Tag Archives: Certification

VMCE v9 Study Guide – Module 10 -Veeam ONE Auto Discovery, Business View and Alarms

VMCE LogoVeeam ONE is essentially a management program, providing monitoring, reporting and alerting for your virtual infrastructure, whether that be Hyper-V or VMware.  The module for this course is broken down into 9 different sub modules, so lets look at each one in turn.

 

Auto Discovery of Backup and Virtual Infrastructure

During the initial configuration of Veeam ONE users are prompted to chose and add their virtual infrastructure type – the options presented are

  • VMware vCenter Server
  • Hyper-V Host, Failover Cluster or SCVMM server
  • Skip Virtual infrastructure configuration

After selecting your desired virtual infrastructure you will be prompted for it’s name, either IP or FQDN, and some credentials to connect – along with the required port to connect on.  After installation we have the ability add other types of servers such as a standalone ESXi host and a vCloud Director server on the inventory pane inside the Infrastructure view.

Once completed the initial configuration, the servers, both vSphere, Hyper-V or Veeam that you have setup during the installation will be propagated to all Veeam ONE components, such as monitor, reporter and business view and data will begin being collected  immediately as well as during its default scheduled time (weekdays @ 3 am).

Once a connection has been established Veeam ONE will start pulling information and data on the top level scope you’ve added, plus all children.  Individual hosts/clusters can be excluded after the face from the Monitored Hosts tab.  Subsequently, datastores can be excluded as well on the Monitored Datastores tab.  If you want to exclude certain VMs it is done a little differently.  Instead we use rules to exclude VMs.  By default an inclusion rule that adds all VMs is configured.  If you want to establish another inclusion rule, then you must disable this default rule.  You do not need to do this when creating exclusion rules.  You can create rules based on the following criteria.

  • By object name – add/exclude VMs based on VM name
  • By infrastructure location – Apply rule that applies to VMs only within a certain hierarchy of the infrastructure.

When creating our rules we can use the * and/or the ? wildcard.  The * stands for zero or more characters where the ? stands for just a single character.  If adding multiple conditions to a VM you need to specify whether you would like to apply the rule if any condition evaluates to true or if all conditions evaluate to true.

When prompted to add your Backup Infrastructure you simply need to pass the FQDN Name of either your Veeam Backup & Replication server or your Veeam Backup Enterprise Manager server and pass the required credentials.  You also have the ability to skip this step and add Veeam later.   If we connect a Backup & Replication server, data for the job sessions for the previous week is collected.  If we add an Enterprise Manager instance, Veeam ONE first builds a hierarchy of Veeam B&R servers, then collects the data for the job sessions for the previous week from each one of them.

Business Categorization

Categorization within Veeam ONE is done by a the Business View component which is installed alongside everything.  Business view allows you to create categorization models and values to help organize your infrastructure and display your infrastructure from a business standpoint.  This completely integrates into Veeam ONE Monitor and Reporter, so any groups you create within Business View will be available in the other Veeam ONE components.

Some examples of categories one might create in Veeam ONE Business View are…

  • Business Unit,
  • Department
  • Location
  • Purpose
  • SLA

Business View also supports reading and writing vSphere tags as well, meaning you can map business view categories and groups to vSphere tags and vice versa.  That said there are some default out of the box categories that Business View comes with..

  • Datastore – groups VMs by their datastore
  • Last Backup Date – dynamically groups VMs by the age of the latest backup or replica restore point created
  • Sample Business View Category – dynamically groups VMs by name
  • SLA – static groups for all types of virtual infrastructure objects.  Includes two groups; Mission Critical and Other
  • Storage Type – dynamically groups storage objects by type.
  • VM Network – dynamically groups VMs by connected network
  • VMs with Snapshots – dynamically groups VMs with snapshots by snapshot age.

You can add more custom categories, but keep in mind the maximum number of categories Veeam ONE supports is 25.

Pre-Defined Alerting

Veeam ONE Monitor comes with over 150 predefined alarms that can alert you on almost every aspect of your virtual and backup infrastructures.  In terms of data protection there are alarms already setup to…

  • connectivity issues an inability of backup infrastructure components to communicate with each other.
  • state of the VBR software installed on infrastructure components
  • Failing of jobs or jobs completed with warnings
  • Configuration issues, such as repositories running out of space
  • Long running jobs that exceed the backup window
  • License and pre-paid support expirations.

Alarms within Veeam ONE work in the following way

  • When Veeam ONE monitor detects that the behavior or state of an object meets an alarm criteria, it triggers the alarm with the corresponding severity level
  • Once triggered, Monitor console will display the alarm details and associated information in regards to the alarm.  At this point you can view, acknowledge, or resolve the alarm
  • After the alarm has fired, Monitor performs a responsive action; email, SNMP, and/or running a custom script.
  • Once the alarm has been resolved, Monitor updates the alarm status within the console.
  • If the state or condition returns to normal, Monitor will send a notification with the updated status.

Each alarm has rules associated with it that are used to trigger the alarm.  Each alarm can have up to 8 rules which are linked together either by AND or OR operators.  The rules can be setup as the following types of triggers.

  • Event-Based Rules – alert when specific events that occur in the backup or virtual infrastructure.  These can be events issued by the hypervisor, or by Veeam Backup & Replication.
  • Rules for a specific condition or state – these are rules that trigger when a condition is met, or a state has changed on your infrastructure objects.

Alarms also have a severity level attached to them of one of the following

  • Error (red) – indicates a critical situation or major problem
  • Warning (yellow) – indicates a potential problem or non critical issue.  Has the potential to move to an Error (red) if left unresolved.
  • Resolved (green) – indicates that the issue or alarm has been eliminated because of the changed conditions.
  • Information (blue) – indicates general information about the specific condition.

Alarms can be associated to objects by applying them directly to the object, on a group level using groups from Business View, or on the Infrastructure level by applying an alarm to all of a certain object type within the environment.

Interesting and testable tidbits about Veeam ONE Auto Discovery, Business View and Alarms

  • Cannot add a single ESXi host during the initial install, only vCenter Server.  ESXi and vCloud Directory are available to be added only after the initial install.
  • Ability to skip adding the infrastructure configuration during the install.
  • Backup Infrastructure can be added by either the Veeam Backup & Replication Server or the Veeam Backup Enterprise Manager.
  • The default data collection period for reporter and business view is weekdays @ 3am.  If at the end of an installation data will begin being collected immediately.
  • You cannot add the Backup Infrastructure inside of the Free edition of Veeam ONE UNLESS your VBR is licensed as a cloud connect only server.
  • When adding a VBR server, data is collected for the previous week only on all job sessions.
  • The maximum number of categories that Veeam ONE Business View supports is 25.
  • Each monitor alarm can have up to 8 rules associated with it.

VMCE v9 Study Guide – Module 5 – Creating Backup Jobs

VMCE LogoFinally, we get into the heart and soul of Veeam Backup & Replication; creating backup jobs. In this section we will kick off Module 5 and take a look at creating backup jobs from within Veeam Backup & Replication.

Before we go through the process of creating a backup job however there are a number of options and settings that we should completely understand!

Veeam Backup File types

.vbk – full backup file

.vib – forward incremental changes

.vrb – reverse incremental changes

.vbm – backup metadata

.vlb – transaction log backup

.vsb – synthetic backup used when creating virtual synthesized full backups for tape.

.bco – configuration backup

Backup Methods

Veeam Backup provides 3 methods for storing backups; Reverse Incremental Backup, Forward  Incremental Backup, Forever Forward incremental backup.

Reverse Incremental Backup

  • Consists of the last full backup and a set of reverse incremental backups to roll back in time.
  • Allows you to immediately restore a VM using the most recent state without having to chain together incremental.  When restoring from a later restore point, Veeam applies the required reverse incremental backup into the full backup and restores the VM from the full backup.
  • Performs as follows
    • During the first run Veeam creates a full backup
    • During subsequent runs, Veeam copies only blocks that have changed and injects these into the full backup file, resulting in the full backup always containing the most recent state.  During this, Veeam takes the blocks that are being replaced and builds a reverse incremental file with them and adds this to the backup chain.
    • Veeam checks the retention policy of the job.  If there is an outdated restore point it removes this from the backup chain

Forever Forward Incremental Backup

  • Consists of the first full backup, and subsequent incrementals following it.
  • Processed as follows
    • During the first run, Veeam creates a full backup
    • During subsequent runs, Veeam copies only changed VM data and saves these as an incremental backup file.
    • After adding the new restore point Veeam checks the retention period for the job.  If an outdated restore point is detected it transforms the backup chain as follows
      • Takes the restore point immediately following the full backup and injects those blocks into the full backup, thus moving the full backup ahead one restore point.
      • Deletes the restore point that was injected into the full backup

Forward Incremental Backup

  • produces a backup chain consisting of a full backup and set of incrementals following it.  In addition to this, synthetic or active full backups are created that split the backup chain into smaller chunks of chains.
  • Processed as follows
    • During the first run, Veeam creates a full backup file
    • During subsequent runs, Veeam copies only changed blocks and saves them as an incremental backup.
    • On days where a synthetic or active full backup is scheduled Veeam does the following
      • Active Full Backups
        • Veeam completes another full backup using data from the production datastore
      • Synthetic Full Backups
        • Veeam takes the incremental that was created in step 2, along with all other incrementals in the chain and merges them with the original full backup, creating a second full backup on disk.
        • Veeam then deletes the incremental that was created within step 2 as it is redundant data and already injected into the synthetic full.
        • This new synthetic full is now used as a starting point for future incrementals
    • The retention policy is then checked for the job and processed as follows
      • Veeam looks for outdated restore points and then looks to see if it is possible to delete them
      • Veeam needs to maintain a full backup and subsequent incrementals in order to restore to a certain point in time, therefore if a full backup has expired but some of its incrementals have not, Veeam will wait till the next full backup has expired in order to delete the first chain of backups
      • At times you may have more restore points on disk then expected.

Transforming incrementals into reverse incrementals

If we are creating synthetic full backups we can additionally chose to transform our forward incrementals to reverse incrementals.  In this case, Veeam will take the existing chain full and incrementals and transform it to reverse incremental restore points, allowing us to only keep one full backup on disk at a time, with reverse incremental restore points before it, and incremental restore points after.

Retention Policy for Deleted VMs

  • Applied only to reverse incremental, forever forward incremental, and forward incremental with synthetic full and transform
  • By default, VMs backups are set to remain on disk.
  • Space is not actually removed, it is flagged to be overwritten by other backups.

