VMCE v9 Study Guide Module 4 – Initial Configuration Adding Windows/Linux servers and Backup Proxies
Finally we are moving on to Module 4 of the Veeam VMCE v9 Study Guide. In Module 3 we took a look at all of the core components that are required in order to make Veeam Backup & Replication work – in this module we will go one step further and discuss some of the options and features we have when we go through the process of adding these into our Veeam Backup Server
Adding Microsoft Windows Servers
Windows Servers are used for a variety of different roles within VBR. Before we can assign these roles to the servers however we need to add them into our VBR configuration. Adding Windows Servers is done through the Backup Infrastructure View on the Microsoft Servers Node (under Managed Servers). When adding a Microsoft Windows server you need to ensure first that file and printer sharing is enabled on the server – if it isn’t, VBR will be unable to deploy the Veeam Installer service or the Veeam Data Mover service to the server. To add a Windows server, right-click the ‘Windows Servers’ node and select ‘Add Server’ and follow the following steps and configurations…
- If prompted, meaning if you used an ‘Add Server’ from anywhere else, select ‘Microsoft Windows’ as your desired server type.
- Server Name – Specify the servers fqdn or an ip address. You can also add a description here for future reference. The default description simply states who added the server and when.
- Credentials – If you have already stored credentials in VBR and they are valid for this server go ahead and select them. If not, you are able to click ‘Add’ at this point to add a new set of credentials. These credentials will be used to deploy both the installer service and the data mover service on the Windows server.
- Ports – We can also customize any network ports if we would like with this button. By default the services that may get deployed on a Windows server use the following ports.
- Veeam Installer Service – 6160
- Veeam Data Mover Service – 6162
- Veeam vPower NFS Service – 6161
- Veeam WAN Accelerator Service – 6164
- Veeam Mount Server – 6170
- Ports – Still within this screen we have some Data Transfer options. The range of ports displayed (default 2500-5000) are used for transmission channels between the source and target servers, with each task utilizing one port. If you have a small environment, or don’t expect a lot of data traffic you can scale this down to a smaller range of ports. Just remember that one port = one concurrent task.
- Ports – Preferred TCP – Also within this screen we can see the ‘Preferred TCP connection role’ section. This is used if this Windows server is being deployed outside of a NATed environment. If it was, this server would not be able to initiate a connection to another server on the other side of the NAT. If this is the case, select the ‘Run server on this side’ checkbox to reverse the direction of the connection.
- Review – simply shows the status of the options selected.
- Apply – At this step we can review and monitor the steps that VBR has taken to successfully add the Windows Server.
Adding a Linux Server
Before we can add a Linux Backup Repository we must first add a Linux server into our VBR environment. Just as with Windows, this is done on the Backup Infrastructure view by right clicking the Linux Server node and selecting Add Server. The following steps and configurations apply to the addition of Linux servers.
- Name – provide the FQDN or IP address of the Linux Server – an optional Description can also be specified at this point.
- SSH Connection – Veeam will deploy the required components to a Linux server through an ssh connection. At this step we need to provide some credentials that can connect to our desired Linux Server. If you already have credentials setup we can simply select them from the drop down, or click ‘Add’ to create a new set of credentials. Note, both username/password and Identity/Pubkey authentication is supported for the ssh credentials.
- SSH Connection – The advanced section on this screen allows us to further configure how we would like components deployed. We can specify an ssh timeout value if we please. By default this is 20000 ms, meaning if a task targeted at this server is inactive after 20000ms, VBR will automatically terminate said task. Just as with Windows we have the ability to adjust our Data Transfer Options as well, either scaling up or down the port range and in turn scaling up/down our maximum concurrent tasks. Also, like Windows, we see the ability to select ‘Run server on this side’ if we are deploying outside of a NATed environment.
- When we move to the next screen we may be prompted to trust the SSH key fingerprint. When we do this, the fingerprint is saved to the Veeam configuration database. The fingerprint is then used during every communication task between Veeam components and this Linux server to help prevent man in the middle attacks. If this key gets updated on the Linux server, you will need to return to this servers settings within Veeam and run through the wizard again in order to trust the new fingerprint.
- After clicking ‘Finish’ we are done.
