

The name of the assigned credential group appears in the Credential group column of the Instances panel. HYCU for Google Cloud performs instance and application discovery after you assign the credentials to the instance and the Discovery status in the Instances and Applications panels is updated accordingly.

t Tip  If several instances share the same user name and password, you can use multiple selection to assign the same credential group to them.

To unassign a credential group from an instance, in the Instances panel, select the instance, click  Credentials, and then click Unassign.

You can also edit any of the existing credential groups (select a credential group, click  Edit , and then make the required modifications) or delete the ones that you do not need anymore (select a credential group, and then click  Delete).