Storage Level Corruption Guard (Health Check for Backup Files)

VBR can periodically perform health checks for the latest restore points within backup files.  During this process VBR performs a CRC and hash check for both the metadata and blocks within the backup file to verify integrity.  This process is performed once a day when the health check is scheduled – if the backup session runs twice on the same day, it will not be run a second time.  The process of a health check is as follows

  • If corrupt blocks are detected in the metadata for a full backup file, Veeam marks the chain starting from this full as corrupted and triggers a health check retry
    • During the rety Veeam will transfer data blocks of the complete VM from the source datastore, creating a new full backup file.
  • If corrupt blocks are found in the meta data for an incremental file, Veeam removes the information about this incremental in the restore point configuration.
    • During the retry, Veeam transports incremental data relatively from the latest valid restore point – again, obtaining its data from the source datastore, creating a new incremental backup file on the repository.
  • If corrupt blocks are found in the actual backup file itself, full or incremental, Veeam marks these blocks as corrupt.
    • During the retry data blocks that were corrupt are transferred from the source datastore directly into the latest restore point.

Compression and Deduplication

Veeam provides 5 options in terms of compression

  • None – no compression – recommended when storing backups on storage devices that already have hardware compression
  • Dedupe-Friendly – optimized compression level for low CPU usage
  • Optimal – recommended compression level.  Best ratio between size and time.
  • High – Provides additional 10% over Optimal, but has 10x higher CPU usage
  • Extreme – smallest size of backup file but most demanding performance wise – recommended to have a proxy with at least 6 caores.

Deduplication allows us to save space as well in VBR and provides us with 4 options

  • Local Target (16TB) – recommended for backup jobs that may produce large (16TB+) backup files.  Uses 4MB block size in order to lower metadata size.
  • Local Target – recommended for backup to SAN, DAS, or local storage – uses 1MB block size.
  • LAN Target – recommended for NAS – uses 512 k block size.
  • WAN Target – recommended for backup over slower WAN – uses 256K block size

When we change compression settings for existing jobs any new settings will not be applied to already existing backups.  Compression will only be applied to new backup files created

When we change deduplication settings previously created files will not be affected.  New files created will not be deduplicated until we create an active full backup.

How do we do it?

The process of creating a backup job is as follows

  • There are a number of ways to kick off the Job wizard.
    • From the Jobs node in the Backup & Replication view right-click on jobs and select Backup->VMware (or Hyper-V)
    • From the Home tab, click Backup Job and then VMware
    • From the Virtual Machines view select the VM and right-click selecting either Add to Backup Job->Name of existing job or Add to Backup Job->New job.
  • Give the job a name and a description
  • In the Virtual Machines step of the wizard we need to select the VMs and VM containers we would like to backup.  If we select a contain, all child objects belonging to that container will be backed up – any change in our environment, like a new VM being added to that container will automatically be picked up by the job and processed.  To add our VMs select ‘Add’
    • We will now have a number of different views; Hosts and Clusters, VMs and Templates, Datastores and VMs, and Tags.
    • Select the desired VM/VM Containers and click ‘Add’
  • Here we can also exclude different VMs or disks…  Note, VM log files are automatically excluded to help reduce the size of the backup file and increase efficiency.
    • VMs from VM containers
      • From the VMs tab, click Add and select which VMs you wish to exclude from the job.  You will be presented with same multiple views as you were when you were choosing VMs to be backed up
    • Specific VM disks
      • On the disks tab select the VM in the list and click ‘Edit’.  If you are backing up a container or by tags you may need to Add the VM first by clicking ‘Add’ to manually place it in the list.
      • Chose which disks you would like to exclude from the VM – You can exclude all disks, 0:0 disks (system disks) or browse through a list of custom IDE/SCSI/Sata disks.
      • If you wish you Veeam can remove these disks from the VMs configuration file so you are able to power on the VM when restoring.  To do so, select the ‘Remove excluded disks from VM configuration’ checkbox.
    • VM templates
      • On the templates tab clear the Backup VM templates checkbox
      • If you wish so, you can alternatively clear the Exclude templates from incremental backup checkbox to only process templates in the full backup file.
  • Still on the Virtual Machines section we have the option to re-order the processing of VMs by selecting the VM and using the Up/Down buttons.  That said, if you are backing up a VM from a container or using tags you will not be able to do this as they are processed randomly.  To do so, you would need to add them as standalone VMs.  Also take note, with Parallel processing enabled you may find unexpected results with the processing order.  In cases where resources for a higher priority VM are not fully available but enough resources for a lower priority VM are, the lower VM may be processed first.
  • On the storage tab we will specify which backup proxy we would like to use, which repository to backup up to, the retention policy, any secondary destinations for the backups as well as any advanced settings we’d like to apply…
    • Backup Proxy has a couple different options
      • Automatic – Veeam will detect backup proxies that have access to the source datastore and automatically assign one to process VMs within the job.  This is done on a per VM basis.  Before processing a new VM, Veeam analyzes the available proxies, looking at their transport modes and current workload to select the optimal proxy for that VM
      • Use selected – This allows you to explicitly state which backup proxies can be used within the job.  At least two selections are recommended for HA or network loss.
    • Backup Repository – Select a destination repository to store the backups on.
      • If you already have a backup stored on the repository you can map to those already existing files.  To do so select the Map Backup link below the repository selection.
    • Retention Policy – Specify the number of restore points that you wish to store on the repository, keeping in mind all of the information we went through in the Retention sections above.
    • Secondary Destination – Allows for us to archive our backups to a secondary destination, either a backup repository or tape.  When this option is selected we will see an additional step appear.   In the additional step we link this backup job to another backup copy job or backup to tape job.
    • Advanced.  There are a number of advanced settings we can set on the storage step of the backup job as well.  Note, after configuring all of these settings you can save them as the default settings for future jobs.
      • Backup Settings
        • Select the desired backup method  to store the backup chain; Reverse Incremental, Incremental w/ Synthetic or active full or Forever forward incremental.  See earlier in the post on each backup type.
        • Select whether or not to create a synthetic full – synthetic full will build a full backup out of the restore points already located on the backup repository.  Also select the Days to create the synthetic full on.  If creating a synthetic full you can also specify whether to transform any previous backup chains to rollbacks
        • Select whether to create an active full backup (retrieves all source data from the datastore), and specify to create it monthly or weekly and specify days.
      • Maintenance Settings
        • Storage Level Corruption guard – check to periodically perform a health check on the latest restore point in the backup chain.  Helps to prevent a corrupted restore point.  If the health check discovers a corrupt block it starts the health check retry and transfers the data from the source datastore to a new backup file or the latest backup file, depending on the scenario – explained above.
        • Full Backup File Maintenance
          • Remove deleted VMs data after – specifies the number of days to keep backup data for VMs that have been deleted from the production environment
          • Defragement and compact full backup file – check to perform and schedule a compact operation.   Compact will create a new empty file and copy data blocks from the full backup to it.  If the backup files contains deleted VMs, they will be removed.  More info above.
      • Storage Settings
        • Data Reduction
          • Enable Inline data deduplication – clear the checkbox to disable deduplication.
          • Exclude swap file blocks – By default Veeam looks at the NTFS MFT file to identify the blocks that make up hiberfil.sys and pagefile.sys and excludes them from the backup.  Clear this checkbox if you prefer to back these files up
          • Exclude delete file blocks – By default Veeam does not copy file blocks that were deleted ormarked as dirty.  If you would rather copy these, clear this checkbox
        • Compression Level – Select the desired compression level for the job (None, Dedup-Friendly, Optimal, High, or Extreme).
        • Storage Optimization  – Select the type of backup target you plan to use; Local Target, LAN target, or WAN target.  Veeam will use different data block size to optimize backup performance.
        • Encryption
          • Check and provide a password to encrypt the backups on disk.
          • If you enable this on an existing job a full backup will be created on the next run and it and all subsequent incrementals will be encrypted.
      • Notification Settings
        • Can be used to send SNMP notifications for the job, to customize notifications on a per job basis rather than utilizing the global settings.
        • Can also set backup details to a VM attribute of choosing, either overwriting or appending.
      • vSphere Settings
        • Choose whether to enable VMware tools quiescence.
        • Choose whether to use Change block tracking and whether to enable CBT on existing VMs.
      • Integration Settings
        • Chose whether to enable backup from storage snapshots and whether to limit processed VM count per storage snapshot to a certain number.  You can also chose to failover to a standard backup if Veeam fails to create the storage snapshot.  If using NetApp you will also have the option to failover to primary storage snapshots.
      • Script Settings
        • Job Scripts
          • Chose to run a script before and/or after the job and specify a path to the script.
          • Chose when to run them – every X backup sessions or on selected days only.
  • Guest Processing handles the following options
    • Application Aware Processing
      • Enable/Disable application aware processing.
      • Clicking Applications gives you the following options on a per-VM basis.
        • General
          • Chose whether to require successful VSS application processing, try application processing but ignore failures or disable application processing
          • Chose how to handle transaction logs if this is a SQL server, Oracle, or Exchange VM, either process the logs (additional settings will be required on the SQL tab) or perform a copy only of the logs (logs will just be copied in backup as a normal backup would copy files)
        • SQL – additional settings for logs if you chose process from last step.
          • How to handle transaction logs, either truncate, don’t truncate, or backup logs periodically
          • If last option is chosen we need to specify the interval to backup transaction logs (in minutes) and a retention policy, either in days or until the corresponding image level backup that the logs are attached to is deleted.
          • We can also specify which server to use as a log shipping server, the server that transports the logs.  We can let Veeam automatically figure this out or specify a specific set of Log Shipping servers.  Log shipping servers are just any Windows servers added to our Backup Infrastructure.
        • Oracle
          • Oracle Account – specify a user account that has SYSDBA rights on the database.  If you chose to use guest credentials, Veeam will use the account setup within the guest processing section to connect.
          • Log Action – here we chose what to do with our logs, we can set it to not truncate logs at all, truncate logs older than X number of hours, or truncate logs over X number of GB.
          • Log Backup inteval – set the transaction log backup interval in minutes – default is 15.
          • Retention  – specify how long to keep the logs, either last X number of days or until the corresponding image level backup is deleted.
          • Log shipping server – just as with SQL we can either let Veeam automatically pick a log shippiong server or set this to a specific set.
        • File Exclusions – we are able to exclude certain files, folders or filetypes on a per VM basis.
          • First select to either disable file level exclusions, Exclude certain files and folders, or include only certain files and folders.
            • If excluding or including we can click add to add certain files or folders.  We have the option here to use environment variables, such as %windir% or file masks like * and ?
        • Scripts – we can use this section if we plan to back VMs up that do not support VSS in order to run scripts to obtain application consistent backups.
          • Script Processing Mode – select wehter to require successful script execution, ignore script execution failuer or disable script execution
          • Windows Scripts – path to windows scripts
          • Linux Scripts – path to Linux scripts
    • VM Guest OS file indexing – can select from the following options on a per-VM basis; Disable Indexing, Index everything, Index everything ecept and specify files/folders.
      • If indexing Linux OS, several components need to be installed on the VM.  mlocate, gzip, and tar.  Veeam will prompt to install these if they are not found.
    • Guest OS Credentials
      • Select default credentials to use to deploy runtime processes.  Any VMs that don’t have credentials explicitly assigned to them will use these credentials.
    • Guest Interaction Proxy
      • Specify a Guest Interaction Proxy to use or let Veeam Automatically choose one.
  • Schedule
    • Run job automatically
      • Daily – runs job daily at a selected time on selected days
      • Monthly – runs job monthly at a selected time on selected days
      • Periodically every – runs job periodically ever X number of hours/minutes or continuosly to continuosly run job
      • After this job – Allows you to chain this job to the ending of another.  This will only be ran if the first job is started by a schedule – manually running the first job will not run this job.
    • Automatic Retry
      • Select to retry VM X number of times with X number of minutes in between each try upon job failure
    • Backup Window
      • Can set the job to terminate if it exceeds a specified backup window
  • Summary – review settings and save job.  You do have the option to immediately execute the job here as well.

