VMCE v9 Study Guide Module 4 – Initial Configuration Adding Windows/Linux servers and Backup Proxies
Finally we are moving on to Module 4 of the Veeam VMCE v9 Study Guide. In Module 3 we took a look at all of the core components that are required in order to make Veeam Backup & Replication work – in this module we will go one step further and discuss some of the options and features we have when we go through the process of adding these into our Veeam Backup Server
Adding Microsoft Windows Servers
Windows Servers are used for a variety of different roles within VBR. Before we can assign these roles to the servers however we need to add them into our VBR configuration. Adding Windows Servers is done through the Backup Infrastructure View on the Microsoft Servers Node (under Managed Servers). When adding a Microsoft Windows server you need to ensure first that file and printer sharing is enabled on the server – if it isn’t, VBR will be unable to deploy the Veeam Installer service or the Veeam Data Mover service to the server. To add a Windows server, right-click the ‘Windows Servers’ node and select ‘Add Server’ and follow the following steps and configurations…
- If prompted, meaning if you used an ‘Add Server’ from anywhere else, select ‘Microsoft Windows’ as your desired server type.
- Server Name – Specify the servers fqdn or an ip address. You can also add a description here for future reference. The default description simply states who added the server and when.
- Credentials – If you have already stored credentials in VBR and they are valid for this server go ahead and select them. If not, you are able to click ‘Add’ at this point to add a new set of credentials. These credentials will be used to deploy both the installer service and the data mover service on the Windows server.
- Ports – We can also customize any network ports if we would like with this button. By default the services that may get deployed on a Windows server use the following ports.
- Veeam Installer Service – 6160
- Veeam Data Mover Service – 6162
- Veeam vPower NFS Service – 6161
- Veeam WAN Accelerator Service – 6164
- Veeam Mount Server – 6170
- Ports – Still within this screen we have some Data Transfer options. The range of ports displayed (default 2500-5000) are used for transmission channels between the source and target servers, with each task utilizing one port. If you have a small environment, or don’t expect a lot of data traffic you can scale this down to a smaller range of ports. Just remember that one port = one concurrent task.
- Ports – Preferred TCP – Also within this screen we can see the ‘Preferred TCP connection role’ section. This is used if this Windows server is being deployed outside of a NATed environment. If it was, this server would not be able to initiate a connection to another server on the other side of the NAT. If this is the case, select the ‘Run server on this side’ checkbox to reverse the direction of the connection.
- Review – simply shows the status of the options selected.
- Apply – At this step we can review and monitor the steps that VBR has taken to successfully add the Windows Server.
Adding a Linux Server
Before we can add a Linux Backup Repository we must first add a Linux server into our VBR environment. Just as with Windows, this is done on the Backup Infrastructure view by right clicking the Linux Server node and selecting Add Server. The following steps and configurations apply to the addition of Linux servers.
- Name – provide the FQDN or IP address of the Linux Server – an optional Description can also be specified at this point.
- SSH Connection – Veeam will deploy the required components to a Linux server through an ssh connection. At this step we need to provide some credentials that can connect to our desired Linux Server. If you already have credentials setup we can simply select them from the drop down, or click ‘Add’ to create a new set of credentials. Note, both username/password and Identity/Pubkey authentication is supported for the ssh credentials.
- SSH Connection – The advanced section on this screen allows us to further configure how we would like components deployed. We can specify an ssh timeout value if we please. By default this is 20000 ms, meaning if a task targeted at this server is inactive after 20000ms, VBR will automatically terminate said task. Just as with Windows we have the ability to adjust our Data Transfer Options as well, either scaling up or down the port range and in turn scaling up/down our maximum concurrent tasks. Also, like Windows, we see the ability to select ‘Run server on this side’ if we are deploying outside of a NATed environment.
- When we move to the next screen we may be prompted to trust the SSH key fingerprint. When we do this, the fingerprint is saved to the Veeam configuration database. The fingerprint is then used during every communication task between Veeam components and this Linux server to help prevent man in the middle attacks. If this key gets updated on the Linux server, you will need to return to this servers settings within Veeam and run through the wizard again in order to trust the new fingerprint.
- After clicking ‘Finish’ we are done.
Adding a VMware Backup Proxy
We already know that our Backup Proxy is used to process and deliver traffic to either another proxy or backup repository. By building out multiple proxies we are able to split the load across them and in the same time take the data mover load off of our Veeam Backup Server. Adding a VMware backup proxy is performed through the Backup Infrastructure view on the Backup Proxies node from within the VBR Console with the following steps and configuration options
- Right-click the Backup Proxies node and select ‘Add VMware Backup Proxy’
- Server – Chose Server – Select the Windows server you wish to assign the proxy role to – if you haven’t already added your server to the backup infrastructure you are able to select ‘Add New’ at this point to go through the process of Adding a new Windows Server (See above).
