VMware vSphere Storage APIs – Data Protection is the next generation of VMware’s data protection framework originally introduced in vSphere 4.0 that enables backup products to do centralized, efficient, off-host LAN free backup of vSphere virtual machines.
A backup product using VMware vSphere Storage APIs – Data Protection can backup vSphere virtual machines from a central backup server or virtual machine without requiring backup agents or requiring backup processing to be done inside each guest virtual machine on the ESX host. This offloads backup processing from ESX hosts and reduces costs by allowing each ESX host to run more virtual machines.
VMware vSphere Storage APIs – Data Protection leverages the snapshot capabilities of VMware vSphere to enable backup across SAN without requiring downtime for virtual machines. As a result, backups can be performed non-disruptively at any time of the day without requiring extended backup windows and the downtime to applications and users associated with backup windows.

Back up Softwares have the ability to take the backup of VMs in the ESXi host level as a VMDK file.
This feature will enable to the Full VM recovery in case of system recovery. This ability helps to reduce the recovery time and gives the better recovery time objective (RTO).
Taking the backup in VM host level can be integrated with the VSphere to have the centralized management of backups and also it can be integrated with the individual ESXi hosts.

Using the Backup Technologies VMware backup Method Full VM can be recovered and also individual directories
and files also can be recovered.

>>Backups deals with the ESXi hosts so that it will not have any performance impact and resource utilization on VM guest level.
>>Full VM recover is possible in to the same location and also in Different locations like data store / ESXi/resource pool /VCenter is possible.
>> Capable of taking backups even the VM guest is powered off.
>>  It do use Snapshot technology to minimize the backup access to the Original VM and reduce the performance impact.

Port requirement:-

Ports 443 and 902 TCP ports are required to have communication. These 2 ports have specific purpose in the VADP setup.
Port 443:- is used to communicate with the VCenter for the VM Discovery and the backup and restore operations like snapshot creations and snapshot deletions.
Port 902:- is to have the communication with ESXi host in case of using the transport method NBD or NBDSSL transport.

If SAN transport is being used for Backup and restores activities then having the communication with the port 902 is not required.

Transport methods:-

Transport defines the path of the data travel from the source to the backup host. Backup provides  multiple transport methods to send the data to backup host.
To take the backups 3 different transport methods are available in Netbackup.
1) SAN Transport
2) NBD Transport
3) NBDSSL Transport

SAN transport and NBD transport are widely used methods.

1) SAN Transport:
Backup data traffic moves over the SAN transport from storage to directly to the Backup host. SAN transport method requires mapping the storage LUNs that are begin used by the datastores to the backup host also. It will enable the SAN transport to the backup shots and sends data directly from storage to the Backup servers LAN communication is only to require having the VM Discovery and the backup and restore operationslike snapshot creations and snapshot deletions over the TCP port 443.

2) NBD (LAN) Transport:
Backup data will travel form over the network from the ESXi hosts or VCenter (in case of using the VCenter) to the backup host using the port number 902. This transport depends on the network and increases the process load on the ESXi servers.

VCenter for SAN backups:
VCenter needs to use for the environments those are configured to use the VCenter for managing the ESXi servers, this scenario is fits very well for the large environments where multiple ESXi hosts are managed by the VCenter.

>> VCenter credentials needs to provide in the Backup Software as a VMware Virtual Center.
>> These credentials used by the backup host at the time of backup request to discover the VMs in VCenter and also to initiate the snapshot request for backups.
>> All the storage LUNs that are being assigned to the ESXi hosts for data stores also need to present to the backup host to enable to SAN transport.
>> The Data store LUNs that are presented to the backup host should not get initialize in backup host.
>> Port 443 requires to be opened to communicate with the VCenter.
>> Configure the policy in Netbackup using the Policy type as VMware and select the SAN transport
method in VMware tab of the policy to make use of SAN transport for backups.

VCenter for backups using NBD:-
NDB transport enables the backups over the LAN by using the Network Block Device (NBD) driver Protocol. In this method VCenter receives the backup request form the Netbackup backup host.
>> VCenter creates the snapshot for the VMs.
>> VCenter performs the snapshot activity and ESXi sends the Data to Backup host
>> Communication required from backup host to TCP port 443 on VCenter & 902 port on ESXi
hosts.Backup over the VCenter would be slower than the SAN transport backups
>> ESXi kernel port communicates with the backup host and sends the backup data and it is directly
impacted with the backup traffic and may encounter with performance issues.
>> Does not require any LUN masking to the backup hosts.