VMCE v9 Study Guide – Module 4 – Configuration Backup and Global Notification Settings

VMCE LogoFinishing off Module 4 of the Veeam VMCE v9 Study Guide we will take a look at configuration backups, along with what can be set in terms of global notifications within Veeam Backup & Replication version 9.

Configuration Backup and Restore

A configuration backup essentially takes our Veeam Backup & Replication database and saves it to a backup file on the repository.  The database data is then written to a set of xml files and archived into a (.bco) format. If for any reason our backup server experiences a failure we can simply reinstall a new backup server and quickly restore the old configuration.  We could also use this backup to deploy another Veeam Backup server in the same environment.  If you plan on migrating configuration data to another server be sure to stop and disable all running jobs before creating the backup or sessions may fail after restoring.

A configuration backup contains the following information

  • Backup Infrastructure Components and objects – all hosts, servers, proxies, repositories, Wan accelerators, jobs, global configuration settings, etc..
  • Backups – Backups, replicas and backup copies (information regarding the backups, not the backups themselves)
  • Sessions – historical session information
  • Tapes – libraries connected to the server

By default Veeam will create a configuration backup daily and store it in the default backup repository.  That said, it’s best to redirect this to a different repository that doesn’t reside on the backup server itself.  When you create a new repo, Veeam will offer to store the config backup on it, clicking yes will redirect NEW configuration backups to this repository.  Old configuration backups REMAIN on the default repository.

If you have created a password within the password manager on the backup server Veeam will enforce that you encrypt the configuration backup.  If you do not encrypt the configuration backup and there is a password present, Veeam will disable the configuration backup job.  Also, without encryption the credentials will not be backed up with passwords within the configuration backup – you would need to enter all of the passwords again upon restore.

There are a couple of options when it comes to restoring

  • Data Restore
    • useful if the database gets corrupted, the SQL server hosting the database becomes corrupt or you deploy the database on a new SQL server, rolling back to a point in time or restoring data to a new database on the same SQL server.
  • Data Migration
    • used when you want to move the backup server and the configuration database to another location.
  • If you forget your encryption password need for the restore you have the following option
    • If the backup server is connected to Enterprise Manager you will be presented with a I forgot the password link.
    • need to have enterprise or enterprise plus, and enterprise manager connected to the backup server
    • Veeam will launch the encryption key restore wizard, at the request step a key will be generated, this can be copied or emailed.
    • Within Enterprise Manager go to Configuration-> Key Management and click Password Recovery, and paste the key that was generated.
    • Once the response is generated, copy or email that key.
    • Back in the Encryption key restore wizard enter the copied response, upon completion VBR will apply them to the encrypted backup file and unlock all content within it.
  • Backup and replica catalogs along with session history are optional when restoring a configuration backup
  • Veeam can automatically setup your powershell policy for you during restore
  • Veeam can back up existing databases before restoring over top of them.
  • You can specify new passwords for the backed up credentials if they have changed between the backup and restore times.
  • After a restore has completed a components upgrade will be checked and ran.
  • After a restore has completed VBR can perform a sync operation for backup/replicas created on the server and tape libraries connected to it.  This is ran if
    • you restored a database from a backup created on 7.0 in restore mode
    • you restored a database created with 8.0 in restore mode and selected to restore data from the backup and replica catalog.

You should also follow the below pre-reqs before restoring a configuration backup

  • Stop all running jobs
  • Check version of backup server.  For instance v9 can restore configuration backups from 7 update 4, 8, and 9

 

Global Notification Settings

Veeam Backup & Replication can be setup to send out some alerts and notifications globally – some of which can be overridden on a per job status, but this section will just focus on global notifications.

Setting up notifications settings within Veeam is done through the Options option of the main menu on the email tab.  From here we can specify things such as the smtp server to use, it’s port and authentication methods.  We can also customize what our notification settings in terms of jobs look like for instance

  • to – who the email goes to, anyone setup in this global area will receive notifications about every job ran on the system.  Can be left empty if you wish as we can define additional emails to get notifications on a per job basis
  • Subject – contains the following variables for use %time% (completion time), %jobName%, %jobResult%, %VMCount% and %issues% (number of VMs with warning or failed status).
  • We can choose whether to notify on success, warning, and/or failure.
  • Suppress notifications till the last retry

Aside from job messages we can also setup other notifications from VBR on the notifications tab such as

  • Low Disk Space – Veeam will check disk space on datastore and target repository and include a warning message if it is below a certain threshold (warning is in the job session details).  The threshold is in terms of percent on the backup storage, and in terms of GB on the datastore details.
  • Support Expiration – By default, Veeam will warn  all email recipients about the support expiration  up to 14 days before it expires.  This is included in every email notification sent from Veeam.  This can be disabled here.
  • Update Notifications – When enabled Veeam will automatically check for new product version and patches from the Veeam website.

SNMP

Veeam can also send SNMP traps with the status of the jobs performed on the backup server.  SNMP traps can be sent to 5 different destinations.  From the SNMP tab input your receiver and community information and setting up your service properties with the Windows SNMP service are requirements to make this happen.  Then, from within your job you simply check the Send SNMP notifications for this job check box within the Notification tab of the Job Options.

VMCE v9 Study Guide – Module 4 – WAN Accelerators and Managing Network Traffic

VMCE LogoI didn’t really see WAN Acceleration mentioned anywhere within the course description of the VMCE class, so I decided this might be the best place to fit it in since we will be talking about managing network traffic in Module 4.  That said, I’m sure the topic will be brought up again in later modules, however let’s go over what we can here!

 

Wan Acceleration

WAN Acceleration is Veeam’s answer to help optimize VM traffic that will be going over the WAN.  It does this by deploying at least 2 WAN Accelerators on 64 bit Windows Servers, one located at the source, and one located at the target.  If you remember back to Module 3 we spoke a bit about WAN Acceleration so some of this may be a repeat, however its good to know for the exam.

Configuring WAN Accelerations happens in the following way

  • Configure Source side WAN Accelerator, then the target.
    • Launch the New WAN Accelerator wizard from the Backup Infrastructure view
    • From the Server step
      • specify the Windows Server you wish to use for the accelerator
      • provide a description
      • Traffic Port – Specify network port used for source to target communication – defaults to 6165
      • Streams – Number of connections that must be used to transmit data (defaults to 5).  Keep in mind as this number increases so will the bandwidth and accelerators resources it requires.  Applies only to the source WAN Accelerator.
    • Cache – location of service files and global cache
      • Folder – Path o location where service files (for source and target) or Global Cache (target only) must be stored.  Defaults to c:\VeeamWAN.  It’s also best not to nest these deep in the file system as service file names can be very long, no use in making them longer.
      • Size – Specify a size for the target WAN Accelerator according to the sizing best practices – we will go over this below
    • Review
      • Review components to be installed (data mover service, WAN Accelerator service) and click ‘Next’ to finish.

Clearing/Populating Global Cache

These process can all be accomplished by right clicking on the WAN Accelerator within the Wan Accelerators node in the Backup Infrastructure view and selecting the desired operation (process explained below)

WAN Accelerator Sizing

As mentioned above there are some best practices we need to take when correctly sizing how much space we need for WAN Accelerators, both source and target.

Source WAN Accelerator

  • Veeam analyzes data blocks that will go to target and digests them, these are stored in our source accelerator.
  • Size of cache on source accelerator depends on the capacity of all our source VM disks.
    • Every 1TB of data requires 20GB of cache space.  IE if you have 4TB of VM disks you are backing up, you should provide 80GB of cache on the source accelerator.
    • There is no global cache on the source, only the digest metadata is stored here.  Global is just for target accelerators.

Target WAN Accelerator

  • This is where our global cache is stored.
    • Global Cache is basically a library that holds data blocks that go from source to target.
    • Populated fully on the first cycle of a job.
    • If a new data block is constantly sent across the WAN, it will be added to the global cache.
    • If an already cached block is not sent over the WAN after a period of time, it will be removed from the global cache.
    • If a periodic check deems a block in the global cache is corrupt, it will remove it.
    • Global cache can copy blocks stored from one source accelerator folder to another source accelerator folder if they are the same, meaning if we have two locations each replicating a Windows 2012 server, we can simply copy blocks from the first cache to the second cache without having to send them across the WAN.
    • The Global Cache can be pre-populated without actually running the job.
      • Useful on the first run of a job so all data blocks don’t need to be copied
      • Useful if the cache becomes corrupt to prevent all data blocks to be copied again.  This requires you to clean the cache first
      • Encrypted backups are not used for population
      • You cannot start any jobs using the accelerator while the cache is being populated.
      • Veeam uses data blocks stored in specified repositories to populate the cache – only OS blocks are copied.
        • That said if there is other accelerator cache already located in the target, it will match OSs from the source repository and copy these blocks directly from the already existing cache folders if they exist.
      • Copied to a default cache folder, when a remote job starts Veeam renames this to the source accelerator used in the job.
  • Recommended to provide 10GB of cache per every type of OS utilized. (defaults to 100GB, so 10 OSes).  IE – say we backup 10 VMs (1xWin7, 6xWin2008, 3xWin2010) we should provide at least 30GB (3 OS types x 10GB).
  • If the Digests data on the source accelerator is missing or for some reason cannot be used, the target accelerator will have to re-calculate this, therefore, will require space to do so.  Therefore the same rule of source sizing applies also to target, in addition to the OS type cache allocated.  IE those 10 VMs also occupy 4TB of space we will need to add 80GB (20GB/TB * 4)  more cache space in addition to our OS cache.  So 80GB for digest calculation and 30GB per OS caching = 110GB total.
  • All this said, Global Cache is calculated per source accelerator.  Within Veeam we have the ability to apply a many to one situation, meaning many source accelerators running through 1 target accelerator.  This changes our cache size exponentially depending on the number of source accelerators.  The formula is as follows
    • Total Cache Size = (number of source accelerators) * ( Size of target WAN accelerators properties [10gb/OS]) + 20GB/TB of source data.
    • Let’s say we add a second source accelerator to our example we have been using.  The second accelerator has 1TB of source data spread across 2 OS types (Linux, Server 2003).  We would end up with the following for a global cache size
      • Total Cache size = 2(we have two source accelerators) * 50GB (5 OS types [Linux, server 2003, server 2008, server 2012, win7) at 10GB per) + 100GB ( 5TB of source data spread across the 2 source locations)
      • 2 * 50GB + 100GB = Total Cache Size of 200GB
  • With all of this, if you have the space it’s best to add as much as you can in order to obtain more efficient acceleration as it would be able to hold more repeating data blocks.