- Server – Description – We also have the option of creating a description here as well, by default this just states who and when added the backup proxy.
- Server – Transport mode – Select your desired transport mode, meaning how you would like the proxy to read/write the data. By default , VBR will scan the proxy configuration and it’s connection to datastores in order to determine an optimal transport mode for it, which will be selected automatically upon reaching this screen. If we need to override this we can by clicking ‘Chose’. Our options here are Direct Storage Access, Virtual Appliance, or Network. See Module 3 for more information about how each of these transport mode works. From within the Options section of our Transport Mode selection we can specify additional options for whichever mode we have selected.
- For Direct Storage Access and Virtual Appliance modes we can choose to either failover to network mode (default) or not.
- For Network Mode we can choose to transfer VM data over an encrypted SSL connection by selecting ‘Enable host to proxy traffic encryption in Network mode’.
- Server – Connected Datastores – Allows us to specify which datastores this proxy has a direct SAN or NFS connection to. By default Veeam will detect all datastores that the proxy has access to, however if you wanted to limit certain proxies to certain datastores you can do so here.
- Server – Max Concurrent Tasks – We can specify here the number of tasks that the backup proxy will be able to run conccurrently. At any time if this number is exceeeded no new tasks will start until one has completed. Keep in mind that Veeam requires 1 CPU core for 1 task, as well as increasing concurrent tasks has the potential to flood network traffic throughput as well.
- Traffic Rules – The traffic rules section allows us to utilize throttling rules in order to limit the OUTBOUND traffic rate for the proxy. These help to manage bandwidth and minimize impact on the network. These rules are created globally within VBR and will only display here if the proxy ip happens to fall within the range the rule applies to. To view the globally set traffic rules we can click on the ‘Manage network traffic rules’ link below the table displayed or click ‘View’ to view a single rule. We will go over the traffic rules in a bit more details when we cover off global settings of VBR.
- Summary – After reviewing the summary select ‘Finish’
At anytime you can come back to the Backup Proxies node and right-click a Backup Proxy to edit it. We can also Disable Backup Proxies on an individual basis. When disabled a backup proxy will not be used in any backup jobs that can select it. If you want to remove a backup proxy that is possible as well. That said, if the Backup Proxy is explicitly selected in a job, meaning the job does not automatically select proxies, then you will first need to delete the reference to this proxy in the job before the proxy can be removed. Removing a backup proxy only removes it from the Backup Proxies node, the server will remain in the Windows Servers node.
Adding a Hyper-V Off host proxy
By default, MS Hyper-V hosts perform the role of a proxy – this is called on-host mode. That said they take up resources that may be needed to run your actual production environment so its best to add Off Host proxies. We discussed these a bit in Module 3, and if you remember they have the following prerequisites.
- Windows Server 2008 R2 or higher with Hyper-V role of 2008 R2 or higher installed
- Must be connected to the shared storage
- Hardware VSS providers must be installed on host (supplied by vendor)
- If using CSV, the Hyper-V off host proxy must not be a part of the cluster it is backing up.
- If backing up SMB3, the local system account on off host proxy must have full access permissions to the file share and must be in the same domain, or in a trusted domain.
To add a Hyper-V off host proxy you need to add the backup proxy role to a Microsoft Windows server within the backup infrastructure utilizing the ‘New Hyper-V Off-Host Backup Proxy’ wizard and the following configuration…
- Server – select a Windows server to assign the role to, if not listed you can add new at this point. You can also add a description. By default, Veeam will automatically detect the connected volumes however if you would like to specify which volumes you want this host to work with you can do so using the ‘Connected Volumes Choose…’ button. We can also specify the Maximum Concurrent Tasks for this proxy, keeping in mind each proxy requires 1 CPU.
- In the Traffic Rules selection we can select any rules that will apply to our off host proxy to limit its OUTBOUND traffic rate. These rules are not created here, they are created globally and only those rules that are applicable to the IP of our proxy are listed. You can move into the global rules by clicking ‘Manage Network Traffic Rules’ link.
- Review the summary of task and click ‘Next’ to finish deploying the proxy.
Today during Veeam’s “Next Big Thing” event they announced a new all-encompassing Availability Platform; by leveraging and adding new features already existing products (Veeam Backup & Replication, Veeam Cloud Connect and Veeam ONE) along with tying in some newly announced products (Veeam Backup for Office 365, Veeam Availability Console), and adding in some new feature-packed versions of their products supporting physical systems (Veeam Agents for Linux/Windows) Veeam is set to deliver an all-encompassing product to customers of any size, small or enterprise, ensuring that all their data is protected and available no matter where it may reside.