Adding a VMware Backup Proxy
We already know that our Backup Proxy is used to process and deliver traffic to either another proxy or backup repository. By building out multiple proxies we are able to split the load across them and in the same time take the data mover load off of our Veeam Backup Server. Adding a VMware backup proxy is performed through the Backup Infrastructure view on the Backup Proxies node from within the VBR Console with the following steps and configuration options
- Right-click the Backup Proxies node and select ‘Add VMware Backup Proxy’
- Server – Chose Server – Select the Windows server you wish to assign the proxy role to – if you haven’t already added your server to the backup infrastructure you are able to select ‘Add New’ at this point to go through the process of Adding a new Windows Server (See above).
- Server – Description – We also have the option of creating a description here as well, by default this just states who and when added the backup proxy.
- Server – Transport mode – Select your desired transport mode, meaning how you would like the proxy to read/write the data. By default , VBR will scan the proxy configuration and it’s connection to datastores in order to determine an optimal transport mode for it, which will be selected automatically upon reaching this screen. If we need to override this we can by clicking ‘Chose’. Our options here are Direct Storage Access, Virtual Appliance, or Network. See Module 3 for more information about how each of these transport mode works. From within the Options section of our Transport Mode selection we can specify additional options for whichever mode we have selected.
- For Direct Storage Access and Virtual Appliance modes we can choose to either failover to network mode (default) or not.
- For Network Mode we can choose to transfer VM data over an encrypted SSL connection by selecting ‘Enable host to proxy traffic encryption in Network mode’.
- Server – Connected Datastores – Allows us to specify which datastores this proxy has a direct SAN or NFS connection to. By default Veeam will detect all datastores that the proxy has access to, however if you wanted to limit certain proxies to certain datastores you can do so here.
- Server – Max Concurrent Tasks – We can specify here the number of tasks that the backup proxy will be able to run conccurrently. At any time if this number is exceeeded no new tasks will start until one has completed. Keep in mind that Veeam requires 1 CPU core for 1 task, as well as increasing concurrent tasks has the potential to flood network traffic throughput as well.
- Traffic Rules – The traffic rules section allows us to utilize throttling rules in order to limit the OUTBOUND traffic rate for the proxy. These help to manage bandwidth and minimize impact on the network. These rules are created globally within VBR and will only display here if the proxy ip happens to fall within the range the rule applies to. To view the globally set traffic rules we can click on the ‘Manage network traffic rules’ link below the table displayed or click ‘View’ to view a single rule. We will go over the traffic rules in a bit more details when we cover off global settings of VBR.
- Summary – After reviewing the summary select ‘Finish’
At anytime you can come back to the Backup Proxies node and right-click a Backup Proxy to edit it. We can also Disable Backup Proxies on an individual basis. When disabled a backup proxy will not be used in any backup jobs that can select it. If you want to remove a backup proxy that is possible as well. That said, if the Backup Proxy is explicitly selected in a job, meaning the job does not automatically select proxies, then you will first need to delete the reference to this proxy in the job before the proxy can be removed. Removing a backup proxy only removes it from the Backup Proxies node, the server will remain in the Windows Servers node.
Adding a Hyper-V Off host proxy
By default, MS Hyper-V hosts perform the role of a proxy – this is called on-host mode. That said they take up resources that may be needed to run your actual production environment so its best to add Off Host proxies. We discussed these a bit in Module 3, and if you remember they have the following prerequisites.
- Windows Server 2008 R2 or higher with Hyper-V role of 2008 R2 or higher installed
- Must be connected to the shared storage
- Hardware VSS providers must be installed on host (supplied by vendor)
- If using CSV, the Hyper-V off host proxy must not be a part of the cluster it is backing up.
- If backing up SMB3, the local system account on off host proxy must have full access permissions to the file share and must be in the same domain, or in a trusted domain.
To add a Hyper-V off host proxy you need to add the backup proxy role to a Microsoft Windows server within the backup infrastructure utilizing the ‘New Hyper-V Off-Host Backup Proxy’ wizard and the following configuration…
- Server – select a Windows server to assign the role to, if not listed you can add new at this point. You can also add a description. By default, Veeam will automatically detect the connected volumes however if you would like to specify which volumes you want this host to work with you can do so using the ‘Connected Volumes Choose…’ button. We can also specify the Maximum Concurrent Tasks for this proxy, keeping in mind each proxy requires 1 CPU.
- In the Traffic Rules selection we can select any rules that will apply to our off host proxy to limit its OUTBOUND traffic rate. These rules are not created here, they are created globally and only those rules that are applicable to the IP of our proxy are listed. You can move into the global rules by clicking ‘Manage Network Traffic Rules’ link.
- Review the summary of task and click ‘Next’ to finish deploying the proxy.