Data Block Verification

Veeam calculates checksums on blocks being transferred between source and target to help ensure that no corrupt blocks are stored in the global cache.  This works in the following way

  • Before sending, Veeam calculates a checksum on the block
  • When the target receives the block it re-calculates this checksum (before it is even written to cache).
  • The checksums are compared, if there is a difference, the target sends a request for the source to resend, upon receiving the block again, it is written to the global cache.

WAN Acceleration works in the following way

  • If using a backup copy job, Veeam uncompressed backup file to analyze content
  • Source accelerators analyzes data blocks and creates file with digest for blocks.
  • Veeam compresses data and sends it to the target
  • Target populates global cache with blocks from the copied file
  • On the next job cycle, source analyzes data blocks in the file that need transferred and creates digests just for these blocks
  • Source compares new digests with old – if duplicate blocks are found the file is not copied over the WAN.  Instead, the target will pull this file from the global cache
  • Also, restore points already existing on the target side are analyzed – if there is a duplicate located in them, the target will take them directly from the restore points.

Managing Network Traffic

Before we get into some of the ways we can throttle and manage our network manually, let’s have a look at a couple different ways Veeam manages network disconnects automatically.

Data Transport on WAN Disconnect

This type of reconnection attempt exists only on jobs who utilize WAN accelerators.  Basically if a connection drops while we are transferring VM data between accelerators VBR will pick up and resume the job from the point where the connection was lost when services are restored, rather than starting all over again.  When the connection is restored, VBR will initiate a new transfer process, this time writing data to a new working snapshot.  If the connection drops multiple times, veeam will only keep 2 working snapshots on the VM by merging previous ones together.  Once all data has made its way to the target, all snapshots are merged and a new restore point is created.

Resume on Disconnect

This process handles network disconnects not applying to accelerators, and handles disconnects between backup server, proxies, and repositories (storing replica metadata).  VBR will attempt to reestablish the connection every 15 seconds for 30 minutes, picking up right where it left off.

Network Traffic Throttling Rules

Network throttling rules are setup and enforced globally on the backup server.  They essentially limit the maximum throughput of traffic going from source to target.  They are set with a pair of IP addresses, source ip, and target ip.  If a component within the backup infrastructure fall into the specified source and target IP range, the rule is applied to them.  The steps to set them up are as follows…

  • Select Network Traffic from the Main Menu and click ‘Add ‘ in the Global Network Traffic Rules section.
  • In the source ip range, specify a range of IPs representing the source components
  • In the target IP range, specify a range of IPs representing the target components.
  • Select the box to Throttle Network traffic
    • Specify the maximum speed that must be used to transfer VM data to in the Throttle to field
  • In the Apply throttling we can set up a schedule in which this rule will apply, or have it apply all the time.
    • If a rule has overlapping schedules, the rule with the lowest maximum speed will apply
  • Network Data Encryption is also setup in this same manner with the Encrypt network traffic checkbox.  More on network encryption below

Managing Data Transfer Connections

By default Veeam uses 5 TCP/IP connections to transfer data from source to target.  This may cause network traffic to be heavy if multiple jobs run at the same time.  This can also be changed in the Global Network Traffic Rules settings using the ‘Use multiple upload streams per job’ selection box.

Enabling Network Encryption

By default Veeam encrypts data with 256-AES flowing to/from public IPs, however you may want to have encryption between your local/remote source and targets.  Again this is done in the Global Network Traffic Rules window by clicking add.  It’s the same process as setting up throttling rules (above), however checking the ‘Use Network Encryption’ box.

Specifying priority networks for transfer

VBR gives you the ability to specify what networks you want to send your VM data on.  This is useful if you have some sort of backup network or non-production network that is utilized for backup data.  Again from the Global Network Traffic Rules section we set this up

  • Click on Networks
  • Select to ‘Prefer the following networks for backup and replication traffic’ and click ‘Add’
  • Specify a network in a CIDR notation or mask
  • VBR will failover to the production network if for some reason the preferred networks are unavailable.

VMCE v9 Study Guide – Module 4 – Adding Backup Repositories

VMCE LogoIf you can recall in Module 3 we discussed the three types of backup repositories in VBR; Simple, Scale-Out and those backed by rotated drives.  Now let’s go over how to add and configure each type as we continue on with Module 4 of the VMCE v9 Study Guide!

 

Adding Simple Backup Repositories

If we can remember back to Module 3 we actually have 4 sub types of simple backup repositories; Microsoft Windows, Linux, Shared CIFS, or Deduplicated Storage Appliances.

There are a number of prerequisites we must meet depending on the type of repository we are adding, listed below

  • Linux repositories
    • Requires SSH daemon installed and configured as well as SCP utility available on the Linux server hosting the repository
  • EMC Data Domain – note without meeting these requirements you can still add DD as a CIFS share, however you will not be able to leverage any DD Boost technology.
    • Must be running DD OS 5.4 or later
    • DD Boost license must be installed and DD Boost enabled and configured
    • Must have a gateway server added to the VBR environment
  • ExaGrid
    • Must be firmware 4.7 or later
    • Must follow ExaGrid best practices to set up
  • HPE StoreOnce – without meeting these requirements you can still add HPE StoreOnce as a shared folder, however in this case VBR will perform the deduplication.
    • Must be running firmware 3.13.1 or later
    • Must have StoreOnce Catalyst license
    • Must use Catalyst as a backup target  and configured to work with Low Bandwidth mode (primary and secondary transfer policy)
    • Must have a gateway server added to the VBR Environment
    • Client account used to connect must have access permission on the Catalyst store where backup data resides

Different options will appear in the wizard depending on the type of repository we are adding, however the process of adding it is somewhat the same.

  • From the Backup Infrastructure View right-click the Backup Repositories node and select Add Backup Repository
  • Name – specify the FQDN or IP address, as well as a description for the backup repository.
  • Type – select the type of repository you want to add.
    • Microsoft Windows server
      • Server – Select the Windows server you would like to use from the drop down.  If the server hasn’t already been added you can do so by clicking Add New.  Clicking Populate will populate a list of disk storage connected to the server.
    • Linux Server
      • Server – Select the Linux server you would like to use from the drop down.  If the server hasn’t already been added you can do so by clicking Add New.  Clicking Populate will populate a list of disk storage connected to the server.
    • Shared Folder
      • In the shared folder field, specify the UNC path to the folder you want to use.
      • If the share requires credentials, select the ‘This share requires access credentials’ and provide credentials.
      • If you have a fast connection between the source and backup repository we can leave the gateway server at automatic selection.  This will automatically chose a gateway server randomly per job session.  If the connection is slower or over a WAN we can explicitly specify which gateway server to use.
    • Deduplicated Storage Appliance
      • Deduplicated Storage – Select either EMC, ExaGrid, or HP StoreOnce
        • Data Domain
          • Specify the connection settings to the data domain.  If connecting over FC select ‘User Fibre Channel’ and enter a Data Domain Fibre Channel server in the domain server name field.
          • Specify credentials supporting DD Boost
          • Select whether to use in flight encryption.
          • Specify a Gateway server or leave set to automatic if connection is fast.  If the DataDomain is connected over FC you must explicitly define gateway server and said server must have access to the Data Domain appliance over FC.
        • ExaGrid
          • From the Repository server drop down select the ExaGrid appliance you wish to use.  If it isn’t added you must add it with the ‘Add New’ button.
        • StoreOnce
          • Specify your connection settings to the StoreOnce appliance, and selecting ‘Use FC’ if connecting over Fibre Channel.
          • Specify credentials having access to the Catalyst store where you wish to store the backups
          • Select whether to automatically chose a gateway server or explicitly define one.  Again, if using FC you must explicitly define a GW server and it must have access to the FC StoreOnce appliance.
  • Repository – this is where we specify where on the selected repository we wish to store our backups, as well as load control settings.  Again this may be different depending on what type of repository we are adding
    • Location – specify a path to the folder to store backups in.  For DataDomain click Browse and select a location – for StoreOnce, select a Catalyst store from the list.  For Windows/Linux, specify a path.
    • Load Control – limits the number of concurrent tasks and data ingestion rate.  The limiting of read and write data rates applies to the combined rate of both.
      • Advanced presents a number of additional settings to place on the repository.
        • Align backup file data blocks – Veeam will align VM data saved to a backup file at a 4kb block boundary.  Provides better dedup but can result in wasted space depending on storage level of fragmentation.
        • Decompress backup data blocks before storing – This will decompress data before storing it, even if compression is enabled.  A setting that is useful for utilizing compression on a job with deduplication appliances as a target
        • This Repository is Backed by rotated hard drives. – if you plan on using rotated drives.
        • User per-VM backup files – recommended if you use a dedup storage appliance or a repository supporting multiple streams.  Will write data with several streams, one VM per backup file per stream.
        • Deduplicating storage appliances supported by Veeam have the following recommendations
          • Data Domain
            • Align backup file blocks – disabled
            • Decompress Backup data blocks – enabled
            • backed by rotated drives – disabled
            • User Per-VM Backup Files – enabled
          • ExaGrid
            • Align backup file blocks – disabled
            • Decompress Backup data blocks – disabled
            • Backed by Rotated Drives – Disabled
            • Use Per-VM Backup Files – Enabled
            • Limit max concurrent tasks – 1
          • StoreOnce
            • Align backup file blocks – disabled
            • Decompress Backup data blocks – enabled
            • backed by rotated drives – disabled
            • User Per-VM Backup Files – enabled
  • Specify Mount Server settings.
    • From the server list select a mount server to use with the backup repository.  If the desired one is not there we can add it at this point by selecting ‘Add New’
    • Enable vPower NFS server – enforces repository accessible by Veeam vPower NFS, for SureBackup Jobs, virtual labs etc.
      • Folder – specify a folder to be used as the vPower NFS root folder
    • Mount server will not be deployed until after the repository has been fully configured.
    • Ports – allows us to customize the network ports used by the vPower NFS service.  By default these are…
      • RPC port: 6161
      • Mount Port: 1058
      • vPower NFS port: 2049
  • Review settings
    • Here you can review your settings and complete.  There is a couple other options.  If the repository already contains backup files we can select to Import these automatically.  If so, they will display under our Imported Backups.  If there is also guest index files located on the repository we can chose to import these indexes as well.
  • Apply settings and watch as VBR updates the status on all the subtasks it performs

Adding a Scale-Out Backup Repository

Before we get into the process of adding a Scale-Out Backup Repository it’s best to have a little review of some of the requirements and limitations associated with them.  We went over this in Module 3, but for memory purposes let’s list a few of them below…

  • Only Available in Enterprise and Enterprise Plus – Enterprise is limited to 1 SOBR with 3 extents only.
  • If license is downgraded to standard with a SOBR present you will not be able to back up to it, but will be able to perform restores.
  • Cannot use SOBR as a target for Config Backups, Replication jobs, VM Copy Jobs or Endpoint jobs.  If repository contains data from any of these unsupported jobs you will need to retarget the jobs at another repository AND REMOVE DATA from the repository

To add a SOBR right-click on the ‘Scale-out Backup Repositories’ node on the Backup Infrastructure view and select ‘Add Scale-out Backup Repository’ and follow the following configuration steps.