Although the event was entitled “Next Big Thing” it really should have been plural (Things) as a lot was announced, released, and talked about. If we look at the above graphical representation of the platform we see a number of products that we may not recognize; ie The Veeam Availability Console, Veeam Availability Orchestrator, Veeam Agents??? You may not recognize these, some are new, some are re branded, let me try to summarize all the announcements as best I can…
Veeam Backup for Office 365
So this one isn’t even shown in the platform graphic but hey, no point in beating around the bush here – this is probably the announcement I’m most excited about. As a customer I was ecstatic when Veeam announced their support for Microsoft Exchange – as an admin, I could now process my Exchange backups and perform granular restores right down to item level such as individual messages right back into my co-workers mailboxes! It was awesome! Then, something happened – the way organizations started thinking about delivering email changed – Being in education it was a pretty easy decision to simply move into Office 365 – the price was right 🙂 No longer do we have to maintain 7 or 8 servers just to run our email system – put it in the cloud, set it and forget it! That said, being in the cloud is great and all – but when those high level executives accidentally delete that important email where do you think they will run to? No matter what as IT we will still be the ones responsible, and in some cases, the ones who take the blame if we can’t restore something – it doesn’t matter that it’s in the cloud or its out of our hands – it’s an IT issue!
That’s why when Veeam announced support today for Office 365 I immediately started perusing around looking for some sort of beta list! Bringing the same functionality that they have for on premises exchange environments to Office 356 is awesome! Want to use the explorers? Sure! Need to restore individual emails/mailboxes/folders? Veeam Backup for Microsoft Office 365 is aimed to be released Q4 of this year, but here is the best part – if you are a Veeam Availability Suite customer or a Veeam Backup & Replication Enterprise Plus customer you can get your first three-year subscription to this product absolutely free. For those running Enterprise or Standard don’t feel ignored – you can pick up a free 1 year subscription!
Veeam Availability Console
2 years ago at VeeamON we saw Veeam Endpoint Backup announced – a free product that we could use to back up our Windows endpoints. There was always some “give” within the support for the product as the messaging was always “Backup your client endpoints AND those few SERVERS you have still running physical workloads”. Although we initially saw some integration into Veeam Backup & Replication there was never really a true management interface to handle these backups or deploy configurations to endpoints we wanted to process. This is where our Veeam Availability Console comes into play – think of this as, dare I say, the single pane of glass to manage your Veeam environment, both VBR jobs as well as jobs from the Veeam Agents for Windows and Linux- whether these workloads and backups are on-premises, or in the cloud!
The Veeam Availability Console is a cloud-enabled platform, allowing both enterprises and service providers to streamline their Veeam deployments, and manage all of those remote environments, providing the framework for managing all licensed components of the Veeam Availability Platform. Think of managing your physical and virtual backups, backups from VMs running in the cloud, and being able to restore these to your environment, or directly to an Azure instance!
As far as who this is targeted at service providers comes to mind – those Veeam Cloud Connect providers certainly can benefit from this! But aside from the obvious Veeam is making this available to enterprise deployments as well. For those with a lot of endpoints or a lot of distributed deployments of Veeam Backup & Replication this can be a great fit into their organization, providing that single place to go to manage all of you remote and branch office deployments, essentially making YOU a Veeam Cloud Connect provider for your business! Veeam Availability Console is expected to be released Q1 2017!
Veeam Agent for Windows/Linux
Staying with the theme of physical support we saw the Veeam Endpoint Backup product get a face lift today as well – to keep up with its Linux counterpart, Veeam Endpoint Backup will now be known as Veeam Agent for Windows. That said rebrand/renames, not to exciting – new features and subsequent versions are – so let’s talk about those! Veeam Agent for Windows/Linux will now come packaged in three different versions – the free version as it stands today will remain their – always free, however Veeam has added a Workstation version along with a Server version to compliment the functionality provided. Cleverly, Workstation will target those looking to back up, well, workstations and Server will support those looking to back up servers, adding certain features to the new versions to provide enterprise functionality into the products. Think of things like Application Aware processing to get those consistent backups, transaction log processing to protect those physical SQL servers, Guest file indexing to provide a fast search capability for finding and restoring files. These are the types of features that will now be available in either the Workstation or Server versions of the Veeam Agents. Along with those features we also see a couple of new benefits in the newly released versions; the first being the Configuration and Management API – Veeam Agents licensed with Workstation or Server will now expose an API allowing customers to centrally deploy the products, complete with a backup job configured to their endpoints and servers. (Think management from the Availability Console here). Also we see a backup cache – meaning, backups can be run and end users can stay protected even if their backup target or repository isn’t within reach. Think of your CEO on a plane if you will, working on a very important (yet very boring) spreadsheet. They make some changes and somehow end up losing the file – Veeam Agent for Windows could still process this backup from 15000 feet, just caching it locally on the workstation while the target was offline, and in turn moving it to the repository when it does become available. Meaning we are protected even when we are remote! A small but mighty feature that I’m sure will save a lot of headaches for a lot of IT admins.
Also, as with any paid version of a product we now see complete enterprise technical support for the Veeam agents! Veeam hasn’t forgotten about that Free product either – along with adding features to the Workstation and Server versions we see some new enhancements to the Free edition as well – Windows 2016 support, Direct restore to Azure, and Direct restore to Hyper-V just to name a few. Veeam Agents will be licensed per agent, with an annual subscription model! We can expect the Linux and Windows agent to be released in November and December of this year respectively!
Veeam Availability Orchestrator
Although Veeam Availability Orchestrator (VAO) has already been announced we’ve yet to see any sort of glimpse into what the product can do. Today that all changed. We saw how VAO can take those DR plans that we have in place and essentially test, execute, and maintain them for us. VAO is truly a multi hyper-visor DR machine for your organization that provides a lot of features needed to be successful when you need to be the most.
Utilizing technologies such as vPower and SureBackup/SureReplica VAO can non disruptively test our disaster recovery plan and workflow – eliminating the need for time-consuming, expensive, manual processes and ensuring things will work just as you planned.
In terms of documentation have you updated your DR plan every single time you add a new service or VM, do you ensure that all the steps are properly changed when you change something within your environment? If you answered yes then I praise you but I know I surely have not – I’ll revisit it during that quarterly review time scheduled on my calendar and just hope nothing happens between now and then – not the best strategy! VAO solves this issue by automatically producing DR documentation, dynamically and on the fly, ensuring you always have the most up to date documentation and are in complete compliance with your DR requirements when “push comes to shove”! VAO, which will be licensed per VM with an annual subscription is targeted to hit the market sometime in Q1 2017 with a beta sometime next month. Be the first to know here.
But what about the Veeam Availability Suite?
Oh yeah – less we forget these products! Veeam has been slowly announcing features for their next release of their flagship software, Veeam Backup & Replication v9.5. We have already been notified of integration into Nimble Arrays, Direct Restore to Azure, full Windows Server 2016 support and enhanced VMware vCloud Director integration but today Veeam announced perhaps some of the most interesting and exciting features to ship with version 9.5!
ReFS Integration for VBR – as we all know ReFS is Microsoft’s “next gen” file-system, with version 3.0 set to ship with Server 2016 when it’s released! To be honest I’ve not done enough homework on ReFS to delve deep into details of how it works but what I do know is that it includes a number of automatic integrity checks and data scrubbing operations built into the filesystem, as well as some interesting features when it comes to failure and redundancy. But, the feature most useful to Veeam customers will be based around how ReFS provides and allocate on write model for disk updates. Think of your repositories here – when using NTFS as an underlying repository when creating a synthetic full, Veeam actually creates a new full backup file out of previous backup chains (full and incrementals) on disk without having to transfer production datastore data. To do this, it needs space, it needs space to create a temporary full backup file and merge incrementals into it, almost duplicating the size on disk required. ReFS handles this a bit differently – utilizing APIs provided by Microsoft, and integration into the filesystem provided by Veeam, Veeam is able to leverage ReFS in a way that i can move metadata pointers around, eliminating the need to actually duplicate data, both saving capacity and increasing performance DRAMATICALLY when creating synthetic full backups. Backup & Replication v9.5 introduces this technology as fast cloning!!! And I know I’ve mentioned a Windows specific feature here, but since it’s a feature implemented on the repository, both Hyper-V and VMware customers will be able to take advantage of this!
Enterprise Scalability Enhancements – Many enhancements have been made to the VBR processing engine, providing even more backup and VM restore acceleration technologies helping you to get to that infamous low RTPO Veeam provides.
Veeam ONE charge back – Veeam ONE has always done a great job on reporting on resource consumption and capacity planning! Now with 9.5 we will see charge back functionality built into the product! The charge back will be available across all platforms Veeam ONE supports, bringing it to a Hyper-V, VMware, or vCloud Director environment near you!
v10 feature revealed – wait what!?! We haven’t even seen v9.5 released yet! Veeam seem to be starting to reveal more of a long-term strategy here! Anyways, we have seen yet another storage integration provided by Veeam, this time in v10, and with IBM. Tech previews of v10 will be available this coming May at VeeamON in New Orleans!
Release date – Perhaps the most important piece of information – VBR 9.5 will be here October 2016!!! Be the first to know when it breaks into the market by signing up here.
Needless to say there were a lot of announcements today! In the days to come I’m sure we will see more and more technical details around these products, how the work, how they will be priced and when they will come out – but for now if you want to see the announcements yourself I recommend taking a look at the Veeam blog! Thanks for reading!