  • Name – Add a name and description for the SOBR
  • Extents – Click ‘Add’ to select the backup repositories that you wish to add as an extent to this SOBR.
    • Advanced Options on this screen include whether to Use Per-VM backup files, and whether or not to perform a full backup when a required extent is offline.  This basically means that if an extent that contains previous files from a backup chain is offline, Veeam will create a full backup file instead of a scheduled incremental.
  • Extents – If we have selected a repository that is already used by jobs of a supported type (backup jobs) or already has supported backup files on it such as VeeamZIP backups you will be prompted to update the jobs/backup to point to the new repository.  Need to click yes here to continue with the creation.
  • Policy – this is where we specify our backup placement policy.  If you can remember back to Module 3 we have two
    • Data locality – stores backup files that belong to the same chain together – full/incremental on the same extent.  Any new backup chains associated, for example a new full and incremental chain could be on the same extent or another extent, so long as the individual full/incremental are together.
    • Performance – stores full and incremental on different extents allowing read/write streams to be optimized to different underlying disks.
      • Performance allows you to restrict which types of backups can be stored on a specific extent in the Advanced settings.  We could place full backups on extent1, and incremental on extent2.  By default, Veeam stores both on the same extents, so long as they are from different chains.
  • Summary – review details and click finish

Extending a SOBR is just a matter of going back into the SOBR properties and adding more extents during the extents step.

Removing extents from a SOBR requires a bit more work as they may contain backup files already. To remove an extent we must follow the following steps

  • Put extent in maintenance mode
    • Click on your SOBR name in the Backup Infrastructure view
    • From the extent list, right-click the desired extent and select ‘Maintenance Mode’
  • evacuate backups from the extent
    • Click on your SOBR name in the Backup Infrastructure View
    • Right click the desired extent and select ‘Evacuate Backups’
  • remove extent from SOBR
    • From within the properties screen of your SOBR select the desired extent and click ‘Remove’
      • Note, if you skipped the ‘Evacuate Backups’ step you will be prompted to do so here.  If you chose not to, you may end up breaking the chain of some restore points.

Adding Backup Repositories with Rotated Drives

Before adding a rotated drive backup repository first attach your external drive to the windows or Linux server you wish to add as a repository and launch the ‘Add New Backup Repository’ wizard, following the below configuration and instructions…

  • Give the repository a name and description
  • Select which server to use as the repository
  • On the server section, click ‘Advanced’ and select ‘This Repository is backed up by rotated hard drives’ and select the volume of your external drive.
  • Follow all other instructions to complete the Simple Backup Repository addition.

VMCE v9 Study Guide Module 4 – Initial Configuration Adding Windows/Linux servers and Backup Proxies

VMCE LogoFinally we are moving on to Module 4 of the Veeam VMCE v9 Study Guide.  In Module 3 we took a look at all of the core components that are required in order to make Veeam Backup & Replication work – in this module we will go one step further and discuss some of the options and features we have when we go through the process of adding these into our Veeam Backup Server

Adding Microsoft Windows Servers

Windows Servers are used for a variety of different roles within VBR.  Before we can assign these roles to the servers however we need to add them into our VBR configuration.  Adding Windows Servers is done through the Backup Infrastructure View on the Microsoft Servers Node (under Managed Servers).  When adding a Microsoft Windows server you need to ensure first that file and printer sharing is enabled on the server – if it isn’t, VBR will be unable to deploy the Veeam Installer service or the Veeam Data Mover service to the server.  To add a Windows server, right-click the ‘Windows Servers’ node and select ‘Add Server’ and follow the following steps and configurations…

  • If prompted, meaning if you used an ‘Add Server’ from anywhere else, select ‘Microsoft Windows’ as your desired server type.
  • Server Name – Specify the servers fqdn or an ip address.  You can also add a description here for future reference.  The default description simply states who added the server and when.
  • Credentials – If you have already stored credentials in VBR and they are valid for this server go ahead and select them.  If not, you are able to click ‘Add’ at this point to add a new set of credentials.  These credentials will be used to deploy both the installer service and the data mover service on the Windows server.
  • Ports – We can also customize any network ports if we would like with this button.  By default the services that may get deployed on a Windows server use the following ports.
    • Veeam Installer Service – 6160
    • Veeam Data Mover Service – 6162
    • Veeam vPower NFS Service – 6161
    • Veeam WAN Accelerator Service – 6164
    • Veeam Mount Server – 6170
  • Ports – Still within this screen we have some Data Transfer options.  The range of ports displayed (default 2500-5000) are used for transmission channels between the source and target servers, with each task utilizing one port.  If you have a small environment, or don’t expect a lot of data traffic you can scale this down to a smaller range of ports.  Just remember that one port = one concurrent task.
  • Ports – Preferred TCP – Also within this screen we can see the ‘Preferred TCP connection role’ section.   This is used if this Windows server is being deployed outside of a NATed environment.  If it was, this server would not be able to initiate a connection to another server on the other side of the NAT.  If this is the case, select the ‘Run server on this side’ checkbox to reverse the direction of the connection.
  • Review – simply shows the status of the options selected.
  • Apply – At this step we can review and monitor the steps that VBR has taken to successfully add the Windows Server.

Adding a Linux Server

Before we can add a Linux Backup Repository we must first add a Linux server into our VBR environment.  Just as with Windows, this is done on the Backup Infrastructure view by right clicking the Linux Server node and selecting Add Server.  The following steps and configurations apply to the addition of Linux servers.

  • Name – provide the FQDN or IP address of the Linux Server – an optional Description can also be specified at this point.
  • SSH Connection – Veeam will deploy the required components to a Linux server through an ssh connection.  At this step we need to provide some credentials that can connect to our desired Linux Server.  If you already have credentials setup we can simply select them from the drop down, or click ‘Add’ to create a new set of credentials.  Note, both username/password and Identity/Pubkey authentication is supported for the ssh credentials.
  • SSH Connection – The advanced section on this screen allows us to further configure how we would like components deployed.  We can specify an ssh timeout value if we please.  By default this is 20000 ms, meaning if a task targeted at this server is inactive after 20000ms, VBR will automatically terminate said task.  Just as with Windows we have the ability to adjust our Data Transfer Options as well, either scaling up or down the port range and in turn scaling up/down our maximum concurrent tasks.  Also, like Windows, we see the ability to select ‘Run server on this side’ if we are deploying outside of a NATed environment.
  • When we move to the next screen we may be prompted to trust the SSH key fingerprint. When we do this, the fingerprint is saved to the Veeam configuration database.  The fingerprint is then used during every communication task between Veeam components and this Linux server to help prevent man in the middle attacks.  If this key gets updated on the Linux server, you will need to return to this servers settings within Veeam and run through the wizard again in order to trust the new fingerprint.
  • After clicking ‘Finish’ we are done.

Adding a VMware Backup Proxy

We already know that our Backup Proxy is used to process and deliver traffic to either another proxy or backup repository.  By building out multiple proxies we are able to split the load across them and in the same time take the data mover load off of our Veeam Backup Server.   Adding a VMware backup proxy is performed through the Backup Infrastructure view on the Backup Proxies node from within the VBR Console with the following steps and configuration options

  • Right-click the Backup Proxies node and select ‘Add VMware Backup Proxy’
  • Server – Chose Server – Select the Windows server you wish to assign the proxy role to – if you haven’t already added your server to the backup infrastructure you are able to select ‘Add New’ at this point to go through the process of Adding a new Windows Server (See above).
  • Server – Description – We also have the option of creating a description here as well, by default this just states who and when added the backup proxy.
  • Server – Transport mode – Select your desired transport mode, meaning how you would like the proxy to read/write the data.    By default , VBR will scan the proxy configuration and it’s connection to datastores in order to determine an optimal transport mode for it, which will be selected automatically upon reaching this screen.  If we need to override this we can by clicking ‘Chose’.   Our options here are Direct Storage Access, Virtual Appliance, or Network.  See Module 3 for more information about how each of these transport mode works.  From within the Options section of our Transport Mode selection we can specify additional options for whichever mode we have selected.
    • For Direct Storage Access and Virtual Appliance modes we can choose to either failover to network mode (default) or not.
    • For Network Mode we can choose to transfer VM data over an encrypted SSL connection by selecting ‘Enable host to proxy traffic encryption in Network mode’.
  • Server – Connected Datastores – Allows us to specify which datastores this proxy has a direct SAN or NFS connection to.  By default Veeam will detect all datastores that the proxy has access to, however if you wanted to limit certain proxies to certain datastores you can do so here.
  • Server – Max Concurrent Tasks – We can specify here the number of tasks that the backup proxy will be able to run conccurrently.  At any time if this number is exceeeded no new tasks will start until one has completed.  Keep in mind that Veeam requires 1 CPU core for 1 task, as well as increasing concurrent tasks has the potential to flood network traffic throughput as well.
  • Traffic Rules – The traffic rules section allows us to utilize throttling rules in order to limit the OUTBOUND traffic rate for the proxy.  These help to manage bandwidth and minimize impact on the network.  These rules are created globally within VBR and will only display here if the proxy ip happens to fall within the range the rule applies to. To view the globally set traffic rules we can click on the ‘Manage network traffic rules’ link below the table displayed or click ‘View’ to view a single rule.  We will go over the traffic rules in a bit more details when we cover off global settings of VBR.
  • Summary – After reviewing the summary select ‘Finish’

At anytime you can come back to the Backup Proxies node and right-click a Backup Proxy to edit it.  We can also Disable Backup Proxies on an individual basis.  When disabled a backup proxy will not be used in any backup jobs that can select it.  If you want to remove a backup proxy that is possible as well.  That said, if the Backup Proxy is explicitly selected in a job, meaning the job does not automatically select proxies, then you will first need to delete the reference to this proxy in the job before the proxy can be removed.  Removing a backup proxy only removes it from the Backup Proxies node, the server will remain in the Windows Servers node.

Adding a Hyper-V Off host proxy

By default, MS Hyper-V hosts perform the role of a proxy – this is called on-host mode.  That said they take up resources that may be needed to run your actual production environment so its best to add Off Host proxies.  We discussed these a bit in Module 3, and if you remember they have the following prerequisites.