As we continue along the Veeam v9 VMCE Study Guide its time to finish off Module 3 and have a look at Veeam ONE. For me I don’t have a lot of experience with Veeam ONE so this will be a session I try to focus on throughout this guide! Just an update, I’ve written and passed my VMCE at this point, so there’s that! Yay! Either way I’m going to try to complete any unfinished portions I have in efforts of completeness! So with that, let’s get going… Veeam ONE relies heavily on a client-server architecture to work. The architecture of Veeam ONE contains the following components.
Veeam ONE Server
- The Veeam ONE Server is responsible for gathering all of the data from our virtual environment, vCloud Director and Veeam Backup & Replication servers. It takes this data and stores it into its SQL database. Veeam ONE server has a couple of sub components that are broken out as well
- Monitoring Server
- Handles the collection of data to present to the Monitor client or web ui.
- Pulls data from both VMware and Hyper-V as well as Veeam Backup & Replication.
- Reporting Server
- Provides a set of dashboards and predefined reports.
- Verifies configuration issues
- Track implemented changes in the environment
- Adhere to best practices and optimize your environment
- Capacity Management
- Monitoring Server
Veeam ONE Monitor Client
- The Monitor client connects to the monitoring server and basically monitors your virtual environment. This allows us to choose our connections to our virtual servers, our backup infrastructure, and manage alarms and data that is being monitored.
Veeam ONE Business View
- Allows grouping of infrastructure objects into categories that better align to the business
- Groupings/categories are applied to functionality within Monitor and Reporter
- Can be synchronized with vSphere tags.
Interesting tidbits in regards to Veeam ONE
- Can be licensed either per socket or per-VM being monitored
Veeam ONE provides us with a couple different deployment models
Just as VBR gives us the opportunity to consolidate all of the components and services on to one server Veeam ONE does as well. The typical deployment takes Veeam ONE server, Web UI, and Monitor client and installs them all together on the same machine, be it physical or virtual. The SQL instance can also be installed on this machine as well – by default, Veeam ONE packages with SQL 2012 Express. This is a good way to manage a small environment, or to evaluate what Veeam ONE can do for you. If you need to enable multi-user access to the real-time performance it is possible to install the Veeam ONE monitor client on separate machines.
Your typical installation requires at least 4 cores, 64 bit and 8GB of RAM, although 16 is recommended. Must be installed on Windows 7 sp1 or above, and supports SQL, both full and express, from 2005 and up.
The advanced deployment starts to break out some of the individual components to different servers. The Veeam ONE Server, and the WEB UI components are installed on separate machines. Also, Veeam ONE Monitor client can also be installed on multiple separate machines. This deployment can still use the express installation of SQL, however since you are most likely breaking out the components in order to decrease load, you will probably want to install a remote instance of SQL server for this type of setup.
The Veeam ONE server requires at least 4 cores, 64 bit, and 8 GB of RAM, although 16 is recommended. Again, Windows 7 sp1 or above and SQL 2005 and up.
The Web UI server requires minimum 2 cores and only 64 bit OS’s (Win 7 SP1 and up). 2 GB minimum RAM
The Monitor Client requires either 32 or 64 bit OSs (7 SP1 and up) and only 1 socket, along with 1 GB of memory.
Interesting tidbits around Veeam ONE deployments
- Supports vSphere 4.1 and above
- Supports Hyper-V 2008 R2 sp1 and above
- Supports vCloud Director 5.1 and above
- Integrates with Veeam B&R 7.0 update 4 and above (standard and above)
As we continue on Module 3 of the Veeam VMCE v9 Study Guide its time to look at VBR prerequisites, the many deployment scenarios available for VBR and finally what upgrade options we have when upgrading Veeam Backup & Replication to version 9. One of the benefits of deploying Veeam Backup & Replication is that you can make it as simple as you want, or as hard as you want Veeam makes it very easy to deploy VBR and adapt to any size of environment. To help break down the scenarios Veeam provides three different types of deployments for VBR; Simple, Advanced and Distributed
Basically in the simple deployment we are looking at having only once instance of VBR setup and installed on either a physical or virtual machine within our environment. In a simple deployment we have basically one server, the Backup Server, which hosts all the roles and components we need to backup our environment. The Backup server at this point would host the following components
- Veeam Backup Server – for management
- Backup Proxy – for moving data
- Backup Repository – for hosting our backups.
- Mount Server – for restoration
- Guest Interaction Proxy
Interesting tidbits about Simple Deployment
- All components are installed automatically
- The Backup Repository is determined by scanning the volumes of the machine in which we are installing. The volume with the greatest free disk space is used with a “Backup” folder created on it.
- Only used if you are evaluating VBR, or have a small number of VMs you need to protect
- Suggested to install on a VM (but not required) as it would give you the hot-add backup transfer option.
Advanced Deployment is the way to go if you have an environment of any size to back up. In these cases we can’t put all the load on the Backup Server as it would be too much for it to handle. In this deployment model we have the following components
- Backup Server – Our control plane
- Backup Proxies – Data mover components on separate servers to handle the transfer of data.
- Backup repositories – Separate servers containing capacity to store our backup files, VM copies, and replica metadata
- Dedicated Mount Servers – again, separate components in order to efficiently perform application and file level restore back to original production VMs
- Dedicated Guest Interaction Proxies – separate components allowing us to efficiently deploy runtime process in our Windows VMs.
Interesting tidbits about advanced deployments
- Allows us to easily scale up and down to environments by adding more or less components.
- Backup traffic can be dynamically distributed amongst proxies.
- Good setup to begin replicating data offsite by deploying proxies in both local and remote sties.
- Provides HA to our backup jobs by having the ability to allow jobs to failover to other proxies if some become unavailable or overloaded
The distributed deployment is used in cases where environments are spread out geographically with multiple backup servers installed across many locations with the backup servers themselves being federated using Enterprise Manger. This way jobs can all be managed centrally, as well as providing an easy way to search for and find files across all sites. This deployment model contains the following components
- Multiple Veeam Backup Servers for each site
- Multiple Veeam proxies for each site
- Multiple repositories located at each site
- multiple mount servers and guest interaction proxies at each site
- Veeam Enterprise Manager Server
- Optional Veeam Backup Search server to streamline search processes.
Interesting tidbits about the distributed model
- With Enterprise Manager installed, we are able to provide flexible delegation operations to users within the environment to perform restores
- Centralized license management
- All the benefits of the advanced model
Upgrading Veeam Backup & Replication to v9
If you have ever had to upgrade an instance of Veeam Backup & Replication you should know that it is a pretty simple product to upgrade – with that said, you should always do your due diligence – backing up your SQL database and Veeam configuration is always a good idea – as well as ensuring you have completely been through all of the release notes.
There are a few limitations and concerns you might want to pay attention to when looking to upgrade to Veeam Backup & Replication v9
- Supports a direct upgrade from version 7.0 Update 4 and 8.0
- If you have any Windows 2003 servers acting as backup infrastructure components within your current configuration, they will need to be removed before the upgrade as they aren’t supported – this will cause the upgrade to fail.
- The first time you connect to your newly upgraded backup server with a client backup console, they will be prompted to apply the update to their console as well.
- The Console cannot be downgraded
- The first time you login after the upgrade Veeam will prompt you to update all of the other backup infrastructure in your environment such as proxies, repositories, etc. These are upgraded in an automated deployment by the Veeam Backup Server.
Aside from our proxies and repositories there are number of remaining Veeam Backup & Replication Core Components to cover. Today we will try and finish the component section of Module 3 of the Veeam VMCE v9 Study Guide. Some of these components are required, where as some are optional – but all are certainly fair game on the VMCE exam so its best to know them!
Guest Interaction Proxy
During a backup Veeam will interact with the guest to do several things – to do this it deploys a run time process within each VM it is backing up (be it windows or Linux) to do the following options
- Application Aware Processing
- Guest File System indexing
- Transaction Log processing
Older versions all of this was done by the backup server, causing higher resource usage on the Backup server or issues if the backup server and processed VMs had degraded, slow or non-existent network connectivity. As of 9, the process of doing the above 3 actions and deploying these run-time process can be done with a Guest Interaction Proxy (Windows only, will not work with Linux VMs). Again, interesting facts about the GIP.
- Only utilized when processing Windows based VMs. Linux VMs will still receive these packages from the Backup Server.
- Only available in Enterprise and Enterprise Plus editions.
- Can utilize multiple Guest Interaction Proxies to improve performance, recommended to have on at all sites if you have a ROBO setup.
- Can only be deployed on a Windows based server, be it physical or Virtual.
- Must have either a LAN or VIX connection to the processed VM.
- Can be installed on the same server as the proxy, repository, backup server, WAN Accelerator, etc.
- Defined on the Guest Processing step of the backup/replication job. We can assign each job manually to use a certain proxy or let Veeam decide. If letting Veeam automatically determine which proxy to use it will go in the following order
- A machine in the same network as the protected VM that isn’t the Backup Server
- A machine in the same network as the protected VM that is the Backup Server
- A machine in another network as the protected VM that isn’t a Backup Server
- A machine in another network as the protected VM that is a Backup Server.
- If at any point it finds more than one meeting the above criteria, it selects the one which is “less loaded”. The one with the least number of tasks already being performed.
- If at any point a GIP fails, the job can fail over to the Backup Server and utilize it to perform GIP roles as it has done in previous versions.
A mount server is required in order to restore VM guest OS and application items back to their original locations. Veeam uses this server to mount the content of the backup file to a staging server, this server, should be located in the same location as the backup repository where the files are stored, if it isn’t you may end up having restorations traverse a WAN twice. To help prevent this Veeam implements a mount server.