  • Windows Server 2008 R2 or higher with Hyper-V role of 2008 R2 or higher installed
  • Must be connected to the shared storage
  • Hardware VSS providers must be installed on host (supplied by vendor)
  • If using CSV, the Hyper-V off host proxy must not be a part of the cluster it is backing up.
  • If backing up SMB3, the local system account on off host proxy must have full access permissions to the file share and must be in the same domain, or in a trusted domain.

To add a Hyper-V off host proxy you need to add the backup proxy role to a Microsoft Windows server within the backup infrastructure utilizing the ‘New Hyper-V Off-Host Backup Proxy’ wizard and the following configuration…

  • Server – select a Windows server to assign the role to, if not listed you can add new at this point.  You can also add a description.  By default, Veeam will automatically detect the connected volumes however if you would like to specify which volumes you want this host to work with you can do so using the ‘Connected Volumes Choose…’ button.  We can also specify the Maximum Concurrent Tasks for this proxy, keeping in mind each proxy requires 1 CPU.
  • In the Traffic Rules selection we can select any rules that will apply to our off host proxy to limit its OUTBOUND traffic rate.  These rules are not created here, they are created globally and only those rules that are applicable to the IP of our proxy are listed.  You can move into the global rules by clicking ‘Manage Network Traffic Rules’ link.
  • Review the summary of task and click ‘Next’ to finish deploying the proxy.

VMCE v9 Study Guide Module 3 – VBR Prerequisites, Deployment Scenarios & Upgrades

VMCE LogoAs we continue on Module 3 of the Veeam VMCE v9 Study Guide its time to look at VBR prerequisites, the many deployment scenarios available for VBR and finally what upgrade options we have when upgrading Veeam Backup & Replication to version 9.   One of the benefits of deploying Veeam Backup & Replication is that you can make it as simple as you want, or as hard as you want Smile  Veeam makes it very easy to deploy VBR and adapt to any size of environment.  To help break down the scenarios Veeam provides three different types of deployments for VBR; Simple, Advanced and Distributed

Simple Deployment

Basically in the simple deployment we are looking at having only once instance of VBR setup and installed on either a physical or virtual machine within our environment.  In a simple deployment we have basically one server, the Backup Server, which hosts all the roles and components we need to backup our environment.  The Backup server at this point would host the following components

  • Veeam Backup Server – for management
  • Backup Proxy – for moving data
  • Backup Repository – for hosting our backups.
  • Mount Server – for restoration
  • Guest Interaction Proxy

Interesting tidbits about Simple Deployment

  • All components are installed automatically
  • The Backup Repository is determined by scanning the volumes of the machine in which we are installing.  The volume with the greatest free disk space is used with a “Backup” folder created on it.
  • Only used if you are evaluating VBR, or have a small number of VMs you need to protect
  • Suggested to install on a VM (but not required) as it would give you the hot-add backup transfer option.

Advanced Deployment

Advanced Deployment is the way to go if you have an environment of any size to back up.  In these cases we can’t put all the load on the Backup Server as it would be too much for it to handle.  In this deployment model we have the following components

  • Backup Server – Our control plane
  • Backup Proxies – Data mover components on separate servers to handle the transfer of data.
  • Backup repositories – Separate servers containing capacity to store our backup files, VM copies, and replica metadata
  • Dedicated Mount Servers – again, separate components in order to efficiently perform application and file level restore back to original production VMs
  • Dedicated Guest Interaction Proxies – separate components allowing us to efficiently deploy runtime process in our Windows VMs.

Interesting tidbits about advanced deployments

  • Allows us to easily scale up and down to environments by adding more or less components.
  • Backup traffic can be dynamically distributed amongst proxies.
  • Good setup to begin replicating data offsite by deploying proxies in both local and remote sties.
  • Provides HA to our backup jobs by having the ability to allow jobs to failover to other proxies if some become unavailable or overloaded

Distributed Deployment

The distributed deployment is used in cases where environments are spread out geographically with multiple backup servers installed across many locations with the backup servers themselves being federated using Enterprise Manger.  This way jobs can all be managed centrally, as well as providing an easy way to search for and find files across all sites.  This deployment model contains the following components

  • Multiple Veeam Backup Servers for each site
  • Multiple Veeam proxies for each site
  • Multiple repositories located at each site
  • multiple mount servers and guest interaction proxies at each site
  • Veeam Enterprise Manager Server
  • Optional Veeam Backup Search server to streamline search processes.

Interesting tidbits about the distributed model

  • With Enterprise Manager installed, we are able to provide flexible delegation operations to users within the environment to perform restores
  • Centralized license management
  • All the benefits of the advanced model

Upgrading Veeam Backup & Replication to v9

If you have ever had to upgrade an instance of Veeam Backup & Replication you should know that it is a pretty simple product to upgrade – with that said, you should always do your due diligence – backing up your SQL database and Veeam configuration is always a good idea – as well as ensuring you have completely been through all of the release notes.

There are a few limitations and concerns you might want to pay attention to when looking to upgrade to Veeam Backup & Replication v9

  • Supports a direct upgrade from version 7.0 Update 4 and 8.0
  • If you have any Windows 2003 servers acting as backup infrastructure components within your current configuration, they will need to be removed before the upgrade as they aren’t supported – this will cause the upgrade to fail.
  • The first time you connect to your newly upgraded backup server with a client backup console, they will be prompted to apply the update to their console as well.
  • The Console cannot be downgraded
  • The first time you login after the upgrade Veeam will prompt you to update all of the other backup infrastructure in your environment such as proxies, repositories, etc.  These are upgraded in an automated deployment by the Veeam Backup Server.

VMCE v9 Study Guide Module 3 – Remaining Veeam Backup & Replication Core Components

VMCE LogoAside from our proxies and repositories there are number of remaining Veeam Backup & Replication Core Components to cover.  Today we will try and finish the component section of Module 3 of the Veeam VMCE v9 Study Guide.  Some of these components are required, where as some are optional – but all are certainly fair game on the VMCE exam so its best to know them!

Guest Interaction Proxy

During a backup Veeam will interact with the guest to do several things – to do this it deploys a run time process within each VM it is backing up (be it windows or Linux) to do the following options

  • Application Aware Processing
  • Guest File System indexing
  • Transaction Log processing

Older versions all of this was done by the backup server, causing higher resource usage on the Backup server or issues if the backup server and processed VMs had degraded, slow or non-existent network connectivity.  As of 9, the process of doing the above 3 actions and deploying these run-time process can be done with a Guest Interaction Proxy (Windows only, will not work with Linux VMs).   Again, interesting facts about the GIP.

  • Only utilized when processing Windows based VMs.  Linux VMs will still receive these packages from the Backup Server.
  • Only available in Enterprise and Enterprise Plus editions.
  • Can utilize multiple Guest Interaction Proxies to improve performance, recommended to have on at all sites if you have a ROBO setup.
  • Can only be deployed on a Windows based server, be it physical or Virtual.
  • Must have either a LAN or VIX connection to the processed VM.
  • Can be installed on the same server as the proxy, repository, backup server, WAN Accelerator, etc.
  • Defined on the Guest Processing step of the backup/replication job.  We can assign each job manually to use a certain proxy or let Veeam decide.  If letting Veeam automatically determine which proxy to use it will go in the following order
    • A machine in the same network as the protected VM that isn’t the Backup Server
    • A machine in the same network as the protected VM that is the Backup Server
    • A machine in another network as the protected VM that isn’t a Backup Server
    • A machine in another network as the protected VM that is a Backup Server.
    • If at any point it finds more than one meeting the above criteria, it selects the one which is “less loaded”.  The one with the least number of tasks already being performed.
    • If at any point a GIP fails, the job can fail over to the Backup Server and utilize it to perform GIP roles as it has done in previous versions.

Mount Server

A mount server is required in order to restore VM guest OS and application items back to their original locations.  Veeam uses this server to mount the content of the backup file to a staging server, this server, should be located in the same location as the backup repository where the files are stored, if it isn’t you may end up having restorations traverse a WAN twice.  To help prevent this Veeam implements a mount server.

When a file or application item is restored to the original location, Veeam will mount the contents of the backup from the repository onto the mount server, and then copy the data from the mount server to the original location.

Interesting tidbits about mount servers…

  • Direct SQL and Oracle restores do not go through the mount server, they are mounted directly to the target VM.
  • A mount server is created for every backup repository and associated with it.  This is a Repository setting.
  • By default the mount server is created on
    • Backup Repositories – if they are windows based.  The default mount server would be themselves.
    • Backup Server – For any Linux based or shared folder backups, and deduplicating storage devices the mount server is the backup server
    • Veeam Backup & Replication Console – Anywhere the client is installed so is a mount server, however it isn’t automatically registered within B&R
  • Scale-Out Backup Repositories require you to assign a mount server for each and every extent included.
  • Mount servers can only be Windows based, but can be physical or virtual.
  • In order to restore from storage snapshots the mount server must have access to the ESXi host which will host the temporary VM.

WAN Accelerators

WAN acceleration within Veeam works by using dedicated components to globally cache data and deduplicate data between sites.  Basically we would need a WAN accelerator at both our source and target sites to do so.  These sit in between the proxies, meaning data would flow through source backup proxy, then to the source wan accelerator, then to the target wan accelerator, then to the target backup proxy, then to either its replication target or backup repository.

Each accelerator will create a folder called VeeamWAN.  On the source, files and digests required for deduplication are stored here.  On the target, a global cache is stored.

WAN accelerators can require a lot of disk space to hold either the digests or global cache, therefore require some sizing exercises when creating them.  Certainly this depends on the amount of source VMs you are backing up, but a rule of thumb is to provide 20GB of disk space for each TB of VM disk capacity.  On the target we store Global Cache which is a little less lightweight in terms of capacity requirements.  The recommendation here is to provide 10GB of space for each type of OS you are processing – by default, 100GB is allocated, so 10 OSes.  Some situations may require us to utilize extra space on the source accelerators depending if digest data needs to be recalculated or we have cleared the cache.  In order to help suffice this it’s also recommended you provide 20GB per 1 TB of source VM on your target cache as well.

Interesting tidbits about WAN acceleration

  • Must be installed on a 64 bit Windows Based machine, physical or virtual
  • Can be intermingled with other proxies and repositories
  • For digest data on the source accelerator, provide 20GB of space for each 1 TB of data being backed up.
  • For global cache provide 10GB of space for each OS (Default is 100GB)

Veeam Backup Enterprise Manager

This component is optional and is really intended for those that have a distributed deployment containing multiple backup servers.  VEB essentially federates your servers and offers a single pain of glass viewing at your backup servers and their associated jobs.  From here you can do the following

  • Control and Manage jobs
  • Edit and Clone Jobs
  • Monitor job state
  • Report on success/failure across VBR Servers
  • Search for guest OS files across VBR Servers and restore via one-click

Interesting tidbits around VEB

  • Can be installed on either physical or virtual, so long as its windows

Veeam Backup Search

Veeam Backup Search is an option that will greatly help reduce load from the VEB server if you frequently need to search through a number of backups.  Basically, Veeam Backup Search is deployed on a Windows machine running Microsoft Search Server, which basically runs the MOSS Integration service and updates index databases of MSS – leaving VEB the ability to simply pass the Backup Search queries and have the data passed back.