When a file or application item is restored to the original location, Veeam will mount the contents of the backup from the repository onto the mount server, and then copy the data from the mount server to the original location.
Interesting tidbits about mount servers…
- Direct SQL and Oracle restores do not go through the mount server, they are mounted directly to the target VM.
- A mount server is created for every backup repository and associated with it. This is a Repository setting.
- By default the mount server is created on
- Backup Repositories – if they are windows based. The default mount server would be themselves.
- Backup Server – For any Linux based or shared folder backups, and deduplicating storage devices the mount server is the backup server
- Veeam Backup & Replication Console – Anywhere the client is installed so is a mount server, however it isn’t automatically registered within B&R
- Scale-Out Backup Repositories require you to assign a mount server for each and every extent included.
- Mount servers can only be Windows based, but can be physical or virtual.
- In order to restore from storage snapshots the mount server must have access to the ESXi host which will host the temporary VM.
WAN acceleration within Veeam works by using dedicated components to globally cache data and deduplicate data between sites. Basically we would need a WAN accelerator at both our source and target sites to do so. These sit in between the proxies, meaning data would flow through source backup proxy, then to the source wan accelerator, then to the target wan accelerator, then to the target backup proxy, then to either its replication target or backup repository.
Each accelerator will create a folder called VeeamWAN. On the source, files and digests required for deduplication are stored here. On the target, a global cache is stored.
WAN accelerators can require a lot of disk space to hold either the digests or global cache, therefore require some sizing exercises when creating them. Certainly this depends on the amount of source VMs you are backing up, but a rule of thumb is to provide 20GB of disk space for each TB of VM disk capacity. On the target we store Global Cache which is a little less lightweight in terms of capacity requirements. The recommendation here is to provide 10GB of space for each type of OS you are processing – by default, 100GB is allocated, so 10 OSes. Some situations may require us to utilize extra space on the source accelerators depending if digest data needs to be recalculated or we have cleared the cache. In order to help suffice this it’s also recommended you provide 20GB per 1 TB of source VM on your target cache as well.
Interesting tidbits about WAN acceleration
- Must be installed on a 64 bit Windows Based machine, physical or virtual
- Can be intermingled with other proxies and repositories
- For digest data on the source accelerator, provide 20GB of space for each 1 TB of data being backed up.
- For global cache provide 10GB of space for each OS (Default is 100GB)
Veeam Backup Enterprise Manager
This component is optional and is really intended for those that have a distributed deployment containing multiple backup servers. VEB essentially federates your servers and offers a single pain of glass viewing at your backup servers and their associated jobs. From here you can do the following
- Control and Manage jobs
- Edit and Clone Jobs
- Monitor job state
- Report on success/failure across VBR Servers
- Search for guest OS files across VBR Servers and restore via one-click
Interesting tidbits around VEB
- Can be installed on either physical or virtual, so long as its windows
Veeam Backup Search
Veeam Backup Search is an option that will greatly help reduce load from the VEB server if you frequently need to search through a number of backups. Basically, Veeam Backup Search is deployed on a Windows machine running Microsoft Search Server, which basically runs the MOSS Integration service and updates index databases of MSS – leaving VEB the ability to simply pass the Backup Search queries and have the data passed back.
Veeam Gateway Server
The Veeam Gateway server is almost like a connector service, bridging the network between backup proxies and backup repositories. The only time we would need to deploy a gateway server is if we are using one of the following scenarios
- Shared Folder backup repositories
- EMC DataDomain or HPE StoreOnce appliances
ExaGrid, another supported deduplicating appliance with Veeam actually hosts the Veeam Data Mover service directly on the box, Shared Folder backup repositories and the DataDomain/StoreOnce appliances do not – thus, we use a gateway server to host and run the Veeam Data Mover services for them. The gateway server is configured during the “Add Backup Repository” wizard. When prompted we can select our gateway server manually, or chose to let Veeam decide the best fit. If we let Veeam do the choosing our Gateway server is selected following the below criteria
- For a backup job, the role of the gateway server is assigned to the proxy that was first to process VM data for a backup job.
- For Backup Copy jobs, the role of the gateway server is assigned to the mount server associated with the backup repository. If for some reason the mount server is not available this will fail over to any WAN Accelerators that might be used for that job.
- For Backup to Tape jobs the role of the gateway server is assigned to the Veeam Backup Server.
Veeam will select a different number of gateway servers per job depending on the multitasking settings of the repository – PerVM backup chains by default have multiple write streams, therefore each VM will be assigned a gateway server. Where as the normal backup chains only have one gateway server assigned.