Veeam Gateway Server

The Veeam Gateway server is almost like a connector service, bridging the network between backup proxies and backup repositories.    The only time we would need to deploy a gateway server is if we are using one of the following scenarios

  • Shared Folder backup repositories
  • EMC DataDomain or HPE StoreOnce appliances

ExaGrid, another supported deduplicating appliance with Veeam actually hosts the Veeam Data Mover service directly on the box, Shared Folder backup repositories and the DataDomain/StoreOnce appliances do not – thus, we use a gateway server to host and run the Veeam Data Mover services for them.  The gateway server is configured during the “Add Backup Repository” wizard.   When prompted we can select our gateway server manually, or chose to let Veeam decide the best fit.  If we let Veeam do the choosing our Gateway server is selected following the below criteria

  • For a backup job, the role of the gateway server is assigned to the proxy that was first to process VM data for a backup job.
  • For Backup Copy jobs, the role of the gateway server is assigned to the mount server associated with the backup repository.  If for some reason the mount server is not available this will fail over to any WAN Accelerators that might be used for that job.
  • For Backup to Tape jobs the role of the gateway server is assigned to the Veeam Backup Server.

Veeam will select a different number of gateway servers per job depending on the multitasking settings of the repository – PerVM backup chains by default have multiple write streams, therefore each VM will be assigned a gateway server.  Where as the normal backup chains only have one gateway server assigned.

Tape Server

A tape server in Veeam Backup and Replication is responsible for hosting a tape device.  Simply put its a windows machine that is connected to some sort of tape library.  The tape server takes on somewhat of a proxy role for tapes, performing the reading and writing to tapes.

VMCE v9 Study Guide – Module 3 – Core Components – Backup Repository

downloadContinuing along with the core components section of Module 3 we will now look at the backup proxy, both the basic type, as well as the new Scale-Out Backup Repository which was introduced in v9.

So what is a backup repository?

This is where our backup data resides.  Actually holds more than just VM backups – keeps backup chains, VM Copies, and metadata for our replicated VMs.  There are three types of backup repositories in Veeam

1. Simple Backup Repository

Typically a simple backup repository is just a folder or directory located on a the backup storage where we can store our jobs.  We can have multiple backup repositories, and set them up to different jobs in order to limit the number of simultaneous jobs each one is processing, helping to spread the load.  A Simple Backup Repository can be installed on

  • Windows server with local or direct attached storage – storage can be a local disk, direct attached disk (USB Drive) or an iSCSI/FC LUN mounted to the box.  Can be physical or virtual.  When a Windows based repository is added the data mover service is installed and utilized to connect to whatever proxy is sending the backup data, helping to speed up the transfer and processing of data.  Windows repositories can also be configured to run vPower, giving them the ability to mount their backups directly to ESXi hosts over NFS.
  • Linux server with local, DAS, or mounted NFS.  – Similar to that of Windows we can use a Linux instance with directly attached storage, iSCSI/FC LUNs, or mounted NFS shares.  When a task addresses a Linux target, the data mover service is deployed and ran, again establishing a connection to the source proxy.
  • CIFS or SMB share. – an SMB share can be utilized to store your Veeam backups, however it doesn’t have the ability to run the data mover service.  In this case, the gateway server (explained later) will be used to retrieve and write data to the SMB share.  This affects your deployment, you may want to deploy gateway servers offsite if writing to an SMB share at a remote location in order to help performance.
  • Deduplicated storage appliance – Veeam does support EMC Data Domain, ExaGrid and HPE StoreOnce as backup repositories as well.

Interesting tidbits around simple backup repositories

  • Data Domain does not necessarily improve performance, but reduces load on network
  • Data Domain does not support reverse incremental and cannot exceed that of 60 restore points in incremental backup chains.
  • ExaGrid jobs actually achieve a lower deduplication ratio when using multi-task processing.  It’s better to do a single task at a time.
  • When using StoreOnce Veeam needs the CAtalyst agent installed on the gateway proxy.
  • HPE StoreOnce always uses per-vm backup files
  • HPE StoreOnce does not support reverse incremental nor does it support the defrag and compact full backup options.

2. Scale-Out Backup Repository

The scale out backup repository essentially takes several similar simple repositories and groups them together to pool one large backup repository.  This way as you approach your capacity within the SOBR, you can simply add another repository, or extent to the pool, increasing your overall capacity.

When a simple backup repository is added as an extent to a SOBR, Veeam creates a definition.erm file.  This file contains all of the descriptive information about the SOBR and its respective extents.

One setting that must be setup on a SOBR is the Backup file placement policy.  This basically determines how the backup files will be distributed between extents.  There are two Backup file placement polices available

  1. Data Locality
    • All backup files which belong to the same chain will be stored on the same extent.
    • New full backups could reside on another extent, but the incremental thereafter would also be placed on this new extent – where as the old full and old incremental would remain on another extent.
  2. Performance
    • Full and incremental backups that belong to the same chain are stored on different extents.
    • Improves performance on transforms if raw devices are in use as it spreads the I/O load across extents.
    • If an extent is missing containing any part of a targeted backup chain Veeam will not be able to perform the backup.  That said, you can set the ‘Perform full backup when required extent is offline” setting in order to have a full backup performed in the event it can’t piece together the chain, even if an incremental is scheduled.

All this said, the placement policy is not strict – Veeam will always try and complete a backup on another extent with enough free space if an extent is not available, even if you have explicitly said to place full backups on a certain extent.

When selecting extents to place backups, Veeam goes through the following processes.

  1. Looks for availably of extents and their backup files.  If an extent is not available containing part of the chain, Veeam triggers a full backup to a different extent
  2. It then takes into consideration the backup placement policy
  3. Then it looks at free space on the extents – it is placed on the extent with the most free space.
  4. Availability of the backup files form the chain, meaning, an extent that has incremental backups from the current backup chain will have a higher priority than an extent that doesn’t

During the start of a job, Veeam guestimates how much space a backup file will require and compares that to of what is available on the extents.  It does this in a couple of different ways depending on your backup file settings.

  • Per-VM Backup Chains – In determining the full backup file size it calculates by taking 50% of the source VM size.  Incrementals are 10% of the source VM size
  • Single File Backup Chain – The size of the full is equal to 50% of the source VMs in the job.  The first incremental is determined by taking 10% of the source VMs size – subsequent incrementals are equal to that of the size of the incremental before them.

Extents within a SOBR also have some service actions that can be performed as explained below

  • Maintenance Mode – This is mainly used if you need to perform some kind of maintenance on the server hosting the underlying extent such as adding memory or replacing hardware.  When an extent is in maintenance mode you cannot perform any tasks targeted at the extent nor can you restore any data that resides on this extent or backup chains that have data on the extent.  When entering maintenance mode Veeam first checks to see if any jobs are currently using the extent.  If they aren’t, it immediately goes into maintenance mode – if they are, it gets placed into a Maintenance pending state and waits for the tasks to complete, once done, it enters maintenance mode.
  • Backup Files Evacuation – This is used if you would like to remove an extent from a SOBR that contains backup files.  When doing this, Veeam moves the backup files on this extent to other extents that belong to the same SOBR.  Before evacuating, you must first place extents into maintenance mode.  Veeam attempts to abide by its placement policies when looking where to place the evacuated backup files.

Some interesting tidbits around SOBR

  • extents can be mixed and matched, meaning we can have windows repositories, Linux repositories and dedup appliances all providing storage for one SOBR.
  • Used for Backup, Backup Copy, and VeeamZIP jobs only – note the difference – no configuration backups or replication metadata is stored on a SOBR.  If you try and add an extent to a SOBR that is configured inside of any other jobs it will not add – you will first need to target these jobs to another repository.   Further more, if a backup repository is configured as a SOBR extent, you will not be able to use it for any other jobs.
  • Only Available in Enterprise and Enterprise Plus, however Enterprise does have limitations.  Only one SOBR can be created, and can only contain 3 extents.  If you downgrade licenses while you have a SOBR you will still be able to restore from it, but jobs targeted at it will no longer run.
  • When a backup repository is converted to an extent the following information is inherited to the extent
    • Number of Simultaneous tasks
    • Read and write data limit
    • Data compression settings
    • block alignment
    • Limitations on the underlying repository – EMC data domain has a backup chain limit of 60 points, therefore if we use this as an extent in our SOBR, our SOBR will have the same chain limit.
    • Settings that are not inherited include any rotated drive settings as well as Per-VM backup file settings.  Per VM needs to be configured globally on the SOBR.

3. Rotated Drive Backup Repositories

Backup repositories can also use rotated drives.  Think storing backups on external USB drives where you regularly swap these drives in and out to take offsite.  This is setup by using the ‘This repository is backed by rotated drives’ option on the backup repository.

A backup that targets rotated drives goes through the following process.

  1. Veeam creates the backup chain on whatever drive is currently attached
  2. Upon a new session, Veeam checks if the backup chain on the currently connected drive is consistent, meaning it has a full backup as well as subsequent incrementals to restore from.  If the drives had been swapped, or the full/incremental backups are missing from the drive then Veeam will start a new chain, creating a new full backup on the drive which will then be used for subsequent incrementals.  If it is a backup copy job Veeam simply creates a new incremental and adds it to the chain.
  3. For any external drives attached to Windows Servers Veeam will process any outdated restore points from the retention settings and remove them from the drive if need be.
  4. When any original drives get added back into the mix, Veeam repeats this process creating full backups if need be.

Interesting tidbits about repositories backed by rotated drives

  • Veeam can remember and keep track of drives on Windows Servers even if the drive letter changes.  It does this by storing a record about the drive within its configuration database.
    • When a drive is first inserted Veeam has no idea about it, so it must have the exact same letter that is associated in the path to folder setting on the repository.  After this, Veeam stores the information in regards to the drive in the database.
    • After reinserting a drive that is already in the configuration database, Veeam will still use this successfully, even if the drive letter doesn’t match that of the path to folder.
  • GFS Full Backups cannot be created with Backup Copy jobs on rotated drives
  • Per-VM backup files are not supported on rotated drives

VMCE v9 Study Guide – Module 3 – Core Components – Server, Console & Proxy

Veeam Backup & Replication is a very easy application to get up and running – but inside that underlying technology there are a lot of moving parts and components that make it easy.  Let’s have a look at each on and explain what they do as I’m sure you will see questions revolving around the functionality of the components on the exam.

The Backup Server

The backup server is where Veeam is actually installed.  You can think of the Backup Server as being the management plane if you will, coordinating all of the backup jobs, kicking off schedules and instructing other components what to do.  The backup server has a few responsibilities

  • Coordinates all tasks such as backup, replication, recovery verification and restore
  • Controls the scheduling of jobs as well as the allocation of the resources (other components) to those jobs.
  • Central management point for your Veeam environment and maintains global settings for the infrastructure
  • A default backup proxy and backup repository is automatically configured on the server designated as the Backup server.  This allows small environments to get up and running very fast.