A tape server in Veeam Backup and Replication is responsible for hosting a tape device. Simply put its a windows machine that is connected to some sort of tape library. The tape server takes on somewhat of a proxy role for tapes, performing the reading and writing to tapes.
Rubrik, the Palo Alto based company who strives to simplify data protection within the enterprise has recently announced a series C worth a cool 61 million, doubling their total capital to a cool 112 million since founding just over a couple of years ago! And as much as I love to hear about venture capital and money and whatnot I’m much more into the tech as I’m sure my readers are as well! With that, alongside that Series C announcement comes a new release of their product, dubbed Rubrik Firefly!
Rubrik Firefly – A Cloud Data Management Platform
With this third major release from Rubrik comes a bit of a rebrand if you will – a cloud data management platform. Nearly all organizations today have some sort of cloud play in their business; whether that be to build out a private cloud and support legacy applications or consume public cloud resources for cloud native applications – they all have some kind of initiative within their business that aligns with cloud. The problem Rubrik sees here is that the data management and data protection solutions running within those business simply don’t scale to match what the cloud offers. Simply put, customers need to be able to manage, secure, and protect their data no matter where it sits – onsite, offsite, cloud, no matter what stage of cloud they are at – thus spawning the Cloud Data Management Platform
So what’s new?
Aside from a number of improvements and enhancements Rubrik Firefly brings a few big new features to the table; Physical Workloads, Edge Environments, and spanning across clouds. Let’s take a look at each in turn…
I had a chance to see Rubrik a way back at Virtualization Field Day 5 where we got a sneak peek at their roadmap – at the time they supported vSphere only and had no immediate plans for physical workloads. The next time they showed up at Tech Field Day 10 they actually had a bit of a tech preview of their support for physical MSSQL support – and today that has become a reality. As you can see they are moving very fast with development of some of these features! Rubrik Firefly adds official support for those physical SQL servers that you have in your environment, you know, the ones that take up so much resources that the DBA’s just will not let you virtualize. Rubrik can now back these up in an automated, forever incremental fashion and give you same easy of use, efficiency, and policy based environment that you have within your virtual workload backups. Firefly does this by deploying a lightweight Windows service, the Rubrik Connector Service onto your SQL server, allowing you to perform point in time restores and log processing through the same UI you’ve come to know with Rubrik. Aside from deploying the service everything else is exactly the same – we still have SLA policy engine, SLA domains, etc.
And they don’t stop at just SQL! Rubrik Firefly offers the same type of support for those physical Linux workloads you have lying around. Linux is connected into Rubrik through an rpm package, allowing for ease of deployment – From there Rubrik pulls in a list of files and directories on the machine, and again, provides the same policy based approach as to what to back up, when to back it up, and where to store it!
Both the SQL msi installer and the Linux rpm packaged are fingerprinted to the Rubrik cluster that creates them – allowing you to ensure you are only processing backups from the boxes you allow.
Although Rubrik is shipped as a physical appliance we all know that this is a software based world – and that doesn’t change with Rubrik. The real value in Rubrik is the way the software works! Rubrik has taken their software and bundled it up into a virtual appliance aimed for Remote/Branch Offices. What this does is allow those enterprises with remote or branch offices to deploy a Rubrik instance at each location, all talking back to the mothership if you will at the main office. This allows for the same policy based approach to be applied to those workloads running at the remote locations, thus allowing things such as replication back to the main office, archive to cloud, etc to be performed on the edge of the business along with at the main office. The Virtual Appliance is bundled as an ova and sold on a “# of VMs” protected basis – so if you have only a handful of VMs to protect you aren’t paying through the nose to get that protection.
Finally we come to cloud spanning. Rubrik has always supported AWS as a target for archiving backups and brought us an easy to use efficient way of getting just the pieces of data we need back from AWS – but, we all know that Microsoft has been pushing Azure quite heavily as of late handing out lots and lots of credits! You can now take those spare credits and put them to good use as Firefly brings in support for Azure blob storage! The same searching and indexing technology that Rubrik has for Amazon can now be applied to Azure as well, giving customers options as to where they archive their data!
Bonus Feature – Erasure Coding
How about one more? With the Firefly release Rubrik now utilizes erasure coding, bringing in a number of performance and capacity enhancements to their customers with a simple software upgrade! Without putting hard numbers to it customers can expect to see a big increase in their free capacity once they perform the non-disruptive switch over to erasure coding!
Firefly seems like a great step towards the cloud data management platform – a topology agnostic approach to wrapping policy around your data, no matter where it is, ensuring it’s protected and secured! The release of a Virtual Appliance perks my ears up as well – although it’s aimed directly at ROBO deployments now who knows where it might go in the future – perhaps we will see a software-only release of Rubrik someday?!? If you are interested in learning more Rubrik has a ton of resources on their site – I encourage you to check them out for yourself. Congratulations Rubrik on the Series C and the new release!