The Backup and Replication Console

The B&R console is a client piece of the client/server side application that we use to actually manage our infrastructure.  In order to log into a B&R Server with our console, the user needs to be a member of the local administrators group on the B&R server.  From there, users can be further limited to what they can do using Veeams role functions.

Some interesting and testable tidbits around the console are

  • Multiple users can be logged into a B&R console making changes to the same jobs, however whoever saves their changes first gets priority.  Meaning other users will be prompted to reload their wizards to get most recent changes after that user saves his/her changes.
  • If a session is lost due to network issues, the sessions are maintained for a maximum of 5 minutes.  If the connection is re-established within this time, users are good to.
  • Cannot perform a restore from configuration backup when logged in remotely – must do this directly on the backup server itself.
  • When a console is installed a number of items are also installed by default during the setup process
    • PowerShell Snap-In
    • Explorers for Active Directory, Exchange, Oracle, SQL, and SharePoint
    • A Mount Server (explained later).

The Backup Proxy

The Backup Proxy is the heavy lifter within the Veeam environment.  This handles the movement of data between source and target, whether that be during a backup, a replication, a VM Migration job, or a restore operation – all the data moves through a Veeam Backup Proxy.  As I mentioned earlier a default proxy gets installed on our Backup Server during the initial install – and this may be fine and dandy for a small environment but as you find the need to increase performance, concurrency, and scale you will need to add more backup proxies to your environment.  Interesting tidbits around the backup proxy…

  • Deploys on a Windows machine, can be physical or virtual, and depending on the choice directly affects which backup transport mode is chosen (explained later).  Essentially, you can’t do hot add if your machine is physical, however you may want to leverage physical for something like Direct SAN.
  • Deployment is fully automated and handled by the Backup Server – you just point it towards a server in your infrastructure.

Depending on whether you are deploying Veeam within VMware of Hyper-V a proxy will use a variety of methods to retrieve data, referred to with Veeam as Transport Modes in VMware, and Backup Modes in Hyper-V.  These are defined directly on the proxy properties.

VMware Transport Modes

  • Direct SAN Access
    • This is the quickest processing most which has the least impact on your production environment as it fully offloads the backup processing.
    • Supports block storage only (iSCSI/FC).  When using iSCSI both physical and virtual backup proxies can be deployed.
    • Direct SAN can be used for all operations involving the proxy, both backup and restore.
    • Requirements of Direct SAN Access are…
      • The backup proxy needs to have direct access to the production storage through either a hardware or software HBA.
      • LUNs must be exposed/zoned/presented to the backup proxy performing the Direct SAN Access.  Volumes should be visible in disk management, but not initialized.  Veeam automatically sets a SAN Policy within each proxy to Offline shared to help prevent initialization from occurring.
      • For restore operations the proxy will need to have write access to the LUNs hosting the disks.
    • The process of Direct SAN Access is as follows
      • Backup proxy sends a request to the host to locate the necessary VM on the datastore
      • ESXi host locates VM and retrieves metadata about the layout of the VMs disks on the storage.
      • The host then send data back to the backup proxy via the network
      • The backup proxy uses the metadata to copy the VMs data blocks directly from the SAN.
      • Proxy processes the data and finally sends it to the target.
  • Direct NFS Access (new in v9)
    • Recommended for VMs whose disk reside on NFS datastores.
    • Veeam will bypass the host and read/write directly from the NFS datastores
    • Data still traverses the WAN, however it doesn’t affect the load on the ESXi host.
    • Direct NFS can be used for all operations involving a backup proxy, including backup and restore.
    • Some limitations to DirectNFS exist and are as follows
      • Cannot be used for VMs with a snapshot
      • Cannot be used in conjunction with the VMware tools quiescence option.
      • If source VM contains disk that cannot be processed utilizing Direct NFS, the disk will be processed in Network Mode.
    • The process of Direct NFS is as follows
      • Backup proxy send request to host to locate VM on NFS datastore
      • Host locates VM and retrieves metadata about the layout of the VMs disk on the datastore and sends back to the backup proxy.
      • Backup Proxy uses the metadata to copy VM blocks directly from the NFS datastore, obviously over the LAN – it’s NFS after all.
      • Backup proxy processes data and sends them to the target.
    • Direct NFS Requirements
      • Backup proxy must have access to the NFS datastore
      • If the NFS server is mounted to ESXi hosts using names instead of IPs, the IPs need to be resolvable to names on the Backup Proxy
  • Virtual Appliance Mode (Hot-Add)
    • Easiest mode to set up and can provide a 100% virtual deployment.
    • Provides fast data transfers with any storage
    • Uses existing Windows VMs
    • Utilizes the SCSI/SATA hot-add feature from ESXi to basically attach the source and target disks to backup proxies, thus allowing the proxy to read/write directly from the VMs disk
    • Can be used for all proxy operations, including backup and restore.
    • The process is as follows
      • Backup Proxy sends a request to the host to locate the source VM on the datastore.
      • Host locates VM and reports back
      • Backup Server triggers vSphere to create a VM snapshot of the processed VM and hot-add or directly attach source VM disks to the backup proxy.
      • Proxy reads data directly from the attach disk, processes it and sends it to the target
      • Upon completion, Backup server sends commands to remove disks from the backup proxy and delete any outstanding snapshots from the source VM.
    • Requirements for Virtual Appliance Mode are…
      • Backup Proxy must be a VM
      • ESXi host running the proxy must have access to the datastore hosting the disks of the source VMs
      • Backup Server and Proxy must have latest version of VMware Tools installed.
  • Network Mode
    • Network mode essentially uses the LAN to transfer your backups, thus making it one of the least desirable transport modes, especially when dealing with 1GB links.
    • Supports any type of storage and is very easy to set up.
    • Leverages ESXi Management interface which can be terribly slow, especially on older version of vSphere.
    • The process of network mode is as follows…
      • Backup Proxy sends the request to the ESXi host to locate the VM on the datastore.
      • Host locates VM.
      • Data is copied from the production storage and sent to the backup proxy over the LAN using Network Block Device protocol (NBD).
      • Proxy processes the data and finally sends it to the target.

Hyper-V Backup Modes

If we are backing up a Hyper-V environment with VBR then our backup proxies are setup a little differently than that of VMware.  Basically we have a couple of different Backup Modes within VBR support for Hyper-V

  • On-Host Backup Mode
    • Easy to use, supported out of the box.
    • Good for a small infrastructure
    • May impact production host CPU usage as well as provide a bit of overhead network wise.
  • Off-Host Backup Mode
    • Very fast
    • Has no impact on production CPU or network usage.
    • Requires an extra physical machine.
    • If backing up a Hyper-V cluster with CSV, off host proxy must NOT be a part of the Hyper-V cluster as CSV does not support duplicate LUN signatures
    • Requirements of an Off-Host Backup Proxy are
      • Must be a physical Windows 2008 R2 or higher server with the Hyper-V role enabled.
      • Must have access to the shared storage where the VMs are hosted
      • A VSS Hardware provider supporting transportable shadow copies must be installed on both the proxy and the Hyper-V host running the source VM.  This is distributed by storage vendors with their client component packages.

Testable tidbits about Backup Proxys

  • In terms of sizing, you should allocate 1CPU for each task you’d l8ike the proxy to process
  • If backing up a Hyper-V cluster utilizing CSV, ensure proxy is not part of the cluster.
  • Off host backup proxies are limited to ONLY PHYSICAL MACHINES
  • Direct SAN Limitations
    • No VSAN support
    • No VVOL support
    • In the case of replication, it’s only used ON THE TARGET SIDE during the first full replication of the VM, subsequent jobs will use hot-add or network.  Source can use Direct SAN for every run of the job.
    • Can only restore thick VM disks
  • Direct NFS will not work for VMs containing snapshots, thus, it can only be used on the target side for the first run of a replication job.
  • Direct NFS will not work with VMware Tools Quiescence.
  • Virtual Appliance Mode Limitations
    • IDE disk are not supported.
    • SATA disks only supported on vSphere 6.0 or newer.
    • vSphere 5.1 or earlier – VM disk size cannot exceed 1.98Tb

Let’s leave this post here for now – we will learn more about proxies and how they are configured in a future module, but the next post will continue on with the VBR core components and talk about Backup Repositories.

VMware launches new delta version of VCP5-DCV exam

VMware LogoToday I received a message from VMware Education Services introducing a new way for current VCP holders to refresh or re-certify before their VCP expires.  Currently as it stands, anyone holding a VCP certification prior to March 10, 2013 has only until March 10, 2015 to re-certify using one of the following methods.

  • Take the most current VCP exam in any of the available tracks (Datacenter Virtualization, Cloud and Desktop – not sure if Network Virtualization qualifies for this or not).  No matter which track you held your VCP in, all will be refreshed with another two years.
  • Take an advanced level exam, meaning the VCAP DCA or VCAP DCD.  Not only will you advance to the next level, you will refresh your VCP expiration as well.

Prior to today, these were your options.  Now however all you VCP holders have a third option, so long as you are currently hold the VCP5-DCV status.

What is a delta exam?

This is something new to VMware certifications.  Basically, this exam is based only on the differences between vSphere 5.0/5.1 and the vSphere 5.5 exams.  Also, instead of your normal 135 questions the delta exam will only have 65.  The biggest difference is how the exam is delivered – you won’t need to drive to a testing center for this one, it is being offered online through Pearson Vue – and I’m assuming this will be a similar fashion to that of the VCA delivery.  Another noticeable difference is price – this one, coming in at $120 USD instead of the normal $220 USD.

Is it worth it?

ScreamingMan-300x225This is something I can’t answer for you – you will have to go through the scenarios in your head.  Currently I have an expiry date of January 2016 for my VCP5 and honestly I’d rather sit a new version of the VCAP then do the VCP again.  That said, can I expect a VCAP6-DCA to be available by Jan 2016?  I have no idea!  Do I want to risk the chance of losing my VCP due to no new VCAP exam coming out or possibly failing the VCAP when it does come out?  It’s all a giant kerfuffle in my head right now!  One note, the email I received said it was only available to those who need to renew their VCP before March 10, 2015.  As noted above, mine was extended to Jan 2016 due the completion of my VCAP in January of this year.  That said, I went through the process of being authorized for this delta exam and had no issues getting into the portion of the Pearson Vue site which allows me to schedule it.  So, try for yourself I guess!

Time’s a wastin!

Oh yah, better hurry and make your mind up.  This delta exam will only be available until November 30th, 2014!  So you have just less than a couple of months to figure out what you are going to do!  Honestly, this whole re-certification process just confuses and puts me in a bad mood Smile  Nonetheless, though I’d share the news!  Oh, I tried to use the VMUG Advantage VCP discount code – didn’t work!